Problem with Access Manager intergration
Hi,
I'm integrating Identity Manager and Access Manager.
I've configured the End User interface to use Access Manager for authentication, and I have (as far as I can tell) everything else set up and working correctly. When I access the end user pages I get the following error:
Access Manager (Sun Access Manager Realm):Successfully authenticated '00000001' on resource 'Access Manager' and found a Lighthouse user with the same accountId, but no matching resource accountIdI've checked and confirmed that there is an attribute being passed in the header
'sois_user = 00000001'
And I have the following defined:
<Attribute name='common resources'>
<Object>
<Attribute name='AM Resources'>
<List>
<String>Enterprise Directory</String>
<String>Access Manager</String>
</List>
</Attribute>
</Object>
</Attribute>I suspect that it is the common resources that is failing, because its looking for an accountId that matches the DN of the account in LDAP rather than the LogonID. Can anyone provide pointers on how to resolve this?
All suggestions gladly received,
R
Michael,
Thanks for your help, I understand your answer. However, I am using the Access Manager realm adapter which the docs say can't manage users, so no account is being exposed there.
I have found the solution though and it involves a couple of steps:
Firstly, the sois_user value that is passed by the header has to be the DN of the LDAP account.
Secondly, I think the order of the accounts in the 'common resources' definition needs to have the LDAP resource defined first.
Finally, the Login group needs to have both the Access Manager and LDAP login modules.
With these 3 components in place, SSO to IdM works.
R
Similar Messages
-
Problem with Access Policies (create multiple resources)
I'm having a problem with Access Policies:
The first policy must create a resource.
And the following policies should create childs on the resource.
The problem here is that when policies will add the childs, the resource is not provisioned yet.
And then each one will create a resource but i just want one resource with the childs.
When the resource is already provisioned, the policies update this resource properly.
How can I fix this?
tksRicardo,
I had a similar problem. In a post-process handler I was managing the user membership in specific roles through the removeMemberUser and the addMemberUser of the tcGroupOperationsIntf class.
The last parameter of this method was a boolean which, when true, would automatically trigger the access policies programmatically in the post-process.
The problem is that there also is an OOTB event handler for triggering access policies, so I was basically triggering the access policies twice and duplicated resources were appearing.
Hope this helps.
Cheers -
I have problem with Access Connections on L412 after that utilyty upgrade
I have problem with Access Connections on L412 after that utilyty upgrade in early August. Windows 7 Ultimate/x64.
It stops connecting to WPA2 Enterprise (AES-CCMP), Microsoft PEAP, no server cert, with any credentials I try to use. The same account(s) works with native Intel manager on other notebooks and on mobile devices. I lost the wireless connectivity to enterprise WiFi network.
And, after deinstallation of Access Connections, the inability to connect keeped intact with native Win7 WiFi management.
I think, something was broken in Access Connections 5.83 Build 83C753WW and some registry settings/ dll modules were altered but not returned to normal after deinstall.Access Connections is definitely broken for WPA encryption. Both versions 5.02 and 5.84 fail for me. If I use the Windows XP wireless configuration instead of Access Connections, everything works.
Does anyone know how to report this to Lenovo? I chased links around the web site but couldn't find a place. -
Too Slow - Domino 6.5.4 with access manager agent 2.2 ?
I don't know how to tune Domino 6.5.4 with access manager agent 2.2?
I think AMAgent.properties is not good for SSO.
Please help me to tune it.
