PAPI-WS Participant could not be authenticated.

I'm attempting to create a process in BPM from a java application using PAPI-WS, this works fine when I run in Studio, but when I deploy this to the BPM Enterprise (ALBPM 6.0) I get the following error:
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: Participant could not be authenticated. A wrong username or password might have been specified.
I would like to use SSO authentication, but since this error occurred with the custom SSO class I was using, I tried to use preset authentication, but it does not work even with preset authentication (we've made the configuration changes in the ALBPM admin documention). Is there anything else that needs to be done, in order to use preset authentication? It appears that althought a username is being set, ALBPM thinks the username is null
Thanks.

Use the example located at C:\OraBPMStudioHome\samples\integration\BPM-PapiWs-DotNet-Example\PAPI_WS2_Sample
Main thing to note, is that you need to enable Web Services Enhancements.
1. Under the General tab select
     a. Enable this project for Web Services Enhancements
2. Under the Policy tab
     a. Click browse and select wse3policyCache.config
          i. Go through the config and we want to add the following extensions
               1) usernameOverTransportSecurity
               2) requireActionHeader
     b. Add an Application policy "ALBPM_Policy"

Similar Messages

  • Export/Import Error: The security token could not be authenticated

    We currently are working in PLM 6.1.1 and users are experiencing Export/Import Issues, the error appears frequently with several users.
    Steps:
    1. A new token is generated from our QA environment
    2. The user logs into Dev and transfers the token
    3. In the export ADMIN area the user selects a section
    4. In the QA environment the user schedules the import
    5. The import is scheduled however the error is received after a few mins
    Error Message:
    The security token could not be authenticated or authorized ---> The directory service is unavailable.
    at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
    at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
    at Xeno.Prodika.XenoDoc.Handlers.DRL.DrlService.GetAttachment(tIdentifier Identifier)
    at Xeno.Prodika.XenoDoc.Handlers.DRL.DrlWebServiceLifecycleHandler.Load(IXDocument xdoc, String pkid)
    at Xeno.Prodika.XenoDoc.BaseLibraryManager.LoadDocumentPhaseII(IXLibraryConfiguration libConfig, IXDocument xdoc, String pkid)
    at Xeno.Prodika.XenoDoc.BaseLibraryManager.LoadDocument(String pkid)
    at Xeno.Prodika.ExportImport.DataExchange.ImportRequestProcessor.ProcessRequest(IApplicationManager applicationManager, IImportRequestQueue request)
    This error can be difficult to reproduce but occurs periodically.

    This is likely a DRL issue. verify DRL is configured correctly and a valid PLM4P user is setup in the setup assistant. in addition, make sure you added the new app in IIS for DRLService (this is a doc bug we are correcting that we failed to include in the 611 guide). verify you can attach and then open an attachment on a material spec.

  • The selected signed file could not be authenticated. The file might have been tampered with or an error might have occured during download. Please verify the MD5 hash value against the Cisco Systems web site

    I am trying to load any 9.0.3 firmware on my UCM 5.0.4.2000-1 server. Every newer firmware I load throws the following error. I have verified the MD5 is correct and also downloaded the file several times with the same result. I can load the same firmware file on another UCM server and it loads fine. Any ideas?
    Thanks in advance!
    Error Message:
    The selected signed file could not be authenticated. The file might have been  tampered with or an error might have occured during download. Please verify the  MD5 hash value against the Cisco Systems web site:  9b:b6:31:09:18:15:e7:c0:97:9f:e6:fe:9a:19:94:99
    Firmware File: cmterm-7970_7971-sccp.9-0-3.cop.sgn
    UCM version: 5.0.4.2000-1

    Thanks for your reply. We have a lab environment where I maintain  UCM 5.0, 5.1, 6.0, 6.1, 7.0, 7.1 and 8.0 servers each running the latest released firmware for our QA testing team. I have downloaded and installed the latest device packages but find that if I try to install any firmware newer then 8.3.1 on either 5.0.4 or 6.0 i start getting MD5 hash authentication errors. It looks like 9.0.3 firmware should work on UCM 5.0 and 6.0 so I am lost as to why I can't seem to update any firmware for any model phone if it is newer then version 8.3.1 on either 5.0 or 6.0. while 5.1 and 6.1 work without issues. Maybe it is just a bug. I mostly wanted to see if anyone else has experienced this or if it is just me.

