OID Provisioning issue
I have a case where a user did not get updated in OID when his account got modified in OIM. This lead to a data mismatch between OID and OIM.
Can I write a task to send his info into OID.
Thanks
M
Hi,
This case is discussed numerous time in this forum.Please search the forum and you will get your answer.
Check out this latest thread and solution by me and Kevin.
Re: pushing oim account profile changes into AD!
Regards
Nitesh
Similar Messages
-
OID Provisioning issue on OIM 11g
Hi,
I have ran the target user recon for OID and noticed from the events that users are not linked. I tried assigning OID User resource from the provisioning workflow on the admin console but I am seeing the following the issue:
DOBJ.ORC_NO_ORDER
An error occurred while retrieving process information null : null
Please help.Hi
Can you verify On your OID resource object in desing console 'Order For User' is chosen.
Regards
user12841694 -
OIM-OID provisionning issue with external plug in with AD
Hi OIM/OID Guru's,
We are using OIM with OID connector and having external authentication plug-in feature of OID with AD. Here we are using OID for user profile storage and doing password validation by using external plugin through AD however we have been
facing one issue which is mentioned below :-
Whenever we are creating any user in through OIM and found that user is provisioned to the OID target source but populating wrong value of attribute orclSourceObjectDN in OID process form:-
orclSourceObjectDN = cn=OIDTEST3,CN=Users,DC=oracle-test,DC=oracle,DC=com
correct value should be orclSourceObjectDN =cn=OIDTEST3,CN=Users,DC=oracle,DC=com
we don't have any container in OID with DC=oracle-test however not sure how the process form is picking up this value?
However could you please put more light why it is appending wrong DN in OIM process form? Where should i check for this from OIM side?Hi Dear,
thanks for your reply and we are using OIM 9.x version. Checked Root DN value as you suggested (see below snap shot for oid resource definition):-
Admin Id cn=username
Admin Password *******
Group Reconciliation Time Stamp
Last Target Delete Recon TimeStamp
Last Target Recon TimeStamp
Last Trusted Delete Recon TimeStamp
Last Trusted Recon TimeStamp
Port 6060
Prov Attribute Lookup Code AttrName.Prov.Map.OID
Prov Group Attribute Lookup Code AttrName.Group.Prov.Map.OID
Prov Role Attribute Lookup Code AttrName.Role.Prov.Map.OID
Role Reconciliation Time Stamp
Root DN DC=oracle,DC=com
SSL false
Server Address My server name
Use XL Org Structure false -
Collection assign issue in OID provisioning environment
Hy Tom,
I am interested in LDAP with OID PROVISIONING in portal 10g application.
we create a register procedure.
however. i got an error message as ORA-06502: PL/SQL: numeric or value error: NULL index table key value.
After debuging, we found that issue result assign null value .
when we assign as
user_vals(counter2) := entry.attr(counter1).attrval(counter2);
It seems that that we can not assign entry.attr(counter1).attrval(counter2) to other var two time in procedure.
It is server configuration issue or code issue.