# $Id: AMAgent.properties,v 1.103 2005/09/19 22:08:34 madan Exp $
# Copyright ? 2002 Sun Microsystems, Inc. All rights reserved.
# U.S. Government Rights - Commercial software. Government users are
# subject to the Sun Microsystems, Inc. standard license agreement and
# applicable provisions of the FAR and its supplements. Use is subject to
# license terms. Sun, Sun Microsystems, the Sun logo and Sun ONE are
# trademarks or registered trademarks of Sun Microsystems, Inc. in the
# U.S. and other countries.
# Copyright ? 2002 Sun Microsystems, Inc. Tous droits r閟erv閟.
# Droits du gouvernement am閞icain, utlisateurs gouvernmentaux - logiciel
# commercial. Les utilisateurs gouvernmentaux sont soumis au contrat de
# licence standard de Sun Microsystems, Inc., ainsi qu aux dispositions en
# vigueur de la FAR [ (Federal Acquisition Regulations) et des suppl閙ents
# ? celles-ci.
# Distribu? par des licences qui en restreignent l'utilisation. Sun, Sun
# Microsystems, le logo Sun et Sun ONE sont des marques de fabrique ou des
# marques d閜os閑s de Sun Microsystems, Inc. aux Etats-Unis et dans
# d'autres pays.
# The syntax of this file is that of a standard Java properties file,
# see the documentation for the java.util.Properties.load method for a
# complete description. (CAVEAT: The SDK in the parser does not currently
# support any backslash escapes except for wrapping long lines.)
# All property names in this file are case-sensitive.
# NOTE: The value of a property that is specified multiple times is not
# defined.
# WARNING: The contents of this file are classified as an UNSTABLE
# interface by Sun Microsystems, Inc. As such, they are subject to
# significant, incompatible changes in any future release of the
# software.
# The name of the cookie passed between the Access Manager
# and the SDK.
# WARNING: Changing this property without making the corresponding change
# to the Access Manager will disable the SDK.
com.sun.am.cookie.name = iPlanetDirectoryPro
# The URL for the Access Manager Naming service.
com.sun.am.naming.url = http://sportal.yjy.dqyt.petrochina:80/amserver/namingservice
# The URL of the login page on the Access Manager.
com.sun.am.policy.am.login.url = http://sportal.yjy.dqyt.petrochina:80/amserver/UI/Login
# Name of the file to use for logging messages.
com.sun.am.policy.agents.config.local.log.file = c:/Sun/Access_Manager/Agents/2.2/debug/C__Lotus_Domino/amAgent
# This property is used for Log Rotation. The value of the property specifies
# whether the agent deployed on the server supports the feature of not. If set
# to false all log messages are written to the same file.
com.sun.am.policy.agents.config.local.log.rotate = true
# Name of the Access Manager log file to use for logging messages to
# Access Manager.
# Just the name of the file is needed. The directory of the file
# is determined by settings configured on the Access Manager.
com.sun.am.policy.agents.config.remote.log = amAuthLog.Dominoad.yjy.dqyt.petrochina.80
