PCUI Integration with Address Validation

Hi Friends,
Iam working in CRM 5.0. Please find my requirement below:
When accounts are created with or changed with PCUI and IC Web client: display feedback from Address validation software, using the "out of the box" GUI integration as a model.
1. Display addresses validation warnings/correction feedback, if any. The user will have the option to:
     a. Accept the address validation software correction , or
     b. Bypass the warning and use the original address that they entered, or
     c. Cancel and return to account maintenance
2. Display duplicate candidates and allow the user to switch to a duplicate candidate if desired by clicking
     the candidate (instead of proceeding with account creation)
How can I check whether the Address Validation software is integrated with PCUI? If it is not integrated, then is there any configuration to be done to get the popups for address validation and duplicate check?
Your suggestions and Ideas will be rewarded.
Regards,
Raju...

Hi
You can build up the logic for Duplicate Search and display it as a popup in PCUI
The logic can be put in Modify method of the class in PCUI so that when user enters a address the duplicate records are found
You can then display the records in a popup in PCUI side

Similar Messages

Web Client Integration with Address Validation

Hi Friends,
Iam working in CRM 5.0. Please find my requirement below:
When accounts are created with or changed with PCUI and IC Web client: display feedback from Address validation software, using the "out of the box" GUI integration as a model.
1. Display addresses validation warnings/correction feedback, if any. The user will have the option to:
     a. Accept the address validation software correction , or
     b. Bypass the warning and use the original address that they entered, or
     c. Cancel and return to account maintenance
2. Display duplicate candidates and allow the user to switch to a duplicate candidate if desired by clicking
     the candidate (instead of proceeding with account creation)
How can I check whether the Address Validation software is integrated with IC Web Client? If it is not integrated, then is there any configuration to be done to get the popups for address validation and duplicate check?
Your suggestions and Ideas will be rewarded.
Regards,
Raju...

Hi Friends,
Any suggestion on this?
Thanks & Regards,
Raju

Aperture remove integration with address book and faces

Is there a way to remove the Faces integration with address book?
Reason I ask is because there seems to be not a good way to integrate the faces with the address book unless there is? For example, in faces I probably have about 20 that are family and close friends. In my address book, I have maybe 200 contacts. When I face people in pictures, I don't want to choose from a list of 200. Plus I notice if I have a friend tagged already, they show up as my friend John, but show up in the list from address book as John B, so who do I pick? How can I just make it one? There are many people that I would want nicknames in faces for or like "Dad" instead of my dad's full name like I have in the address book.
Is anyone else having these issues? How to best integrate with address book or how do I remove the integration?

Even if I attempt to integrate the faces with address book by typing in the full name in the faces after click "i" in the face, then it combines it, but then the address book face disappears to blank with no picture.
very odd behavior, how are you guys dealing with this? Seems like some setting needs to be set otherwise I would think this issue would have been taken care of a long time ago by apple?

Postal address validation popup

Hi Guys,
I am trying to display popup with multiple addresses which are similar to address keyed by agent to decide the correct address. I found an Link: [SAP note 1017763 |https://service.sap.com/sap/support/notes/1017763] which describes a possible solution. I have tried that solution but didn't get desired results.
I will appreciate if any one who has already implemented such solution could share his experiences.
My requirements are:
1. validate street address (ADDRESS_CHECK BAdI implemented for that)
2. If address is re-determined then display suggested addresses to agent in IC Web as pop-up
3. Give agent option to accept suggested address or use the keyed address
Thanks in advance.
Best Regards,
Jashan

Hello,
There are several SAP Notes for CRM 7.0 that deal with Address Validation and Duplicate Check.
Best Regards,
Justin

Can a single ACS appliance be integrated with a diff OU in the AD (maybe with a diff IP address range).

Hello Everyone,
Can a single ACS appliance be integrated with a diff OU in the AD (maybe with a diff IP address range). If yes, how?
Thanks,
Rishi

Rishi,
Are you looking to leverage certain group in AD to be assigned to a specific subnet? If yes, then this can be done through dynamic vlan assignment.
Thanks,
Tarik Admani

HR Integration with CRM doesn't create employee in CRM

Hello all;
We are using SAP CRM 5.0 SP08 and SAP ECC 6.0. I am trying to setup the HR-CRM integration and did everything that must be done in my opinion. The IDOC is created succesfully from the ERP side via PFAL and BD87 in CRM shows "green" status records for the IDOC but no business partner is created. I read the blog /people/vikash.krishna/blog/2006/10/15/replicating-hr-master-data-part-1 , examined the SAP notes 934372, 312090, 550055 but there is no result. May you please help me in solving the problem?
Best Regards,
Erkan

