NSS 6000 - Setting/Configuring Active Directory

Similar Messages

• Help with setting up active directory domain controller/DNS - need this for Clustering

  Disclaimer: I am new to Active Directory, so please dont rule out the obvious things I may have overlooked.
  I need to set up Active Directory Domain controller on at least one server so I can run clustering. I set up the domain controller and ran Cluster validation and that failed - unable to reach writable domain controller.
  When I look at my server manager AD DS complain about DNS:
  NASE-2012-234    4015    Error    Microsoft-Windows-DNS-Server-Service    DNS Server    1/14/2014 12:54:06 AM
  The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
  When I click on DNS this is the error:
  The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
  Output of DCDiag -v is below.
  PS C:\Users\Administrator> dcdiag -v
  Directory Server Diagnosis
  Performing initial setup:
     Trying to find home server...
     * Verifying that the local machine NASE-2012-234, is a Directory Server.
     Home Server = NASE-2012-234
     * Connecting to directory service on server NASE-2012-234.
     * Identified AD Forest.
     Collecting AD specific global data
     * Collecting site info.
     Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=lab,DC=nase,DC=com,LDAP_SCOPE_SUBTREE,(objectCategory=
  ntDSSiteSettings),.......
     The previous call succeeded
     Iterating through the sites
     Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=lab,DC=nas
  e,DC=com
     Getting ISTG and options for the site
     * Identifying all servers.
     Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=lab,DC=nase,DC=com,LDAP_SCOPE_SUBTREE,(objectClass=ntD
  SDsa),.......
     The previous call succeeded....
     The previous call succeeded
     Iterating through the list of servers
     Getting information for the server CN=NTDS Settings,CN=NASE-2012-234,CN=Servers,CN=Default-First-Site-Name,CN=Sites,C
  N=Configuration,DC=lab,DC=nase,DC=com
     objectGuid obtained
     InvocationID obtained
     dnsHostname obtained
     site info obtained
     All the info for the server collected
     * Identifying all NC cross-refs.
     * Found 1 DC(s). Testing 1 of them.
     Done gathering initial info.
  Doing initial required tests
     Testing server: Default-First-Site-Name\NASE-2012-234
        Starting test: Connectivity
           * Active Directory LDAP Services Check
           The host c0c507c4-fb9b-49a6-9a01-ef79d7960c94._msdcs.lab.nasecom could not be resolved to an IP address.
           Check the DNS server, DHCP, server name, etc.
           Got error while checking LDAP and RPC connectivity. Please check your firewall settings.
           ......................... NASE-2012-234 failed test Connectivity
  Doing primary tests
     Testing server: Default-First-Site-Name\NASE-2012-234
        Skipping all tests, because server NASE-2012-234 is not responding to directory service requests.
        Test omitted by user request: Advertising
        Test omitted by user request: CheckSecurityError
        Test omitted by user request: CutoffServers
        Test omitted by user request: FrsEvent
        Test omitted by user request: DFSREvent
        Test omitted by user request: SysVolCheck
        Test omitted by user request: KccEvent
        Test omitted by user request: KnowsOfRoleHolders
        Test omitted by user request: MachineAccount
        Test omitted by user request: NCSecDesc
        Test omitted by user request: NetLogons
        Test omitted by user request: ObjectsReplicated
        Test omitted by user request: OutboundSecureChannels
        Test omitted by user request: Replications
        Test omitted by user request: RidManager
        Test omitted by user request: Services
        Test omitted by user request: SystemLog
        Test omitted by user request: Topology
        Test omitted by user request: VerifyEnterpriseReferences
        Test omitted by user request: VerifyReferences
        Test omitted by user request: VerifyReplicas
        Test omitted by user request: DNS
        Test omitted by user request: DNS
     Running partition tests on : ForestDnsZones
        Starting test: CheckSDRefDom
           ......................... ForestDnsZones passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... ForestDnsZones passed test CrossRefValidation
     Running partition tests on : DomainDnsZones
        Starting test: CheckSDRefDom
           ......................... DomainDnsZones passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... DomainDnsZones passed test CrossRefValidation
     Running partition tests on : Schema
        Starting test: CheckSDRefDom
           ......................... Schema passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... Schema passed test CrossRefValidation
     Running partition tests on : Configuration
        Starting test: CheckSDRefDom
           ......................... Configuration passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... Configuration passed test CrossRefValidation
     Running partition tests on : lab
        Starting test: CheckSDRefDom
           ......................... lab passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... lab passed test CrossRefValidation
     Running enterprise tests on : lab.nasecom
        Test omitted by user request: DNS
        Test omitted by user request: DNS
        Starting test: LocatorCheck
           GC Name: \\NASE-2012-234.lab.nasecom
           Locator Flags: 0xe000f3fd
           PDC Name: \\NASE-2012-234.lab.nasecom
           Locator Flags: 0xe000f3fd
           Time Server Name: \\NASE-2012-234.lab.nasecom
           Locator Flags: 0xe000f3fd
           Preferred Time Server Name: \\NASE-2012-234.lab.nasecom
           Locator Flags: 0xe000f3fd
           KDC Name: \\NASE-2012-234.lab.nasecom
           Locator Flags: 0xe000f3fd
           ......................... lab.nase.com passed test LocatorCheck
        Starting test: Intersite
           Skipping site Default-First-Site-Name, this site is outside the scope provided by the command line arguments
           provided.
           ......................... lab.nasecom passed test Intersite
  PS C:\Users\Administrator>

  http://social.technet.microsoft.com/Forums/en-US/home?forum=winserverDS is the forum for Directory Services questions.  You might want to post your question there.
  .:|:.:|:. tim

• Pre-populate adapter for setting the Active Directory OU for a user

  Hi All
  I created a pre-populate adapter that set the Active Directory OU for a user...
  In the end the status of the resource is still showing "provisioning"..
  It must be "Provsioned"..did I miss something ?
  The logs speak as below :-
  08:01:12,678 INFO [STDOUT] Running Create User
  08:01:12,678 INFO [STDOUT] Before appending Root Context:OU=Human Resources,
  08:01:12,678 INFO [STDOUT] tcUtilLDAPController.java : hierString : OU=Human Resources,dc=mydomain,dc=com
  08:01:13,553 ERROR [ACTIVEDIRECTORYCONTROLLER] Problem creating object: javax.naming.OperationNotSupportedException: [LD
  AP: error code 53 - 0000001F: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0
  ]; remaining name 'cn=ASYMONDS'
  08:03:18,756 INFO [[xlWebApp]] action: LogonAction: User 'XELSYSADM' logged on in session 8116CBC0FA1481D06A207A1941B9
  E096
  08:22:31,256 ERROR [WEBAPP] Class/Method: ProvisionedResourcesForUserAction/confirmEnableSelection encounter some proble
  ms: No checkbox was checked.

