Permissions error during Cross-Forest Cert enrollment
Hello,
When attempting to manually enroll for a Cert on a 2012 R2 server, I get the 'Certificate types are not available' msg with the 'You cannot request a cert at this time because no certificate types are available' msg. When I click the 'Show all templates'
box, all the cert types are shown with a Status: Unavailable and the msg 'The permissions on the certificate template do not allow the current user to enroll for this type of cert'.
In this instance, the CA infrastructure is in the Resource forest with the server attempting a cert enroll in the Account forest. Both Forests are 2008 R2 with a two-way Forest Trust. We followed all steps in the 'Cross-forest Certificate Enrollment
with Windows Server 2008 R2' doc published by Microsoft with no issues. The PKISync worked fine and we do see the Root and SubCA1 certs on the machine we are trying to manually enroll a cert on. We implemented all the steps to ensure this machine
receives a cert the same way machines in the Resource forest receive certs. We've validated the base Trust/Network infrastructure and all checks out. However, the Resource root forest and domain is all one and on the same domain controllers whereas
the Account forest has the classical Forest root with two separate domain controllers and then a child domain with a number of domain controllers. The child domain is where the server lives which we are trying to manually enroll a cert.
As a point of clarification, the server computer account was added to a Global Security group in the Account Forest. This group was added to a Domain Local Security group in the Resource Forest which has the Read/Enroll/AutoEnroll permissions on the
Cert Template.
Any suggestions on what could be causing the permissions errors?
Thanks for your help! SdeDot
Certificate Template permissions can never be assigned to a Domain Local group, only to Universal or Global groups.
The correct strategy in a multi-forest scenario is the following:
1) Create a universal group for the certificate template in the account forest (say
Accountdomain\pki-authcert-u)
2) Create a universal group for the certificate template in the resource forest (say Resourcedomain\pki-authcert-u)
3) Create multiple global groups in each domain in the account forest (if three domains in the forest, create three global groups - one in each domain). Then add the user accounts to the global group in the same domain)
4) Create multiple global groups in each domain in the resource forest (if three domains in the forest, create three global groups - one in each domain). Then add the user accounts to the global group in the same domain)
5) On the certificate template, assign the two universal groups Read, Enroll, (and Autoenroll) permissions. That is both Accountdomain\pki-authcert-u and Resourcedomain\pki-authcert-u
6) Run the pkisync.ps script again to replicate the new permissions
The reason you cannot use domain local groups is that the certificate template is stored in the Configuration naming context which is replicated to each domain in the forest (account or resource in your case).
A domain local group can only be used in the domain where the group exists (not good for PKI objects in the configuration NC.
Brian
Similar Messages
-
Hello,
We have 1 resource Forest and multiple account Forests. We've reviewed the Cross-Forest Cert Enrollment with Windows Server 2008 R2 doc and followed steps 8 and 9 under the 'Deploying AD CS for Cross Forest Cert enrollment' regarding publishing
the root CA Cert and Enterprise CA certs. We run PKISync.psi to copy objects from the resource to the account Forest, and understand Certs and CRLs are not copied from the resource to the account Forests. We are trying to figure out the best way
of keeping the Root and SubCA Certs and CRLs updated in the account Forests.
1. Do folks simply copy the Root and SubCA Certs/CRLs from the resource forest into the account forests when they are renewed and then run the associated -Dspublish commands in the account forest?
2. Any way for a CRL to be checked in the resource forest from a cert on a computer in the account forest?
3. Any other suggestions/references regarding best practices on how to do this?
Thanks for your help! SdeDot> Do folks simply copy the Root and SubCA Certs/CRLs from the resource forest into the account forests when they are renewed and then run the associated -Dspublish commands in the account forest?
yes. Though, we do not bother with CRL copy as it published to HTTP location only.
> Any way for a CRL to be checked in the resource forest from a cert on a computer in the account forest?
I would suggest to not use LDAP URLs in favor to HTTP.
Vadims Podāns, aka PowerShell CryptoGuy
My weblog: en-us.sysadmins.lv
PowerShell PKI Module: pspki.codeplex.com
PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
Check out new: SSL Certificate Verifier
Check out new:
PowerShell File Checksum Integrity Verifier tool. -
Internal CA - Cross Forest Enrollment
Hi,
I'm trying to get cross-forest certificate enrollment working. My resource forest is built on Serer 2012 R2, and my accounts forest is built on Server 2008 R2.
I have s simple setup with an offline Root CA, and an Enterprise subordinate CA.
I have followed the steps in this article: https://technet.microsoft.com/en-us/library/ff955845(v=ws.10).aspx
While it seems to be mostly working, I'm getting many failed requests on the Enterprise CA. Each domain controller in the accounts forest is trying to enroll a certificate every 8 hours.
with the error:
The permissions on the certificate template do not allow the current user to enroll for this type of certificate. 0x80094012 (-2146877422 CERTCRV_E_TEMPLATE_DENIED)
If I right click the failure and try to issue it, the error changes to:
Configuration informaiton could not be read from the domain controller, either because the machine is unavailable, or access has been denied. 0x80070547 (WIN32: 1351 ERROR_CANT_ACCESS_DOMAIN_INFO)
The domain controller gets errors 13 and 6 in the event log.
I have noticed that error 13 in the event log refers to the NT AUTHORITY\SYSTEM account (the SID is listed in the details tab).
Is there special permissions I need to apply to get this working? Any ideas on what I need to do?
Sorry, I do not have a great deal of experience in Certificate Services yet.
Thankyou for your helpIn a cross forest enrollment issue, there are a few possibilities on what you have missed in your configuration.
1) As Amy stated, did you configure permissions on the certificate template to include global/universal groups from the remote forest (and assign the group the minimum of Read and Enroll permissions)
2) Did you enable LDAP referrals on the issuing CA so that Kerberos will allow authentication of a security principal from the remote forest.
3) Did you replicate the certificate templates, OIDs, and Enrollment services containers fully (and successfully) from the CA forest to the remote forest.
4) Did you validate that a two-way, bi-directional, cross-forest trust exists between the two forests.
Brian -
Exchange 2013 Untrusted Cross-Forest Availability Intermittently Working
Goal:
I’m attempting to configure cross-forest availability for Exchange 2013 using the instructions here:
http://technet.microsoft.com/en-us/library/bb125182%28v=exchg.150%29.aspx
At the very bottom of the page are three different methods. I have tried the first (per-user) and the third (untrusted) methods, with identical results. For various unfortunate reasons, I am unable to use the Microsoft Federated Gateway for availability
information (although that is configured in the production domain and I would use it if it were possible).
Situation:
When attempting to view availability information in either OWA or Outlook, the free/busy information typically isn’t visible. If you open and close Outlook a few times, creating meetings with the users in other domains, sometimes the other user’s information
will be visible, and sometimes it will not. When it is not, the area is filled with diagonal lines and hovering over it says “No Information”. The situation is the same in both Adatum trying to access Contoso, and in Contoso trying to access either
Adatum or Fabrikam.
I’m currently close to finishing up my third week with Microsoft Support on this issue, and am starting over with a third first level support person. They are quickly eroding what little confidence I had in them already. I’m posting here because
I’m desperate, and web searches for my errors turn up zero results. I fear this method of availability sharing doesn’t actually work correctly in Exchange 2013 as Microsoft is pushing organizations to use the Microsoft Federated Gateway, but I’d love
to heave about anyone getting this to work, or not.
Setup:
There are three separate domains I am working with (names changed to protect the innocent). Contoso.local is the production domain, containing Exchange 2007 and Exchange 2013 SP1 servers. Adatum.local is a test domain set up fresh with Exchange
2013 SP1. Fabrikam.com is a remote Exchange system that I others are connecting to without issue using Exchange 2010.
The Contoso and Adatum domain controllers are running Windows Server 2008 R2 SP1 and are running at a 2008 R2 functional levels. The Exchange 2013 servers are all at SP1 (results were the same prior to SP1), and the OS is Windows Server 2012.
Contoso has two sites, connected via 10Gbps links, and ~10ms latency, with Exchange 2013 CAS and mailbox servers in both sites. Adatum has a single site, and has two CAS and two mailbox servers. Fabrikam has one internet facing server to connect
to. A handful of contacts have been created in both Contoso and Adatum for the other domains, to select to view availability.
Contoso and Adatum domains sit on different subnets, but there is no firewall or filtering between their subnets. Routing between them is completely unimpeded. The Fabrikam server sits on another network across the internet, but firewalls have
been configured and I can browse the availability website from the Contoso CAS servers.
The CAS servers were originally set up to be load balanced, but working with Microsoft they’ve had me specify a single CAS server for autodiscover/EWS/ECP/OWA/etc in both Contoso and Adatum. The number of actual users on Exchange 2013 in Contoso is
~10. In Adatum, there are only a handful of mailboxes configured. The Exchange 2007 servers in Contoso are using Public Folders for free/busy replication for other domains right now, and we don’t care at the moment if they can use the 2013 availability.
None of our testing/configurations have involved the Exchange 2007 servers. There are no SPNs configured for the other domains in AD.
Errors:
There are three basic errors that are returned in Outlook diagnostics. The first is the timeout error. For a given mailbox server, the first time it is queried for availability information for a remote domain (after some amount of time of being
idle) it might not respond for 70 seconds (actually somewhere between 69 and 70 seconds each time when viewing the IIS logs), and eventually fails with the timeout error. If it doesn’t timeout, then it will respond with the Correct Response.
Once a particular mailbox server has timed out, it will typically immediately return the first Availability Error for all subsequent calls. Less frequently, it will return Availability Error 2. If a mailbox server returns the first Availability
Error, then it will continue to return that error until it times out again or starts working. Similarly, if a mailbox server returns the second Availability Error, then it will continue to return that error until it times out again or starts working.
If an IISRESET is performed on a mailbox server, then it will either timeout at the next cross-forest availability request, or work. There is never an issue accessing availability information for users in the same domain as the request.
If the remote Exchange is in an errored state, then the response includes the error. For example, if the mailbox servers in the remote domain are turned off, and the local mailbox server that you are querying happens to be responding correctly
for the remote domain, then it will return an error about how no mailbox servers are available in adatum.local to service the request.