# Set the logging level for the specified logging categories.
# The format of the values is
# <ModuleName>[:<Level>][,<ModuleName>[:<Level>]]*
# The currently used module names are: AuthService, NamingService,
# PolicyService, SessionService, PolicyEngine, ServiceEngine,
# Notification, PolicyAgent, RemoteLog and all.
# The all module can be used to set the logging level for all currently
# none logging modules. This will also establish the default level for
# all subsequently created modules.
# The meaning of the 'Level' value is described below:
# 0 Disable logging from specified module*
# 1 Log error messages
# 2 Log warning and error messages
# 3 Log info, warning, and error messages
# 4 Log debug, info, warning, and error messages
# 5 Like level 4, but with even more debugging messages
# 128 log url access to log file on AM server.
# 256 log url access to log file on local machine.
# If level is omitted, then the logging module will be created with
# the default logging level, which is the logging level associated with
# the 'all' module.
# for level of 128 and 256, you must also specify a logAccessType.
# *Even if the level is set to zero, some messages may be produced for
# a module if they are logged with the special level value of 'always'.
com.sun.am.log.level =
# The org, username and password for Agent to login to AM.
com.sun.am.policy.am.username = UrlAccessAgent
com.sun.am.policy.am.password = LYnKyOIgdWt404ivWY6HPQ==
# Name of the directory containing the certificate databases for SSL.
com.sun.am.sslcert.dir = c:/Sun/Access_Manager/Agents/2.2/domino/cert
# Set this property if the certificate databases in the directory specified
# by the previous property have a prefix.
com.sun.am.certdb.prefix =
# Should agent trust all server certificates when Access Manager
# is running SSL?
# Possible values are true or false.
com.sun.am.trust_server_certs = true
# Should the policy SDK use the Access Manager notification
# mechanism to maintain the consistency of its internal cache? If the value
# is false, then a polling mechanism is used to maintain cache consistency.
# Possible values are true or false.
com.sun.am.notification.enable = true
# URL to which notification messages should be sent if notification is
# enabled, see previous property.
com.sun.am.notification.url = http://Dominoad.yjy.dqyt.petrochina:80/amagent/UpdateAgentCacheServlet?shortcircuit=false
# This property determines whether URL string case sensitivity is
# obeyed during policy evaluation
com.sun.am.policy.am.url_comparison.case_ignore = true
# This property determines the amount of time (in minutes) an entry
# remains valid after it has been added to the cache. The default
# value for this property is 3 minutes.
com.sun.am.policy.am.polling.interval=3
# This property allows the user to configure the User Id parameter passed
# by the session information from the access manager. The value of User
# Id will be used by the agent to set the value of REMOTE_USER server
# variable. By default this parameter is set to "UserToken"
com.sun.am.policy.am.userid.param=UserToken
# Profile attributes fetch mode
# String attribute mode to specify if additional user profile attributes should
# be introduced into the request. Possible values are:
# NONE - no additional user profile attributes will be introduced.
# HTTP_HEADER - additional user profile attributes will be introduced into
# HTTP header.
# HTTP_COOKIE - additional user profile attributes will be introduced through
# cookies.
# If not within these values, it will be considered as NONE.
com.sun.am.policy.agents.config.profile.attribute.fetch.mode=NONE
# The user profile attributes to be added to the HTTP header. The
# specification is of the format ldap_attribute_name|http_header_name[,...].
# ldap_attribute_name is the attribute in data store to be fetched and
# http_header_name is the name of the header to which the value needs
# to be assigned.
# NOTE: In most cases, in a destination application where a "http_header_name"
# shows up as a request header, it will be prefixed by HTTP_, and all
# lower case letters will become upper case, and any - will become _;
# For example, "common-name" would become "HTTP_COMMON_NAME"
com.sun.am.policy.agents.config.profile.attribute.map=cn|common-name,ou|organizational-unit,o|organization,mail|email,employeenumber|employee-