  • ID3242: The security token could not be authenticated or authorized?

    Hi,
    we are getting an error when SSIS Package is writing the data into CRM 2013 Application using CRM 2013 SDK.
    Please find the error log as below.
    [Update Contact into CRM [792]] Error: System.ServiceModel.Security.MessageSecurityException: An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail. ---> System.ServiceModel.FaultException:
    ID3242: The security token could not be authenticated or authorized.
       --- End of inner exception stack trace ---
    Server stack trace: 
       at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.ProcessReply(Message reply, SecurityProtocolCorrelationState correlationState, TimeSpan timeout)
       at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
       at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
       at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
       at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
    Exception rethrown at [0]: 
       at Microsoft.SqlServer.Dts.Pipeline.ScriptComponentHost.HandleUserException(Exception e)
       at Microsoft.SqlServer.Dts.Pipeline.ScriptComponentHost.ProcessInput(Int32 inputID, PipelineBuffer buffer)
       at Microsoft.SqlServer.Dts.Pipeline.ManagedComponentHost.HostProcessInput(IDTSManagedComponentWrapper100 wrapper, Int32 inputID, IDTSBuffer100 pDTSBuffer, IntPtr bufferWirePacket)
    Can you please suggest us how to proceed on this isssue.
    Thanks & Regards, Anil

    Hi JBlaesk,
    Thanks for your reply and Sorry as i didn't mention that, The Package was running till 1 hour and after 1hour it was getting failed and giving the error "Security token couldn't be authenticated or authorized".
    and this package was scheduled in Sqlserver Agent and user is System.
    i have seen there is no logs in CRM 2013 application and ADFS server for this issue.
    Thanks & Regards, Anil

  • The security token could not be authenticated or authorized

    Hi All,
    I have an issue with Oracle Migration Tool On Demand.
    I run the following command to backup the AccessProfile:
    Oracle Migration Tool On Demand:
    migrationtool -u <user> -s https://secure-ausomxefa.crmondemand.com ReadAll AccessProfile
    Unfortunately i get the following error:
    On the dos window:
    Please enter your CRM On Demand password: Your request has been sent to Oracle
    CRM On Demand Server.
    A response to the SOAP request sent to the CRM On Demand server has been receiv
    ed An error occurred. Please review the logs for details
    And in the log file:
    13-apr-2011 16.09.40 com.siebel.occam.odesa.cte.ODESAResponseHandler writeToLog
    GRAVE: <Fault xmlns="http://schemas.xmlsoap.org/soap/envelope/"><faultcode>wsse:FailedAuthentication</faultcode><faultstring>The security token could not be authenticated or authorized</faultstring><faultactor></faultactor></Fault>
    Please could you help me?
    Regards
    Alessandro
    Edited by: user3889450 on 13-apr-2011 7.16
    Edited by: user3889450 on 13-apr-2011 7.17
    Edited by: user3889450 on 13-apr-2011 7.18

    Alessandro, I would recommend that you submit a SR to CRM On Demand customer care in reference to this issue.

  • The client could not be authenticated because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server

    wireless authentication not working 
    I found the following in the radius
    Log Name:      Security
    Source:        Microsoft-Windows-Security-Auditing
    Date:          1/15/2014 2:07:57 AM
    Event ID:      6273
    Task Category: Network Policy Server
    Level:         Information
    Keywords:      Audit Failure
    User:          N/A
    Computer:     NAP01.test.local
    Description:
    Network Policy Server denied access to a user.
    Contact the Network Policy Server administrator for more information.
    User:
     Security ID:   doamin \user.a
     Account Name:   user.a
    Client Machine:
     Security ID:   NULL SID
     Account Name:   -
     Fully Qualified Account Name: -
     OS-Version:   -
     Called Station Identifier:  00-0F-7D-C4-45-20:staff
     Calling Station Identifier:  0C-74-C2-EF-Dd-0B
    NAS:
     NAS IPv4 Address:  192.168.9.10
     NAS IPv6 Address:  -
     NAS Identifier:   -
     NAS Port-Type:   Wireless - IEEE 802.11
     NAS Port:   497
    RADIUS Client:
     Client Friendly Name:  wcont1
     Client IP Address:   192.168.9.10
    Authentication Details:
     Connection Request Policy Name: Wireless
     Network Policy Name:  wism
     Authentication Provider:  Windows
     Authentication Server:  NAP01.test.local
     Authentication Type:  EAP
     EAP Type:   -
     Account Session Identifier:  -
     Logging Results:   Accounting information was written to the local log file.
     Reason Code:   22
     Reason:    The client could not be authenticated  because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server.
    Please help