There are no Event Log errors that correspond to failed requests of any type. IIS logs don’t show anything beyond what is shown in the Outlook diagnostics. There are no DNS or Active Directory Replication errors in the Event Logs.
Timeout error:
CalendarEvents : {}
ViewType : None
MergedFreeBusyStatus : {}
WorkingHours :
Result : Error
ErrorCode : ErrorTimeoutExpired
ErrorMessage : Microsoft.Exchange.InfoWorker.Common.Availability.TimeoutExpiredException: Request could not be processed in time. Timeout occurred during 'LookupRecipientsBatchBegin'.
. Name of the server where exception originated: Mailbox01
ErrorDetails : {}
ErrorProperties : {}
Availability Error:
CalendarEvents : {}
ViewType : None
MergedFreeBusyStatus : {}
WorkingHours :
Result : Error
ErrorCode : ErrorProxyRequestProcessingFailed
ErrorMessage : Unable to send cross-forest request for mailbox <Free BusyTest>SMTP:[email protected] because of invalid configuration., inner exception: Microsoft.Exchange.InfoWorker.Common.Availability.AutoDiscoverFailedException:
AvailabilityAddressSpace 'adatum.local' couldn't be used because the Autodiscover endpoint couldn't be discovered.
. Name of the server where exception originated: Mailbox01
ErrorDetails : {}
ErrorProperties : {}
Availability Error 2:
CalendarEvents : {}
ViewType : None
MergedFreeBusyStatus : {}
WorkingHours :
Result : Error
ErrorCode : ErrorProxyRequestProcessingFailed
ErrorMessage : Unable to send cross-forest request for mailbox <Free BusyTest>SMTP:[email protected] because of invalid configuration., inner exception: Microsoft.Exchange.InfoWorker.Common.Availability.AddressSpaceNotFoundException:
Configuration information for forest/domain swelab.wayad.corp.wayport.net could not be found in Active Directory.
at Microsoft.Exchange.InfoWorker.Common.Availability.TargetForestConfigurationCache.FindByDomain(OrganizationId
organizationId, String domainName)
at Microsoft.Exchange.InfoWorker.Common.Availability.QueryGenerator.GetTargetForestConfiguration(EmailAddress
emailAddress)
. Name of the server where exception originated: Mailbox02
ErrorDetails : {}
ErrorProperties : {}
Working:
CalendarEvents : {Microsoft.Exchange.WebServices.Data.CalendarEvent}
ViewType : FreeBusyMerged
MergedFreeBusyStatus : {Free, Free, Free, Free...}
WorkingHours : Microsoft.Exchange.WebServices.Data.WorkingHours
Result : Success
ErrorCode : NoError
ErrorMessage :
ErrorDetails : {}
ErrorProperties : {}
Start : 04/09/2014 00:00:00
End : 04/12/2014 00:00:00
Subject :
Location :
Testing Methodologies:
While it is possible to dig through Outlook diagnostics and OWA, we ended up scripting out these requests to save time. Microsoft support refuses to use the scripts, but they produce the same output that it takes them days to find in the logs, so I’ll
post them here to help anyone in the future.
Through reading the documentation and experimenting, it appears that the Exchange 2013 CAS servers really do just proxy availability requests from the client to the mailbox servers. At least by default, it seems to pick a mailbox server in the same
site, but which mailbox server in the site appears to be random. It will typically pick the same one repeatedly for a while.
The first script uses the Microsoft Exchange Web Services Managed API 2.1.
http://www.microsoft.com/en-us/download/details.aspx?id=42022
You specify a source email address, and a target address in the remote domain, and it creates a SOAP request that it sends to a CAS server of the source email address. The CAS proxies the request to the mailbox server which either responds with a failure
or the free/busy data.
The second script takes the XML SOAP request generated by the first script, and uses that to query a mailbox server directly. That allows you to test specific mailbox servers that are working or failing, instead of randomly using whichever mailbox
server the CAS happens to select. I generated a SOAP request with the first script that I knew had some data, and then copy/pasted it into the second script to verify if data was being returned.
I’ve deleted and recreated the availability address spaces in Contoso and Adatum for each other and Fabrikam multiple times. I’ve reset the password in the OrgWideAccount in both Adatum and Contoso, and viewed the lastBadPassword attribute in both
ADs to verify it wasn’t failing authentication. (A failed authentication also generates a 401 error that is returned to the client.) I can access the availability site of the other domain using the credentials of the OrgWideAccount without any
errors ever.
First Script:
# Import the Exchange Web Services module
Import-Module -Name "C:\Program Files (x86)\Microsoft\Exchange\Web Services\2.1\Microsoft.Exchange.WebServices.dll"
# Create the services object used to connect to Exchange
# You can specify a specific Exchange version, which I had to do to connect to 2007
# Exchange2007_SP1
# Exchange2010
# Exchange2010_SP1
# Exchange2010_SP2
# Exchange2013
# $ExchangeVersion = [Microsoft.Exchange.WebServices.Data.ExchangeVersion]::Exchange2007_SP1
# $Service = New-Object Microsoft.Exchange.WebServices.Data.ExchangeService($ExchangeVersion)
$Service = New-Object Microsoft.Exchange.WebServices.Data.ExchangeService
$Service.UseDefaultCredentials = $true
# Specify an SMTP address. The autodiscover URL from the associated mailbox will be used to connect to Exchange
# This is used to distinguish resolving from the 2007 server versus 2013
#$Service.AutodiscoverUrl("[email protected]") # For Exchange 2007
$Service.AutodiscoverUrl("[email protected]") # For Exchange 2013
# Increase the amount output at the end to include the SOAP commands
$Service.TraceEnabled = $true
# Specify time frame to get free/busy for
$StartTime = [DateTime]::Parse([DateTime]::Now.ToString("yyyy-MM-dd 0:00"))
$EndTime = $StartTime.AddDays(7)
# Create the various objects needed to perform the EWS request
$drDuration = new-object Microsoft.Exchange.WebServices.Data.TimeWindow($StartTime,$EndTime)
$AvailabilityOptions = new-object Microsoft.Exchange.WebServices.Data.AvailabilityOptions
$AvailabilityOptions.RequestedFreeBusyView = [Microsoft.Exchange.WebServices.Data.FreeBusyViewType]::DetailedMerged
$Attendeesbatch = New-Object "System.Collections.Generic.List[Microsoft.Exchange.WebServices.Data.AttendeeInfo]"
$attendee = New-Object Microsoft.Exchange.WebServices.Data.AttendeeInfo($userSMTPAddress)
# Specify SMTP addresses of accounts to request availability for
#$Attendeesbatch.Add("[email protected]")
$Attendeesbatch.Add("[email protected]")
#$Attendeesbatch.Add("[email protected]")
#$Attendeesbatch.Add("[email protected]")
# Clear out old results so that a failed request doesn't show information still
$availresponse = ""
# Request the availability information from Exchange
$availresponse = $service.GetUserAvailability($Attendeesbatch,$drDuration,[Microsoft.Exchange.WebServices.Data.AvailabilityData]::FreeBusy,$AvailabilityOptions)
# Show summary information that would include errors
$availresponse.AttendeesAvailability
# Show all of the appointments in the requested time period
foreach($avail in $availresponse.AttendeesAvailability){
foreach($cvtEnt in $avail.CalendarEvents){
"Start : " + $cvtEnt.StartTime
"End : " + $cvtEnt.EndTime
"Subject : " + $cvtEnt.Details.Subject
"Location : " + $cvtEnt.Details.Location
Second Script:
# Change the server in this URL to specify which mailbox server to access
$url = 'https://mailbox01.contoso.local:444/EWS/Exchange.asmx'
# Uncomment the below lines if you want to query EWS using credentials other than
# the ones used to run the script.
#If(!(Test-Path variable:global:cred))
# $cred = Get-Credential
function Execute-SOAPRequest
[Xml] $SOAPRequest,
[String] $URL
write-host "Sending SOAP Request To Server: $URL"
$soapWebRequest = [System.Net.WebRequest]::Create($URL)
# These appear to be the only things needed in the headers when making the request
$soapWebRequest.ContentType = 'text/xml;charset="utf-8"'
$soapWebRequest.Accept = "text/xml"
$soapWebRequest.Method = "POST"
If(Test-Path variable:global:cred)
$soapWebRequest.Credentials = $cred
Else
$soapWebRequest.UseDefaultCredentials = $true
write-host "Initiating Send."
$requestStream = $soapWebRequest.GetRequestStream()
$SOAPRequest.Save($requestStream)
$requestStream.Close()
write-host "Send Complete, Waiting For Response."
$resp = $soapWebRequest.GetResponse()
$responseStream = $resp.GetResponseStream()
$soapReader = [System.IO.StreamReader]($responseStream)
$ReturnXml = [Xml] $soapReader.ReadToEnd()
$responseStream.Close()
write-host "Response Received."