Hi Erkan
Did you follow all the following steps
Setting up Transfer of Employee (HR Master) from R/3 to CRM
1. Logical system XXX assigned to R/3 client XXX. Logical system YYY assigned to CRM client YYY view through SCC4
2. Create RFC Destination YYY for CRM client YYY in R/3 and
Server ID with user details and client YYY.
3. Transaction code SALE : Application Link Enabling (ALE)  Modelling and Implementing Business Processes  Maintain Distribution Model and Distribute Views. (Direct transaction code : BD64)
Go to change mode and select Create Model view.
You get a popup. Fill in the details Technical name, short text and validity
Select Add message type from the application tool bar.
Fill in the following details
Model view : HRCRM
Sender logical system : XXX
Receiver logical system : YYY
Message type : HRMD_ABA
Note : Only this message type works for employee transfer.
4.Save the model. From the same screen select the distribution model and from the menu Environment  Generate partner profiles
Dont change anything in the next screen. Simply Execute.
4.Distribute the distribution model HRCRM
Select the distribution model. From the menu bar, Edit  Model View  Distribute
You get a dialog showing the receiver logical system. Execute.
You get a log Model view HRCRM has been created in target system YYY
5.Go to the CRM system and check up whether this model has been created.
Transaction code BD64
The model has got copied. No changes can be made in CRM
6. Generate partner profiles for the distribution model in CRM by selecting
Environment  Generate partner profiles.
In the next screen, do not make any changes and Execute.
Partner profiles can be seen in transaction WE20
<b>Delta Download Settings</b>
7. So far, the above settings will ensure the initial download. However for any changes / new employees to be transferred, i.e delta changes, changes pointers need to be activated.
In R/3, Transaction code SALE, Application Link Enabling (ALE)  Modelling and Implementing Business Processes  Master Data Distribution  Replication of Modified Data  Activate Change Pointers Generally (BD61)
This activates change pointers globally for all message types.
8. In R/3, Transaction code SALE, Application Link Enabling (ALE)  Modelling and Implementing Business Processes  Master Data Distribution  Replication of Modified Data  Activate Change Pointers for Message Types
Activate change pointer for message type HRMD_ABA
9. CRM : Number Assignments. Generally, there are 3 types of number assignments (also called switches) when business partners are created.
1 The system uses the number from the general internal interval of the number
      range object BU_PARTNER
2 The system uses the number from a specific internal interval of the object
3 The number is transferred from HR and a prefix is added. In this case, a specific external interval, which must be defined as XX00000000 (upto
XX99999999), is used (where XX denotes any two letters).
The number range object for all switch positions is BU_PARTNER, with the interval depending on the switch value.
For switch value 1, the system uses the internal standard interval, otherwise for switch values 2 and 3 you must also create a grouping (transaction BUC2) for these intervals. For the system to be able to connect the grouping and the number range interval, the name of the grouping must be exactly the same as the name of the corresponding number range interval (the name of the grouping is contained in the first column of the table). If you select 3 (HRALX/PNUMB = 3) for the number assignment of busienss partners of the employee role, create HRALX/PSUBG switch manually in table T77S0.
In table T77S0, HRALX/ONUMB is used to set the number assignment for organizational units and HRALX/PNUMB is used to set the number assignment for employees.
Create a number range ZZ
Transaction code BUC2. Create a grouping of the same ID as that of the number range. Eg. Number range ID : ZZ and grouping ID should also be ZZ
In table T77S0, maintain the following combinations
HRALX-PNUMB = 2
HRALX-PSUBG = ZZ
10. Make the following customizing changes in CRM
Transaction code SM30 : Table T77S0
Group     Sem Abbr     Value Abbr
HRALX     HRAC     X     Activate HR Integration with CRM
HRALX     OBPON     ON     Activate integration between Business partners and Org Units
HRALX     PBPON     ON     Integration between business partners and employees
HRALX     OPROL     BUP004     Role definition for org unit Business partner
HRALX     PPROL     BUP003     Role definition for Employee Business partner
HRALX     ONUMB     1     Number range assignment for org units
HRALX     PNUMB     2     Number range assignment for Employees
HRALX     PSUBG     ZZ     Number range grouping only if PNUMB is not 1.
11. Create Employee Master in R/3. Employee master consists of Infotypes. The mandatory infotypes are Actions, Address, Personal data and Organizational Assignment.
Transaction code : PA30
12. In R/3 Initial Download : SE38 RHALEINI
Plan version : 01
Object type : P Person (always)
Object ID : Employee ID eg. 1
Receiver Partner no. : YYY
Select further details
You get all the data transfer details
13. In CRM, transaction code PP01 View HR Master objects
You see that the employee 1 has got transferred. To see the corresponding business partner go to the infotype Relationships (the first row)
Screen 2 gives you the business partner ID in CRM
14. Now change the employee master in R/3. Execute program RBDMIDOC in R/3 to send the changes over to CRM
Put message type HRMD_ABA and Execute
15. All subsequent changes in R/3, i.e changing an existing Master or creating a new one goes through directly by program RBDMIDOC.
16. After all employees are transferred to CRM from R/3 only then its safe to execute initial download CUSTOMER_REL
If an Employee responsible 2 is replaced by 3 in the customer master in R/3, then in CRM, the same is not replaced. Only difference that the sales area assignment is no longer there for the replaced employee in transaction BP relationships.
Hope this would help.
Regards,
Rekha Dadwal
<b>You gain a point for every point that you reward. So reward helpful answers generously</b>

Employee Address Validation

Hi Experts,
I need to validate the address information of employees. Home addresses, mailing addresses and the like. I need to integrate them into BAS (Business Address Service, formerly known as Central Address Management). How can I go about this?
Customer, Vendor, Business Partners, and others are integrated with BAS. But it seems that employee addresses (in PA0006) are not part of BAS. Thus, they don't get to be validated by the ADDRESS_CHECK business add-in. If so, what can I use to validate employee addresses?
Any reference material would be greatly appreciated.
Cheers
PS. I've also posted this question on ERP HCM (HR).

Hi,
Try
ADDR_CHECK
UPA_ADDR_DUPLICATE_CHECK_BAPI
CMS_API_R3BAS_ADDR_CHECK
BUP_TEMP_ADDRESS_CHECK
HR_DE_ST_CHECK_ADDRESS
Hope it helps...
Lokesh
pls. reward appropriate points