    Hi,
    Anything updates?
    In addition, this issue may also because your client didn't have CA certificate of your domain. Please make sure that your client has CA certificate.
    Besides, the error "The client could not be authenticated because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server" may be due to that the default maximum transmission unit that NPS uses for EAP payloads is 1500
    bytes. You can lower the maximum size that NPS uses for EAP payloads by adjusting the Framed-MTU attribute in a network policy to a value no greater than 1344:
    Configure the EAP Payload Size
    Best regards,
    Susie

  • Using Hyper-V 2012 r2, connecting to the console results in: A certification authority could not be contacted for authentication.

    I'm having some trouble with authentication to guests from my Hyper-V console.
    If I try to connect from the Hyper-V Manager to the console of any guest, I get the error:
    "A certification authority could not be contacted for authentication. If you are using a Remote Desktop Gateway with a smart card, try connecting to the remote computer using a password. For assistance, contact your system administrator or technical support."
    I'm not using an RDG and smart card.
    I have 2 virtual networks. The first is Production, the second is Isolated. Production has 2 NICs attached to the Production LAN, the second has 2 NICs in our DMZ. The host is a member server of the production domain. I can use MSTSC from the LAN or the DMZ
    to gain access to each Guest and the Host.
    The issues start if I try "Connect" from Hyper-V Manager in an attempt to use the console of any Guest. Each attempt fails with the above error. If I use an incorrect password, I get a different error: "The credentials that were used to connect
    to {Server FQDN} did not work. Please enter new credentials."
    Taking a look at the the event logs, I can see the session successfully authenticating to the Guest (4776 Credential validation and 4624 Logon), and the fact I get a different error if I enter an incorrect password show I get some way along the line. However
    if I take a look at the logs on the Host, however I get:
    An account failed to log on.
        Subject:
            Security ID:        NULL SID
            Account Name:        -
            Account Domain:        -
            Logon ID:        0x0    
        Logon Type:            3
        Account For Which Logon Failed:
            Security ID:        NULL SID
            Account Name:        
            Account Domain:        
        Failure Information:
            Failure Reason:        An Error occured during Logon.
            Status:            0xC000006D
            Sub Status:        0xC000005E
        Process Information:
            Caller Process ID:    0x0
            Caller Process Name:    -
        Network Information:
            Workstation Name:    -
            Source Network Address:    -
            Source Port:        -
        Detailed Authentication Information:
            Logon Process:        Kerberos
            Authentication Package:    Kerberos
            Transited Services:    -
            Package Name (NTLM only):    -
            Key Length:        0
        This event is generated when a logon request fails. It is generated on the computer where access was attempted.
        The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
        The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
        The Process Information fields indicate which account and process on the system requested the logon.
        The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
        The authentication information fields provide detailed information about this specific logon request.
            - Transited services indicate which intermediate services have participated in this logon request.
            - Package name indicates which sub-protocol was used among the NTLM protocols.
            - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
    Which looks to me like a blank authentication request is being sent? (I've not deleted any machine/domain names, they're just not present)
    Any suggestions? Do you think I'm barking up the wrong tree?
    Thoughts and comments gratefully received

    Hi,
    What’s your guest system platform, base on my experience that must be the not supported guest system issue, the generation 2 vm only support the Windows 8 or 8.1 platform.
    The related KB:
    Generation 2 Virtual Machine Overview
    http://technet.microsoft.com/en-us/library/dn282285.aspx
    Hope this hleps.
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • Claims Based Authentication SPSecurityTokenService.Issue() failed: The security token username and password could not be validated.