Thanks
Newweber
*********************** Code
PROCEDURE pre_add ( ldapplugincontext IN ODS.plugincontext,
dn IN VARCHAR2,
entry IN ODS.entryobj,
rc OUT INTEGER,
errormsg OUT VARCHAR2
IS
ret INTEGER;
l_portal_user wwsec_person.USER_NAME%type;
l_first_name wwsec_person.FIRST_NAME%type;
l_last_name wwsec_person.LAST_NAME%type;
l_email wwsec_person.EMAIL%type;
l_work_phone wwsec_person.WORK_PHONE%type;
l_mobile wwsec_person.MOBILE_PHONE%type;
counter1 pls_integer;
counter2 pls_integer;
retval pls_integer := -1;
s integer;
user_session DBMS_LDAP.session;
user_dn varchar(256);
user_array DBMS_LDAP.mod_array;
user_vals DBMS_LDAP.string_collection;
user_binvals DBMS_LDAP.blob_collection;
indx number := 1;
BEGIN
l_portal_user :=null;
l_first_name :=null;
l_last_name :=null;
l_email :=null;
l_work_phone :=null;
l_mobile :=null;
l_description :=null;
rc := 0;
errormsg :=null;
-- Create a mod_array
user_array := dbms_ldap.create_mod_array(entry.binattr.count + entry.attr.count);
-- Create a user_dn
user_dn := substr(dn,1,instr(dn,',',1,1))||'cn=users,dc=e-hms,dc=net';
FOR l_counter1 IN 1..entry.attr.COUNT LOOP
FOR l_counter2 IN 1..entry.attr(l_counter1).attrval.COUNT LOOP
ckerror('second loop get value--'|| entry.attr(l_counter1).attrname || '[' || l_counter1 || ']' ||'.val[' || l_counter2 || '] = ' ||entry.attr(l_counter1).attrval(l_counter2));
if entry.attr(l_counter1).attrval(l_counter2) is null then
ckerror('handle null attribule ');
else
-- get value
ckerror('get value2'||entry.attr(l_counter1).attrname);
IF entry.attr(l_counter1).attrname ='givenname' then
l_first_name :=entry.attr(l_counter1).attrval(l_counter2);
ckerror('givename/firstname--'||l_first_name);
elsif entry.attr(l_counter1).attrname ='sn' then
l_last_name :=entry.attr(l_counter1).attrval(l_counter2);
ckerror('sn/lastname--'||l_last_name);
elsif entry.attr(l_counter1).attrname ='mail' then
l_email := entry.attr(l_counter1).attrval(l_counter2);
ckerror(' email--'||l_email);
elsif entry.attr(l_counter1).attrname ='mobile' then
l_mobile :=entry.attr(l_counter1).attrval(l_counter2);
ckerror('mobile--'||l_mobile);
elsif entry.attr(l_counter1).attrname ='telephonenumber' then
l_work_phone :=entry.attr(l_counter1).attrval(l_counter2);
ckerror('work telphone--'||l_work_phone);
elsif entry.attr(l_counter1).attrname ='cn' then
l_portal_user :=entry.attr(l_counter1).attrval(l_counter2);
ckerror('cn/username--'||l_portal_user);
elsif entry.attr(l_counter1).attrname ='description' then
l_description :=entry.attr(l_counter1).attrval(l_counter2);
ckerror('description--'||l_description );
else
ckerror('handle other entry name--'|| entry.attr(l_counter1).attrname);
ckerror('handle other entry--'||entry.attr(l_counter1).attrval(l_counter2) );
end if;
end if;
ckerror('end compare at second loop');
ckerror('NULL ASSIGN ISSUE FOR 72 --'||entry.attr(counter1).attrval(counter2));
user_vals(counter2) := entry.attr(counter1).attrval(counter2);
END LOOP;
ckerror('end first loop');
--- put ldap
dbms_ldap.populate_mod_array(user_array,DBMS_LDAP.MOD_ADD, entry.attr(counter1).attrname,user_vals);
user_vals.delete;
END LOOP;
processs other (l_firstname...) vars in SQL sataement
EXCEPTION
WHEN OTHERS THEN
ckerror( 'Exception in PRE_ADD plugin. Error code is ' || TO_CHAR(SQLCODE));
ckerror( ' ' || Sqlerrm);
rc := 909;
errormsg := 'Error code:'|| rc||' exception: pre_add data';
END;Hy Tom,
I am interested in LDAP with OID PROVISIONING in portal 10g application.
we create a register procedure.
however. i got an error message as ORA-06502: PL/SQL: numeric or value error: NULL index table key value.
After debuging, we found that issue result assign null value .
when we assign as
user_vals(counter2) := entry.attr(counter1).attrval(counter2);
It seems that that we can not assign entry.attr(counter1).attrval(counter2) to other var two time in procedure.
It is server configuration issue or code issue.