  Just verify the OU value is correctly populated , first try doing the provisioning by manually giving OU and everything .
  Is it successful ?
  Then we can check if something wrong going with pre pop.
  Thanks
  Suren

• Setting up Active Directory - Best Solution

  Hi all, 
  Pretty new to all the Windows 2012 business, but i have had a good crack at it. 
  I am building my artefact for my university dissertation, and i am building a virtual environment for a small fictional financial company. I have set up and configured my CentOS FTP Server, and my WS 2012 R2 File Server, however i want to get an Active Directory
  Server Set up.
  I suppose i have a couple of questions really...
  1) What is the best way to do this? I have two servers (File Server & Active Directory Server) on the same domain, and i want to add users and groups using Active Directory that have access to the file server, as it will act as their own personal desktop
  space. I have a virtual machine, that will be used as a "Hot Desk" which all users can access to get their personal documents, this is connected to my File Server. 
  2) is this really necessary? Im aware i can just add users to the file server via the server dashboard, however the AD gives me more security and control over the users. So is it worth spending a while setting it up when it may not be absolute necessary?
  I hope i have made my scenario clear. 
  Many thanks in advance!
  Al

  It can be installed on the same server, but if you are talking about a single server installation, there is not much benefit.  In a workgroup environment, you need to set up an account for each user.  In an AD environment, you need to set up an
  account for each user.  In a workgroup environment, you can create security groups to control access to resources.  In an AD environment, you can create security groups to control access to resources.
  The real benefit to AD comes if you want to manage users who can log in from different devices, or if you have multiple resource servers.  In a workgroup with multiple resource servers, you have to set up accounts and security groups on every server. 
  In an AD environment, you set up accounts and groups once.  Similarly, with client machines, if you have a workgroup and you want to allow users to log onto any computer, you have to set up user accounts on every computer.  In an AD environment,
  you only have to set up the accounts once and then join all the client machines to the domain.
  .:|:.:|:. tim

• Configuring Active Directory user to Authenticate against OSB proxy service

  Hi,
  I applied the oracle Predefined auth.xml WS-policy to the osb proxy service and that will query a web service that is running on separate weblogic server, and I configured ActiveDirectory as an Authentication Provider in the weblogic server under myrealm. when I pass the weblogic/weblogic which is an admin account in the OSB test console or soap ui to test the authentication works and I get the response back but when I pass in one of the Active directory username/password I'm getting the following Failed to assert identity with UsernameToken SOAP fault.
  Do I have to change or add any configuration In the weblogic server to make this work? such as Identity Assertion provider in the weblogic server.
  fault: <con:fault xmlns:con="http://www.bea.com/wli/sb/context">
  <con:errorCode>BEA-386201</con:errorCode>
  <con:reason>
  A web service security fault occurred[{http://www.w3.org/2003/05/soap-envelope}Sender][Failed to assert identity with UsernameToken.]
  </con:reason>
  <con:details>
  <err:WebServiceSecurityFault xmlns:err="http://www.bea.com/wli/sb/errors">
  <err:faultcode xmlns:soap="http://www.w3.org/2003/05/soap-envelope">soap:Sender</err:faultcode>
  <err:faultstring>
  Failed to assert identity with UsernameToken.
  </err:faultstring>
  </err:WebServiceSecurityFault>
  </con:details>
  <con:location>
  <con:path>request-pipeline</con:path>
  </con:location>
  </con:fault>
  Regards
  Vick

  Hi Manoj
  I have configured the weblogic server to use the Active Directory Authentication provider which is supported in weblogic server and I can see the AD users under weblogic console under users and groups tab, but if I pass in the username/password of the users in AD I'm getting the above error.
  thanks
  Vick

• Configuring Active Directory Realm with WLP7.0

  Has any one configured win 2000 Active Directory(AD) LDAP v2 compatibility realm
  with WLP7.0?
  We don't have any groups and all Users in AD are under one dn. Since AD is administered
  by a different group, I have decided to put the Portal mandated Groups/Users in
  the filerealm.properties file.
  After configuration and successful booting of weblogic server, I am able to see
  the groups in the Active Directory LDAP via the weblogic console. I get the "Sizelimit
  exceeded" exception when I try to browse users which makes sense. A partial list
  of Users is listed in the console. Surprisingly all the users are listed with
  a "=" sign in front of them.
  I am not able to authenticate against any users in AD. I am not able to login
  in to the PortalAppTools using "administrator" user although I have put it in
  the "filerealm.properties". I am able to log in to the PortalAppTools using
  "system" user but that doesn't help as I cannot see Default Portal Mgmt stuff.
  user.administrator=password
  user.praveen=paul
  user.ashley=ashley
  group.Monitors=Administrators
  group.Deployers=Administrators
  group.Administrators=weblogic,system,paul
  group.SystemAdministrator=administrator,paul
  group.AdminEligible=ashley
  group.DelegatedAdministrator=paul
  When I try to open the Portal Application, I get the following exception:
  <Mar 13, 2003 8:03:46 PM MST> <Error> <Security> <090060> <The AccessDecision
  class "weblogic.securi
  ty.providers.realmadapter.AuthorizationProviderImpl" returned an error: java.lang.SecurityException:
  Realm Adapter ACL Mapping Failed.
  java.lang.SecurityException: Realm Adapter ACL Mapping Failed
  at weblogic.security.providers.realmadapter.AuthorizationProviderImpl.isAccessAllowed(Author
  izationProviderImpl.java:345)
  at weblogic.security.service.AuthorizationManager.isAccessAllowed(AuthorizationManager.java:
  475)
  at weblogic.security.service.AuthorizationManager.isAccessAllowed(AuthorizationManager.java:
  612)
  at weblogic.jndi.internal.ServerNamingNode.checkPermission(ServerNamingNode.java:332)
  at weblogic.jndi.internal.ServerNamingNode.checkLookup(ServerNamingNode.java:295)
  at weblogic.jndi.internal.ServerNamingNode.lookupHere(ServerNamingNode.java:146)
  at weblogic.jndi.internal.BasicNamingNode.lookup(BasicNamingNode.java:187)
  at weblogic.jndi.internal.RootNamingNode_WLSkel.invoke(Unknown Source)
  at weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:159)
  at weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java:262)
  at weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java:229)
  at weblogic.jndi.internal.ServerNamingNode_WLStub.lookup(Unknown Source)
  at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:337)
  at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:332)
  at javax.naming.InitialContext.lookup(InitialContext.java:345)
  at weblogic.jndi.internal.WLNamingManager.getObjectInstance(WLNamingManager.java:94)
  at weblogic.jndi.internal.BasicNamingNode.resolveObject(BasicNamingNode.java:763)
  at weblogic.jndi.internal.BasicNamingNode.resolveObject(BasicNamingNode.java:735)
  at weblogic.jndi.internal.BasicNamingNode.lookup(BasicNamingNode.java:190)
  at weblogic.jndi.internal.BasicNamingNode.lookup(BasicNamingNode.java:195)
  at weblogic.jndi.internal.BasicNamingNode.lookup(BasicNamingNode.java:195)
  at weblogic.jndi.internal.BasicNamingNode.lookup(BasicNamingNode.java:195)
  at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:337)
  at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:332)
  at weblogic.jndi.factories.java.ReadOnlyContextWrapper.lookup(ReadOnlyContextWrapper.java:36
  at weblogic.jndi.internal.AbstractURLContext.lookup(AbstractURLContext.java:124)
  at javax.naming.InitialContext.lookup(InitialContext.java:345)
  at com.bea.p13n.util.JndiHelper.lookupNarrow(JndiHelper.java:96)
  at com.bea.portal.appflow.PortalAppflowHelper.<clinit>(PortalAppflowHelper.java:70)
  at com.bea.portal.appflow.servlets.internal.PortalWebflowServlet.init(PortalWebflowServlet.j
  ava:84)
  at javax.servlet.GenericServlet.init(GenericServlet.java:258)
  at weblogic.servlet.internal.ServletStubImpl$ServletInitAction.run(ServletStubImpl.java:1075
  at weblogic.security.service.SecurityServiceManager.runAs(SecurityServiceManager.java:744)
  at weblogic.servlet.internal.ServletStubImpl.createServlet(ServletStubImpl.java:899)
  at weblogic.servlet.internal.ServletStubImpl.createInstances(ServletStubImpl.java:833)
  at weblogic.servlet.internal.ServletStubImpl.prepareServlet(ServletStubImpl.java:773)
  at weblogic.servlet.internal.ServletStubImpl.getServlet(ServletStubImpl.java:517)
  at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:351)
  at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:306)
  at weblogic.servlet.internal.RequestDispatcherImpl$ForwardAction.run(RequestDispatcherImpl.j
  ava:341)
  at weblogic.security.service.SecurityServiceManager.runAs(SecurityServiceManager.java:744)
  at weblogic.servlet.internal.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:251)
  at weblogic.servlet.jsp.PageContextImpl.forward(PageContextImpl.java:116)
  at jsp_servlet.__index._jspService(index.jsp:3)
  at weblogic.servlet.jsp.JspBase.service(JspBase.java:27)
  at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.jav
  a:1058)
  at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:401)
  at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:445)
  at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:306)
  at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletC
  ontext.java:5412)
  at weblogic.security.service.SecurityServiceManager.runAs(SecurityServiceManager.java:744)
  at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:30
  86)
  at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2544)
  at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:153)
  at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:134)
  >
  <Mar 13, 2003 8:03:46 PM MST> <Error> <PortalAppflow> <415400> <Could not lookup
  PortalManagerHome i
  n the JNDI tree using EJB reference java:comp/env/ejb/PortalManager.
  javax.naming.LinkException: . Root exception is javax.naming.NoPermissionException:
  User <anonymous
  does not have permission on portalAppat weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:174)
  Any help is appreciated.
  Thank You
  Paul