return $ReturnXml
# The specing and line returns in the below variable are important for some reason
# For example, there must be a line return after the @' on the first line, or it's invalid...
# Change the line with this:
# <t:Address>[email protected]</t:Address>
# to the email address in the domain you want to query
$soap = [xml]@'
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
<t:RequestServerVersion Version="Exchange2013_SP1" />
<t:TimeZoneContext>
<t:TimeZoneDefinition Name="(UTC-06:00) Central Time (US & Canada)" Id="Central Standard Time">
<t:Periods>
<t:Period Bias="P0DT6H0M0.0S" Name="Standard" Id="Std" />
<t:Period Bias="P0DT5H0M0.0S" Name="Daylight" Id="Dlt/1" />
<t:Period Bias="P0DT5H0M0.0S" Name="Daylight" Id="Dlt/2007" />
</t:Periods>
<t:TransitionsGroups>
<t:TransitionsGroup Id="0">
<t:RecurringDayTransition>
<t:To Kind="Period">Dlt/1</t:To>
<t:TimeOffset>P0DT2H0M0.0S</t:TimeOffset>
<t:Month>4</t:Month>
<t:DayOfWeek>Sunday</t:DayOfWeek>
<t:Occurrence>1</t:Occurrence>
</t:RecurringDayTransition>
<t:RecurringDayTransition>
<t:To Kind="Period">Std</t:To>
<t:TimeOffset>P0DT2H0M0.0S</t:TimeOffset>
<t:Month>10</t:Month>
<t:DayOfWeek>Sunday</t:DayOfWeek>
<t:Occurrence>-1</t:Occurrence>
</t:RecurringDayTransition>
</t:TransitionsGroup>
<t:TransitionsGroup Id="1">
<t:RecurringDayTransition>
<t:To Kind="Period">Dlt/2007</t:To>
<t:TimeOffset>P0DT2H0M0.0S</t:TimeOffset>
<t:Month>3</t:Month>
<t:DayOfWeek>Sunday</t:DayOfWeek>
<t:Occurrence>2</t:Occurrence>
</t:RecurringDayTransition>
<t:RecurringDayTransition>
<t:To Kind="Period">Std</t:To>
<t:TimeOffset>P0DT2H0M0.0S</t:TimeOffset>
<t:Month>11</t:Month>
<t:DayOfWeek>Sunday</t:DayOfWeek>
<t:Occurrence>1</t:Occurrence>
</t:RecurringDayTransition>
</t:TransitionsGroup>
</t:TransitionsGroups>
<t:Transitions>
<t:Transition>
<t:To Kind="Group">0</t:To>
</t:Transition>
<t:AbsoluteDateTransition>
<t:To Kind="Group">1</t:To>
<t:DateTime>2007-01-01T06:00:00.000Z</t:DateTime>
</t:AbsoluteDateTransition>
</t:Transitions>
</t:TimeZoneDefinition>
</t:TimeZoneContext>
</soap:Header>
<soap:Body>
<m:GetUserAvailabilityRequest>
<m:MailboxDataArray>
<t:MailboxData>
<t:Email>
<t:Address>[email protected]</t:Address>
</t:Email>
<t:AttendeeType>Required</t:AttendeeType>
<t:ExcludeConflicts>false</t:ExcludeConflicts>
</t:MailboxData>
</m:MailboxDataArray>
<t:FreeBusyViewOptions>
<t:TimeWindow>
<t:StartTime>2014-04-03T00:00:00</t:StartTime>
<t:EndTime>2014-04-10T00:00:00</t:EndTime>
</t:TimeWindow>
<t:MergedFreeBusyIntervalInMinutes>30</t:MergedFreeBusyIntervalInMinutes>
<t:RequestedView>DetailedMerged</t:RequestedView>
</t:FreeBusyViewOptions>
</m:GetUserAvailabilityRequest>
</soap:Body>
</soap:Envelope>
$ret = Execute-SOAPRequest $soap $url
# Uncomment out one of the below two lines to get output in different alternative formats
#$ret | Export-Clixml c:\temp\1.xml;Get-Content c:\temp\1.xml
#$ret.InnerXml
# If the request is successful, show the appointments, otherwise show the failure message
If ($ret.Envelope.Body.GetUserAvailabilityResponse.FreeBusyResponseArray.FreeBusyResponse.ResponseMessage.ResponseClass -eq 'Success')
$ret.Envelope.Body.GetUserAvailabilityResponse.FreeBusyResponseArray.FreeBusyResponse.FreeBusyView.CalendarEventArray.CalendarEvent
Else
$ret.Envelope.Body.GetUserAvailabilityResponse.FreeBusyResponseArray.FreeBusyResponse.ResponseMessageIn this case, the SMTP domain is the same as the AD domain. If the wrong domain were configured then the connection would never work, as opposed to sometimes work.
RunspaceId : abb30c12-c578-4770-987f-41fe6206a463
ForestName : adatum.local
UserName : adatum\availtest
UseServiceAccount : False
AccessMethod : OrgWideFB
ProxyUrl :
TargetAutodiscoverEpr :
ParentPathId : CN=Availability Configuration
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : adatum.local
DistinguishedName : CN=adatum.local,CN=Availability Configuration,CN=Wayport,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=contoso,DC=local
Identity : adatum.local
Guid : 3e0ebc2c-0ebc-4be8-83d2-077746180d66
ObjectCategory : contoso.local/Configuration/Schema/ms-Exch-Availability-Address-Space
ObjectClass : {top, msExchAvailabilityAddressSpace}
WhenChanged : 4/15/2014 12:33:53 PM
WhenCreated : 4/15/2014 12:33:35 PM
WhenChangedUTC : 4/15/2014 5:33:53 PM
WhenCreatedUTC : 4/15/2014 5:33:35 PM
OrganizationId :
OriginatingServer : dc01.contoso.local
IsValid : True
ObjectState : Unchanged -
SCCM 2012SP1 - Cross Forest Scenario
Guys/Girls
I've configured a cross forest SCCM scenario, with all the SCCM config in one Forest and a single Windows XP SP3 desktop in the other. There is a trust between both Forests/2-way external but I haven't added Forests/Domain to SCCM to enable searching
etc. I deployed the agent manually in the external Forest using a mapped drive and ccmsetup /mp:........ this all works fine.
After installation, after the client is approved, when I click on the client in the SCCM console and try to initiate any of the "right-click" features, I just get a stack of access denied errors back "0x80070005". I've tried rebuilding
WMI, re-installing the client to no avail. Im thinking that its related to the cross forest config but I see no provision for setting up external credentials for the other forest - am I right in thinking that the only account that needs to be configured is
the "Network Access Account" that the agent uses to make network connections (the rest being run under the guise of the "Local System" account) if so - this is already done too.
I'm not seeing any access denied entries on the XP desktop and I've been through the DCOM config and local policy to make adjustments/slacken off the permissions...still no dice.
Am I chasing my tail with this? can I manage a client from the console that actually sits outside of the Forest where the SCCM installation is actually installed?
The installation is pretty much inline with scenario 1 from the following blog:
http://blogs.technet.com/b/neilp/archive/2012/08/20/cross-forest-support-in-system-center-2012-configuration-manager-part-1.aspx
-aReading more closely, I notice now that you said "right-click tools". That explains it as those truly have nothing to do with ConfigMgr. Essentially, what all right-click tools are are individual scripts run on your local system that directly connect
to the remote system to perform an action. The console initiates these scripts but that's it. Thus, the credentials of the user logged into the console are used to launch those scripts and the problem here is that the user you are running the console
as does not have permissions to remotely connect to that remote system.
As mentioned, this has nothing to do with ConfigMgr though because ConfigMgr never ever connects to remote clients -- call client agent communication is initiated by the client.
Thus, the right-click tools, while sometimes/often useful, should not be confused with native ConfigMgr functionality.
Jason | http://blog.configmgrftw.com | @jasonsandys -
Hi All - I've re-posted this as I put it in the wrong thread initially under 2007.
I've configured a cross forest SCCM scenario, with all the SCCM config in one Forest and a single Windows XP SP3 desktop in the other. There is a trust between both Forests/2-way external but I haven't added Forests/Domain to SCCM to enable searching
etc. I deployed the agent manually in the external Forest using a mapped drive and ccmsetup /mp:........ this all works fine.
After installation, after the client is approved, when I click on the client in the SCCM console and try to initiate any of the "right-click" features, I just get a stack of access denied errors back "0x80070005". I've tried rebuilding
WMI, re-installing the client to no avail. Im thinking that its related to the cross forest config but I see no provision for setting up external credentials for the other forest - am I right in thinking that the only account that needs to be configured is
the "Network Access Account" that the agent uses to make network connections (the rest being run under the guise of the "Local System" account) if so - this is already done too.
I'm not seeing any access denied entries on the XP desktop and I've been through the DCOM config and local policy to make adjustments/slacken off the permissions...still no dice.
Am I chasing my tail with this? can I manage a client from the console that actually sits outside of the Forest where the SCCM installation is actually installed?
The installation is pretty much inline with scenario 1 from the following blog:
http://blogs.technet.com/b/neilp/archive/2012/08/20/cross-forest-support-in-system-center-2012-configuration-manager-part-1.aspx
-ahttp://social.technet.microsoft.com/Forums/systemcenter/en-US/a64548eb-11dd-441f-95d7-097c70c96f17/sccm-2012sp1-cross-forest-scenario?forum=configmgrgeneral
is the original thread. You shouldn't cross post -- you should wait for a mod to move the thread as now we have multiple people answering the same question without the benefit of seeing what others have answered.
As mentioned there, this really has nothing to do with ConfigMgr and stems from the use of right-click tools.
Jason | http://blog.configmgrftw.com | @jasonsandys -
Cross forest migration Exchange 2010 SP2 to Exchange 2010 SP2
Hi,
We are planning cross forest migration Exchange 2010 SP2 to Exchange 2010 SP2.
Requesting you to please help us out for below scenario.
Source Exchange 2010 SP2:- abc.com
2AD, 2CAS & 2 MBX servers
Database:- 4
Total Users :- 3500
Accepted Domains :- 8
Total Data:- 5TB +
Target Exchange 2010 SP2:- xyz.com
Resource allocated same as above.
Now we have to migrate users along with data to target forest xyz.com keeping both setup live, as moving 5TB + data will be a ongoing process and the same will take some time.
With the guidelines mentioned in
http://careexchange.in/cross-forest-migration-guide-exchange-2010-to-exchange-2010/#comment-14203 we are able to migrate test users along with data, but after migration the migrated user is not able to connect through MS Outlook even not able to login into
OWA. It gives error “The Outlook Web App address
https://mail.abc.com/owa is out of date.”
Kindly let us know how to solve this issue.
Kindly let me know if you want any more information from our end.
Thanks in advance.
Thanks and Regards, Shashank KudiHi Shashank,
Do you have certificates properly installed and configured in the target Exchange?
If not, Please configure certificate and import the certificate to the trusted root CA if you are using internal CA cert.
Thanks, MAS
Please mark as helpful if you find my comment helpful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. -
Unable to migrate Cross Forest Exchange 2013 to Exchange 2013
I am unable to migrate mailboxes from an on prem (same physical virtual host) to an on prem (same physical virtual host) cross forest.
MRSProxy is enabled on both the target and the source.. and a migration endpoint is enabled on the source. I can succesefuly prepare-moverequest on the target, but when I perform
PS] D:\Exchange\Scripts>New-MoveRequest -Identity [email protected] -Remote -TargetDatabase "DomainCorp" -RemoteGlobalCatalog
ads-ad-01.domain.local -RemoteCredential $RemoteCredentials -TargetDeliveryDomain "domaincorp.local" -Remote
HostName ads-exch-01domain.local
The call to 'https://ads-exch-01.domain.local/EWS/mrsproxy.svc' failed. Error details: Could not establish trust
relationship for the SSL/TLS secure channel with authority 'ads-exch-01.domain.local'. --> The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel. --> The remote certificate is
invalid according to the validation procedure..