RE: Legacy Integration with PI/Open

Greg -
We are currently working on wrappering the APIs for UniVerse (aka Pick on
UNIX).
We received some help from the guys at RTD in Denver.
We tested out a C program that uses the Universe APIs and it works fine.
We will be building the Forte piece and compiling it this week.
Our first application is to inquire the UniVerse data, after that is
successful, we will move to inserting & updating.
Let us know how we can help.
Larry McCartney
[email protected]
(203)459-7959 - Trumbull
From:
[email protected][SMTP:[email protected]
om]
Sent: Monday, October 12, 1998 11:00 AM
To: [email protected]
Subject: forte-users-digest V1 #1111
forte-users-digest Monday, 12 October 1998 Volume 01 : Number
1111
In this issue:
Legacy Integration with PI/Open
is OBB32.dll available
Java Integration
Java Integration
Re: Legacy Integration with PI/Open
RE: Forms That Will Not Close
RE: Forms That Will Not Close
RE: Forms That Will Not Close
Re: AfterValueChange event trigged when it shouldn't be...
math library
From: [email protected]
Date: Mon, 12 Oct 1998 09:49:56 +1000
Subject: Legacy Integration with PI/Open
This is a bit of a long shot, but has anyone experience with integrating
Forte with PI/Open. PI/Open is a variant of PICK. We have a requirement
to read and update a PI/Open database from within our Forte application,
and we would be most interested to hear from anyone who has experience in
doing this.
We are aware of a set of APIs provided with PI/Open that are written in
"C". We could wrapper these from within Forte, however the issue is that
the APIs provided are non-shared, and Forte requires shared libraries.
Thanks in advance for any help.
Greg Barber.
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you
received
this in error, please contact the sender and delete the material from any
computer.
To unsubscribe, email '[email protected]' with
'unsubscribe forte-users' as the body of the message.
Searchable thread archive <URL:http://pinehurst.sageit.com/listarchive/>
From: "sridhar t" <[email protected]>
Date: Sun, 11 Oct 1998 22:01:36 PDT
Subject: is OBB32.dll available
hi,
am working on forte3.0.G.2. when i tried to use objectbroker library i
am unable to find the runtime objectbroker library (OBB32.dll). is this
dll available with this version. if not is there any alternative.
thanks,
sridhar,
Goldstone Softech USA
Get Your Private, Free Email at http://www.hotmail.com
To unsubscribe, email '[email protected]' with
'unsubscribe forte-users' as the body of the message.
Searchable thread archive <URL:http://pinehurst.sageit.com/listarchive/>
From: srinivasa gopi <[email protected]>
Date: Sun, 11 Oct 1998 23:12:22 -0700 (PDT)
Subject: Java Integration
Hello,
I'm trying to integrate Forti with Java in Java mode using IIOP.I
followed the steps as explained in the Forti Web enterprise manual.I
compiled the Java files that are generated by Forti along with the
client Java file.The Java applet is getting downloaded on the client
browser(IE 4.0), but the problem is browser is giving an exception
** Java.lang.RuntimeException can't connect to service object with
the ior file name **.
My question is on every client is it necessary for ORB(Visigenic for
Java 3.2) and also the Forti Java interoperability package that is
provided by the Forti for compatability with Java or it is not
required on the clients ?
Is there any other alternative to achieve the goal as this will give
wide access to the Forti service objects through Web Browser clients.
Please mail me the solution to this problem as early as possible it is
very urgent.
Thanks in advance,
Srinivasa Gopi,
Goldstone Softech USA
DO YOU YAHOO!?
Get your free @yahoo.com address at http://mail.yahoo.com
To unsubscribe, email '[email protected]' with
'unsubscribe forte-users' as the body of the message.
Searchable thread archive <URL:http://pinehurst.sageit.com/listarchive/>
From: srinivasa gopi <[email protected]>
Date: Sun, 11 Oct 1998 23:26:26 -0700 (PDT)
Subject: Java Integration
Hello,
I'm trying to integrate Forti with Java in Java mode using IIOP.I
followed the steps as explained in the Forti Web enterprise manual.I
compiled the Java files that are generated by Forti along with the
client Java file.The Java applet is getting downloaded on the client
browser(IE 4.0), but the problem is browser is giving an exception
** Java.lang.RuntimeException can't connect to service object with
the ior file name **.
My question is on every client is it necessary for ORB(Visigenic for
Java 3.2) and also the Forti Java interoperability package that is
provided by the Forti for compatability with Java or it is not
required on the clients ?
Is there any other alternative to achieve the goal as this will give
wide access to the Forti service objects through Web Browser clients.
Please mail me the solution to this problem as early as possible it is
very urgent.
Thanks in advance,
Srinivasa Gopi,
Goldstone Softech USA
DO YOU YAHOO!?
Get your free @yahoo.com address at http://mail.yahoo.com
To unsubscribe, email '[email protected]' with
'unsubscribe forte-users' as the body of the message.
Searchable thread archive <URL:http://pinehurst.sageit.com/listarchive/>
From: Tim Hagemann <[email protected]>
Date: Mon, 12 Oct 1998 09:21:06 +0200
Subject: Re: Legacy Integration with PI/Open
Greg,
This is a bit of a long shot, but has anyone experience with integrating
Forte with PI/Open. PI/Open is a variant of PICK. We have arequirement
to read and update a PI/Open database from within our Forte application,
and we would be most interested to hear from anyone who has experiencein
doing this.
We are aware of a set of APIs provided with PI/Open that are written in
"C". We could wrapper these from within Forte, however the issue isthat
the APIs provided are non-shared, and Forte requires shared libraries.Would be interersting, which operating system you're using.
You could write a dll (on windows) or shared library (on unix) wrappering
the
original,statically linked "C"-Libs. This lib could be used by Forte.
Tim Hagemann
Tim Hagemann
Ascom GmbH Email: [email protected]
Charlottenburger Allee 61 Phone: +49 241 96806 273
D-52068 Aachen Fax: +49 241 96806 225
To unsubscribe, email '[email protected]' with
'unsubscribe forte-users' as the body of the message.
Searchable thread archive <URL:http://pinehurst.sageit.com/listarchive/>
From: "Rottier, Pascal" <[email protected]>
Date: Mon, 12 Oct 1998 09:38:25 +0200
Subject: RE: Forms That Will Not Close
Exiting the event loop will not close the window! Invoking
'Close' method on the window will. Check if this method
is executed. It appears, the AfterFinalize event exits the
event loop and nothing more. Then, your applications
waits for some event from your main window, like 'Mouse-
Enter', before invoking Window.Close().
Pascal