number,c|country
# Session attributes mode
# String attribute mode to specify if additional user session attributes should
# be introduced into the request. Possible values are:
# NONE - no additional user session attributes will be introduced.
# HTTP_HEADER - additional user session attributes will be introduced into HTTP header.
# HTTP_COOKIE - additional user session attributes will be introduced through cookies.
# If not within these values, it will be considered as NONE.
com.sun.am.policy.agents.config.session.attribute.fetch.mode=NONE
# The session attributes to be added to the HTTP header. The specification is
# of the format session_attribute_name|http_header_name[,...].
# session_attribute_name is the attribute in session to be fetched and
# http_header_name is the name of the header to which the value needs to be
# assigned.
# NOTE: In most cases, in a destination application where a "http_header_name"
# shows up as a request header, it will be prefixed by HTTP_, and all
# lower case letters will become upper case, and any - will become _;
# For example, "common-name" would become "HTTP_COMMON_NAME"
com.sun.am.policy.agents.config.session.attribute.map=
# Response Attribute Fetch Mode
# String attribute mode to specify if additional user response attributes should
# be introduced into the request. Possible values are:
# NONE - no additional user response attributes will be introduced.
# HTTP_HEADER - additional user response attributes will be introduced into
# HTTP header.
# HTTP_COOKIE - additional user response attributes will be introduced through
# cookies.
# If not within these values, it will be considered as NONE.
com.sun.am.policy.agents.config.response.attribute.fetch.mode=NONE
# The response attributes to be added to the HTTP header. The specification is
# of the format response_attribute_name|http_header_name[,...].
# response_attribute_name is the attribute in policy response to be fetched and
# http_header_name is the name of the header to which the value needs to be
# assigned.
# NOTE: In most cases, in a destination application where a "http_header_name"
# shows up as a request header, it will be prefixed by HTTP_, and all
# lower case letters will become upper case, and any - will become _;
# For example, "common-name" would become "HTTP_COMMON_NAME"
com.sun.am.policy.agents.config.response.attribute.map=
# The cookie name used in iAS for sticky load balancing
com.sun.am.policy.am.lb.cookie.name = GX_jst
# indicate where a load balancer is used for Access Manager
# services.
# true | false
com.sun.am.load_balancer.enable = false
####Agent Configuration####
# this is for product versioning, please do not modify it
com.sun.am.policy.agents.config.version=2.2
# Set the url access logging level. the choices are
# LOG_NONE - do not log user access to url
# LOG_DENY - log url access that was denied.
# LOG_ALLOW - log url access that was allowed.
# LOG_BOTH - log url access that was allowed or denied.
com.sun.am.policy.agents.config.audit.accesstype = LOG_DENY
# Agent prefix
com.sun.am.policy.agents.config.agenturi.prefix = http://Dominoad.yjy.dqyt.petrochina:80/amagent
# Locale setting.
com.sun.am.policy.agents.config.locale = en_US
# The unique identifier for this agent instance.
com.sun.am.policy.agents.config.instance.name = unused
# Do SSO only
# Boolean attribute to indicate whether the agent will just enforce user
# authentication (SSO) without enforcing policies (authorization)
com.sun.am.policy.agents.config.do_sso_only = true
# The URL of the access denied page. If no value is specified, then
# the agent will return an HTTP status of 403 (Forbidden).
com.sun.am.policy.agents.config.accessdenied.url =
# This property indicates if FQDN checking is enabled or not.
com.sun.am.policy.agents.config.fqdn.check.enable = true
# Default FQDN is the fully qualified hostname that the users should use
# in order to access resources on this web server instance. This is a
# required configuration value without which the Web server may not
# startup correctly.
# The primary purpose of specifying this property is to ensure that if
# the users try to access protected resources on this web server
# instance without specifying the FQDN in the browser URL, the Agent
# can take corrective action and redirect the user to the URL that
# contains the correct FQDN.
# This property is set during the agent installation and need not be
# modified unless absolutely necessary to accommodate deployment
# requirements.
# WARNING: Invalid value for this property can result in the Web Server
# becoming unusable or the resources becoming inaccessible.
# See also: com.sun.am.policy.agents.config.fqdn.check.enable,
# com.sun.am.policy.agents.config.fqdn.map
com.sun.am.policy.agents.config.fqdn.default = Dominoad.yjy.dqyt.petrochina
# The FQDN Map is a simple map that enables the Agent to take corrective
# action in the case where the users may have typed in an incorrect URL
# such as by specifying partial hostname or using an IP address to
# access protected resources. It redirects the browser to the URL
# with fully qualified domain name so that cookies related to the domain
# are received by the agents.
# The format for this property is:
# com.sun.am.policy.agents.config.fqdn.map = [invalid_hostname|valid_hostname][,...]
# This property can also be used so that the agents use the name specified
# in this map instead of the web server's actual name. This can be
# accomplished by doing the following.
# Say you want your server to be addressed as xyz.hostname.com whereas the
# actual name of the server is abc.hostname.com. The browsers only knows
# xyz.hostname.com and you have specified polices using xyz.hostname.com at
# the Access Manager policy console, in this file set the mapping as
# com.sun.am.policy.agents.fqdn.map = valid|xyz.hostname.com
# Another example is if you have multiple virtual servers say rst.hostname.com,
# uvw.hostname.com and xyz.hostname.com pointing to the same actual server
# abc.hostname.com and each of the virtual servers have their own policies
# defined, then the fqdnMap should be defined as follows:
# com.sun.am.policy.agents.fqdn.map = valid1|rst.hostname.com,valid2|uvw.hostname.com,valid3|xyz.hostname.com
# WARNING: Invalid value for this property can result in the Web Server
# becoming unusable or the resources becoming inaccessible.
com.sun.am.policy.agents.config.fqdn.map =
# Cookie Reset
# This property must be set to true, if this agent needs to
# reset cookies in the response before redirecting to
# Access Manager for Authentication.
# By default this is set to false.
# Example : com.sun.am.policy.agents.config.cookie.reset.enable=true
com.sun.am.policy.agents.config.cookie.reset.enable=false
# This property gives the comma separated list of Cookies, that
# need to be included in the Redirect Response to Access Manager.
# This property is used only if the Cookie Reset feature is enabled.
# The Cookie details need to be specified in the following Format
# name[=value][;Domain=value]
# If "Domain" is not specified, then the default agent domain is
# used to set the Cookie.
# Example : com.sun.am.policy.agents.config.cookie.reset.list=LtpaToken,
# token=value;Domain=subdomain.domain.com
com.sun.am.policy.agents.config.cookie.reset.list=
# This property gives the space separated list of domains in
# which cookies have to be set in a CDSSO scenario. This property
# is used only if CDSSO is enabled.
# If this property is left blank then the fully qualified cookie
# domain for the agent server will be used for setting the cookie
# domain. In such case it is a host cookie instead of a domain cookie.
# Example : com.sun.am.policy.agents.config.cookie.domain.list=.sun.com .iplanet.com
com.sun.am.policy.agents.config.cookie.domain.list=
# user id returned if accessing global allow page and not authenticated
com.sun.am.policy.agents.config.anonymous_user=anonymous
# Enable/Disable REMOTE_USER processing for anonymous users
# true | false
com.sun.am.policy.agents.config.anonymous_user.enable=false
# Not enforced list is the list of URLs for which no authentication is
# required. Wildcards can be used to define a pattern of URLs.
# The URLs specified may not contain any query parameters.
# Each service have their own not enforced list. The service name is suffixed
# after "# com.sun.am.policy.agents.notenforcedList." to specify a list
# for a particular service. SPACE is the separator between the URL.
com.sun.am.policy.agents.config.notenforced_list = http://dominoad.yjy.dqyt.petrochina/*.nsf http://dominoad.yjy.dqyt.petrochina/teamroom.nsf/TROutline.gif?