+ CategoryInfo : NotSpecified: (:) [New-MoveRequest], RemoteTransientException
+ FullyQualifiedErrorId : [Server=ADS-EXCHCORP-01,RequestId=3f49d075-8110-48fd-8157-9b4d87921252,TimeStamp=5/1/201
5 4:00:11 PM] [FailureCategory=Cmdlet-RemoteTransientException] EA6D7B2B,Microsoft.Exchange.Management.RecipientTa
sks.NewMoveRequest
+ PSComputerName : ads-exchcorp-01.domaincorp.local
If I change remote hostname to exch.domain.com I get a different error message.
[PS] D:\Exchange\Scripts>New-MoveRequest -Identity [email protected] -Remote -TargetDatabase "domainCorp" -RemoteGlobalCatalog ads-ad-01.domain.local -RemoteCredential $RemoteCredentials -TargetDeliveryDomain
"domaincorp.local" -Remote
HostName exch.domain.com
The call to 'https://exch.domain.com/EWS/mrsproxy.svc' timed out. Error details: The request channel timed out
attempting to send after 00:00:07.9643241. Increase the timeout value passed to the call to Request or increase the
SendTimeout value on the Binding. The time allotted to this operation may have been a portion of a longer timeout. -->
The HTTP request to 'https://exch.domain.com/EWS/mrsproxy.svc' has exceeded the allotted timeout of
00:00:07.9640000. The time allotted to this operation may have been a portion of a longer timeout. --> The operation
has timed out
+ CategoryInfo : NotSpecified: (:) [New-MoveRequest], RemoteTransientException
+ FullyQualifiedErrorId : [Server=ADS-EXCHCORP-01,RequestId=f5807f2d-c8d5-4fb3-86b3-a831cae92626,TimeStamp=5/1/201
5 4:01:10 PM] [FailureCategory=Cmdlet-RemoteTransientException] F2700578,Microsoft.Exchange.Management.RecipientTa
sks.NewMoveRequest
+ PSComputerName : ads-exchcorp-01.domaincorp.local
I feel like I have been hitting my head on the desk for about a week now.
We Also should note that we exported the Wildcard cert from the source server and imported it into the target server.Hello
if open imported wildcard cert from mmc on source computer it show the cert is ok? not missing root cert?
sorry my english -
Public Folder Migration Cross Forest
Hello,
We are in the middle of planning a cross forest migration from Exchange 2010 to Exchange 2013.
To give some context:
We already have an Exchange 2013 environment complete with mailboxes, and public folders etc. We have a 2010 Exchange server in a different forest that we would like to migrate all existing mailboxes and public folders from to the Exchange 2013 forest. We will
be keeping the domain/forest that currently contains 2010 so all mailboxes that will be moved will end up being linked mailboxes in the 2013 organization with the accounts held in the other forest.
One of the big unanswered questions remains around public folder access. During migration there will be a time when some users will be in the Exchange 2010 organization, and some will be in the Exchange 2013 organization. I have two main questions around this
1. Is there any way possible that anyone can think of that the users moved to 2013 can access the public folders still on 2010?
2. What is the best way to migrate the public folders over from 2010 to 2013? Do we have to create the public folders and permissions on 2013 before hand or do we use a 3rd party tool or other method to achieve this goal?Hi,
To reduce needless trouble, I recommend migrate mailbox first and public folder second.
However, public folder will works fine no matter where it located. If you experience an issue about user in Exchange 2013 mailbox cannot access Public Folder in Exchange 2010, please change the RPC authentication to NTML.
More details about it, please refer to:
https://social.technet.microsoft.com/Forums/exchange/en-US/3172435f-4c06-41b3-b7a7-937dc0160049/exchange-2013-users-unable-to-access-exchange-2007-public-folders?forum=exchangesvrdeploy
Additional, step by step to migrate Public folder to Exchange 2013, for your reference:
http://blogs.technet.com/b/meamcs/archive/2013/07/25/part-4-step-by-step-exchange-2007-to-2013-migration.aspx
Thanks
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Allen Wang
TechNet Community Support -
Microsoft office 2013 encountered an error during setup in Window 8.1
Initially, I got microsoft office 2013 64bit standard version installed in window 8.1. However, it suddenly got errors when opening office, and closed the program automatically. Therefore, I uninstalled it, and tried to re-install office.
However, I got the error "microsoft office 2013 encountered an error during setup" everytime when I try to install it.
I tried 32-bit and 64 bit version, and tried to install in clean boot, deleted registry, and modified the folder name "Microsoft Help", but none of them works.Make sure you completely uninstall previous versions of Office. There may be remnants left behind, even after you uninstall Office using the normal procedure. I recommend using the “Fix It” utility to uninstall Office 2013 completely. Please refer to this
article: http://support.microsoft.com/kb/2739501/en-us you might also follow the manual steps provided on the same page.
If you still having problems, re-registering the Windows Installer and checking permissions on the %TEMP% folder and the C:\Windows\Installer folder to make sure you have full-control. To re-register the Windows Installer run the following commands:
msiexec /unregister
msiexec /register -
When I create an EJB Transport Business Service, after selecting the jar that has the EJB 2.1 artefacts (Remote, Home, etc) the oepe plugin fails and can't continue.
As I understand it seems that there is a problem with the classpath of ant build.xml that oepe creates inside folder /tmp/alsbejbtransport/ to compile the bs and generate the wsdl. I checked if tools.jar is in the classpath (in eclipse) and is included, so I can't figure out wich is the problem.
I found this in Oracle, but not helps solve the problem:
BEA-398120
Error: The WSDL for the typed transport endpoint could not be accessed.
Description
There was a problem retrieving the WSDL from the typed transport service endpoint at the time of service registration
Action
Contact technical support
This is the the full stacktrace that shows eclipse.
Generate : Error during generation of the WSDL:
BUILD FAILED
java.lang.NoClassDefFoundError: com/sun/javadoc/Type
at com.bea.util.jam.provider.JamServiceFactoryImpl.createSourceBuilder(JamServiceFactoryImpl.java:205)
at com.bea.util.jam.provider.JamServiceFactoryImpl.createBuilder(JamServiceFactoryImpl.java:158)
at com.bea.util.jam.provider.JamServiceFactoryImpl.createClassLoader(JamServiceFactoryImpl.java:137)
at com.bea.util.jam.provider.JamServiceFactoryImpl.createService(JamServiceFactoryImpl.java:78)
at weblogic.wsee.util.JamUtil.parseSource(JamUtil.java:152)
at weblogic.wsee.tools.anttasks.JwsLoader.loadJClasses(JwsLoader.java:186)
at weblogic.wsee.tools.anttasks.JwsLoader.load(JwsLoader.java:75)
at weblogic.wsee.tools.anttasks.JwsModule.loadWebServices(JwsModule.java:569)
at weblogic.wsee.tools.anttasks.JwsModule.generate(JwsModule.java:369)
at weblogic.wsee.tools.anttasks.JwsModule.build(JwsModule.java:256)
at weblogic.wsee.tools.anttasks.JwscTask.execute(JwscTask.java:184)
at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:288)
at sun.reflect.GeneratedMethodAccessor1.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:601)
at org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:106)
at org.apache.tools.ant.Task.perform(Task.java:348)
at org.apache.tools.ant.Target.execute(Target.java:357)
at org.apache.tools.ant.Target.performTasks(Target.java:385)
at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1337)
at org.apache.tools.ant.Project.executeTarget(Project.java:1306)
at org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultExecutor.java:41)
at org.apache.tools.ant.Project.executeTargets(Project.java:1189)
at org.apache.tools.ant.Main.runBuild(Main.java:758)
at org.apache.tools.ant.Main.startAnt(Main.java:217)
at org.apache.tools.ant.launch.Launcher.run(Launcher.java:257)
at org.apache.tools.ant.launch.Launcher.main(Launcher.java:104)
Caused by: java.lang.ClassNotFoundException: com.sun.javadoc.Type
at org.apache.tools.ant.AntClassLoader.findClassInComponents(AntClassLoader.java:1400)
at org.apache.tools.ant.AntClassLoader.findClass(AntClassLoader.java:1341)
at org.apache.tools.ant.AntClassLoader.loadClass(AntClassLoader.java:1088)
at java.lang.ClassLoader.loadClass(ClassLoader.java:356)
... 27 more
Total time: 0 seconds
Eclipse Installation details:
*** System properties:
eclipse.application=org.eclipse.ui.ide.workbench
eclipse.buildId=M20110909-1335
eclipse.commands=-os
linux
-ws
gtk
-arch
x86_64
-showsplash
-launcher
{home}/Development/oepe-indigo/eclipse
-name
Eclipse
--launcher.library
{home}/Development/oepe-indigo//plugins/org.eclipse.equinox.launcher.gtk.linux.x86_64_1.1.100.v20110505/eclipse_1407.so
-startup
{home}/Development/oepe-indigo//plugins/org.eclipse.equinox.launcher_1.2.0.v20110502.jar
--launcher.overrideVmargs
-exitdata
1e418010
-vm
/usr/bin/java
eclipse.home.location=file:{home}/Development/oepe-indigo/
eclipse.launcher={home}/Development/oepe-indigo/eclipse
eclipse.launcher.name=Eclipse
[email protected]/../p2/
eclipse.p2.profile=PlatformProfile
eclipse.product=org.eclipse.platform.ide
eclipse.startTime=1374623921455
eclipse.vm=/usr/bin/java
eclipse.vmargs=-Xms256m
-Xmx768m
-XX:MaxPermSize=512m
-Dsun.lang.ClassLoader.allowArraySyntax=true
-Dweblogic.home={home}/Oracle/Middleware/wlserver_10.3
-Dharvester.home={home}/Oracle/Middleware/Oracle_OSB1/harvester
-Dosb.home={home}/Oracle/Middleware/Oracle_OSB1
-Dosgi.bundlefile.limit=750
-Dosgi.nl=en_US
-Dmiddleware.home={home}/Oracle/Middleware
-jar
{home}/Development/oepe-indigo//plugins/org.eclipse.equinox.launcher_1.2.0.v20110502.jar
equinox.use.ds=true
file.encoding=UTF-8
file.encoding.pkg=sun.io
file.separator=/
guice.disable.misplaced.annotation.check=true
harvester.home={home}/Oracle/Middleware/Oracle_OSB1/harvester
http.nonProxyHosts=localhost
java.awt.graphicsenv=sun.awt.X11GraphicsEnvironment
java.awt.printerjob=sun.print.PSPrinterJob
java.class.path={home}/Development/oepe-indigo//plugins/org.eclipse.equinox.launcher_1.2.0.v20110502.jar
java.class.version=50.0
java.endorsed.dirs=/usr/lib/jvm/jdk1.6.0_45/jre/lib/endorsed
java.ext.dirs=/usr/lib/jvm/jdk1.6.0_45/jre/lib/ext:/usr/java/packages/lib/ext
java.home=/usr/lib/jvm/jdk1.6.0_45/jre
java.io.tmpdir=/tmp
java.library.path=/usr/lib/jvm/jdk1.6.0_45/jre/lib/amd64/server:/usr/lib/jvm/jdk1.6.0_45/jre/lib/amd64:/usr/lib/jvm/jdk1.6.0_45/jre/../lib/amd64:/usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib
java.protocol.handler.pkgs=null|com.bea.wli.sb.resources.url|com.bea.wli.sb.resources.jca.upgrade.url|weblogic.utils|weblogic.utils|weblogic.utils|weblogic.net|weblogic.net
java.runtime.name=Java(TM) SE Runtime Environment
java.runtime.version=1.6.0_45-b06
java.specification.name=Java Platform API Specification
java.specification.vendor=Sun Microsystems Inc.