Hi,
We seem to be having some type of deadlock problem when trying to
close
forms and am wondering if anyone else has experienced this problem.
The
phenomenon does not always occur and is not specific to any one client
machine.
I will explain the phenomenon:
1. We have an object that contains our main application startup
method.
This method then instantiates our main application window (Control)
and
invokes the Display() method using start task.
2. All other forms created by the application are created using a form
manager service object which exists on the client partition. The form
manager has a CreateForm() method which instantiates a form class of
the
specified type and invoked the form's Display() method using start
task.
3. Each form has a Close push button which when clicked invokes
Window.RequestFinalize().
Now, the problem we have is this:
The user starts the application and the main application window is
displayed. The user then selects an option from the main window and a
child form is created using the form manager service object and is
displayed. The user can continue to create more child forms by
selecting
options from the main window and all child forms are instantiated and
displayed correctly.
However, when the user attempts to close one of the forms the form
does
not close. The finalize event is triggered and the event loop is
exited,
but the form continues to be displayed and does not close. If the user
then moves the mouse pointer over the main application window, the
child
form immediately closes. Moving the mouse cursor over other child
windows (or even the desktop) does NOT do this - only when the mouse
cursor is moved over the main window does the child form close.
Does anyone have any ideas on this?
Regards,
Jace.
To unsubscribe, email '[email protected]' with
'unsubscribe forte-users' as the body of the message.
Searchable thread archive
<URL:http://pinehurst.sageit.com/listarchive/>- -
To unsubscribe, email '[email protected]' with
'unsubscribe forte-users' as the body of the message.
Searchable thread archive <URL:http://pinehurst.sageit.com/listarchive/>
From: Jason de Cean <[email protected]>
Date: Mon, 12 Oct 1998 17:47:20 +1000
Subject: RE: Forms That Will Not Close
Hi Pascal,
The Display() method is as follows:
self.Open();
event loop
when Window.AfterFinalize do
exit;
when task.Shutdown do
exit;
end event;
self.Close();
<end>
Are you saying we should do a Window.Close() in there somewhere as well
Regards,
Jace.
On Monday, 12 October 1998 17:36, Rottier, Pascal
[SMTP:[email protected]] wrote:
Exiting the event loop will not close the window!
Invoking
'Close' method on the window will. Check if this method
is executed. It appears, the AfterFinalize event exits
the
event loop and nothing more. Then, your applications
waits for some event from your main window, like 'Mouse-
Enter', before invoking Window.Close().
Pascal
To unsubscribe, email '[email protected]' with
'unsubscribe forte-users' as the body of the message.
Searchable thread archive <URL:http://pinehurst.sageit.com/listarchive/>
From: "Rottier, Pascal" <[email protected]>
Date: Mon, 12 Oct 1998 11:04:24 +0200
Subject: RE: Forms That Will Not Close
Jason,
No, self.Close() should close the window. This is the
method I referred to. You could place a traceline
behind self.Close() to see if it is executed. It is not
inconcievable some exception may exit the Display()
method before self.Close() is executed.
After that, maybe, some events from your main
window trigger something that causes a call like 'My-
Window.Close()', where 'MyWindow' is a subclass of
'UserWindow', so 'MyWindow' gets closed after all.
Maybe you've overridden 'Close()', so now it doesn't
work properly anymore.
Are you sure you exit the event loop after you press
the close button?? The display method is not regis-
terred for any <PushButton>.Click event, though maybe
you just didn't include the full Display method in your
mail.
Remember that an event loop will only respond to an
event if it is not currently handling an event. So, the
method behind <PushButton>.Click may call a self.
Window.RequestFinalize(), which will cause an After-
Finalize event to be posted, which will be placed in
the event queue. If this method however keeps waiting
for something, the event loop will not respond to the
AfterFinalize event, until this method is done waiting.
Pascal.
Hi Pascal,
The Display() method is as follows:
self.Open();
event loop
when Window.AfterFinalize do
exit;
when task.Shutdown do
exit;
end event;
self.Close();
<end>
Are you saying we should do a Window.Close() in there somewhere as
well
Regards,
Jace.
To unsubscribe, email '[email protected]' with
'unsubscribe forte-users' as the body of the message.
Searchable thread archive <URL:http://pinehurst.sageit.com/listarchive/>
From: Thomas Kunst <[email protected]>
Date: Mon, 12 Oct 1998 14:28:55 +0200
Subject: Re: AfterValueChange event trigged when it shouldn't be...
Which version of Fort=E9 are you using? We had some strage problems with
GUI events in Fort=E9 3.0.F.2, which disappeared now that we use 3.0.J.1!=
Fouche, Jaco wrote:
=
Hi there,
=
I'm hoping that someone out there has experienced the following (and
knows why it is happening. ) :-)
=
I have a couple of windows on which the AfterValueChange event is
triggered on a field upon hitting the delete key.
We all know that this should only happen upon leaving the field, ie. th=e
field loosing focus. The problem is that I'm trying to recreate this in=
a simple test class, but now it won't happen. I still have the original=
windows on which it is happening, but I would like to construct
something small and simple to send to Forte.
=
Any ideas as to why this could be happening?
=- -- =
Dr. Thomas Kunst mailto:[email protected]
sd&m GmbH & Co. KG http://www.sdm.de
software design & management
Thomas-Dehler-Str. 27, 81737 Muenchen, Germany
Tel +49 89 63812-221 Fax -444
To unsubscribe, email '[email protected]' with
'unsubscribe forte-users' as the body of the message.
Searchable thread archive <URL:http://pinehurst.sageit.com/listarchive/>
From: Greg Gorham <[email protected]>
Date: Mon, 12 Oct 1998 09:51:07 -0400
Subject: math library
I need direction to the source of Forte libs that handle more scientific
math. Also included is the need for more scientific print formating. I
understand, second hand, that such material is available from third
party vendors/sources.
Thanks
Greg Gorham
To unsubscribe, email '[email protected]' with
'unsubscribe forte-users' as the body of the message.
Searchable thread archive <URL:http://pinehurst.sageit.com/listarchive/>
End of forte-users-digest V1 #1111
To unsubscribe, email '[email protected]' with
'unsubscribe forte-users' as the body of the message.
Searchable thread archive <URL:http://pinehurst.sageit.com/listarchive/>