Thanks
Newweber
*********************** Code
PROCEDURE pre_add ( ldapplugincontext IN ODS.plugincontext,
dn IN VARCHAR2,
entry IN ODS.entryobj,
rc OUT INTEGER,
errormsg OUT VARCHAR2
IS
ret INTEGER;
l_portal_user wwsec_person.USER_NAME%type;
l_first_name wwsec_person.FIRST_NAME%type;
l_last_name wwsec_person.LAST_NAME%type;
l_email wwsec_person.EMAIL%type;
l_work_phone wwsec_person.WORK_PHONE%type;
l_mobile wwsec_person.MOBILE_PHONE%type;
counter1 pls_integer;
counter2 pls_integer;
retval pls_integer := -1;
s integer;
user_session DBMS_LDAP.session;
user_dn varchar(256);
user_array DBMS_LDAP.mod_array;
user_vals DBMS_LDAP.string_collection;
user_binvals DBMS_LDAP.blob_collection;
indx number := 1;
BEGIN
l_portal_user :=null;
l_first_name :=null;
l_last_name :=null;
l_email :=null;
l_work_phone :=null;
l_mobile :=null;
l_description :=null;
rc := 0;
errormsg :=null;
-- Create a mod_array
user_array := dbms_ldap.create_mod_array(entry.binattr.count + entry.attr.count);
-- Create a user_dn
user_dn := substr(dn,1,instr(dn,',',1,1))||'cn=users,dc=e-hms,dc=net';
FOR l_counter1 IN 1..entry.attr.COUNT LOOP
FOR l_counter2 IN 1..entry.attr(l_counter1).attrval.COUNT LOOP
ckerror('second loop get value--'|| entry.attr(l_counter1).attrname || '[' || l_counter1 || ']' ||'.val[' || l_counter2 || '] = ' ||entry.attr(l_counter1).attrval(l_counter2));
if entry.attr(l_counter1).attrval(l_counter2) is null then
ckerror('handle null attribule ');
else
-- get value
ckerror('get value2'||entry.attr(l_counter1).attrname);
IF entry.attr(l_counter1).attrname ='givenname' then
l_first_name :=entry.attr(l_counter1).attrval(l_counter2);
ckerror('givename/firstname--'||l_first_name);
elsif entry.attr(l_counter1).attrname ='sn' then
l_last_name :=entry.attr(l_counter1).attrval(l_counter2);
ckerror('sn/lastname--'||l_last_name);
elsif entry.attr(l_counter1).attrname ='mail' then
l_email := entry.attr(l_counter1).attrval(l_counter2);
ckerror(' email--'||l_email);
elsif entry.attr(l_counter1).attrname ='mobile' then
l_mobile :=entry.attr(l_counter1).attrval(l_counter2);
ckerror('mobile--'||l_mobile);
elsif entry.attr(l_counter1).attrname ='telephonenumber' then
l_work_phone :=entry.attr(l_counter1).attrval(l_counter2);
ckerror('work telphone--'||l_work_phone);
elsif entry.attr(l_counter1).attrname ='cn' then
l_portal_user :=entry.attr(l_counter1).attrval(l_counter2);
ckerror('cn/username--'||l_portal_user);
elsif entry.attr(l_counter1).attrname ='description' then
l_description :=entry.attr(l_counter1).attrval(l_counter2);
ckerror('description--'||l_description );
else
ckerror('handle other entry name--'|| entry.attr(l_counter1).attrname);
ckerror('handle other entry--'||entry.attr(l_counter1).attrval(l_counter2) );
end if;
end if;
ckerror('end compare at second loop');
ckerror('NULL ASSIGN ISSUE FOR 72 --'||entry.attr(counter1).attrval(counter2));
user_vals(counter2) := entry.attr(counter1).attrval(counter2);
END LOOP;
ckerror('end first loop');
--- put ldap
dbms_ldap.populate_mod_array(user_array,DBMS_LDAP.MOD_ADD, entry.attr(counter1).attrname,user_vals);
user_vals.delete;
END LOOP;
processs other (l_firstname...) vars in SQL sataement
EXCEPTION
WHEN OTHERS THEN
ckerror( 'Exception in PRE_ADD plugin. Error code is ' || TO_CHAR(SQLCODE));
ckerror( ' ' || Sqlerrm);
rc := 909;
errormsg := 'Error code:'|| rc||' exception: pre_add data';
END; -
OID provisioning from OIM
i have deployed and configured OID connector but users not provisioned to OID. it gives INVALID_NAMING_ERROR. what could be the possible reason.please check and reply :