java.specification.version=1.6
java.vendor=Sun Microsystems Inc.
java.vendor.url=http://java.sun.com/
java.vendor.url.bug=http://java.sun.com/cgi-bin/bugreport.cgi
java.version=1.6.0_45
java.vm.info=mixed mode
java.vm.name=Java HotSpot(TM) 64-Bit Server VM
java.vm.specification.name=Java Virtual Machine Specification
java.vm.specification.vendor=Sun Microsystems Inc.
java.vm.specification.version=1.0
java.vm.vendor=Sun Microsystems Inc.
java.vm.version=20.45-b01
javax.rmi.CORBA.PortableRemoteObjectClass=weblogic.iiop.PortableRemoteObjectDelegateImpl
javax.rmi.CORBA.UtilClass=weblogic.iiop.UtilDelegateImpl
jna.platform.library.path=/usr/lib/x86_64-linux-gnu:/lib/x86_64-linux-gnu:/lib64:/usr/lib:/lib
line.separator=
middleware.home={home}/Oracle/Middleware
oracle.eclipse.tools.weblogic.ui.isWebLogicServer=true
org.apache.commons.logging.Log=org.apache.commons.logging.impl.NoOpLog
org.eclipse.equinox.launcher.splash.location={home}/Development/oepe-indigo/plugins/org.eclipse.platform_3.7.1.v201109091335/splash.bmp
org.eclipse.equinox.simpleconfigurator.configUrl=file:org.eclipse.equinox.simpleconfigurator/bundles.info
org.eclipse.m2e.log.dir={home}/workspace/pragma/.metadata/.plugins/org.eclipse.m2e.logback.configuration
org.eclipse.update.reconcile=false
org.omg.CORBA.ORBClass=weblogic.corba.orb.ORB
org.omg.CORBA.ORBSingletonClass=weblogic.corba.orb.ORB
org.osgi.framework.executionenvironment=OSGi/Minimum-1.0,OSGi/Minimum-1.1,OSGi/Minimum-1.2,JRE-1.1,J2SE-1.2,J2SE-1.3,J2SE-1.4,J2SE-1.5,JavaSE-1.6
org.osgi.framework.language=en
org.osgi.framework.os.name=Linux
org.osgi.framework.os.version=3.8.0
org.osgi.framework.processor=x86-64
org.osgi.framework.system.capabilities=osgi.ee; osgi.ee="OSGi/Minimum"; version:List<Version>="1.0, 1.1, 1.2",osgi.ee; osgi.ee="JavaSE"; version:List<Version>="1.0, 1.1, 1.2, 1.3, 1.4, 1.5, 1.6"
org.osgi.framework.system.packages=javax.accessibility,javax.activation,javax.activity,javax.annotation,javax.annotation.processing,javax.crypto,javax.crypto.interfaces,javax.crypto.spec,javax.imageio,javax.imageio.event,javax.imageio.metadata,javax.imageio.plugins.bmp,javax.imageio.plugins.jpeg,javax.imageio.spi,javax.imageio.stream,javax.jws,javax.jws.soap,javax.lang.model,javax.lang.model.element,javax.lang.model.type,javax.lang.model.util,javax.management,javax.management.loading,javax.management.modelmbean,javax.management.monitor,javax.management.openmbean,javax.management.relation,javax.management.remote,javax.management.remote.rmi,javax.management.timer,javax.naming,javax.naming.directory,javax.naming.event,javax.naming.ldap,javax.naming.spi,javax.net,javax.net.ssl,javax.print,javax.print.attribute,javax.print.attribute.standard,javax.print.event,javax.rmi,javax.rmi.CORBA,javax.rmi.ssl,javax.script,javax.security.auth,javax.security.auth.callback,javax.security.auth.kerberos,javax.security.auth.login,javax.security.auth.spi,javax.security.auth.x500,javax.security.cert,javax.security.sasl,javax.sound.midi,javax.sound.midi.spi,javax.sound.sampled,javax.sound.sampled.spi,javax.sql,javax.sql.rowset,javax.sql.rowset.serial,javax.sql.rowset.spi,javax.swing,javax.swing.border,javax.swing.colorchooser,javax.swing.event,javax.swing.filechooser,javax.swing.plaf,javax.swing.plaf.basic,javax.swing.plaf.metal,javax.swing.plaf.multi,javax.swing.plaf.synth,javax.swing.table,javax.swing.text,javax.swing.text.html,javax.swing.text.html.parser,javax.swing.text.rtf,javax.swing.tree,javax.swing.undo,javax.tools,javax.transaction,javax.transaction.xa,javax.xml,javax.xml.bind,javax.xml.bind.annotation,javax.xml.bind.annotation.adapters,javax.xml.bind.attachment,javax.xml.bind.helpers,javax.xml.bind.util,javax.xml.crypto,javax.xml.crypto.dom,javax.xml.crypto.dsig,javax.xml.crypto.dsig.dom,javax.xml.crypto.dsig.keyinfo,javax.xml.crypto.dsig.spec,javax.xml.datatype,javax.xml.namespace,javax.xml.parsers,javax.xml.soap,javax.xml.stream,javax.xml.stream.events,javax.xml.stream.util,javax.xml.transform,javax.xml.transform.dom,javax.xml.transform.sax,javax.xml.transform.stax,javax.xml.transform.stream,javax.xml.validation,javax.xml.ws,javax.xml.ws.handler,javax.xml.ws.handler.soap,javax.xml.ws.http,javax.xml.ws.soap,javax.xml.ws.spi,javax.xml.ws.wsaddressing,javax.xml.xpath,org.ietf.jgss,org.omg.CORBA,org.omg.CORBA_2_3,org.omg.CORBA_2_3.portable,org.omg.CORBA.DynAnyPackage,org.omg.CORBA.ORBPackage,org.omg.CORBA.portable,org.omg.CORBA.TypeCodePackage,org.omg.CosNaming,org.omg.CosNaming.NamingContextExtPackage,org.omg.CosNaming.NamingContextPackage,org.omg.Dynamic,org.omg.DynamicAny,org.omg.DynamicAny.DynAnyFactoryPackage,org.omg.DynamicAny.DynAnyPackage,org.omg.IOP,org.omg.IOP.CodecFactoryPackage,org.omg.IOP.CodecPackage,org.omg.Messaging,org.omg.PortableInterceptor,org.omg.PortableInterceptor.ORBInitInfoPackage,org.omg.PortableServer,org.omg.PortableServer.CurrentPackage,org.omg.PortableServer.POAManagerPackage,org.omg.PortableServer.POAPackage,org.omg.PortableServer.portable,org.omg.PortableServer.ServantLocatorPackage,org.omg.SendingContext,org.omg.stub.java.rmi,org.w3c.dom,org.w3c.dom.bootstrap,org.w3c.dom.css,org.w3c.dom.events,org.w3c.dom.html,org.w3c.dom.ls,org.w3c.dom.ranges,org.w3c.dom.stylesheets,org.w3c.dom.traversal,org.w3c.dom.views,org.w3c.dom.xpath,org.xml.sax,org.xml.sax.ext,org.xml.sax.helpers
org.osgi.framework.uuid=901615cd-f3f3-0012-11b6-a3bca4d97ac1
org.osgi.framework.vendor=Eclipse
org.osgi.framework.version=1.6.0
org.osgi.supports.framework.extension=true
org.osgi.supports.framework.fragment=true
org.osgi.supports.framework.requirebundle=true
os.arch=amd64
os.name=Linux
os.version=3.8.0-26-generic
osb.home={home}/Oracle/Middleware/Oracle_OSB1
osgi.arch=x86_64
osgi.bundlefile.limit=750
osgi.bundles=reference:file:javax.transaction_1.1.1.v201105210645.jar,reference:file:org.eclipse.equinox.simpleconfigurator_1.0.200.v20110502-1955.jar@1:start
osgi.bundles.defaultStartLevel=4
osgi.bundlestore={home}/Development/oepe-indigo/configuration/org.eclipse.osgi/bundles
osgi.configuration.area=file:{home}/Development/oepe-indigo/configuration/
osgi.framework=file:{home}/Development/oepe-indigo/plugins/org.eclipse.osgi_3.7.1.R37x_v20110808-1106.jar
osgi.framework.extensions=reference:file:javax.transaction_1.1.1.v201105210645.jar
osgi.framework.shape=jar
osgi.framework.version=3.7.1.R37x_v20110808-1106
osgi.frameworkClassPath=., file:{home}/Development/oepe-indigo/plugins/javax.transaction_1.1.1.v201105210645.jar
osgi.install.area=file:{home}/Development/oepe-indigo/
osgi.instance.area=file:{home}/workspace/pragma/
osgi.instance.area.default=file:{home}/workspace/
osgi.logfile={home}/workspace/pragma/.metadata/.log
osgi.manifest.cache={home}/Development/oepe-indigo/configuration/org.eclipse.osgi/manifests
osgi.nl=en_US
osgi.nl.user=en_US
osgi.os=linux
osgi.splashLocation={home}/Development/oepe-indigo/plugins/org.eclipse.platform_3.7.1.v201109091335/splash.bmp
osgi.splashPath=platform:/base/plugins/org.eclipse.platform
osgi.syspath={home}/Development/oepe-indigo/plugins
osgi.tracefile={home}/workspace/pragma/.metadata/trace.log
osgi.ws=gtk
path.separator=:
securerandom.source=file:/dev/./urandom
socksNonProxyHost=localhost
sun.arch.data.model=64