Greg,
This is a bit of a long shot, but has anyone experience with integrating
Forte with PI/Open. PI/Open is a variant of PICK. We have a requirement
to read and update a PI/Open database from within our Forte application,
and we would be most interested to hear from anyone who has experience in
doing this.
We are aware of a set of APIs provided with PI/Open that are written in
"C". We could wrapper these from within Forte, however the issue is that
the APIs provided are non-shared, and Forte requires shared libraries.Would be interersting, which operating system you're using.
You could write a dll (on windows) or shared library (on unix) wrappering the
original,statically linked "C"-Libs. This lib could be used by Forte.
Tim Hagemann
Tim Hagemann
Ascom GmbH Email: [email protected]
Charlottenburger Allee 61 Phone: +49 241 96806 273
D-52068 Aachen Fax: +49 241 96806 225
To unsubscribe, email '[email protected]' with
'unsubscribe forte-users' as the body of the message.
Searchable thread archive <URL:http://pinehurst.sageit.com/listarchive/>

Weblogic app server wsdl web service call with SSL Validation error = 16

Weblogic app server wsdl web service call with SSL Validation error = 16
I need to make wsdl web service call in my weblogic app server. The web service is provided by a 3rd party vendor. I keep getting error
Cannot complete the certificate chain: No trusted cert found
Certificate chain received from ws-eq.demo.xxx.com - xx.xxx.xxx.156 was not trusted causing SSL handshake failure
Validation error = 16
From the SSL debug log, I can see 3 verisign hierarchy certs are correctly loaded (see 3 lines in the log message starting with “adding as trusted cert”). But somehow after first handshake, I got error “Cannot complete the certificate chain: No trusted cert found”.
Here is how I load trustStore and keyStore in my java program:
     System.setProperty("javax.net.ssl.trustStore",”cacerts”);
     System.setProperty("javax.net.ssl.trustStorePassword", trustKeyPasswd);
     System.setProperty("javax.net.ssl.trustStoreType","JKS");
System.setProperty("javax.net.ssl.keyStoreType","JKS");
System.setProperty("javax.net.ssl.keyStore", keyStoreName);
     System.setProperty("javax.net.ssl.keyStorePassword",clientCertPwd);      System.setProperty("com.sun.xml.ws.transport.http.client.HttpTransportPipe.dump","true");
Here is how I create cacerts using verisign hierarchy certs (in this order)
1.6.0_29/jre/bin/keytool -import -trustcacerts -keystore cacerts -storepass changeit -file VerisignClass3G5PCA3Root.txt -alias "Verisign Class3 G5P CA3 Root"
1.6.0_29/jre/bin/keytool -import -trustcacerts -keystore cacerts -storepass changeit -file VerisignC3G5IntermediatePrimary.txt -alias "Verisign C3 G5 Intermediate Primary"
1.6.0_29/jre/bin/keytool -import -trustcacerts -keystore cacerts -storepass changeit -file VerisignC3G5IntermediateSecondary.txt -alias "Verisign C3 G5 Intermediate Secondary"
Because my program is a weblogic app server, when I start the program, I have java command line options set as:
-Dweblogic.security.SSL.trustedCAKeyStore=SSLTrust.jks
-Dweblogic.security.SSL.ignoreHostnameVerification=true
-Dweblogic.security.SSL.enforceConstraints=strong
That SSLTrust.jks is the trust certificate from our web server which sits on a different box. In our config.xml file, we also refer to the SSLTrust.jks file when we bring up the weblogic app server.
In addition, we have working logic to use some other wsdl web services from the same vendor on the same SOAP server. In the working web service call flows, we use clientgen to create client stub, and use SSLContext and WLSSLAdapter to load trustStore and keyStore, and then bind the SSLContext and WLSSLAdapter objects to the webSerive client object and make the webservie call. For the new wsdl file, I am told to use wsimport to create client stub. In the client code created, I don’t see any way that I can bind SSLContext and WLSSLAdapter objects to the client object, so I have to load certs by settting system pramaters. Here I attached the the wsdl file.
I have read many articles. It seems as long as I can install the verisign certs correctly to web logic server, I should have fixed the problem. Now the questions are:
1.     Do I create “cacerts” the correct order with right keeltool options?
2.     Since command line option “-Dweblogic.security.SSL.trustedCAKeyStore” is used for web server jks certificate, will that cause any problem for me?
3.     Is it possible to use wsimport to generate client stub that I can bind SSLContext and WLSSLAdapter objects to it?
4.     Do I need to put the “cacerts” to some specific weblogic directory?
---------------------------------wsdl file
<wsdl:definitions name="TokenServices" targetNamespace="http://tempuri.org/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:tns="http://tempuri.org/" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract" xmlns:wsa10="http://www.w3.org/2005/08/addressing" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata">
     <wsp:Policy wsu:Id="TokenServices_policy">
          <wsp:ExactlyOne>
               <wsp:All>
                    <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                         <wsp:Policy>
                              <sp:TransportToken>
                                   <wsp:Policy>
                                        <sp:HttpsToken RequireClientCertificate="true"/>
                                   </wsp:Policy>
                              </sp:TransportToken>
                              <sp:AlgorithmSuite>
                                   <wsp:Policy>
                                        <sp:Basic256/>
                                   </wsp:Policy>
                              </sp:AlgorithmSuite>
                              <sp:Layout>
                                   <wsp:Policy>
                                        <sp:Strict/>
                                   </wsp:Policy>
                              </sp:Layout>
                         </wsp:Policy>
                    </sp:TransportBinding>
                    <wsaw:UsingAddressing/>
               </wsp:All>
          </wsp:ExactlyOne>
     </wsp:Policy>
     <wsdl:types>
          <xsd:schema targetNamespace="http://tempuri.org/Imports">
               <xsd:import schemaLocation="xsd0.xsd" namespace="http://tempuri.org/"/>
               <xsd:import schemaLocation="xsd1.xsd" namespace="http://schemas.microsoft.com/2003/10/Serialization/"/>
          </xsd:schema>
     </wsdl:types>
     <wsdl:message name="ITokenServices_GetUserToken_InputMessage">
          <wsdl:part name="parameters" element="tns:GetUserToken"/>
     </wsdl:message>
     <wsdl:message name="ITokenServices_GetUserToken_OutputMessage">
          <wsdl:part name="parameters" element="tns:GetUserTokenResponse"/>
     </wsdl:message>
     <wsdl:message name="ITokenServices_GetSSOUserToken_InputMessage">
          <wsdl:part name="parameters" element="tns:GetSSOUserToken"/>
     </wsdl:message>
     <wsdl:message name="ITokenServices_GetSSOUserToken_OutputMessage">
          <wsdl:part name="parameters" element="tns:GetSSOUserTokenResponse"/>
     </wsdl:message>
     <wsdl:portType name="ITokenServices">
          <wsdl:operation name="GetUserToken">
               <wsdl:input wsaw:Action="http://tempuri.org/ITokenServices/GetUserToken" message="tns:ITokenServices_GetUserToken_InputMessage"/>
               <wsdl:output wsaw:Action="http://tempuri.org/ITokenServices/GetUserTokenResponse" message="tns:ITokenServices_GetUserToken_OutputMessage"/>
          </wsdl:operation>
          <wsdl:operation name="GetSSOUserToken">
               <wsdl:input wsaw:Action="http://tempuri.org/ITokenServices/GetSSOUserToken" message="tns:ITokenServices_GetSSOUserToken_InputMessage"/>
               <wsdl:output wsaw:Action="http://tempuri.org/ITokenServices/GetSSOUserTokenResponse" message="tns:ITokenServices_GetSSOUserToken_OutputMessage"/>
          </wsdl:operation>
     </wsdl:portType>
     <wsdl:binding name="TokenServices" type="tns:ITokenServices">
          <wsp:PolicyReference URI="#TokenServices_policy"/>
          <soap12:binding transport="http://schemas.xmlsoap.org/soap/http"/>
          <wsdl:operation name="GetUserToken">
               <soap12:operation soapAction="http://tempuri.org/ITokenServices/GetUserToken" style="document"/>
               <wsdl:input>
                    <soap12:body use="literal"/>
               </wsdl:input>
               <wsdl:output>
                    <soap12:body use="literal"/>
               </wsdl:output>
          </wsdl:operation>
          <wsdl:operation name="GetSSOUserToken">
               <soap12:operation soapAction="http://tempuri.org/ITokenServices/GetSSOUserToken" style="document"/>
               <wsdl:input>
                    <soap12:body use="literal"/>
               </wsdl:input>
               <wsdl:output>
                    <soap12:body use="literal"/>
               </wsdl:output>
          </wsdl:operation>
     </wsdl:binding>
     <wsdl:service name="TokenServices">
          <wsdl:port name="TokenServices" binding="tns:TokenServices">
               <soap12:address location="https://ws-eq.demo.i-deal.com/PhxEquity/TokenServices.svc"/>
               <wsa10:EndpointReference>
                    <wsa10:Address>https://ws-eq.demo.xxx.com/PhxEquity/TokenServices.svc</wsa10:Address>
               </wsa10:EndpointReference>
          </wsdl:port>
     </wsdl:service>
</wsdl:definitions>
----------------------------------application log
adding as trusted cert:
Subject: CN=VeriSign Class 3 International Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x641be820ce020813f32d4d2d95d67e67
Valid from Sun Feb 07 19:00:00 EST 2010 until Fri Feb 07 18:59:59 EST 2020
adding as trusted cert:
Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x3c9131cb1ff6d01b0e9ab8d044bf12be
Valid from Sun Jan 28 19:00:00 EST 1996 until Wed Aug 02 19:59:59 EDT 2028
adding as trusted cert:
Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x250ce8e030612e9f2b89f7054d7cf8fd
Valid from Tue Nov 07 19:00:00 EST 2006 until Sun Nov 07 18:59:59 EST 2021
<Mar 7, 2013 6:59:21 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Cipher: SunPKCS11-Solaris version 1.6 for algorithm DESede/CBC/NoPadding>
<Mar 7, 2013 6:59:21 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Cipher for algorithm DESede>