OpenImageResource http://dominoad.yjy.dqyt.petrochina/icons/*.gif
# Boolean attribute to indicate whether the above list is a not enforced list
# or an enforced list; When the value is true, the list means enforced list,
# or in other words, the whole web site is open/accessible without
# authentication except for those URLs in the list.
com.sun.am.policy.agents.config.notenforced_list.invert = false
# Not enforced client IP address list is a list of client IP addresses.
# No authentication and authorization are required for the requests coming
# from these client IP addresses. The IP address must be in the form of
# eg: 192.168.12.2 1.1.1.1
com.sun.am.policy.agents.config.notenforced_client_ip_list =
# Enable POST data preservation; By default it is set to false
com.sun.am.policy.agents.config.postdata.preserve.enable = false
# POST data preservation : POST cache entry lifetime in minutes,
# After the specified interval, the entry will be dropped
com.sun.am.policy.agents.config.postcache.entry.lifetime = 10
# Cross-Domain Single Sign On URL
# Is CDSSO enabled.
com.sun.am.policy.agents.config.cdsso.enable=false
# This is the URL the user will be redirected to for authentication
# in a CDSSO Scenario.
com.sun.am.policy.agents.config.cdcservlet.url =
# Enable/Disable client IP address validation. This validate
# will check if the subsequent browser requests come from the
# same ip address that the SSO token is initially issued against
com.sun.am.policy.agents.config.client_ip_validation.enable = false
# Below properties are used to define cookie prefix and cookie max age
com.sun.am.policy.agents.config.profile.attribute.cookie.prefix = HTTP_
com.sun.am.policy.agents.config.profile.attribute.cookie.maxage = 300
# Logout URL - application's Logout URL.
# This URL is not enforced by policy.
# if set, agent will intercept this URL and destroy the user's session,
# if any. The application's logout URL will be allowed whether or not
# the session destroy is successful.
com.sun.am.policy.agents.config.logout.url=
#http://sportal.yjy.dqyt.petrochina/amserver/UI/Logout
# Any cookies to be reset upon logout in the same format as cookie_reset_list
com.sun.am.policy.agents.config.logout.cookie.reset.list =
# By default, when a policy decision for a resource is needed,
# agent gets and caches the policy decision of the resource and
# all resource from the root of the resource down, from the Access Manager.
# For example, if the resource is http://host/a/b/c, the the root of the
# resource is http://host/. This is because more resources from the
# same path are likely to be accessed subsequently.
# However this may take a long time the first time if there
# are many many policies defined under the root resource.
# To have agent get and cache the policy decision for the resource only,
# set the following property to false.
com.sun.am.policy.am.fetch_from_root_resource = true
# Whether to get the client's hostname through DNS reverse lookup for use
# in policy evaluation.
# It is true by default, if the property does not exist or if it is
# any value other than false.
com.sun.am.policy.agents.config.get_client_host_name = false
# The following property is to enable native encoding of
# ldap header attributes forwarded by agents. If set to true
# agent will encode the ldap header value in the default
# encoding of OS locale. If set to false ldap header values
# will be encoded in UTF-8
com.sun.am.policy.agents.config.convert_mbyte.enable = false
#When the not enforced list or policy has a wildcard '*' character, agent
#strips the path info from the request URI and uses the resulting request
#URI to check against the not enforced list or policy instead of the entire
#request URI, in order to prevent someone from getting access to any URI by
#simply appending the matching pattern in the policy or not enforced list.
#For example, if the not enforced list has the value http://host/*.gif,
#stripping the path info from the request URI will prevent someone from
#getting access to http://host/index.html by using the URL http://host/index.html?hack.gif.
#However when a web server (for exmample apache) is configured to be a reverse
#proxy server for a J2EE application server, path info is interpreted in a different
#manner since it maps to a resource on the proxy instead of the app server.