View IT Resource Details and Parameters
IT Resource Name OID IT Resource
IT Resource Type OID Server
Port 389
Use XL Org Structure false
Last Trusted Delete Recon TimeStamp
CustomizedReconQuery
SSL false
Server Address 10.76.118.72
Recon Attribute Lookup Code AttrName.Recon.Map.OID
Root DN dc=ad,dc=infosys,dc=com
Admin Id cn=orcladmin,cn=Users,dc=ad,dc=infosys,dc=com
Last Target Recon TimeStamp
Last Target Delete Recon TimeStamp
Last Trusted Recon TimeStamp
Admin Password *********
Prov Attribute Lookup Code AttrName.Prov.Map.OID -
AE 5.1 - User provisioning issue - new user provisioned at end of request
Hi All,
re: AE 5.1 - User provisioning issue - new user provisioned at end of request when AE Config is set to NO
We have an interesting issue. An Access Enforcer Change Request was initiated with the incorrect userID (the userID did not yet exist in the system) and that Change Request flowed through and made it to the end of the path. At the end of the path, it created a new userID (since the incorrect one was entered). However, we have the following AE Config:
Auto Provisioning - Status: Auto Provsioning Type: "Auto Provision At End of Each Path"
Auto Provisioning - Change Request: Create if user does not exist: "NO"
Any ideas as to why the new userID was provisioned even though we have it set to "NO"?
We are on AE v5.1, SP4.
Thanks in advance!Gary,
Similar kind of issue.,
The Change User BAPI works differently than we normally think.
It wipes off everything and reassign the modification.
This I figured it in one of my implementation. You try add some roles to the user it wipes off all the roles and reassign the roles along with the new requested one's.
The client is also in SP4 still they have issue.
Will that not be good, AE checks for the ID before it actually submits the request.
Thanks.
Note : The issue mentioned by you doesnt exist in AE5.2
Regards,
Muthu Kumaran KG
Edited by: Muthukumaran Krishnan Govindan on Mar 13, 2008 2:38 PM -
Escape character before dot in dn entry after OID provisioning
Our OIM users are auto provisioned to OID using out of box OID connector. Everything works fine other than this issue.
When value for OIM's "User login" contain the character dot (say BILLY.BOB) , the corresponding dn entry in OID is created with an escape character (dn: uid=BILLY\.BOB,cn=users,dc=abc,dc=com) .
Example :
OIM's 'User Login' = BILLY.BOB
OID Entry created as
dn: uid=BILLY\.BOB,cn=users,dc=abc,dc=com
givenName: Billy
uid: BILLY.BOB
cn: Billy Bob
Note that the uid does not get the escape character, only the dn value is getting affected.
Thanks in advance!
KabiYou need to remove . in the Lookup defintion which comes with OOTB connector.
Re: OID Connector.User Id includes "\" when seen through ODSM -
Developer Application Provisioning Issues -- Only one app at a time?
_The upshot:_
You can have one and only one developer provision and developer application on the iPhone at a time otherwise you get installation errors (i.e. 0xe8000001).
_To fix:_
Use Xcode Organizer to ensure that you have one and only one application and provision installed to the iPhone that uses your developer certificate.
_To any Apple people:_
If I am wrong about any of this, please let me know. I have wasted 3-4 days over the past 2 weeks due to these issues, and any explanation would be well received! Having one and only one application and provision installed to the iPhone fixed the 0xe8000001 issues for me.
_Long winded explanation:_
It turns out that I am working on multiple iPhone applications at the same time.