<Mar 7, 2013 6:59:21 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA/ECB/NoPadding>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSetup: loading trusted CA certificates>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 28395435>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 115>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <25779276 SSL3/TLS MAC>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <25779276 received HANDSHAKE>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHello>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: Certificate>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Cannot complete the certificate chain: No trusted cert found>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 0 in the chain: Serial number: 2400410601231772600606506698552332774
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
Not Valid Before:Tue Dec 18 19:00:00 EST 2012
Not Valid After:Wed Jan 07 18:59:59 EST 2015
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 1 in the chain: Serial number: 133067699711757643302127248541276864103
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Not Valid Before:Sun Feb 07 19:00:00 EST 2010
Not Valid After:Fri Feb 07 18:59:59 EST 2020
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <validationCallback: validateErr = 16>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[0] = Serial number: 2400410601231772600606506698552332774
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
Not Valid Before:Tue Dec 18 19:00:00 EST 2012
Not Valid After:Wed Jan 07 18:59:59 EST 2015
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[1] = Serial number: 133067699711757643302127248541276864103
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Not Valid Before:Sun Feb 07 19:00:00 EST 2010
Not Valid After:Fri Feb 07 18:59:59 EST 2020
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <weblogic user specified trustmanager validation status 16>
<Mar 7, 2013 6:59:22 PM EST> <Warning> <Security> <BEA-090477> <Certificate chain received from ws-eq.demo.xxx.com - xx.xxx.xxx.156 was not trusted causing SSL handshake failure.>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validation error = 16>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Certificate chain is untrusted>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLTrustValidator returns: 16>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Trust status (16): CERT_CHAIN_UNTRUSTED>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 42
java.lang.Exception: New alert stack
     at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
     at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
     at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
     at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
     at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
     at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
     at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
     at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
     at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
     at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
     at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
     at com.certicom.tls.record.WriteHandler.write(Unknown Source)
     at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
     at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
     at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
     at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
     at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:154)
     at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:358)
     at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:37)
     at weblogic.wsee.util.is.InputSourceUtil.loadURL(InputSourceUtil.java:100)
     at weblogic.wsee.util.dom.DOMParser.getWebLogicDocumentImpl(DOMParser.java:118)
     at weblogic.wsee.util.dom.DOMParser.getDocument(DOMParser.java:65)
     at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:311)
     at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:305)
     at weblogic.wsee.jaxws.spi.WLSProvider.readWSDL(WLSProvider.java:296)
     at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:77)
     at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:62)
     at javax.xml.ws.Service.<init>(Service.java:56)
     at ideal.ws2j.eqtoken.TokenServices.<init>(TokenServices.java:64)
     at com.citi.ilrouter.util.IpreoEQSSOClient.invokeRpcPortalToken(IpreoEQSSOClient.java:165)
     at com.citi.ilrouter.servlets.T3LinkServlet.doPost(T3LinkServlet.java:168)
     at com.citi.ilrouter.servlets.T3LinkServlet.doGet(T3LinkServlet.java:206)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
     at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
     at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
     at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
     at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
     at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(Unknown Source)
     at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
     at weblogic.security.service.SecurityManager.runAs(Unknown Source)
     at weblogic.servlet.internal.WebAppServletContext.securedExecute(Unknown Source)
     at weblogic.servlet.internal.WebAppServletContext.execute(Unknown Source)
     at weblogic.servlet.internal.ServletRequestImpl.run(Unknown Source)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write ALERT, offset = 0, length = 2>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <close(): 6457753>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <close(): 6457753>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.removeContext(ctx): 22803607>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 14640403>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 115>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <23376797 SSL3/TLS MAC>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <23376797 received HANDSHAKE>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHello>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: Certificate>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Cannot complete the certificate chain: No trusted cert found>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 0 in the chain: Serial number: 2400410601231772600606506698552332774
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
Not Valid Before:Tue Dec 18 19:00:00 EST 2012
Not Valid After:Wed Jan 07 18:59:59 EST 2015
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 1 in the chain: Serial number: 133067699711757643302127248541276864103
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Not Valid Before:Sun Feb 07 19:00:00 EST 2010
Not Valid After:Fri Feb 07 18:59:59 EST 2020
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <validationCallback: validateErr = 16>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[0] = Serial number: 2400410601231772600606506698552332774
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
Not Valid Before:Tue Dec 18 19:00:00 EST 2012
Not Valid After:Wed Jan 07 18:59:59 EST 2015
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[1] = Serial number: 133067699711757643302127248541276864103
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Not Valid Before:Sun Feb 07 19:00:00 EST 2010
Not Valid After:Fri Feb 07 18:59:59 EST 2020
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <weblogic user specified trustmanager validation status 16>
<Mar 7, 2013 6:59:22 PM EST> <Warning> <Security> <BEA-090477> <Certificate chain received from ws-eq.demo.xxx.com - 12.29.210.156 was not trusted causing SSL handshake failure.>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validation error = 16>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Certificate chain is untrusted>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLTrustValidator returns: 16>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Trust status (16): CERT_CHAIN_UNTRUSTED>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 42
java.lang.Exception: New alert stack
     at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
     at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
     at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
     at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
     at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
     at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
     at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
     at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
     at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
     at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
     at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
     at com.certicom.tls.record.WriteHandler.write(Unknown Source)
     at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
     at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
     at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
     at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
     at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:154)
     at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:358)
     at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:37)
     at weblogic.wsee.util.is.InputSourceUtil.loadURL(InputSourceUtil.java:100)
     at weblogic.wsee.util.dom.DOMParser.getWebLogicDocumentImpl(DOMParser.java:118)
     at weblogic.wsee.util.dom.DOMParser.getDocument(DOMParser.java:65)
     at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:311)
     at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:305)
     at weblogic.wsee.jaxws.spi.WLSProvider.readWSDL(WLSProvider.java:296)
     at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:77)
     at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:62)
     at javax.xml.ws.Service.<init>(Service.java:56)
     at ideal.ws2j.eqtoken.TokenServices.<init>(TokenServices.java:64)
     at com.citi.ilrouter.util.IpreoEQSSOClient.invokeRpcPortalToken(IpreoEQSSOClient.java:165)
     at com.citi.ilrouter.servlets.T3LinkServlet.doPost(T3LinkServlet.java:168)
     at com.citi.ilrouter.servlets.T3LinkServlet.doGet(T3LinkServlet.java:206)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
     at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
     at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
     at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
     at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
     at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(Unknown Source)
     at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
     at weblogic.security.service.SecurityManager.runAs(Unknown Source)
     at weblogic.servlet.internal.WebAppServletContext.securedExecute(Unknown Source)
     at weblogic.servlet.internal.WebAppServletContext.execute(Unknown Source)
     at weblogic.servlet.internal.ServletRequestImpl.run(Unknown Source)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write ALERT, offset = 0, length = 2>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <close(): 16189141>