    Please excuse the lousy table...Its late :-)
    I have a multi-server SP2010 farm.  Patched up to
    Configuration database version: 14.0.6106.5002
    My goal is to have a claims based web application that authenticated to ADAM for Extranet.  I have configured the servers exactly to MSDN and technet specs (following this spec to the
    letter (
    http://technet.microsoft.com/en-us/library/ee806882.aspx) to allow the forms side of the web app to authenticate to ADAM.
    IT WORKS IN DEV!!! , which is a single server farm.  However, it does not work in production.  I get the following:
    Claims Auth log entries:
    1:06:25 AM
    w3wp.exe (0x0EDC)                      
    0x1790
    SharePoint Foundation        
    Claims Authentication        
    f2ut
    Verbose
    Authenticated with login provider. Validating request security token.
    1:06:25 AM
    w3wp.exe (0x0EDC)                      
    0x1790
    SharePoint Foundation        
    Claims Authentication        
    0
    Verbose
    Using membership provider 'ADAMProvider'.
    1:06:25 AM
    w3wp.exe (0x0EDC)                      
    0x1790
    SharePoint Foundation        
    Claims Authentication        
    0
    Verbose
    Doing password check on '[email protected]'.
    1:06:46 AM
    w3wp.exe (0x0EDC)                      
    0x1790
    SharePoint Foundation        
    Claims Authentication        
    0
    Verbose
    Failed password check on '[email protected]'.
    1:06:46 AM
    w3wp.exe (0x0EDC)               
    0x1790
    SharePoint Foundation        
    Claims Authentication        
    0
    Unexpected
    Password check on '[email protected]' generated exception: 'System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security
    token username and password could not be validated. (Fault Detail is equal to Microsoft.IdentityModel.Tokens.FailedAuthenticationException: The security token username and password could not be validated.).'.
    1:06:46 AM
    w3wp.exe (0x0EDC)                      
    0x1790
    SharePoint Foundation        
    Claims Authentication        
    fo1t
    Monitorable
    SPSecurityTokenService.Issue() failed: System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security token username and password
    could not be validated. (Fault Detail is equal to Microsoft.IdentityModel.Tokens.FailedAuthenticationException: The security token username and password could not be validated.).
    1:06:46 AM
    w3wp.exe (0x1B34)                      
    0x08A0
    SharePoint Foundation        
    Claims Authentication        
    fsq7
    High   
    Request for security token failed with exception: System.ServiceModel.FaultException: The security token username and password could not be validated.    
    at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message response)    
    at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)  
      at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst)    
    at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo)
    1:06:46 AM
    w3wp.exe (0x1B34)                      
    0x08A0
    SharePoint Foundation        
    Claims Authentication        
    8306
    Critical
    An exception occurred when trying to issue security token: The security token username and password could not be validated..
    1:06:46 AM
    w3wp.exe (0x1B34)                      
    0x08A0
    SharePoint Foundation        
    Claims Authentication        
    f2un
    Verbose
    Form authentication failed.
    I have tried EVERYTHING (well, nt everything, I don’t have the fix I suppose). 
     I found plenty out there and nothing directly correlates with this issue. 
    I searched on all parts of the errors I got.
    This contains an interesting blurb about setting up access for the apppool id correctly. 
    That’s not the case for me.  It works in dev and the same id are used there. 
    http://sharepoint-2010-world.blogspot.com/2011/03/adam-forms-based-authentication-in.html
    This was good but it doesn’t give specs on what the environment looks like:
    http://social.msdn.microsoft.com/Forums/en/sharepoint2010general/thread/557143a6-4b36-4939-bb7f-d62a9335fd18
    The was interesting…but I am patched up beyond the June 2011 CU so it’s a moot point:
    http://social.technet.microsoft.com/Forums/en-US/sharepoint2010setup/thread/9b8368ef-c5e5-4ead-b348-7b2b5587cfc8
    Any and all help would be greatly appreciated!

    Hi.
    You say its a multiserver farm, do you have more than one web server then?
    If thats the case, have you tried accessing the site on each server directly?
    Found this for you, maybe that can help?
    Troubleshooting Exceptions: System.ServiceModel.FaultException`1
    http://msdn.microsoft.com/en-us/library/bb907220.aspx
    and this:
    SharePoint 2010 Claims Authentication - The security token username and password could not be validated reoccurring every morning
    http://social.technet.microsoft.com/Forums/pl-PL/sharepoint2010setup/thread/383f1f9b-5c4a-4e19-b770-2a54b7ab1ca1
    and
    This seems to be a good guide:
    http://donalconlon.wordpress.com/2010/02/23/configuring-forms-base-authentication-for-sharepoint-2010-using-iis7/
    Good luck
    Thomas Balkeståhl - Technical Specialist - SharePoint - http://blksthl.wordpress.com

  • Unable to open documents in Office (Word and Excel) - 3 authentication prompts followed by 'Could not open ...'