#This prevents the not enforced list or policy from being applied to part of
#the URI below the app serverpath if there is a wildcard character. For example,
#if the not enforced list has value http://host/webapp/servcontext/* and the
#request URL is http://host/webapp/servcontext/example.jsp the path info
#is /servcontext/example.jsp and the resulting request URL with path info stripped
#is http://host/webapp, which will not match the not enforced list. By setting the
#following property to true, the path info will not be stripped from the request URL
#even if there is a wild character in the not enforced list or policy.
#Be aware though that if this is set to true there should be nothing following the
#wildcard character '*' in the not enforced list or policy, or the
#security loophole described above may occur.
com.sun.am.policy.agents.config.ignore_path_info = false
# Override the request url given by the web server with
# the protocol, host or port of the agent's uri specified in
# the com.sun.am.policy.agents.agenturiprefix property.
# These may be needed if the agent is sitting behind a ssl off-loader,
# load balancer, or proxy, and either the protocol (HTTP scheme),
# hostname, or port of the machine in front of agent which users go through
# is different from the agent's protocol, host or port.
com.sun.am.policy.agents.config.override_protocol =
com.sun.am.policy.agents.config.override_host =
com.sun.am.policy.agents.config.override_port =
# Override the notification url in the same way as other request urls.
# Set this to true if any one of the override properties above is true,
# and if the notification url is coming through the proxy or load balancer
# in the same way as other request url's.
com.sun.am.policy.agents.config.override_notification.url =
# The following property defines how long to wait in attempting
# to connect to an Access Manager AUTH server.
# The default value is 2 seconds. This value needs to be increased
# when receiving the error "unable to find active Access Manager Auth server"
com.sun.am.policy.agents.config.connection_timeout =
# Time in milliseconds the agent will wait to receive the
# response from Access Manager. After the timeout, the connection
# will be drop.
# A value of 0 means that the agent will wait until receiving the response.
# WARNING: Invalid value for this property can result in
# the resources becoming inaccessible.
com.sun.am.receive_timeout = 0
# The three following properties are for IIS6 agent only.
# The two first properties allow to set a username and password that will be
# used by the authentication filter to pass the Windows challenge when the Basic
# Authentication option is selected in Microsoft IIS 6.0. The authentication
# filter is named amiis6auth.dll and is located in
# Agent_installation_directory/iis6/bin. It must be installed manually on
# the web site ("ISAPI Filters" tab in the properties of the web site).
# It must also be uninstalled manually when unintalling the agent.
# The last property defines the full path for the authentication filter log file.
com.sun.am.policy.agents.config.iis6.basicAuthentication.username =
com.sun.am.policy.agents.config.iis6.basicAuthentication.password =
com.sun.am.policy.agents.config.iis6.basicAuthentication.logFile = c:/Sun/Access_Manager/Agents/2.2/debug/C__Lotus_Domino/amAuthFilterHi,
I installed opensso (so Sun Java(TM) System Access Manager 7.5) and the agent for Domino 6.5.4 and I have the message in logs "amAgent"
2007-07-11 18:40:16.119 Error 1708:3dbcf768 PolicyAgent: render_response(): Entered.
I have the box to identify but it doesnot connect me on my opensso server.
It still identify with Domino's server
Thanks for your response
Thomas -
Problem with access to SMTP, IMAP, POP3 protocols in CAS 2013.
Hi,
we have problem with access thgrough SMTP, IMAP, POP3 protocols in CAS 2013.
If I test connection to SMTP 25 port from other computer, session end quickly.
Test from CAS2013 to localhost or public IP is OK (similar also for IMAP and POP3).
Receive connectors are with defaults settings, firewall is disabled.
Service Microsoft Frontend Transport Services restarted, but no success.
Certificate is assigned to IMAP, POP3, SMTP, IIS.
IIS and HTTP(s), protocols are OK. Clients can connects only thgrough web, mobile (ActiveSync), or with Outlook with proxy.
Do you have some tip, what to test?
If I create new testing receive connector on port 26 for anonymous, behaviour is same, quick disconnecting.
Thank's MirekHi,
Pleaser try to use the following link to test your STMP/POP/IMAP e-mail, and check the test if successful:
https://testconnectivity.microsoft.com/
If unsuccessful, please check the test result, it will tell us what caused the problem.
Thanks.
Niko Cheng
TechNet Community Support -
Logon problem with oracle management server
I have problem with Oracle Management Server when I connect to the OMS message comes
The exception (java.lang.NullPointerException) occurred.
if any body have any idea pls tell usHi,
Oracle has changed the Enterprise Manager from version 1.5 to 2.0 .