I received a workaround by an internal message.
The how to guide is :
-Download the wsdl file (with bindings, not the one from ESR)
-Correct it in order that the schema corresponds to the answer (remove minOccurs or other things like this)
-Deploy the wsdl file on you a server (java web project for exemple). you can deploy on your local
-Create a new logicial destination that point to the wsdl file modified
-Change the metadata destination in your web dynpro project for the corresponding model and keep the execution desitnation as before.
Then the received data is check by the metadata logical destination but the data is retrieved from the correct server.

ACS Express integration with Active Directory

Hello,
I have ACS Express version 5.0.1 installed on Cisco ADE; I'm trying to get it integreated with an Active Directory without sucess.
I did packet captures on the ASA that is in between and I can see communication going thru just fine. I ran a diagnostic on the ACS express and got this:
DIAGNOSTIC USING THE IP ADDRESS OF THE DOMAIN CONTROLLER:
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Tabla normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
Output of AD Domain Diagnostics:
IP Diagnostics
Local host name: he-zfm-acs-01
Local IP Address: 172.31.67.10
Not found in DNS!Make sure it is in Reverse Lookup Zone.
FQDN host name:he-zfm-acs-01.clarocr.americamovil.ca1
Domain Diagnostics:
Domain: 172.24.2.93
Subnet site:
WARNING! Unable to locate computer's subnet site in Active Directory.
Ask your Active Directory administrator to add this computer's subnet
to the appropriate site.
DNS query for: _ldap._tcp.172.24.2.93
Found no SRV records!
Computer Account Diagnostics
Not joined to any domain
AD Agent Process Status: Not joined to any domain
DIAGNOSTIC USING THE AD REALM:
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Tabla normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
Output of AD Domain Diagnostics:
IP Diagnostics
Local host name: he-zfm-acs-01
Local IP Address: 172.31.67.10
FQDN host name:he-zfm-acs-02.clarocr.americamovil.ca1
Domain Diagnostics:
Domain: CLAROCR.AMERICAMOVIL.CA1
Subnet site: TELECOM
DNS query for: _ldap._tcp.CLAROCR.AMERICAMOVIL.CA1
Found SRV records:
rom-pro-dc-03.clarocr.americamovil.ca1:389
Testing Active Directory connectivity:
Domain Controller: rom-pro-dc-03.clarocr.americamovil.ca1
ldap: 389/tcp - good
ldap: 389/udp - good
smb: 445/tcp - good
kdc: 88/tcp - good
kpasswd: 464/tcp - good
ntp: 123/udp - good
Domain Controller: rom-pro-dc-03.clarocr.americamovil.ca1:389
Domain controller type: Windows 2003
Domain Name: CLAROCR.AMERICAMOVIL.CA1
isGlobalCatalogReady: TRUE
domainFunctionality:
forestFunctionality: 0 = (DS_BEHAVIOR_WIN2000)
domainControllerFunctionality: 2 = (DS_BEHAVIOR_WIN2003)
Forest Name: AMERICAMOVIL.CA1
DNS query for: _gc._tcp.AMERICAMOVIL.CA1
Testing Active Directory connectivity:
Global Catalog: rom-des-dc-01.desa1sv.americamovil.ca1
gc: 3268/tcp - timeout
No TCP LDAP response, giving up on rom-des-dc-01.desa1sv.americamovil.ca1
Global Catalog: rom-amv-dc-02.americamovil.ca1
gc: 3268/tcp - good
Global Catalog: rom-tlc-dc-01.telecom.americamovil.ca1
gc: 3268/tcp - good
Global Catalog: rom-pro-dc-03.clarocr.americamovil.ca1
gc: 3268/tcp - good
Global Catalog: rom-tlc-dc-02.telecom.americamovil.ca1
gc: 3268/tcp - good
Global Catalog: rom-amv-dc-01.americamovil.ca1
gc: 3268/tcp - good
Domain Controller: rom-amv-dc-02.americamovil.ca1:3268
Domain controller type: Windows 2003
Domain Name: AMERICAMOVIL.CA1
isGlobalCatalogReady: TRUE
domainFunctionality:
forestFunctionality: 0 = (DS_BEHAVIOR_WIN2000)
domainControllerFunctionality: 2 = (DS_BEHAVIOR_WIN2003)
Domain Controller: rom-tlc-dc-01.telecom.americamovil.ca1:3268
Domain controller type: Windows 2003
Domain Name: TELECOM.AMERICAMOVIL.CA1
isGlobalCatalogReady: TRUE
domainFunctionality:
forestFunctionality: 0 = (DS_BEHAVIOR_WIN2000)
domainControllerFunctionality: 2 = (DS_BEHAVIOR_WIN2003)
Domain Controller: rom-pro-dc-03.clarocr.americamovil.ca1:3268
Domain controller type: Windows 2003
Domain Name: CLAROCR.AMERICAMOVIL.CA1
isGlobalCatalogReady: TRUE
domainFunctionality:
forestFunctionality: 0 = (DS_BEHAVIOR_WIN2000)
domainControllerFunctionality: 2 = (DS_BEHAVIOR_WIN2003)
Domain Controller: rom-tlc-dc-02.telecom.americamovil.ca1:3268
Domain controller type: Windows 2003
Domain Name: TELECOM.AMERICAMOVIL.CA1
isGlobalCatalogReady: TRUE
domainFunctionality:
forestFunctionality: 0 = (DS_BEHAVIOR_WIN2000)
domainControllerFunctionality: 2 = (DS_BEHAVIOR_WIN2003)
Domain Controller: rom-amv-dc-01.americamovil.ca1:3268
Domain controller type: Windows 2003
Domain Name: AMERICAMOVIL.CA1
isGlobalCatalogReady: TRUE
domainFunctionality:
forestFunctionality: 0 = (DS_BEHAVIOR_WIN2000)
domainControllerFunctionality: 2 = (DS_BEHAVIOR_WIN2003)
Forest Name: AMERICAMOVIL.CA1
Computer Account Diagnostics
Not joined to any domain
AD Agent Process Status: Not joined to any domain

Dennis,
TIme in sync on the ACS and AD servers?
Faisal

Tighter Integration with Active Directory User Groups

I just wrapped up a Jabber deployment with IM&P 9.1(1) and J4W clients 9.1(3).
The customer asked me if it is on Cisco's roadmap to allow groups in Active Directory to be pulled into the Jabber client. The primary business case is to allow those in IT to send out IM blasts to the corporation or certain departments.
Obviously, this would require a significant amount of development and a much tighter integration with Active Directory, but I need to ask anyway.
Has something like this been identified and placed on any roadmap?
Thanks,
Matthew Berry

Unfortunately this kind of questions cannot be addressed here, roadmap questions need to go thru official channels for an answer.
You need to reach your SE/AM for this question.
HTH
java
if this helps, please rate
www.cisco.com/go/pdihelpdesk

MS Word integration with SAP CRM: can a PDF be created from the MS Word doc

21/11
Gurus,
I know have a better understanding of the topic but still have 2 open questions.
I now know that StreamServe cannot read .DOC files but can read and work with .PDF files.
Since we are in a SAP forum and not a StreamServe forum,
1/ I am wondering if SAP CRM 2007 can convert the MS Word generated and populated documents into .PDF. Possibly immediatly.
2/ Can the MS Word generated and populated documents be saved by SAP CRM 2007 as .XML files?
Thanks again.
Dear All,
On my project, there is a requirement to generate ad-hoc and amendable letters in CRM (2007).
We might have +150 letters so I am thinking about using MS Word integration with SAP CRM to deliver this.
With SAP CRM 2007, I understand that it is indeed possible to generate WebServices that will then be consumed by Word templates through the mail merge functionality. So agents will not have to enter BP name, address and so on. All this can be done by configuration which is great.
My point of concern is how to integrate this design to StreamServe for printing purpose (we do not want to go into local printing)
Can StreamServe collects the Word generated document?
Should this Word document be converted as PDF before or can StreamServe do it?
Should StreamServe exploits the XML contents within the Word generated document?
Thanks for your help and insights about this.
Brice.
Edited by: Brice Vialle on Nov 21, 2008 9:26 PM
Edited by: Brice Vialle on Nov 21, 2008 9:34 PM