  hi Paul
  check this doc out
  http://dev2dev.bea.com/resourcelibrary/technicalguides/LDAP_in_Portal_7.0.jsp
  -tulan
  "Paul" <[email protected]> wrote in message
  news:[email protected]...
  >
  Has any one configured win 2000 Active Directory(AD) LDAP v2 compatibilityrealm
  with WLP7.0?
  We don't have any groups and all Users in AD are under one dn. Since ADis administered
  by a different group, I have decided to put the Portal mandatedGroups/Users in
  the filerealm.properties file.
  After configuration and successful booting of weblogic server, I am ableto see
  the groups in the Active Directory LDAP via the weblogic console. I getthe "Sizelimit
  exceeded" exception when I try to browse users which makes sense. Apartial list
  of Users is listed in the console. Surprisingly all the users are listedwith
  a "=" sign in front of them.
  I am not able to authenticate against any users in AD. I am not able tologin
  in to the PortalAppTools using "administrator" user although I have put itin
  the "filerealm.properties". I am able to log in to the PortalAppToolsusing
  "system" user but that doesn't help as I cannot see Default Portal Mgmtstuff.
  >
  user.administrator=password
  user.praveen=paul
  user.ashley=ashley
  group.Monitors=Administrators
  group.Deployers=Administrators
  group.Administrators=weblogic,system,paul
  group.SystemAdministrator=administrator,paul
  group.AdminEligible=ashley
  group.DelegatedAdministrator=paul
  When I try to open the Portal Application, I get the following exception:
  <Mar 13, 2003 8:03:46 PM MST> <Error> <Security> <090060> <TheAccessDecision
  class "weblogic.securi
  ty.providers.realmadapter.AuthorizationProviderImpl" returned an error:java.lang.SecurityException:
  Realm Adapter ACL Mapping Failed.
  java.lang.SecurityException: Realm Adapter ACL Mapping Failed
  atweblogic.security.providers.realmadapter.AuthorizationProviderImpl.isAccessA
  llowed(Author
  izationProviderImpl.java:345)
  atweblogic.security.service.AuthorizationManager.isAccessAllowed(Authorization
  Manager.java:
  475)
  atweblogic.security.service.AuthorizationManager.isAccessAllowed(Authorization
  Manager.java:
  612)
  atweblogic.jndi.internal.ServerNamingNode.checkPermission(ServerNamingNode.jav
  a:332)
  atweblogic.jndi.internal.ServerNamingNode.checkLookup(ServerNamingNode.java:29
  5)
  atweblogic.jndi.internal.ServerNamingNode.lookupHere(ServerNamingNode.java:146
  at weblogic.jndi.internal.BasicNamingNode.lookup(BasicNamingNode.java:187)
  at weblogic.jndi.internal.RootNamingNode_WLSkel.invoke(Unknown Source)
  at weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:159)
  atweblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java
  :262)
  atweblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java
  :229)
  at weblogic.jndi.internal.ServerNamingNode_WLStub.lookup(Unknown Source)
  at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:337)
  at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:332)
  at javax.naming.InitialContext.lookup(InitialContext.java:345)
  atweblogic.jndi.internal.WLNamingManager.getObjectInstance(WLNamingManager.jav
  a:94)
  atweblogic.jndi.internal.BasicNamingNode.resolveObject(BasicNamingNode.java:76
  3)
  atweblogic.jndi.internal.BasicNamingNode.resolveObject(BasicNamingNode.java:73
  5)
  at weblogic.jndi.internal.BasicNamingNode.lookup(BasicNamingNode.java:190)
  at weblogic.jndi.internal.BasicNamingNode.lookup(BasicNamingNode.java:195)
  at weblogic.jndi.internal.BasicNamingNode.lookup(BasicNamingNode.java:195)
  at weblogic.jndi.internal.BasicNamingNode.lookup(BasicNamingNode.java:195)
  at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:337)
  at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:332)
  atweblogic.jndi.factories.java.ReadOnlyContextWrapper.lookup(ReadOnlyContextWr
  apper.java:36
  atweblogic.jndi.internal.AbstractURLContext.lookup(AbstractURLContext.java:124
  at javax.naming.InitialContext.lookup(InitialContext.java:345)
  at com.bea.p13n.util.JndiHelper.lookupNarrow(JndiHelper.java:96)
  atcom.bea.portal.appflow.PortalAppflowHelper.<clinit>(PortalAppflowHelper.java
  :70)
  atcom.bea.portal.appflow.servlets.internal.PortalWebflowServlet.init(PortalWeb
  flowServlet.j
  ava:84)
  at javax.servlet.GenericServlet.init(GenericServlet.java:258)
  atweblogic.servlet.internal.ServletStubImpl$ServletInitAction.run(ServletStubI
  mpl.java:1075
  atweblogic.security.service.SecurityServiceManager.runAs(SecurityServiceManage
  r.java:744)
  atweblogic.servlet.internal.ServletStubImpl.createServlet(ServletStubImpl.java
  :899)
  atweblogic.servlet.internal.ServletStubImpl.createInstances(ServletStubImpl.ja
  va:833)
  atweblogic.servlet.internal.ServletStubImpl.prepareServlet(ServletStubImpl.jav
  a:773)
  atweblogic.servlet.internal.ServletStubImpl.getServlet(ServletStubImpl.java:51
  7)
  atweblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
  :351)
  atweblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
  :306)
  atweblogic.servlet.internal.RequestDispatcherImpl$ForwardAction.run(RequestDis
  patcherImpl.j
  ava:341)
  atweblogic.security.service.SecurityServiceManager.runAs(SecurityServiceManage
  r.java:744)
  atweblogic.servlet.internal.RequestDispatcherImpl.forward(RequestDispatcherImp
  l.java:251)
  at weblogic.servlet.jsp.PageContextImpl.forward(PageContextImpl.java:116)
  at jsp_servlet.__index._jspService(index.jsp:3)
  at weblogic.servlet.jsp.JspBase.service(JspBase.java:27)
  atweblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(Servle
  tStubImpl.jav
  a:1058)
  atweblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
  :401)
  atweblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
  :445)
  atweblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
  :306)
  atweblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(W
  ebAppServletC
  ontext.java:5412)
  atweblogic.security.service.SecurityServiceManager.runAs(SecurityServiceManage
  r.java:744)
  atweblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletCo
  ntext.java:30
  86)
  atweblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java
  :2544)
  at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:153)
  at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:134)
  >
  <Mar 13, 2003 8:03:46 PM MST> <Error> <PortalAppflow> <415400> <Could notlookup
  PortalManagerHome i
  n the JNDI tree using EJB reference java:comp/env/ejb/PortalManager.
  javax.naming.LinkException: . Root exception isjavax.naming.NoPermissionException:
  User <anonymous
  does not have permission on portalAppat weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:174)
  Any help is appreciated.
  Thank You
  Paul--
  Edited by jonmountjoy at 01/03/2008 1:45 AM