    I am getting multiple authentication prompts when I try to open or create a new .docx or .xslx document from SharePoint 2010. 
    I tried this on different machines and on different browsers (IE and Firefox) and see the same behavior. I am the site collection administrator. I see the same behavior on other sites also. Other users are also seeing the same behavior.
    If I download the document, I can open it without any issues.
    The Web Application IIS authentication settings is NTLM and Client Integration is enabled. 

    Hi shankze,
    According to your description, my understanding is that you could not open the documents because of the authentications.
    Go to IIS, make sure that the Security TokenServiceApplication pool is started.
    Please do as the followings, and compare the result:
    Add your site to the Trusted Sites Internet Zone.
    Go to Internet Options - Security - Highlight the Trusted Sites Check Mark - click on custom level - scroll to the bottom and in the user authentication section select "Automatic logon with current username and password."
    Also, you can do via group policy in DC server.
    More information, please refer to the link:
    http://www.networkadminsecrets.com/2011/08/sharepoint-2010-authentication-prompts.html
    I hope this helps.
    Thanks,
    Wendy
    Wendy Li
    TechNet Community Support

  • How to solve the error message "Could not activate cellular data network: PDP authentication failure"when using 3g or gPRS on safari with an iphone 4 and latest software updates

    Please can someone help me to solve the error message "Could not activate cellular data network: PDP authentication failure"when using 3G or GPRS on safari with an iphone 4GS and latest software updates. I have tried resetting the network and phone settings. I have restored the factory settings on itunes and still the problem persists.

    All iPhones sold in Japan are sold carrier locked and cannot be officially unlocked by the carrier. If you unlocked it, it was by unauthorized means (hacked), and support cannot be given to you in this forum.
    Hacked iPhones are subject to countermeasures by Apple, particularly when updating the firmware. It is likely permanently re-locked or permanently disabled.
    Message was edited by: modular747

  • WSUS Sync is not working Sync failed: UssCommunicationError: WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. --- System.Security.Authentication.AuthenticationException: The remote

    I know there are loads of posts with same issue and most of them were related to proxy and connectivity .
    This was case for me as well (few months back). Now the same error is back. But I've confirmed that FW ports and proxy are fine this time around.
    server is configured on http port 80 
    ERROR
    Sync failed: UssCommunicationError: WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid
    according to the validation procedure.~~at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request). Source: Microsoft.SystemsManagementServer.SoftwareUpdatesManagement.WSyncAction.WSyncAction.SyncWSUS
    I've checked proxy server connectivity. I'm able browse following site from WSUS server
    http://catalog.update.microsoft.com/v7/site/Home.aspx?sku=wsus&version=3.2.7600.226&protocol=1.8
    I did telnet proxy server on the particular port (8080) and that is also fine.
    I've doubt on certificates, any idea which are the certificates which we need to look? And if certificate is expired then (my guess) we won't be able open the above mentioned windows update catalog site?
    Any tips appreciated !
    Anoop C Nair (My Blog www.AnoopCNair.com)
    - Twitter @anoopmannur -
    FaceBook Forum For SCCM

    Hi Lawrence ! - Many thanks for looking into this thread and replying. Appreciate your help.
    Your reply  ("SSL is enabled/configured, and the certificate being used is invalid
    (or the cert does not exist or cannot be obtained), or the SSL connection could not be established.") is very helpful.
    I've already tested CONTENT DOWNLOAD and it's working fine. WSUS Sync was also working fine for years with proxy server configured on port (8080) and WSUS server on port 80.
    My Guess (this is my best guess ;)) is this something to do with Firewall or Proxy side configuration rather than WSUS. However, I'm not finding a way to prove this to proxy/firewall team. From their perspective all the required port communication open and
    proxy server is also reachable. More over we're able to access internet (Microsoft Update Catalog site) over same port (8080).
    Any other hints where I can prove them it's a sure shot problem from their side.
    Thanks again !!
    Anoop C Nair (My Blog www.AnoopCNair.com)
    - Twitter @anoopmannur -
    FaceBook Forum For SCCM

  • ITunes account parental control preferences could not be unlocked b/c my username is not authenticated.  any advice?

    iTunes account parental control preferences could not be unlocked b/c my username is not authenticated.  any advice?

    Post this in the iTunes forum since this is an issue related to iTunes and not an iPod Classic.
    https://discussions.apple.com/community/itunes
    B-rock

  • Database could not be opened. May be caused because database does not exist or lack of authentication to open the database.