sun.boot.class.path=/usr/lib/jvm/jdk1.6.0_45/jre/lib/resources.jar:/usr/lib/jvm/jdk1.6.0_45/jre/lib/rt.jar:/usr/lib/jvm/jdk1.6.0_45/jre/lib/sunrsasign.jar:/usr/lib/jvm/jdk1.6.0_45/jre/lib/jsse.jar:/usr/lib/jvm/jdk1.6.0_45/jre/lib/jce.jar:/usr/lib/jvm/jdk1.6.0_45/jre/lib/charsets.jar:/usr/lib/jvm/jdk1.6.0_45/jre/lib/modules/jdk.boot.jar:/usr/lib/jvm/jdk1.6.0_45/jre/classes
sun.boot.library.path=/usr/lib/jvm/jdk1.6.0_45/jre/lib/amd64
sun.cpu.endian=little
sun.cpu.isalist=
sun.desktop=gnome
sun.io.unicode.encoding=UnicodeLittle
sun.java.command={home}/Development/oepe-indigo//plugins/org.eclipse.equinox.launcher_1.2.0.v20110502.jar -os linux -ws gtk -arch x86_64 -showsplash -launcher {home}/Development/oepe-indigo/eclipse -name Eclipse --launcher.library {home}/Development/oepe-indigo//plugins/org.eclipse.equinox.launcher.gtk.linux.x86_64_1.1.100.v20110505/eclipse_1407.so -startup {home}/Development/oepe-indigo//plugins/org.eclipse.equinox.launcher_1.2.0.v20110502.jar --launcher.overrideVmargs -exitdata 1e418010 -vm /usr/bin/java -vmargs -Xms256m -Xmx768m -XX:MaxPermSize=512m -Dsun.lang.ClassLoader.allowArraySyntax=true -Dweblogic.home={home}/Oracle/Middleware/wlserver_10.3 -Dharvester.home={home}/Oracle/Middleware/Oracle_OSB1/harvester -Dosb.home={home}/Oracle/Middleware/Oracle_OSB1 -Dosgi.bundlefile.limit=750 -Dosgi.nl=en_US -Dmiddleware.home={home}/Oracle/Middleware -jar {home}/Development/oepe-indigo//plugins/org.eclipse.equinox.launcher_1.2.0.v20110502.jar
sun.java.launcher=SUN_STANDARD
sun.jnu.encoding=UTF-8
sun.lang.ClassLoader.allowArraySyntax=true
sun.management.compiler=HotSpot 64-Bit Tiered Compilers
sun.os.patch.level=unknown
svnkit.http.methods=Basic
svnkit.library.gnome-keyring.enabled=false
user.country=AR
user.dir={home}/Development/oepe-indigo
user.home={home}
user.language=es
user.name={username}
user.timezone=America/Argentina/Buenos_Aires
weblogic.home={home}/Oracle/Middleware/wlserver_10.3
Thanks!!run this one in command prompt and then convert the applet using converter tool
JC_HOME = C:\java_card_kit-2_2_2\bin\
set CLASSES=%JCHOME%\lib\apduio.jar;%JC_HOME%\lib\apdutool.jar;%JC_HOME%\lib\jcwde.jar;%JC_HOME%\lib\converter.jar;%JC_HOME%\lib\scriptgen.jar;%JC_HOME%\lib\offcardverifier.jar;%JC_HOME%\lib\api.jar;%JC_HOME%\lib\installer.jar;%JC_HOME%\lib\capdump.jar;
D:\NareshPalle\jcardRE\Smart\src>java -classpath %_CLASSES% com.sun.javacard.con
verter.Converter -out EXP JCA CAP -exportpath .\exp -applet 0x0a:0x00:0x00:0x00:0x0e:0x01:0x02:
0x03:0x04:0x05:0x06 PackageName appletName 0x01:0x02:0x03:0x04:0x05:0x0
6:0x07:0x08 1.0
or
go to following directory and run the converter tool in command prompt
step 1: cd C:\java_card_kit-2_2_2\bin\
then run this command under the above directory
step 2:converter -classdir E:\Pathof Your applet class file -out EXP JCA CAP -exportpath E:\path of exp files folder -applet AID PackageName AppletName PackAID major.minor no
For more doubts mail me....
*[removed by moderator]*
Thanks and Regards
NareshPalle
Edited by: EJP on 31/03/2012 20:09: removed your email address. Unless you like spam and unless you think these forums are provided for your personal benefit only, posting an email address here serves no useful purpose whatsoever. -
Error during rendering/encoding -- PLEASE HELP!!
Hey everybody!! After trying twice to burn this project to DVD, I'm about ready to rip my hair out!! First of all, here's the specifics about my computer:
Mac OS 10.3.7 / 800 MHZ Power PC G4 / 256 MB SDRam / My programs are iMovie 4 and I have iDVD5
OK, I'm trying to burn a movie that is about 1 hour, 23 minutes long. Even though my movie is not 90 minutes long, iDVD does tell me that it is too long and that I need to click on "Best Performance" in my iDVD Preferences. No problem, I did that. (By the way, at the time of the burning, I have about 5.1 GB on space left on my hard drive.)
Before burning I do repair permissions and delete my "com.apple.idvd.plist".
So, it burns and burns for roughly 6 hours. Right at the very end, the disk spits out and an error message comes up saying:
Encoding Video
Error during rendering/encoding:
This is very frustrating because I need to get this video done by tonight and turn it in by Monday morning!!
Any suggestions?? Please help!!! Thanxx!!I have about 5.1 GB on space left on my hard drive
I don't think that's enough. Remember a DVD is 4.7GB (which iDVD first stores on your hard drive) plus temporary files that iDVD needs. -
Error during a system copy with HANA DB
Hello,
I´m doing a system copy in a SAP ERP 6.0 EHP7 with SAP HANA DB.
During a homogeneous system copy procedure with SWPM, it show me the following error during the phase Database refresh postload-activities.
I checked some log files:
-- sapinst.log:
ERROR 2014-08-24 16:14:01.109
MSC-04120 Creating a license signature failed:
===...could not load SSF library S:\usr\sap\\D00\exe\sapcrypto.dll .
ERROR 2014-08-24 16:14:01.109
MSC-04120 Creating a license signature failed: 543 wlikey_sign_for_installer: Couldn't load SAPSECULIB ("S:\usr\sap\\D00\exe\sapcrypto.dll") using function SsfSupInitEx (), rc = 10 (no library).
ERROR 2014-08-24 16:14:01.109
MSC-04120 Creating a license signature failed: 542 wlikey_sign_for_installer: At least one more attempt to load the SAPSECULIB will follow.
INFO 2014-08-24 16:14:01.234
Switched to user: ASCENDUMCE\ed1adm.
INFO 2014-08-24 16:14:01.343
Creating file C:\Program Files\sapinst_instdir\BS2013\BS2013SR1\ERP607SR1\HDB\COPY\SYSTEM\STD\AS-ABAP\REF\saplikey.log.
INFO 2014-08-24 16:14:01.390
Switched to user: ASCENDUMCE\ed1adm.
INFO 2014-08-24 16:14:01.422
Output of S:\usr\sap\ED1\SYS\exe\uc\NTAMD64\saplikey pf=\\SATDCSAP3\sapmnt\ED1\SYS\profile\ED1_DVEBMGS00_SATDCSAP3 -install_first_temp F1740289712 XXXXXX is written to the logfile saplikey.log.
WARNING 2014-08-24 16:14:01.640
Execution of the command "S:\usr\sap\ED1\SYS\exe\uc\NTAMD64\saplikey pf=\\SATDCSAP3\sapmnt\ED1\SYS\profile\ED1_DVEBMGS00_SATDCSAP3 -install_first_temp F1740289712 XXXXXX" finished with return code 2. Output:
saplikey: failed to connect to the database.
ERROR 2014-08-24 16:14:01.640
CJS-30023 Process call 'S:\usr\sap\ED1\SYS\exe\uc\NTAMD64\saplikey pf=\\SATDCSAP3\sapmnt\ED1\SYS\profile\ED1_DVEBMGS00_SATDCSAP3 -install_first_temp F1740289712 XXXXXX' exits with error code 2. For details see log file(s) saplikey.log, dev_slic.
ERROR 2014-08-24 16:14:01.703
FCO-00011 The step createTempLicense with step key |NW_ABAP_DB_DBRefresh|ind|ind|ind|ind|0|0|NW_ABAP_DB|ind|ind|ind|ind|0|0|NW_CreateDBandLoad|ind|ind|ind|ind|createdbandload|0|NW_Postload|ind|ind|ind|ind|postload|0|NW_Postload_DBRefresh_ABAP|ind|ind|ind|ind|abap|0|NW_Temp_License_ABAP|ind|ind|ind|ind|lic|0|createTempLicense was executed with status ERROR ( Last error reported by the step: Creating a license signature failed:
===...could not load SSF library S:\usr\sap\\D00\exe\sapcrypto.dll .).
INFO 2014-08-24 16:14:02.31
Creating file C:\Program Files\sapinst_instdir\BS2013\BS2013SR1\ERP607SR1\HDB\COPY\SYSTEM\STD\AS-ABAP\REF\__instana_tmp.xml.
INFO 2014-08-24 16:14:02.734
Removed file C:\Program Files\sapinst_instdir\BS2013\BS2013SR1\ERP607SR1\HDB\COPY\SYSTEM\STD\AS-ABAP\REF\instslana.xml.