• How to configure Active Directory LADP with WLS 8.1

  Hi
  somebody help me configure LDAP Active Directory with BEA WebLogic 8.1
  I can't understand what i should do.
  ThanX

  WLS 8.1 sp1 has couple of issues with Active Directory. You need to get fixes from
  BEA. sp2 is supposed to have these fixes included.
  Anant
  "Neil" <Neil-reply-in-newsgroup> wrote:
  This seems strange. I would make sure your installation is correct
  (particularly the lib/mbeantypes directory). If that is correct, I would
  test it with a new domain created with the domain configuration wizard
  to
  rule out any strange configuration possibilities. If both of those fail,
  I'd
  file a support case.
  - Neil
  "Max" <[email protected]> wrote in message
  news:[email protected]...
  Jay Zimmett <[email protected]> wrote:
  Read this:
  http://edocs.bea.com/wls/docs81/secmanage/providers.html#1172008
  Max KUlinich wrote:
  Hi
  somebody help me configure LDAP Active Directory with BEA WebLogic8.1
  I can't understand what i should do.
  ThanX
  I try do this but no god results. I get this exeption :
  java.lang.reflect.InvocationTargetException
  atweblogic.security.providers.authentication.LDAPAtnDelegate$LDAPFactory.newIn
  stance(LDAPAtnDelegate.java:3129)
  at weblogic.security.utils.Pool.getInstance(Pool.java:57)
  atweblogic.security.providers.authentication.LDAPAtnDelegate.getConnection(LDA
  PAtnDelegate.java:2646)
  atweblogic.security.providers.authentication.LDAPAtnDelegate.listUsers(LDAPAtn
  Delegate.java:1814)
  atweblogic.security.providers.authentication.LDAPAuthenticatorImpl.listUsers(L
  DAPAuthenticatorImpl.java:167)
  at sun.reflect.GeneratedMethodAccessor184.invoke(Unknown Source)
  atsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl
  .java:25)
  at java.lang.reflect.Method.invoke(Method.java:324)
  atjavax.management.modelmbean.RequiredModelMBean.invoke(RequiredModelMBean.jav
  a:1304)
  atweblogic.management.commo.CommoModelMBean.invoke(CommoModelMBean.java:464)
  atcom.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1557)
  atcom.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1525)
  atweblogic.management.internal.RemoteMBeanServerImpl.invoke(RemoteMBeanServerI
  mpl.java:765)
  atweblogic.management.console.utils.Security.getUserList(Security.java:1436)
  atweblogic.management.console.actions.security.ListUsersAction.updateContents(
  ListUsersAction.java:56)
  atweblogic.management.console.actions.security.ListLWSecurityAction.getContent
  s(ListLWSecurityAction.java:85)
  atweblogic.management.console.tags.security.LWTableTag.getRowData(LWTableTag.j
  ava:462)
  atweblogic.management.console.tags.security.LWTableTag.printTable(LWTableTag.j
  ava:141)
  atweblogic.management.console.tags.security.LWTableTag.doEndTag(LWTableTag.jav
  a:133)
  atweblogic.management.console.webapp._security.__usertable._jspService(__usert
  able.java:327)
  at weblogic.servlet.jsp.JspBase.service(JspBase.java:33)
  atweblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(Servle
  tStubImpl.java:1053)
  atweblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
  :387)
  atweblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
  :305)
  atweblogic.servlet.internal.RequestDispatcherImpl$ForwardAction.run(RequestDis
  patcherImpl.java:382)
  atweblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubjec
  t.java:317)
  atweblogic.security.service.SecurityManager.runAs(SecurityManager.java:118)
  atweblogic.servlet.internal.RequestDispatcherImpl.forward(RequestDispatcherImp
  l.java:286)
  at weblogic.servlet.jsp.PageContextImpl.forward(PageContextImpl.java:151)
  atweblogic.management.console.actions.ForwardAction.perform(ForwardAction.java
  :35)
  atweblogic.management.console.actions.internal.ActionServlet.doAction(ActionSe
  rvlet.java:173)
  atweblogic.management.console.actions.internal.ActionServlet.doGet(ActionServl
  et.java:91)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
  atweblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(Servle
  tStubImpl.java:1053)
  atweblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
  :387)
  atweblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
  :305)
  atweblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(W
  ebAppServletContext.java:6310)
  atweblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubjec
  t.java:317)
  atweblogic.security.service.SecurityManager.runAs(SecurityManager.java:118)
  atweblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletCo
  ntext.java:3622)
  atweblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java
  :2569)
  at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
  at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
  Caused by: netscape.ldap.LDAPException: error result (49); 80090308:LdapErr:
  DSID-0C09030F, comment: AcceptSecurityContext error, data 525, vece;Invalid credentials
  at netscape.ldap.LDAPConnection.checkMsg(LDAPConnection.java:4852)
  at netscape.ldap.LDAPConnection.internalBind(LDAPConnection.java:1757)
  at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1294)
  at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1303)
  at netscape.ldap.LDAPConnection.bind(LDAPConnection.java:1613)
  atweblogic.security.providers.authentication.LDAPAtnDelegate$LDAPFactory.newIn
  stance(LDAPAtnDelegate.java:3108)
  ... 43 more