Each application has a different AppID (as registered on the iPhone Developer Portal).
I have spent quite a bit of time having major issues with Developer Provisioning and application installation from within Xcode and Xcode Organizer, which led me to not be able to debug my application on a live iPhone.
I finally discovered my problem: I can only have one app and one provision on the iPhone that uses the same developer certificate.
When swapping between Xcode projects if I remove all provisions and applications using Organizer and re-add only the provision of the application I am working on, then the install errors at build time go away.
Samples of install errors that manifest themselves using the 0xe8000001 code:
Thu Aug 21 16:56:02 unknown mobileinstallationproxy[770] <Error>: entitlement 'application-identifier' has value not permitted by provisioning profile
Thu Aug 21 16:56:02 unknown mobileinstallationproxy[770] <Error>: verify_executable: Could not validate signature: e8008016
-- Taken from the Xcode Organizer Console window for my development iPhone --
These errors seem to be occurring because of an install time check against the installed provision files to verify the app, and it seems the provision from an already installed application is being used.
This is probably occurring because the main developer certificate has to be the same between the 2 applications. As the scan through the provisions is occurring, the certificate of the new app matches the certificate from the already installed app, and the provision check fails due to different App IDs.
There is one and only one developer certificate allowed per iPhone Standard program.
I hope that this helps some other people out there with their development provisioning and debug / installation errors.
--BatgarThis is why you should create a wildcard developer certificate (com.youcompany.*)...follow the directions in the program portal. Then you can then install all your apps on your phone.
-
OIM to OID Provisioning to cn=groups
We want to provision a user in to cn=groups in addition to cn=Users in OID.
Flow is like, when we provision a user into OID. It is getting provisioned into cn=Users.
But now depending on this user's User Type: If User Type is A or B. We want to provision this into cn=Groups (Which has two nodes cn=A and cn=B).
So if the user created & Provisioned has User Type=A, it should be added to cn=A in cn=groups and same for userType=B.
Requirement is we should have all the users of User Type=A in cn=A and similar for B. Please suggest the best approach to achieve this.
Thanks.
Regards,
NitinHi,
Problem still exists: I've reconciled groups from OID to OIM running this task: OID Group Lookup Reconciliation Task.
Now i am able to see OID groups in Lookup.OID.Group. but when i try to add these groups from access policy/or during manual prov from OID User Group lookup search option, it is showing no value.
I tried checking UD_OID_USR from, it has UD_OID_GRP as child table. And when i preview UD_OID_GRP from design console, i am able to query OID Groups that i reconciled.
Also checked value of linked lookup in UD_OID_GRP: Lookup.OID.Group which is correct and populated good.
But not able to see same user groups through Admin console. It throws this error on search:
ERROR,28 Jul 2010 11:40:22,632,[XELLERATE.WEBAPP],Class/Method: tcLookupFieldAction/lookupByColumn encounter some problems: lookup Error
ERROR,28 Jul 2010 11:40:24,820,[XELLERATE.WEBAPP],Class/Method: tcLookupFieldAction/lookupByColumnFiltered encounter some problems: No Values Present
ERROR,28 Jul 2010 11:47:08,937,[XELLERATE.WEBAPP],Class/Method: tcLookupFieldAction/lookupByColumn encounter some problems: lookup Error
ERROR,28 Jul 2010 11:47:10,386,[XELLERATE.WEBAPP],Class/Method: tcLookupFieldAction/lookupByColumnFiltered encounter some problems: No Values Present
Help required urgently.
Regards,
Nitin -
I have a requirement where users need to be created into OIM bu running a one time Trusted Source Recon. Once the users are created on OIM we want to link the account on OID with the user account created on OIM. When we run a Target Recon for these users the OIM accounts are not getting linked to the OID account.
Also when i create an user in OIM and try to provision the OID resource to him, he is getting Provisioned, whereas if i try to provision OID to a user created in OIM through Trusted Source Recon the status shows as Provisioning.
Can anyone please help me out by letting me know what might be the difference between users created manually through OIM admin console and the ones created through Trusted Recon, since provisioning is not working for the second set of users.