INFO 2014-08-24 16:14:02.734
Creating file C:\Program Files\sapinst_instdir\BS2013\BS2013SR1\ERP607SR1\HDB\COPY\SYSTEM\STD\AS-ABAP\REF\instslana.xml.
-- saplikey.log:
saplikey: failed to connect to the database.
-- dev_likey:
-> init()
STATEMENT_CACHE_SIZE = 1000
-> init()
-> loadClientRuntime()
Loading SQLDBC client runtime ...
SQLDBC Module : S:\usr\sap\ED1\hdbclient\libSQLDBCHDB.dll
SQLDBC Runtime : libSQLDBCHDB 1.00.80.00 Build 0391861-1510
SQLDBC client runtime is 1.00.80.00.0391861
-> getNewConnection()
<- getNewConnection(con_hdl=0)
-> checkEnvironment(con_hdl=0)
-> connect(con_info_p=0000000000000000)
Try to connect via secure store (DEFAULT) on connection 0 ...
*** ERROR => Connect to database failed, rc=1, rcSQL=10
[dbhdbsql.cpp 332]
SQLCODE : 10
SQLERRTEXT : invalid username or password:
-> SetSdbDbslCA(errcode=10)
-> freeConnection(con_hdl=0)
close all opened locators of connection 0
} DbSlHDBConnect(rc=99)
***LOG BY2=> sql error 10 performing CON [dblink 559]
***LOG BY0=> invalid username or password: [dblink 559]
*** ERROR => saplikey: failed to connect to the database. [saplikey.c 830]
release memory of the SIBU buffers
release memory of the STATEMENT CACHE
Can you help me please!? This is very urgent!
Thank you,
samid raifHello John Appleby,
I ran the R3trans -d and this is the output:
4 ETW000 r3trans version 6.24 (release 741 - 10.06.14 - 20:14:07).
4 ETW000 unicode enabled version
4 ETW000 ===============================================
4 ETW000
4 ETW000 date&time : 24.08.2014 - 20:22:19
4 ETW000 control file: <no ctrlfile>
4 ETW000 R3trans was called as follows: r3trans -d
4 ETW000 trace at level 2 opened for a given file pointer
4 ETW000 [ dev trc,00000] Sun Aug 24 20:22:19 2014 124 0.000124
4 ETW000 [ dev trc,00000] db_con_init called 103 0.000227
4 ETW000 [ dev trc,00000] set_use_ext_con_info(): usage of ssfs switched off (rsdb/ssfs_connect=0)
4 ETW000 94 0.000321
4 ETW000 [ dev trc,00000] determine_block_commit: no con_hdl found as blocked for con_name = R/3
4 ETW000 44 0.000365
4 ETW000 [ dev trc,00000] create_con (con_name=R/3) 26 0.000391
4 ETW000 [ dev trc,00000] Loading DB library 'dbhdbslib.dll' ... 64 0.000455
4 ETW000 [ dev trc,00000] DlLoadLib success: LoadLibrary("dbhdbslib.dll"), hdl 0, count 1, addr 000007FEEFE00000
4 ETW000 5889 0.006344
4 ETW000 [ dev trc,00000] using "S:\usr\sap\ED1\SYS\exe\uc\NTAMD64\dbhdbslib.dll" 35 0.006379
4 ETW000 [ dev trc,00000] Library 'dbhdbslib.dll' loaded 36 0.006415
4 ETW000 [ dev trc,00000] function DbSlExpFuns loaded from library dbhdbslib.dll 52 0.006467
4 ETW000 [ dev trc,00000] Version of 'dbhdbslib.dll' is "741.10", patchlevel (0.43) 111 0.006578
4 ETW000 [ dev trc,00000] function dsql_db_init loaded from library dbhdbslib.dll 39 0.006617
4 ETW000 [ dev trc,00000] function dbdd_exp_funs loaded from library dbhdbslib.dll 63 0.006680
4 ETW000 [ dev trc,00000] } DbSlHDBControl(rc=0) 81 0.006761
4 ETW000 [ dev trc,00000] { DbSlHDBControl(con_hdl=-1,command=39,arg_p=0000000000000000) 40 0.006801
4 ETW000 [ dev trc,00000] } DbSlHDBControl(rc=0) 29 0.006830
4 ETW000 [ dev trc,00000] { DbSlHDBControl(con_hdl=-1,command=10,arg_p=000000000221F280) 34 0.006864
4 ETW000 [ dev trc,00000] } DbSlHDBControl(rc=0) 29 0.006893
4 ETW000 [ dev trc,00000] New connection 0 created 25 0.006918
4 ETW000 [ dev trc,00000] 0: name = R/3, con_id = -000000001, state = DISCONNECTED, tx = NO , bc = NO , oc = 000, hc = NO , perm = YES, reco = NO , info = NO , timeout = 000, con_max = 255, con_opt = 255, occ = NO , prog =
4 ETW000 63 0.006981
4 ETW000 [ dev trc,00000] { DbSlHDBControl(con_hdl=-1,command=10,arg_p=0000000141FF5E40) 49 0.007030
4 ETW000 [ dev trc,00000] } DbSlHDBControl(rc=0) 30 0.007060
4 ETW000 [ dev trc,00000] db_con_connect (con_name=R/3) 31 0.007091
4 ETW000 [ dev trc,00000] determine_block_commit: no con_hdl found as blocked for con_name = R/3
4 ETW000 42 0.007133
4 ETW000 [ dev trc,00000] find_con_by_name found the following connection: 28 0.007161
4 ETW000 [ dev trc,00000] 0: name = R/3, con_id = 000000000, state = DISCONNECTED, tx = NO , bc = NO , oc = 000, hc = NO , perm = YES, reco = NO , info = NO , timeout = 000, con_max = 255, con_opt = 255, occ = NO , prog =
4 ETW000 124 0.007285
4 ETW000 [ dev trc,00000] { DbSlHDBConnect(con_info_p=0000000000000000) 61 0.007346
4 ETW000 [ dev trc,00000] DBHDBSLIB : version 741.10, patch 0.043 (Make PL 0.43) 65 0.007411
4 ETW000 [ dev trc,00000] HDB shared library (dbhdbslib) patchlevels (last 10) 37 0.007448
4 ETW000 [ dev trc,00000] (0.043) R3szchk with partitioned tables (note 2040561) 32 0.007480
4 ETW000 [ dev trc,00000] (0.031) New DBCON syntax for HANA (note 1983389) 50 0.007530
4 ETW000 [ dev trc,00000] (0.028) Bulk insert stop on duplicate, dbsl returncode corrected (note 1996982)
4 ETW000 51 0.007581
4 ETW000 [ dev trc,00000] (0.027) Set DBAREQ class (note 1991383) 35 0.007616
4 ETW000 [ dev trc,00000] (0.022) Get database version via dbsl call (note 1976918) 36 0.007652
4 ETW000 [ dev trc,00000] (0.020) FDA: Core Dump in SELECT ... FOR ALL ENTRIES for tables with strings (note 1970276)
4 ETW000 53 0.007705
4 ETW000 [ dev trc,00000] (0.020) SQL DDL with data aging (note 1897636) 35 0.007740
4 ETW000 [ dev trc,00000] (0.017) Datatype NCLOB missing in tablesize calculation (note 1952609)
4 ETW000 52 0.007792
4 ETW000 [ dev trc,00000] (0.014) Tablesize calculation for HANA optimized (note 1952609) 36 0.007828
4 ETW000 [ dev trc,00000] (0.014) Native SQL UPSERT with DataAging (note 1897636) 32 0.007860
4 ETW000 [ dev trc,00000] 22 0.007882
4 ETW000 [ dev trc,00000] -> init() 33 0.007915
4 ETW000 [ dev trc,00000] STATEMENT_CACHE_SIZE = 1000 212 0.008127
4 ETW000 [ dev trc,00000] -> init() 615 0.008742
4 ETW000 [ dev trc,00000] -> loadClientRuntime() 46 0.008788
4 ETW000 [ dev trc,00000] Loading SQLDBC client runtime ... 31 0.008819
4 ETW000 [ dev trc,00000] SQLDBC Module : S:\usr\sap\ED1\hdbclient\libSQLDBCHDB.dll 1327 0.010146
4 ETW000 [ dev trc,00000] SQLDBC Runtime : libSQLDBCHDB 1.00.80.00 Build 0391861-1510 84 0.010230
4 ETW000 [ dev trc,00000] SQLDBC client runtime is 1.00.80.00.0391861 50 0.010280
4 ETW000 [ dev trc,00000] -> getNewConnection() 37 0.010317
4 ETW000 [ dev trc,00000] <- getNewConnection(con_hdl=0) 100 0.010417
4 ETW000 [ dev trc,00000] -> checkEnvironment(con_hdl=0) 53 0.010470
4 ETW000 [ dev trc,00000] -> connect(con_info_p=0000000000000000) 42 0.010512
4 ETW000 [ dev trc,00000] Try to connect via secure store (DEFAULT) on connection 0 ... 86 0.010598
4 ETW000 [dbhdbsql.cpp,00000] *** ERROR => Connect to database failed, rc=1, rcSQL=10 11122 0.021720
4 ETW000 [ dev trc,00000] SQLCODE : 10 68 0.021788
4 ETW000 [ dev trc,00000] SQLERRTEXT : invalid username or password: 40 0.021828
4 ETW000 [ dev trc,00000] -> SetSdbDbslCA(errcode=10) 41 0.021869
4 ETW000 [ dev trc,00000] -> freeConnection(con_hdl=0) 43 0.021912
4 ETW000 [ dev trc,00000] close all opened locators of connection 0 60 0.021972
4 ETW000 [ dev trc,00000] } DbSlHDBConnect(rc=99) 65 0.022037
4 ETW000 [ dblink ,00000] ***LOG BY2=>sql error 10 performing CON 68 0.022105
4 ETW000 [ dblink ,00000] ***LOG BY0=>invalid username or password: 35 0.022140
4 ETW000 [ dev trc,00000] { DbSlHDBControl(con_hdl=0,command=41,arg_p=0000000140541C48) 107 0.022247
4 ETW000 [ dev trc,00000] } DbSlHDBControl(rc=0) 79 0.022326
4 ETW000 [ dev trc,00000] { DbSlHDBControl(con_hdl=0,command=14,arg_p=0000000002215998) 38 0.022364
4 ETW000 [ dev trc,00000] } DbSlHDBControl(rc=0) 28 0.022392
4 ETW000 [ dev trc,00000] { DbSlHDBControl(con_hdl=0,command=50,arg_p=0000000002215990) 33 0.022425
4 ETW000 [ dev trc,00000] } DbSlHDBControl(rc=0) 43 0.022468
4 ETW000 [ dev trc,00000] { DbSlHDBControl(con_hdl=0,command=13,arg_p=00000000022159B0) 35 0.022503
4 ETW000 [ dev trc,00000] } DbSlHDBControl(rc=0) 27 0.022530
4 ETW000 [ dev trc,00000] { DbSlHDBControl(con_hdl=0,command=52,arg_p=0000000002215A00) 33 0.022563
4 ETW000 [ dev trc,00000] } DbSlHDBControl(rc=0) 28 0.022591
2EETW169 no connect possible: "DBMS = HDB --- SERVER = '' PORT = ''"
4 ETW000 [ dev trc,00000] release memory of the SIBU buffers 2900 0.025491
4 ETW000 [ dev trc,00000] release memory of the STATEMENT CACHE 91 0.025582 -
Error during Repository Install
The following is the error I during stage CJSYSFOL of the install, any ideas on how to fix it? Thanks.