    Hello,
    I've been running the DMV 'sys.event_log', and have noticed that I am getting a lot of errors about connection issues to some of my SQL Azure databases saying "Database could not be opened. May be caused because database does not exist or lack of authentication
    to open the database."
    The event type column says: 'connection_failed' and the event_subtype_desc column says: 'failed_to_open_db' both are associated with the above error message.
    I know that these databases are on-line as I have numerous people connected to them, all of whom are not experiencing any issues.  My question is, is there a query that you can run on SQL Azure to try and find out a bit more information about the connection
    attempts?
    If this was a hosted SQL solution it would be much easier.
    Marcus

    Hello,
    As for Windows Azure SQL Database, we can't access the error log file as On-premise SQL Server. Currently, it is only support troubleshooting the connection error with the following DMV. The SQL database connections events are collected and aggregated in
    two catalog views that reside in the logical master database: sys.database_connection_stats and sys.event_log. We can use sys.event_log view to display the details if there is error occurs.
    Just as  the connection failed describe, it may ocurrs when user didnot has login permission when connect to the SQL Database. If so, please verify the user has logon permission.
    Regards,
    Fanny Liu
    Fanny Liu
    TechNet Community Support

  • WLC connect LDAP for Authentication, but could not connect to server

    Hi Everyone, I got a problem when I use WLC 5508 connect to LDAP for authentication, but no luck there, it's a simple config, but not easy to work on my job, I got the following messgae:
    Service Port - Not connected
    Distrubution port include:
         Management Interface - in AP Management VLAN - 30
         Student AP interface - in Student VLAN - 20
         Staff AP interface - in Staff VLAN - 10
    AD is in Staff VLAN - 10
    WLC LDAP Server setting
    Base DN:OU=wws_ou,DC=ww,DC=yc,DC=com,DC=hk
    User Attribute: sAMAccountName
    User Object Type: Person
    Debug aaa all enable message
    *LDAP DB Task 1: Jul 09 01:40:58.969: ldapInitAndBind [1] called lcapi_init (rc = 0 - Success)
    *LDAP DB Task 1: Jul 09 01:41:00.969: ldapInitAndBind [1] configured Method Anonymous lcapi_bind (rc = 1005 - LDAP bind failed)
    *LDAP DB Task 1: Jul 09 01:41:00.969: ldapClose [1] called lcapi_close (rc = 0 - Success)
    *LDAP DB Task 1: Jul 09 01:41:00.969: LDAP server 1 changed state to IDLE
    *LDAP DB Task 1: Jul 09 01:41:00.969: LDAP server 1 changed state to RETRY
    *LDAP DB Task 1: Jul 09 01:41:00.969: LDAP_OPT_REFERRALS = -1
    WLC GUI Log:
    *LDAP DB Task 1: Jul 09 02:56:13.045: %AAA-3-LDAP_CONNECT_SERVER_FAILED: ldap_db.c:1038 Could not connect to LDAP server 1, reason: 1005 (LDAP bind failed).
    *LDAP DB Task 1: Jul 09 02:56:11.045: %AAA-3-LDAP_CONNECT_SERVER_FAILED: ldap_db.c:1038 Could not connect to LDAP server 1, reason: 1005 (LDAP bind failed).
    *LDAP DB Task 1: Jul 09 02:56:09.045: %AAA-3-LDAP_CONNECT_SERVER_FAILED: ldap_db.c:1038 Could not connect to LDAP server 1, reason: 1005 (LDAP bind failed).
    LDP Message of LDAP BaseDN:
    Expanding base 'CN=Frankie F. Yeung,OU=wws_ou,DC=ww,DC=yc,DC=com,DC=hk'...
    Result <0>: (null)
    Matched DNs:
    Getting 1 entries:
    >> Dn: CN=Frankie F. Yeung,OU=wws_ou,DC=ww,DC=yc,DC=com,DC=hk
    4> objectClass: top; person; organizationalPerson; user;
    1> cn: Frankie F. Yeung;
    1> sn: Yeung;
    1> givenName: Frankie;
    1> initials: F;
    1> distinguishedName: CN=Frankie F. Yeung,OU=OU=wws_ou,DC=ww,DC=yc,DC=com,DC=hk;
    1> instanceType: 0x4 = ( IT_WRITE );
    1> whenCreated: 8/10/2011 10:28:14 China Standard Time China Standard Time;
    1> whenChanged: 8/10/2011 10:31:26 China Standard Time China Standard Time;
    1> displayName: Frankie F. Yeung;
    1> uSNCreated: 3850555;
    1> uSNChanged: 3850571;
    1> name: Frankie F. Yeung;
    1> objectGUID: 6ebfc7e9-6989-4f11-bae7-62c23af67edc;
    1> userAccountControl: 0x10200 = ( UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD );
    1> badPwdCount: 0;
    1> codePage: 0;
    1> countryCode: 0;
    1> badPasswordTime: 0;
    1> lastLogoff: 0;
    1> lastLogon: 0;
    1> pwdLastSet: <ldp error <0x0>: cannot format time field;
    1> primaryGroupID: 513;
    1> objectSid: S-1-5-21-3867848445-1581729766-1247451615-2172;
    1> accountExpires: <ldp error <0x0>: cannot format time field;
    1> logonCount: 0;
    1> sAMAccountName: fckyeung;
    1> sAMAccountType: 805306368;
    1> userPrincipalName: [email protected];
    1> objectCategory: CN=Person,CN=Schema,CN=Configuration,OU=wws_ou,DC=ww,DC=yc,DC=com,DC=hk;
    Hope I can resolve this problem ASAP, thanks!