Thanks,
ParthaThis indicates that your manual provisioning is working, but not target reconciliation.
When you are running target reconciliation:
Make sure that the scheduled job that you are running for target recon is given appropriate values in the parameters to be given. -
OIM to OID Provisioning - Userid getting 'null' in OID
OIM provisioned to OID. When Im creating a user in OIM and provisioning the OID resource, the userid is getting 'null' value in OID.
Any reasons? How to fix this ?
I have checked the design console and the ldapuserDNPrefix is mapped to uid.Hi,
You have to had an another atrribute in order to make it work:
Solution
While creating a user account on Oracle Internet Directory through Oracle Identity Manager, the
user ID that you specify is assigned to the cn field of Oracle Internet Directory.
If required, you can customize the mapping so that the user ID is assigned to the uid field of
Oracle Internet Directory.
1.In the Design Console, open the AttrName.Prov.Map.OID lookup definition.
2.Change the decode value of the ldapUserDNPrefix code key to uid.
*3.Add the following item to AttrName.Prov.Map.OID lookup defintion*
Code key "User ID", decode value "uid".
Please note that Key is case sensitive. -
OIM-OID Provisioning - OID Group PrePopulate Approach :
Hi,
I am working on OID Connector 9.0.1.14 with OIM 11.1.1.5.
I have reconciled all the Roles and Groups from OID to OIM and can successfully provision users to the OID along with membership to these specific Roles and Groups.
I want to prepopulate the OID Group based on certain attribute from the OIM User form. My Approach so far is :
1) Created an Entity Adapter with a variable : say Org and GroupName.
2) Set the Logic as if Org = XYZ (+XYZ does exist on OIM+) set GroupName as = "OID Group 1" else set GroupName as = "OID Group 2"
3) Attached this adapter to the "OID User Group" form on the "Data Object Manager" at the pre-insert stage.
4) Mapped the Adapter variable as :
a) Org Maps to "Organization Definition" with the qualifier "Organization Name"
b) GroupName maps to the "Entity Field" with the qualifier "UD_OID_GRP_GROUP_NAME"
However nothing seems to happen when I create/modify a user with Orgization Name as XYZ and manually Provision the OID Resource. I can see the form but nothing is populated in the Group Field. Upon completing the request, I get the user provisioned to OID but without any Group information..
Is my approach right ? Am I missing something ?Here is what I have done for a client. My requirement was for a given department, a user must have a list of groups provisioned to them. So here is what i've done:
1. Create a lookup that has Code Key = Department, Decode = CN of the groups in a delimited format.
2. Create a provisioning task that will look at the department code from the user form, reference the lookup and find the decode values. Split them based on a delimiter. Then using each value, lookup the code key value from the real lookup that contains the full distinguished name of the group in the OID Group lookup. I even appened the IT Resource Key and ~ so that my search would be Decode or Code = "IT Resource Name~CN=<CN VALUE>%". This would return only the single group code key value. And then i add it to the child table. Repeat this for all the values in the delimited field.
3. Create a provisioning task that removes the values from the child table based on the delimited value. You'll need to search through the existing child table values.
Once you have the 2 tasks, you'll want to add a value to the your Lookup.USR_PROCESS_TRIGGERS that is your group determining field. Create your task name in this lookup. On your provisioning workflow, for the Adding of the groups task, make this unconditional, and have a preceding task of the Create User. Give it the name from your Lookup.USR_PROCESS_TRIGGERS and append " - Add Groups" to the task name. Create another task called the same, but append " - Delete Groups" to the task name. On the Add Groups task, make the preceding task the Delete groups. When you map your inputs to the adapters, on the delete, select the old value check box from the User Form so that you get the old value. Now, when the value changes on the user form, it will first remove the old groups, then add the new ones. All this will be done using the child table APIs, so that the existing Insert and Delete task triggers for your child table will run.