• NSS 324 - set different home directory for FTP

  Hi
  DOes anyone know - is it possible that when user logs in via FTP, their home directory is not root that can see all fileshares, but a different created share?
  I.e if i create a share called /tftpboot, when user logs in via FTP, they get  sent to that share and thing that this share is root, so they cant see any other shares.
  THanks
  Arkadiy

  Hi,
  Depending on what firmware the NSS is running. You need to make sure you have different groups for different users.Assign the user to groups you want to allow access to certain shares. Then you want to assign the group you created to the share and give it proper access. Make sure the users are assigned to that group. You want to uncheck Group (everyone). Also under the user (private network share) make sure the user has access to that share.
  If you would like help setting group and user access please call 1-866-606-1866 and open a case.
  Jason Bryant
  Cisco Support Engineer.

• Configuring Active Directory with 11g and Windows Server 2003 R2

  Hi people,
  I'm spending some happy hours to setting up the windows domain authentication in a 2003 sever realm.
  When I try to register the database in the realm (logged as total-administrator-user of domain), NETCA give me an unexpected "no message" error...
  someone can help a martyr?
  I saw in the event viewer this error message about ldap:
  The Security System detected an authentication error for the server ldap/DbOraWin.mydomain.local.
  The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
  (0xc000005e)".
  Thanks all
  Claudio