R Owen
Message
ORA-04063: package body "REPOS_MANAGER.JR_REG_IO" has errors
Cause
Attempt to execute a stored procedure or use a view that has
errors. For stored procedures, the problem could be syntax errors
or references to other, non-existent procedures. For views,
the problem could be a reference in the view's defining query to
a non-existent table.
Can also be a table which has references to non-existent or
inaccessible types.
Action
Fix the errors and/or create referenced objects as necessary.
Message
ORA-06508: PL/SQL: could not find program unit being called: "REPOS_MANAGER.JR_REG_IO"
Cause
Action
Message
ORA-06512: at "REPOS_MANAGER.JR_FOLDER", line 535
Cause
Backtrace message as the stack is unwound by unhandled
exceptions.
Action
Fix the problem causing the exception or write an exception
handler for this condition. Or you may need to contact your
application administrator or DBA.
Message
ORA-06512: at "REPOS_MANAGER.SDD_FOLDERS_I", line 136
Cause
Backtrace message as the stack is unwound by unhandled
exceptions.
Action
Fix the problem causing the exception or write an exception
handler for this condition. Or you may need to contact your
application administrator or DBA.
Message
ORA-04088: error during execution of trigger 'REPOS_MANAGER.SDD_FOLDERS_I'
Cause
A runtime error occurred during execution of a trigger.
Action
Check the triggers which were involved in the operation.
Message
ORA-06512: at line 1270
Cause
Backtrace message as the stack is unwound by unhandled
exceptions.
Action
Fix the problem causing the exception or write an exception
handler for this condition. Or you may need to contact your
application administrator or DBA.
Message
RME-02124: Failed to execute SQL statement:
DECLARE
ar_irid number;
wkarea_irid number;
dummy_wrkarea boolean := FALSE;
folder_irid number;
folder_ivid number;
org_irid number;
org_ivid number;
max_default_value_types number;
rtn_id number;
vat_type number;
comment varchar2(100);
ps1_irid number;
ps1_ivid number;
l_SUPPORTS_DESIGNER varchar2(1);
l_SUPPORTS_JDEVEE varchar2(1);
TYPE t_Value_Type is record
( name varchar2(20)
, datatype varchar2(20)
, lob_flag varchar2(1)
, derived_from binary_integer -- index number of source record
, irid number -- store irid for later use
Type tt_Value_Type is table of t_Value_Type index by binary_integer;
init_value_types tt_Value_Type;
BEGIN
dbms_output.enable(1000000);
-- Added for Bug 1326447
update ck_installed_objects
set ci_created = 'N'
where ci_stage='CKSYSFOL';
-- End addition for Bug 1326447
select SUPPORTS_JDEVEE
, SUPPORTS_DESIGNER
into l_SUPPORTS_JDEVEE
, l_SUPPORTS_DESIGNER
from rm$repositories;
-- Check Global Shared Workarea exists
dbms_output.put_line('* Checking if Global Shared Wokrarea exists' );
begin
select irid
into wkarea_irid
from I$sdd_workareas
where name = 'GLOBAL SHARED WORKAREA';
exception when no_data_found then
dummy_wrkarea := TRUE;
-- Create a dummy workarea to put the SYSTEM FOLDER in
wkarea_irid := jr_workarea.create_workarea( user,
'SYSTEM WORKAREA',
'Temporay WorkArea used to create the SYSTEM FOLDER');
end;
-- Set workarea context
jr_context.set_workarea(wkarea_irid);
-- Now create a FOLDER called SYSTEM FOLDER
dbms_output.put_line('* Creating SYSTEM FOLDER');
-- USBUG 1006132 CREATION OF SYSTEM FOLDER RESULTING IN DANGLINGS RM DATA CAUSING FP TO HANG
-- USBUG 989215 NEED TO IDENTIFY SYSTEM FOLDER AND ALL ITS CONTENTS BY GUID
folder_irid := 1773150433009805186156169550188005433;
folder_ivid := 1773150433009809908522652419833219129;
insert into SDD_FOLDERS ( IRID
, IVID
, DATE_CREATED
, CREATED_BY
, OWNING_USER
, ELEMENT_TYPE_NAME
, CONTAINER_SUBTYPE
, REMARK
, NAME
, OS_TIMESTAMP
, ROOT_FLAG
, SYSTEM_ELEMENT_FLAG )
values ( folder_irid
, folder_ivid
, SYSDATE
, USER
, USER
, 'CEL'
, 'FOL'
, 'SYSTEM FOLDER'
, 'SYSTEM FOLDER'
, SYSDATE
, 'Y'
, 'Y');
-- USBUG 1006123 NEED TO PREVENT USERS UPDATING CONTENTS OF THE SYSTEM FOLDER
-- USBUG 1103313 CHANGES TO ALLOW SYSTEM FOLDER TO BE VERSIONED
-- create the appropiate access rights
dbms_output.put_line('* Creating access rights for SYSTEM FOLDER');
insert into sdw_access_rights ( IRID
, IVID
, GRANTEE_REFERENCE
Cause
An error occurred while executing a SQL statement.
Action
Examine reported errors for specific details.
--------------------------------------------------------------------------------Check out Note 353815.1
Title: Package Body ''Scm_admin.Jr_reg_io'' Has Errors After
Database Server Upgrade
I have found that of the problems like this are due to the permissions not being granted by SYS to the repos owner.
As SYS
create user owner identified by owner default tablespace users
temporary tablespace temp;
Run this file as SYS
@ D:\Designer_Home\Des1012\repadm61\UTL\CKROROLE.SQL
GRANT EXECUTE ON DBMS_LOCK TO owner;
GRANT EXECUTE ON DBMS_PIPE TO owner;
GRANT CREATE TABLE TO owner;
GRANT CREATE VIEW TO owner;
GRANT CREATE PROCEDURE TO owner;
GRANT CREATE SYNONYM TO owner;
GRANT CREATE SEQUENCE TO owner;
GRANT SELECT ON sys.v_$nls_parameters TO owner WITH GRANT OPTION;
GRANT SELECT on sys.V_$PARAMETER TO owner;
GRANT SELECT ON dba_rollback_segs TO owner;
GRANT SELECT ON dba_segments TO owner;
GRANT CREATE ANY SYNONYM TO owner;
GRANT DROP ANY SYNONYM TO owner;
GRANT CREATE PUBLIC SYNONYM TO owner;
GRANT DROP PUBLIC SYNONYM TO owner;
GRANT ck_oracle_repos_owner to owner;
GRANT CONNECT, RESOURCE TO owner;
GRANT dba TO owner;
(If you want Row Level Security (RLS) on)
GRANT execute on dbms_rls to owner; -
Standalone Scenario - Error during Creation of Local Purchase Order
Hi All,
I am trying to setup Standalone Scenario, i have created all the master data locally, i am able to Order SC, but after workflow approval SC goes into error 'Error during creation of local purchase order from shopping cart XXXXXXXXX'
I have created following configuration setting for local PO number
1) In SPRO -> Cross-Application Basic Settings -> Number Ranges -> Define Number rang. for Schopping Carts and Follow-on Doc. --- i have number ranges for PO follow-on doc. i.e.
inrerval No = PO, from number = 0004000000, to number = 0004999999, ext. = unchecked
2) In SPRO -> Cross-Application Basic Settings -> Number Ranges -> Define Ranges per backend system for follow-on documents PO, PR etc
3) In sourcing (SPRO -> Cross-Application Basic Settings -> Sourcing -> Define Interactive Sourcing for product categories) --- sourcing is never carried out.
Can anybody help?
Regards,
SAP Guy.
Edited by: SAP Guy on Apr 23, 2008 2:32 AMHi SAP Guy,
Following steps are must for Local number range
1) Create number range for local PO
2) Maintain your logical system in 'Define number range per backend system for follow on document'
3) Define Transaction Type for BUS2201, define document type (e.g. EC1)
4) Assign Document type (EC1) in Org attribute BSA.
Hope this helps.
Regards,
Manish.
Maybe you are looking for
-
I have been using FF to acess the web for years but recently (within the last few days) I get the above message. I have deleted the ff I was using and downloaded the 3.6 again but continue to get the same message
-
I cannot say much. I've tested it with Mplayer and xine but both don't work. I want to use Mplayer so I'll speak only from mplayer. When I start Mplayer and go to DVD - Open Disc this error appears -> "Cannot open the IFO file for DVD title1" I don't
-
Everytime I try to open a premiere pro prpoject I get this message - "This project contained a sequence that could not be opened. No sequence preview preset file or codec could be associated with this sequence type." I have already opened and worked
-
Installed Windows 7 on bootcamp but now my wireless mouse won't work when in windows. What can I do?
Installed Windows 7 on bootcamp but now my wireless mouse won't work when in windows. What can I do?
-
Fail to install Intel ME driver by SCCM.
When running ME driver installation with Microsoft SCCM server, can not install ME driver. We run silent install command: setupme.exe -s -noimss. Failure in SCCM log file: How to check: 1. install the attached ConfigMgrTools.msi in Windows OS (I am