Hi Chris,
    Your advice helps me a lot, thank you.
    I upload an XML-Format template Word Doc to server as a MIME Object.
    When OfficeControl is started in Web Dynpro, OfficeControl automatically open the XML-Format template.
   For the first time, I get the XString-type Context attribute bind to the content of the Word Doc,
   then translate it to string, I got the XML-format content, it's great!
   However, after the first time, when I input any new contents in MS Word in Web Dynpro,
   no matter I execute "Ctrl + S" or click the "savedocument" button,
   when I translate the XString Context attribute to String, I got messy code. (but the first time, it is good plain text)
   I use the function module: ECATT_CONV_XSTRING_TO_STRING (good for first time, dump after first time),
   SCMS_XSTRING_TO_BINARY, SCMS_BINARY_TO_STRING (good for first time, messy code after first time).
   My Demo source code is in: (system) SMV --> (local object) zhaode --> (Dynpro Component) ztest_office_control
   core source code is as:
   clear itab.
CALL FUNCTION 'SCMS_XSTRING_TO_BINARY'
    EXPORTING
      BUFFER = lv_datas
    IMPORTING
      OUTPUT_LENGTH = lv_length
    TABLES
      binary_tab = itab.
CALL FUNCTION 'SCMS_BINARY_TO_STRING'
    EXPORTING
      input_length = lv_length
      mimetype = 'text/plain; charset=utf-8'
    IMPORTING
      text_buffer = lv_datas_string
      output_length = lv_data_len
    TABLES
      binary_tab = itab.
    Can you give me some advice?
Best Regards,
Derek

SharePoint 2013 on-premises integration with third party email account

the Email sending issue from SharePoint is causing too much time waste
First let me explain how our SharePoint is deployed
Sharepoint version : 2013
Deployment type : on-premise
Authentication : from Domain controller also hosted locally
domain name ; say domain.com this domain.com is same as our website address hosted on godaddy
SharePoint computer name on local DNS : sharepoint.domain.com
OS and IIS : 2008 r2 , IIS 7.5
Network firewall : 25 26 ports opened for sharepoint , both incoming and outgoing.
Server firewall : turned off
Email configuration Attempts by IIS 6.0
We tried following setting on IIS 6.0 SMTP local server properties
In General tab
qualified name was shown as : sharepoint.dts-solution.com
IP assigned : sharepoint server IP , advanced putted two entries of IP with ports as 25,26
In Access tab
Authentication : selected as Anonymous
Connection : All except below list : empty list
Relay : only the list below , one entry as 127.0.0.1 and other is local static IP of SharePoint server
in Delivery tab
outbound security : Basic authentication : accessed user in AD and given the right password, also checked with annonymous -not working
outbound connection: all default values and port = 25
Advance : fully qualified domain name = sharepoint.domain.com , DNS test showed success, rest every check box unchecked
On sharepoint central management settings
Outbound email = sharepoint.domain.com
from and reply to address = [email protected]
IIS 7.5 SMTP settings
In IIS 7.5 sharepoint application we added SMTP settings as smtp server = godaddy out going smtp , user name as [email protected] , password = godaddy password , port : godaddy outgoing port .
Godaddy account
Our website hosted on godaddy with same name as domain.com
open relay not possible on emails.
Results
After setting alerts on SharePoint sites and assigning tasks with alerts we receive email in queue folder but they never get forwarded. We just wish to use any of our email *.domain.com to send outgoing emails from SharePoint . Its been a while we have no
success.
Tech Learner

Hi,
As I understand, you are using SharePoint 2013 integrating with third party SMTP server which provides email function.
From SharePoint side, I'd suggest you refer to the link below to configure email integration:
http://technet.microsoft.com/en-us/library/ee956941(v=office.15).aspx
If you have already confirm that message is sent from SharePoint, while stuck in queue on SMTP server, then the issue might be related to relay on SMTP server. Since the issue is related to third party product, we do not have enough resource here,
I'd recommend you contact their support engineer for more assistance:
https://support.godaddy.com/help/category/154/email
https://support.godaddy.com/help/article/3552/managing-your-email-account-smtp-relays
Thanks for the understanding.
Regards,
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected] .
Rebecca Tu
TechNet Community Support

RoboHelp 9/Acrobat X Pro Integration with Outlook 2010

Is anyone aware of any issues with RoboHelp 9 and/or Acrobat X Pro integrating with Outlook 2010? When I create a PDF for review using RoboHelp and then try to send it for shared review, I keep getting an error message when I try to add people to the To and CC lists in the Send for Shared Review dialog. Clicking either button brings up my Address Book from Outlook, and I can select people without any problems, but whenever I click OK, I get a Check Names dialog book that says:
Microsoft Outlook does not recognize"/O=Company Name", Select the address to use:
(No Suggestions)
At this point, all I can do is go back to the Address Book and try to add people again, but this leads to the same error.

In Outlook, go to File/Options/Add-Ins, and select Manage Com Add-ins, and click Go...
Then make sure the PDFMaker Office COM Addin is checked, select OK, restart, and it should be available.

Autodiscover not working correctly when Office 365 integrated with Server Essentials 2012 R2

Hello!
This last weekend I setup our server as new and to ease the creation of users, integrated with our Office 365 (which to this point has worked fine) and imported the users. This had a somewhat unexpected side effect in that the import used the email address
as for the user forename and then synced that change back to Office 365 and so needed to enter this information back in on the dashboard which synced back to Office 365. This may or may not have any relevance to our issue below.
I should also point out that we have our own domain name so within the original Office 365 setup we had just one .onmicrosoft.com user with all the rest setup with our own domain name.
At the weekend when it came to the client install, Outlook (2010 or 2013) would fail on the autodiscover with it asking again for credentials but critically displaying a server name of .contoso.com rather than the office365srvr.contoso.com . As I mention,
Office 365 had been operating fine for some time and DNS records where checked and have been set for sometime. I spoke to Office 365 support and after a while come up with a temporary solution (so that I could complete the client installs) of assigning each
user a onmicrosoft address, using that in the new account wizard to pick up the server correctly and then signing in the the Office 365 .contoso.com credentials.
This worked OK to get us past the weekend (although I am having to reset up profiles on quite number of users where they get disconnected but with no credentials box appearing) but isn't a solution. The clients do not see public folders or their archives
and of course we don't want to keep having to reset the profiles.
I'm think that there must be something in the internal network that needs reconfiguring but I don't know what. I have tried pointing the client to an external DNS server just in case the internal DNS server was throwing the autodiscover out but this has
made no difference.

Ah - solved my own problem.
Despite the domain DNS record looking OK and the Office 365 Portal domain checker not highlighting any issue, it looks as though the autodiscover is picking up an imap account provided by the web host.
I've added an alias on the local DNS server to point to the Office 365 autodiscover server and this has solved the problem.

PCUI Integration with Address Validation

Similar Messages

Maybe you are looking for