  There are news!!
  After some verifications on LDAP/AD server, now I can see something in tracelog's DBCA:
  [main] [17:7:24:299] [NativeSystem.<init>:277] NullSecurityManager is set for Native System calls
  [main] [17:7:24:299] [Library.getInstance:106] Created instance of Library.
  [main] [17:7:24:299] [Library.load:206] Loading orauts.dll...
  [main] [17:7:24:299] [Library.load:212] oracleHome null
  [main] [17:7:24:299] [Library.load:227] Property oracle.installer.library_loc is set to value=E:\app\oracle\product\11.1.0\db_1\oui\lib\win32
  [main] [17:7:24:299] [Library.load:229] Loading library E:\app\oracle\product\11.1.0\db_1\oui\lib\win32\orauts.dll
  [main] [17:7:24:299] [Library.load:262] Loaded library E:\app\oracle\product\11.1.0\db_1\oui\lib\win32\orauts.dll from path=
  E:\app\oracle\product\11.1.0\db_1\oui\lib\win32
  [main] [17:7:24:299] [Library.load:206] Loading MSVCR71.dll...
  [main] [17:7:24:299] [Library.load:212] oracleHome null
  [main] [17:7:24:299] [Library.load:227] Property oracle.installer.library_loc is set to value=E:\app\oracle\product\11.1.0\db_1\oui\lib\win32
  [main] [17:7:24:299] [Library.load:229] Loading library E:\app\oracle\product\11.1.0\db_1\oui\lib\win32\MSVCR71.dll
  [main] [17:7:24:299] [Library.load:262] Loaded library E:\app\oracle\product\11.1.0\db_1\oui\lib\win32\MSVCR71.dll from path=
  E:\app\oracle\product\11.1.0\db_1\oui\lib\win32
  [main] [17:7:24:299] [Library.load:206] Loading orawsec11.dll...
  [main] [17:7:24:299] [Library.load:212] oracleHome null
  [main] [17:7:24:299] [Library.load:227] Property oracle.installer.library_loc is set to value=E:\app\oracle\product\11.1.0\db_1\oui\lib\win32
  [main] [17:7:24:299] [Library.load:229] Loading library E:\app\oracle\product\11.1.0\db_1\oui\lib\win32\orawsec11.dll
  [main] [17:7:24:299] [Library.load:262] Loaded library E:\app\oracle\product\11.1.0\db_1\oui\lib\win32\orawsec11.dll from path=
  E:\app\oracle\product\11.1.0\db_1\oui\lib\win32
  [main] [17:7:24:299] [Library.load:206] Loading orasrvm11.dll...
  [main] [17:7:24:299] [Library.load:212] oracleHome null
  [main] [17:7:24:315] [Library.load:227] Property oracle.installer.library_loc is set to value=E:\app\oracle\product\11.1.0\db_1\oui\lib\win32
  [main] [17:7:24:315] [Library.load:229] Loading library E:\app\oracle\product\11.1.0\db_1\oui\lib\win32\orasrvm11.dll
  [main] [17:7:24:315] [Library.load:262] Loaded library E:\app\oracle\product\11.1.0\db_1\oui\lib\win32\orasrvm11.dll from path=
  E:\app\oracle\product\11.1.0\db_1\oui\lib\win32
  [main] [17:7:24:315] [Version.isPre10i:213] isPre10i.java: Returning FALSE
  [main] [17:7:24:315] [WindowsSystem.regKeyExists:1137] WindowsSystem.regKeyExists: mainkey= HKEY_LOCAL_MACHINE subkey = Software\Oracle\Ocr
  [main] [17:7:24:346] [WindowsSystem.getCSSConfigType:1304] configType=null
  [main] [17:7:24:346] [ca.InitialSetup.configureOPS:-1] Cluster mode is OFF
  [main] [17:7:24:346] [ca.InitialSetup.<init>:-1] TNS_ADMIN is: null
  [main] [17:7:24:346] [ca.InitialSetup.<init>:-1] Admin location is: E:\app\oracle\product\11.1.0\db_1\network\admin
  Exception occurred during event dispatching:
  java.lang.NullPointerException
       at oracle.net.ca.NetCA.returnToIntroPanel(Unknown Source)
       at oracle.net.ca.NetCA.deferLDAPConfig(Unknown Source)
       at oracle.net.ca.NetCA.createOrUpdateContext(Unknown Source)
       at oracle.net.ca.NetCA.prepareNextPage(Unknown Source)
       at oracle.net.ca.NetCA.wizardValidatePage(Unknown Source)
       at oracle.ewt.wizard.WizardPage.processWizardValidateEvent(Unknown Source)
       at oracle.ewt.wizard.WizardPage.validatePage(Unknown Source)
       at oracle.ewt.wizard.BaseWizard.validateSelectedPage(Unknown Source)
       at oracle.ewt.wizard.BaseWizard.doNext(Unknown Source)
       at oracle.ewt.wizard.BaseWizard$Action.actionPerformed(Unknown Source)
       at oracle.ewt.button.PushButton.processActionEvent(Unknown Source)
       at oracle.ewt.button.PushButton.processEventImpl(Unknown Source)
       at oracle.ewt.lwAWT.LWComponent.redispatchEvent(Unknown Source)
       at oracle.ewt.lwAWT.LWComponent.processEvent(Unknown Source)
       at oracle.ewt.button.PushButton.activate(Unknown Source)
       at oracle.ewt.lwAWT.AbstractButton.processMouseReleased(Unknown Source)
       at oracle.ewt.lwAWT.AbstractButton.processMouseEvent(Unknown Source)
       at java.awt.Component.processEvent(Component.java:5266)
       at java.awt.Container.processEvent(Container.java:1966)
       at oracle.ewt.lwAWT.LWComponent.processEventImpl(Unknown Source)
       at oracle.ewt.button.PushButton.processEventImpl(Unknown Source)
       at oracle.ewt.lwAWT.LWComponent.redispatchEvent(Unknown Source)
       at oracle.ewt.event.tracking.GlassMouseGrabProvider$Disp._redispatchEvent(Unknown Source)
       at oracle.ewt.event.tracking.GlassMouseGrabProvider$Disp._redispatchEvent(Unknown Source)
       at oracle.ewt.event.tracking.GlassMouseGrabProvider$Disp.mouseReleased(Unknown Source)
       at java.awt.Component.processMouseEvent(Component.java:5501)
       at oracle.ewt.lwAWT.LWComponent.processMouseEvent(Unknown Source)
       at java.awt.Component.processEvent(Component.java:5266)
       at java.awt.Container.processEvent(Container.java:1966)
       at oracle.ewt.lwAWT.LWComponent.processEventImpl(Unknown Source)
       at oracle.ewt.event.tracking.GlassMouseGrabProvider$Proxy.processEventImpl(Unknown Source)
       at oracle.ewt.lwAWT.LWComponent.redispatchEvent(Unknown Source)
       at oracle.ewt.lwAWT.LWComponent.processEvent(Unknown Source)
       at java.awt.Component.dispatchEventImpl(Component.java:3968)
       at java.awt.Container.dispatchEventImpl(Container.java:2024)
       at java.awt.Component.dispatchEvent(Component.java:3803)
       at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4212)
       at java.awt.LightweightDispatcher.processMouseEvent(Container.java:3892)
       at java.awt.LightweightDispatcher.dispatchEvent(Container.java:3822)
       at java.awt.Container.dispatchEventImpl(Container.java:2010)
       at java.awt.Window.dispatchEventImpl(Window.java:1778)
       at java.awt.Component.dispatchEvent(Component.java:3803)
       at java.awt.EventQueue.dispatchEvent(EventQueue.java:463)
       at java.awt.EventDispatchThread.pumpOneEventForHierarchy(EventDispatchThread.java:242)
       at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:163)
       at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:153)
       at java.awt.Dialog$1.run(Dialog.java:525)
       at java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:209)
       at java.awt.EventQueue.dispatchEvent(EventQueue.java:461)
       at java.awt.EventDispatchThread.pumpOneEventForHierarchy(EventDispatchThread.java:242)
       at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:163)
       at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:157)
       at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:149)
       at java.awt.EventDispatchThread.run(EventDispatchThread.java:110)
  Any suggestion?
  Thanks again also for only read this message!
  Claudio

• Configuring active directory

  so here I have what i think is a simple problem. when trying to sync SW and AD in the AD settings tab, the application constantly tells me the connection is timed out. the credentials are 100% correct as-well as the server name. my only possible solution is that about a week ago we had to wipe the AD and create new one. however spiceworks was created before that and still has saved our old AD. this makes me believe its trying to contact an Ad in our network that doesnt exist. regardless if this isn't the solution how can I "refresh" spiceworks with the DNS server that we have?
  This topic first appeared in the Spiceworks Community

  so here I have what i think is a simple problem. when trying to sync SW and AD in the AD settings tab, the application constantly tells me the connection is timed out. the credentials are 100% correct as-well as the server name. my only possible solution is that about a week ago we had to wipe the AD and create new one. however spiceworks was created before that and still has saved our old AD. this makes me believe its trying to contact an Ad in our network that doesnt exist. regardless if this isn't the solution how can I "refresh" spiceworks with the DNS server that we have?
  This topic first appeared in the Spiceworks Community

• Question about Active Directory Configuration

  Hi All,
  Portal Version : EP7.0 SP7
  We want to configure Active directory as a Portal UME store.
  We have 7 Domain controllers in the domain xyz.com. They are spread across locations. I assume, by default domain controller will have global catalog defined.
  So in LDAP configuration, whether we to use Global Catalog (Port: 3268) to connect to ADS or LDAP connection(Port:389)?
  I am not clear, when Global Catalog connection is defined to bind ADS to Portal UME?
  Any suggestion?
  Thanks & Regards,
  Gowri

  Hi Gowri,
  It will work fine if you connect through port 389.
  Can you please explain it in detail that How you have spread your domain controllers / your forest hierarchy?
  Check if this helps.
  Thanks,
  Mittal

• Urgent: Configuring LDAP or Active Directory on Windows XP

  I tried authenticating user against infromation stored in Database tables dont know whats the problem its not working, I followed all the required steps for that but not succeed. So I decided to validate the user against LDAP or Active directory. Can anyone tell me how to configure LDAP or Active Directory in Windows XP.
  Please help me out as only one day remained for to submit my project, everything is done except the login page.
  And I dont think I may get even grade C if there is no security for the application. Please help me out in configuring Active Directory or LDAP and ASAP please.

  Yea I agree with you the custom table is easiest way then AD but I was working on the problem from almost a week now and I don't have much time to sort out things with that anymore.
  Help me in configuring AD on Windows XP Professional with SP2, as I'm running out of time.
  the below link is the detailed steps I followed for Custom Authentication:
  Urgent: Custom Database Authentication
  Please help me out for Configuring AD.