-Kevin -
AD Provisioning Issue OIM 11.1.1.5
HI,
We had created a Role to Provision AD Resource to user using Access Policy. Role is being assigned to user and We are able to see that resource is being assigned to user But its state is Provisioning not Provisioned.
We had checked that System Validation task is being Pending for the user and Process form is blank for the user.
We had Checked the Auto prepopulate and Auto save form checkbox on process form of AD.
While when we manually assigned the Resoruce to user...Form is auto popualted and resource is provisioned to user.
We are not able to configure out why process form is blank while we are able to see from logs that prepopulate adapters are being called but process form is blank.
Please Help.It is really strange. If you have checked both Auto Save and Auto Prepopulate it should work
But you try to update your access policy. Edit it and put the IT resource value in the process form and save it. Even verify once again any mandatory field is blank.
Still not able to do. just go to process form create new version and remove the required property from the given attribute and update it
If it works fine you can find the issue and update mandatory.
regards,
Nishith Nayan -
Multiple resource objects provision issue in OIM10g
Hi Team,
We're facing an issue regarding multiple access policy trigger for a specific resource object in OIM.
The scenario is whenever we try to process the enablement or creation of users through flat file recon, users are created / enabled with multiple resource objects in their resource profiles.
When we checked in User Resource Access History report, we observe that the access policy has been triggering multiple times for these users resulting in users with multiple resource objects. Amongst these one shows provisioned/Enabled and the other shows provisioning/in some cases Provisioned/Enabled.
Please advise as this has become an ongoing issue and also has led into data mess-up.
Appreciate your help on this one..
Regards,
SagarThe terminology sounds a little confusing to me:
If you mean you wanna create multiple IT Resources for a single IT Resource Instance so that the user can select the appropriate IT Resource during request creation -> All good upto here. But then since the Object/Request Form attached to a resource would be the same, so any user would always see the same form fields for creationg request.
Example: Users creating request for Oracle Database Accounts but different server locations
If it means you just need to create multiple Resource Objects then its a straighaway standard requirement and could be handled with normal Connector Development methodology.
Example: Users creating requests for different resources like Oracle Database Accounts & Active Directory Accounts -
Out-of-Band provisioning issue
Hi there,
I'm migrating from Configmanager 2007 to 2012 SP1 at a customer.
With CM 2007 I'd succesfully implemented Out-of-band management. Now I'm having some issues with provisioning AMT from CM2012.
The testing machines have never been provisioned with CM2007.
The oobmgmt.log at the client logs succesful activated the device.
At the server in the amtopmgr.log file the follwoing error is logged:
Error: Can NOT get OTP from target device (MachineId = 16777220)
I know this has to do with a one time password that is generated...I dont know where I have to look to resolve this issue.
Part of the amtopmgr logfile:
>>>>>>>>>>>>>>>Provision task (In Band Provision) begin<<<<<<<<<<<<<<< SMS_AMT_OPERATION_MANAGER 28-10-2013 13:34:23
5268 (0x1494)
Provision target is indicated with SMS resource id. (MachineId = 16777220 DSK-0925.water.intern) SMS_AMT_OPERATION_MANAGER 28-10-2013 13:34:23 5268 (0x1494)
Found valid basic machine property for machine id = 16777220. SMS_AMT_OPERATION_MANAGER 28-10-2013 13:34:23 5268 (0x1494)