With the new Oracle8i dataase server another service has been added.
If you want to user the OEM you have to install The Managment Server.
The Managment server has its own user and privileges and is recommended when using OEM. -
Problem with access to SipFactory from jsp-pages in JBoss environment
Hello!
I have an installation of the OCMS 10.1.3.3. deployed into a JBoss (jboss-4.0.5.GA) environment. Unfortunately I have a problem with accessing the SipFactory from a jps-page. Encouraged by the "messagesender" example I tried to get an instance of SipFactory from my jsp-page simply by calling:
SipFactory sipFactory = (SipFactory) application.getAttribute(SipServlet.SIP_FACTORY);
But unfortunately there seems to be no attribute "SipServlet.SIP_FACTORY" and I only get a null pointer. I have also tried running that code in the orignal messagesender example but it didn't work either. So I wonder if this should definetely work in a JBoss environment or if this might be a known problem. Is there anything that I could check/do regarding this problem? I suppose there must be an oracle module which should take care of making the SipFactory availabe after it is deployed. Perhaps something went wrong during the deployment?!
Best regards,
TimHi
On JBoss, OCMS does not support converge applications.
I.e the SipFactory can be retrieved from the servlet context when running on OC4J.
Instead the SipFactory can be found in JNDI as described in the Developer's Guide:
"External Access to SIP Servlets
To enable convergent applications between SIP and HTTP, the OCMS Container allows you to get access to the javax.servlet.sip.SipFactory by looking it up through JNDI. The SIP Factory will be registered under the same name as the display name of your SIP servlet as illustrated in Example 2–12. The <display-name> in the sip.xml in this case must be "My sip app".
Example 2–12 Accessing the Data for a SIP Session through JNDI
InitialContext ic = new InitialContext();
SipFactory sipFactory = (SipFactory)ic.lookup("sip/My sip app");"
Cheers
Lucas Persson -
Integrate other directory servers with access manager
How to integrate other directory servers with access manager ?
Please read the Access Manager admin guide at http://docs.sun.com/app/docs/doc/819-4670/6n6qardvq
Any further questions regarding this integration, post them to the AM forum at http://forums.sun.com/forum.jspa?forumID=770 -
Problem with discovering Managed Servers
Hi,
I got problem with discovering managed servers, when I restart only administration
server while managed servers are running. During restart of admin server everything
seems to be ok (the directive: Starting discovery of managed server... appears
on the screen).
However when I start admin console through http, I cannot monitor performance,
browse logs etc. I can only shutdown managed server and I can see in a server
tag that particular managed servers are running.
I'm looking forward for any clues
MichalSorry,
i cannot stop those managed server - in Control tab I have active only option
to start those server but they are running. In logging tab when I want to browse
the log the message that probably this server is not running appear. However in
the tab when all servers are listened there is a message that they are running
"Michal" <[email protected]> wrote:
>
Hi,
I got problem with discovering managed servers, when I restart only administration
server while managed servers are running. During restart of admin server
everything
seems to be ok (the directive: Starting discovery of managed server...
appears
on the screen).
However when I start admin console through http, I cannot monitor performance,
browse logs etc. I can only shutdown managed server and I can see in
a server
tag that particular managed servers are running.
I'm looking forward for any clues
Michal -
Hi, i have problem with session manager's session files. The problem is: the submitted storage data from firefox which is put between "storage":{ and its matching closing brace } But in some of my session files there is non equal { and } under storage's braces. I need to get storage data but in my case it is very hard to do. My question is there any char put before or after { and } like /{ or \{ to avoid confusion? If there is not such thing, i think there could be different solution but i am not sure: i look couple of my session files; after "storage":{...} there is ,_"formDataSaved" so i can get storage data in this example ... by looking between "storage":{ and ,"_formDataSaved" easily. Is there every time ,"_formDataSaved" after "storage":{ ? Thank you.
Well, it seems waiting is not my strong suit..! I renamed a javascript file called recovery to sessionstore. This file was in the folder sessionstore-backups I had copied from mozilla 3 days ago, when my tabs were still in place. I replaced the sessionstore in mozilla's default folder with the renamed file and then started mozilla. And the tabs reappeared as they were 3 days ago!