• Active Directory provider problem in 11g

  I am having the opposite problem than many others I see setting up Active Directory as the user store for OBIEE 11g. On two of the installations I have done the Active Directory users work but the original weblogic user does not work in OBIEE. It works fine in the WLS console and the FM Enterprise Manager but fails in analytics. The error I'm getting is:
  'weblogic' was authenticated but could not be located within the Identity Store.
  When others were having this problem they had left the default provider's control flag set at "REQUIRED" and not changed it to "SUFFICIENT". But I have done this (and gone back and reset it again) but the error persists. Any thoughts.

  Setting virtualize=true worked. I had tried this before but I think I did what I almost did this time. I almost created the variable virtual instead of virtualize. Thanks. The instructions I followed from Oracle didn't have this step. And I am wondering why it is necessary. The help for the SUFFICIENT setting says:
  A SUFFICIENT value specifies this LoginModule need not succeed. If it does succeed, control is returned to the application. If it fails and other Authentication providers are configured, authentication proceeds down the LoginModule list.
  Before I set this. yes, my AD users could login to EM and the WLS console. Other than this the AD integration has worked well.
  Edited by: dirkt on Sep 19, 2011 12:36 PM

• OIM 11gR2 user not provisioning to Active Directory (11.1.1.5 connector)

  Hello all,
  I'm trying to set up an OIM 11gR2 instance to work with Active Directory with the Active Directory 11.1.1.5.0 connector. I've full installed both OIM and AD on separate servers, and I've installed the AD 11.1.1.5 connector on OIM. I have configured Active Directory properly (connector on OIM and the connector server on the AD server-side), and have set up the two IT Resources on OIM. I can run, for example, the Active Directory Organization Lookup Recon job and have it return results in the Lookup window.
  My problem is that I cannot get it to provision to a user. I've created an Application Instance and Form for Active Directory, attached the Form, associated them with the appropriate resources (AD User), and added them to the Catalog, and then gone through the process of adding an account to the user, selecting the Application Instance, adding it to the cart, checking out, filling out the fields (Password, User ID, UPN, First Name, Last Name, Common Name, and Organization Name), and then submitting the request. This is all done as the xelsysadm admin user, but it still results with the account stuck on "Provisioning" because the "Create User" task failed due to a Connector Error (the reason stated is just a repeat of "Create Object" failed).
  Anyone know what I'm missing here?
  Thank you!
  Edited by: 939908 on Nov 12, 2012 6:36 AM

  Hey 833249, thanks for your reply
  The organization field attribute is filled in correctly, in that the OU I selected exists in AD.
  These are the errors listed in the connector server log:
  +11/9/2012 9:07:07 PM <ERROR>: Class-> ActiveDirectoryUtils Method -> GetDirectoryEntry, Message -> Exception occured during the creation of directory entry.+
  +11/9/2012 9:07:07 PM <ERROR>: Class-> ActiveDirectoryUtils Method -> GetDirectoryEntry, Message -> Exception Message : Logon failure: unknown user name or bad password.+
  +11/9/2012 9:07:08 PM <ERROR>: Class-> ActiveDirectoryUtils Method -> GetDirectoryEntry, Message -> Exception Stack Trace : at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)+
  at System.DirectoryServices.DirectoryEntry.Bind()
  at System.DirectoryServices.DirectoryEntry.get_NativeObject()
  at Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryUtils.GetDirectoryEntry(String path, ActiveDirectoryConfiguration configuration) in c:\ADE\aime_oimcp\idc\bundles\dotnet\ActiveDirectory\ActiveDirectoryConnector\ActiveDirectoryUtils.cs:line 1423
  +11/9/2012 9:07:08 PM <ERROR>: Class-> ActiveDirectoryConnector Method -> Create, Message -> Encountered Excetion: Unable to get the Directory Entry+
  +11/9/2012 9:07:08 PM <ERROR>: Class-> ActiveDirectoryConnector Method -> Create, Message -> Stack Trace: at Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryUtils.GetDirectoryEntry(String path, ActiveDirectoryConfiguration configuration) in c:\ADE\aime_oimcp\idc\bundles\dotnet\ActiveDirectory\ActiveDirectoryConnector\ActiveDirectoryUtils.cs:line 1456+
  at Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryUtils.DirectoryEntryExists(String path) in c:\ADE\aime_oimcp\idc\bundles\dotnet\ActiveDirectory\ActiveDirectoryConnector\ActiveDirectoryUtils.cs:line 1512
  at Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector.Create(ObjectClass oclass, ICollection`1 attributes, OperationOptions options) in c:\ADE\aime_oimcp\idc\bundles\dotnet\ActiveDirectory\ActiveDirectoryConnector\ActiveDirectoryConnector.cs:line 219
  ConnectorServer.exe Error: 0 : Org.IdentityConnectors.Framework.Common.Exceptions.ConnectorException: Unable to get the Directory Entry
  at Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector.Create(ObjectClass oclass, ICollection`1 attributes, OperationOptions options) in c:\ADE\aime_oimcp\idc\bundles\dotnet\ActiveDirectory\ActiveDirectoryConnector\ActiveDirectoryConnector.cs:line 368
  at Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.CreateImpl.Create(ObjectClass oclass, ICollection`1 attributes, OperationOptions options) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\ApiLocalOperations.cs:line 388
  at Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.ConnectorAPIOperationRunnerProxy.Invoke(Object proxy, MethodInfo method, Object[] args) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\ApiLocalOperations.cs:line 244
  at ___proxy1.Create(ObjectClass , ICollection`1 , OperationOptions )
  at Org.IdentityConnectors.Framework.Impl.Server.ConnectionProcessor.ProcessOperationRequest(OperationRequest request) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\Server.cs:line 609
  I'm not sure why the username/password error could be occurring, as those fields in the AD IT Resource are correct (I've run AD recon jobs that have connected properly). Is there something I'm missing?