Warning: Currently we don't support mutual auth. Change to TLS server auth mode. SMS_AMT_OPERATION_MANAGER 28-10-2013 13:34:23 5268 (0x1494)
The provision mode for device DSK-0925.water.intern is 1. SMS_AMT_OPERATION_MANAGER 28-10-2013 13:34:23 5268 (0x1494)
The IP addresses of the host DSK-0925.water.intern are 10.10.128.76. SMS_AMT_OPERATION_MANAGER 28-10-2013 13:34:23 5268 (0x1494)
Root hash of provisioning certificate is 2796BAE63F1801E277261BA0D77770028F20EEE4. SMS_AMT_OPERATION_MANAGER 28-10-2013 13:34:23 5268 (0x1494)
Attempting to establish connection with target device using SOAP. SMS_AMT_OPERATION_MANAGER 28-10-2013 13:34:23 5268 (0x1494)
Create provisionHelper with (Hash: FD16D8C6A482C73C12832BC19D5BCABD4460D5A3) SMS_AMT_OPERATION_MANAGER 28-10-2013 13:34:23 5268 (0x1494)
Set credential on provisionHelper... SMS_AMT_OPERATION_MANAGER 28-10-2013 13:34:23 5268 (0x1494)
Try to use provisioning account to connect target machine 10.10.128.76... SMS_AMT_OPERATION_MANAGER 28-10-2013 13:34:23 5268 (0x1494)
Core version of target machine 10.10.128.76 is: 9.0.3. SMS_AMT_OPERATION_MANAGER 28-10-2013 13:34:24 5268 (0x1494)
Succeed to connect target machine 10.10.128.76 using provisioning account #0. SMS_AMT_OPERATION_MANAGER 28-10-2013 13:34:24 5268 (0x1494)
GeneralInfo.GetProvisioningState finished with HResult = 0x0, status = 0x0, clientErr = 0. SMS_AMT_OPERATION_MANAGER 28-10-2013 13:34:24 5268 (0x1494)
Get device provisioning state is In Provisioning SMS_AMT_OPERATION_MANAGER 28-10-2013 13:34:24 5268 (0x1494)
Error: Can NOT get OTP from target device. (MachineId = 16777220) SMS_AMT_OPERATION_MANAGER 28-10-2013 13:34:25 5268 (0x1494)
CStateMsgReporter::DeliverMessages - Queued message: TT=1201 TIDT=0 TID='Unspecified' SID=13 MUF=0 PCNT=1, P1='DSK-0925.water.intern' P2='' P3='' P4='' P5='' SMS_AMT_OPERATION_MANAGER 28-10-2013 13:34:25 5268
(0x1494)
CStateMsgReporter::DeliverMessages - Created state message file: C:\Program Files\Microsoft Configuration Manager\inboxes\auth\statesys.box\incoming\ikjsq3c0.SMX SMS_AMT_OPERATION_MANAGER 28-10-2013 13:34:25
5268 (0x1494)
>>>>>>>>>>>>>>>Provision task (In Band Provision) end<<<<<<<<<<<<<<< SMS_AMT_OPERATION_MANAGER 28-10-2013 13:34:25
5268 (0x1494)
Anyone has a good idea?
Thanks in advance.
MarkHi Mark,
I am experiencing the same issue you are, but only with one machine. I have over 1000 machines that have successfully provisioned, so it's a bit of a mystery at the moment.
I have confirmed that my failing machine does have a OTP in the SCCM database by running the following query:
select MachineID ,OTP from dbo.AMT_MachineProperties where HostName = '<machine name>'
This shows a OTP for each machine, but I'm still having trouble with this one. Did you ever find a solution?
Thanks,
Russel
Maybe you are looking for
-
I've had my Mac Pro since Feb of 2009. For Christmas I got the Snow Leopard upgrade and installed in a few days ago. Since then the scroll button on top of the mouse will only allow scrolling down. Previously it allow up and down scrolling. Is this p
-
Excel information to be added in image
Hi, I have around 650 images and some information such as file name or data is given in a seprate excel. For Ex. in the spread sheet the information would be A B Fig 1 Bus I need to paste the information at the bottom of the image Can any
-
How do i place content in a sliding panel one beside the other?
my site: www.islamobec.com how can i populate my sliding panel by placing content beside each other??
-
How do i view dhcp table in aiport 6.0
Just let Apple upgrade my Airport utility and now I can't find the router's DHCP table.
-
I edited a .mov file in QTPro. Now it won't open.
I performed a quick trim edit to a .mov file (taken by my HD camera) in QTPro. Not knowing, I simply closed the file pressing the red button and hit "save" when prompted. Now I can't reopen the file. I've tried to change the extension and reopen, no