    Your AD is in the Staff Vlan so maybe the WLC uses the Staff interface instead of management to contact the AD. I don't know how you sniffed exactly.
    The comment about eap methods you saw is when you use LDAP with dot1x security. It is the same as saying "You cannot do peap-mschapv2 or eap-fast-mschpv2 with LDAP".
    But you can do LDAP for web authentication, that has no eap methods.
    Your original problem was a binding problem from the WLC, so we can expect that the WLC really is sending traffic towards AD.

  • A certificate could not be found that can be used with this Extensible Authentication Protocol. (Error 798)

    Hi,
    I posted this on Azure forim with no luck maybe here is a better choise.
    When trying to connect a windows 8\8.1 client with a vpn connection for azure virtual network we get the fallowing error.
    "A certificate could not be found that can be used with this Extensible Authentication Protocol. (Error 798)"\
    I'm fallowing this msdn article about point to site vpn on azure. according to it the certificat is good for both win 7 and win 8.
    http://msdn.microsoft.com/en-us/library/azure/dn133792.aspx
    this is the commanf to build the client certificat:
    makecert.exe -n "CN=ClientCertificateName" -pe -sky exchange -m 96 -ss My -in "RootCertificateName" -is my -a sha1
    When runing the installtion of the certificat on the client the defult crtificate store is "Automatic", It does not metter if I leave it on Automatic or choose any of the other options (personal, trusted issuers ...) I always get the same error.
    Thanks

    Hi,
    Apologize to say that I am not familar with Azure and lack of the environment to investigate the issue here.
    Besides, please take a look at the below threads to see if it could help:
    Point-to-Site on Windows 8 Client
    connection Error 798
    Best regards
    Michael Shao
    TechNet Community Support

Maybe you are looking for

  • Remote Update Manager missing exception apps

    Hi all, Can anyone explain to me why remote update manager or even the Update GUI does not include any of the exception deployed apps like Lightroom or Acrobat? I get users asking us to update these for us when they open the app as the pop up appears

  • How do I stop Firefox from redirecting me to another site based on my IPS address?

    I work in California. Our corporate offices are in Oklahoma and my desktop computer is set up with an IPS address in OK. When I try to go to the CA website for AAA, Firefox redirects me to the OK website for AAA. How do I stop from being redirected t

  • Run report in Backround and Save it automatic as Excel File

    I've created a report program that uses the alv grid. I run it in background, then i want to save it automatic as an excel file. can y help me Thanks

  • Album

    I'm sure that this issue has been posted somewhere on here but I'm just too lazy to search. Anyways, I'm having a problem with the album art on my ZVM. It seems that when I transfer a song from my music folder to the ZVM, the song's album art does no

  • Customer purchase order date allow 01.01.0511 in sales order ??

    Hello All, In sales order,Customer purchase order date (filed name BSTDK) 01.01.0511 was maintained. the date format 01.01.0511 will allowing in this field in SAP in teh slaes order. or this is typo error.?? VBKD-BSTDK  is having DATS  data type.