• Active Directory Issues 10.7.4 & 10.7.5

  Hi
  I'm having problems with all my 10.7.4 & 10.7.5 mac's. They're losing their connection to AD. When I got to unbind I get the follwing error:
  Unable to access domain controller
  This computer is unable to access the domain controller for an unknown reason. Warning: If you click force unbind you will leave an unused computer account in the directory.
  I then get an option to ok or force unbind. If I force unbind if I force unbind I get the following error:
  An unknown error occurred
  An unknown error occurred
  Helpful, I'm sure you'll agree! If I go in to Console I can see the following to errors:
  02/10/2012 16:01:25.682 Directory Utility: An instance 0x7f8f02b30f30 of class ODCUnbindFromADAction was deallocated while key value observers were still registered with it. Observation info was leaked, and may even become mistakenly attached to some other object. Set a breakpoint on NSKVODeallocateBreak to stop here in the debugger. Here's the current observation info:
  <NSKeyValueObservationInfo 0x7f8f02b56970> (
  <NSKeyValueObservance 0x7f8f02b568c0: Observer: 0x7f8f01cea980, Key path: progressStatus, Options: <New: NO, Old: NO, Prior: NO> Context: 0x0, Property: 0x7f8f02b569a0>
  and...
  02/10/2012 16:03:32.463 Directory Utility: -[SFAuthorization obtainWithRights:::::] failed with error Error Domain=NSOSStatusErrorDomain Code=-60007 "The operation couldn’t be completed. (OSStatus error -60007.)" (The authorization was denied since no user interaction was possible. )
  When users are curently logged in they lose access to SSH sessions, and network drives etc... they have had issues with saving work and subsiqently losing it!
  When I go in to opendirectyd.log I see the following:
  2012-10-02 15:37:42.208 BST - opendirectoryd (build 172.17) launched...
  2012-10-02 15:37:42.265 BST - Logging level limit changed to 'error'
  2012-10-02 15:37:42.902 BST - Initialize trigger support
  2012-10-02 15:37:42.904 BST - Registered node with name '/Active Directory' as hidden
  2012-10-02 15:37:42.904 BST - Registered node with name '/Configure' as hidden
  2012-10-02 15:37:42.905 BST - Discovered configuration for node name '/Contacts' at path '/Library/Preferences/OpenDirectory/Configurations//Contacts.plist'
  2012-10-02 15:37:42.905 BST - Registered node with name '/Contacts'
  2012-10-02 15:37:42.906 BST - Registered node with name '/LDAPv3' as hidden
  2012-10-02 15:37:42.939 BST - Registered node with name '/Local' as hidden
  2012-10-02 15:37:42.964 BST - Registered node with name '/NIS' as hidden
  2012-10-02 15:37:42.965 BST - Discovered configuration for node name '/Search' at path '/Library/Preferences/OpenDirectory/Configurations//Search.plist'
  2012-10-02 15:37:42.965 BST - Registered node with name '/Search'
  2012-10-02 15:37:43.024 BST - Discovered configuration for node name '/Active Directory/NUCA-AD' at path '/Library/Preferences/OpenDirectory/Configurations/Active Directory/NUCA-AD.plist'
  2012-10-02 15:37:43.024 BST - Registered subnode with name '/Active Directory/NUCA-AD'
  2012-10-02 15:37:43.024 BST - Registered placeholder subnode with name '/Active Directory/NUCA-AD/All Domains'
  2012-10-02 15:37:43.040 BST - Discovered configuration for node name '/LDAPv3/nuca-mon1.nuca.ac.uk' at path '/Library/Preferences/OpenDirectory/Configurations/LDAPv3/nuca-mon1.nuca.ac.uk. plist'
  2012-10-02 15:37:43.040 BST - Registered subnode with name '/LDAPv3/nuca-mon1.nuca.ac.uk'
  2012-10-02 15:37:43.108 BST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/legacy.bundle'
  2012-10-02 15:37:43.307 BST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/search.bundle'
  2012-10-02 15:37:44.311 BST - '/Search' has registered, loading additional services
  2012-10-02 15:37:44.311 BST - Initialize augmentation support
  2012-10-02 15:37:44.352 BST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/SystemCache.bundle'
  2012-10-02 15:37:44.423 BST - Successfully registered for Kernel identity service requests
  2012-10-02 15:37:44.482 BST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/PlistFile.bundle'
  2012-10-02 15:37:44.566 BST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/FDESupport.bundle'
  2012-10-02 15:37:45.461 BST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/ConfigurationProfiles.bundle'
  2012-10-02 15:37:45.463 BST - Registered subnode with name '/Local/Default'
  2012-10-02 15:37:45.556 BST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/ldap.bundle'
  2012-10-02 15:37:45.600 BST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/AppleODClient.bundle'
  2012-10-02 15:37:45.645 BST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/ActiveDirectory.bundle'
  2012-10-02 15:37:45.654 BST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/Kerberosv5.bundle'
  2012-10-02 15:37:45.858 BST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/NetLogon.bundle'
  2012-10-02 15:37:45.858 BST - Registered subnode with name '/Active Directory/NUCA-AD/nuca.ac.uk' as hidden
  2012-10-02 15:37:45.859 BST - Unregistered placeholder node with name '/Active Directory/NUCA-AD/All Domains'
  2012-10-02 15:37:45.860 BST - Registered subnode with name '/Active Directory/NUCA-AD/All Domains'
  2012-10-02 15:37:45.861 BST - Registered subnode with name '/Active Directory/NUCA-AD/Global Catalog' as hidden
  2012-10-02 15:37:57.468 BST - failed to retrieve password for credential
  2012-10-02 15:37:59.051 BST - failed to retrieve password for credential
  2012-10-02 15:38:04.052 BST - failed to retrieve password for credential
  2012-10-02 15:38:14.054 BST - failed to retrieve password for credential
  2012-10-02 15:38:29.056 BST - failed to retrieve password for credential
  2012-10-02 15:38:49.076 BST - failed to retrieve password for credential
  2012-10-02 15:39:11.505 BST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/configure.bundle'
  2012-10-02 15:39:11.900 BST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/keychain.bundle'
  Interestingly enough, the problem doesn't seem to effect users runing 10.6.8 or my iMac which is running 10.8.2. I've spoken to network manager and he can't see anything strange going on, on the network.
  I've also spoekn to our AD guy and nothing has changed.
  This is now the second time it's happend, I've managed to get everyone working (before it happened again) by deleting the AD plist in /Library/Preferences/OpenDirectory/Configurations/Active\ Directory/ then rebinding via a scipt pushed out via ARD
  If anyone can offer any assitance I'd be most gratful as I'm about to be shot by our users! as it's the start of our new academic year!
  Thanks!
  Paul

  It's been a few weeks now, and (touch wood) it's not happended again on mass. We have had a few individual ones, but nothing major.
  We still don't quite know exactly what happened, but trouble shooting found the following:
  Our time server wasn't working corrctly centrifys ADCheck tool showed it as having a firewall (even though it didn't) our AD guy fixed that problem (sorry not sure exactly what he did)
  We checked the AD kerberos ticket from a machine that lost it's connection to AD, on another mac that worked and found that it couldn't connect as the password was wrong. It seems that by default Active Directory ticket wants to change it's password every 14, and when trying to it's failing so I set it to 0
  We had tried to set the server the AD plugin see's to a specific DC but this wasnt happening due to subnets not being configured in AD sites and Services
  Some of the Mac's did not like being set to GMT in the time zone and the time was an hour out, people where able to login though! So I've now set them to Eurpoe\London and they're now picking up the correct time and even picked up the daylight savings over the weekend.
  Our DNS is still not great but we are in the process of sorting out our subnets and when we do the consolodation we'll also asign reservations for all the mac's in the hope that apeases DDNS
  Thanks Paul