So there goes the tab problem. But again when I started mozilla the window saying "a script has stopped responding" appeared, this time the script being: chrome//browser/contenttabbrowser.xml2542
If someone knows how to fix this and make firefox launch normally, please reply! Thank you -
Why do i have a problem with accessing images in adobe muse
why do i have a problem with accessing images in adobe muse ??????!!!!!
i need heeeeeelp ASAP
pleeeeeaseI am on the begining stages with constructing the web so i do not have yet URL. The problem is i can not insert any image any way. Whether by fill a browser or by place image, i have the same issue. All the images with all image's format unable to be selected and it is turned off
I really need help plz
Is there any info i can supply that would help you figiring out the problem ?? -
Can Play iTunes Library from PC on MacBook Air but cannot import, problem with access rights?
I can play Itunes library from Windows Vista PC on my MacBook Air using homeshare but cannot import the library . Error message is problem with access rights. Latest OS and Itunes installed. Both computers registered with Apple on same Apple ID. Wifi Router turned on and off. Still does not allow importing. Any suggestions please?
Might be an alternative for you here > iTunes: How to move your music to a new computer
-
Just wondering if anyone has a problem with accessing iTunes store. have iTunes installed but can't bring up the store home page?
i have the same problem! Safari won't work either. Can anyone help please? I have completely restored my computer trying to fix this and it still won't work! I have a 2 month old alienware laptop running windows 7
-
Big Problem With Solution Manager EHP1 ?
Dear all,
I have already installed SAP Solution Manager EHP1, after the installation sucessfuly. I check the function: Project Administration ( T code : Solar_Project_Admin), then select New project button.
The program inform that:
"Runtime Errors: Message Type Unknow
What happened:
Error in ABAP Application program
The current ABAP program "SAPLSPROJECT_SYSTEM_LANDSCAPE" had to be terminated because
it has come across a statement that unfortunately cannot be excuted.
etc
Do you know about this problem, what is the errors ?
Thanks all.Dear all.
With Solution Manager EHP1
SAP Basis: SAPKB7001-SAPKB70016, SAPKB70101-SAPKB70102
SAP ABA: SAPKA7001-SAPK70016, SAPKA70101-SAPKA70102
Detail log as below:
Runtime Errors MESSAGE_TYPE_UNKNOWN
Date and Time 28.04.2009 16:47:15
Short text
Message type " " is unknown.
What happened?
Error in the ABAP Application Program
The current ABAP program "SAPLSPROJECT_SYSTEM_LANDSCAPE" had to be terminated
because it has
come across a statement that unfortunately cannot be executed.
What can you do?
Note down which actions and inputs caused the error.
To process the problem further, contact you SAP system
administrator.
Using Transaction ST22 for ABAP Dump Analysis, you can look
at and manage termination messages, and you can also
keep them for a long time.
Error analysis
Only message types A, E, I, W, S, and X are allowed.
How to correct the error
Probably the only way to eliminate the error is to correct the program.
If the error occures in a non-modified SAP program, you may be able to
find an interim solution in an SAP Note.
If you have access to SAP Notes, carry out a search with the following
keywords:
"MESSAGE_TYPE_UNKNOWN" " "
"SAPLSPROJECT_SYSTEM_LANDSCAPE" or "LSPROJECT_SYSTEM_LANDSCAPEU28"
"SPROJECT_SYSL_CHECK_CENTRAL_SY"
If you cannot solve the problem yourself and want to send an error
notification to SAP, include the following information:
1. The description of the current problem (short dump)
To save the description, choose "System->List->Save->Local File
(Unconverted)".
2. Corresponding system log
Display the system log by calling transaction SM21.
Restrict the time interval to 10 minutes before and five minutes
after the short dump. Then choose "System->List->Save->Local File
(Unconverted)".
3. If the problem occurs in a problem of your own or a modified SAP
program: The source code of the program
In the editor, choose "Utilities->More
Utilities->Upload/Download->Download".
4. Details about the conditions under which the error occurred or which
actions and input led to the error.
Information on where terminated
Termination occurred in the ABAP program "SAPLSPROJECT_SYSTEM_LANDSCAPE" - in
"SPROJECT_SYSL_CHECK_CENTRAL_SY".
The main program was "SAPLS_IMG_TOOL_5 ".
In the source code you have the termination point in line 29
of the (Include) program "LSPROJECT_SYSTEM_LANDSCAPEU28". -
Problem with access to Ironport C370
Hi,
We have C370 (upgraded to last version) configured and everythings work fine! But one day, from some reason, we cant access Ironport via HTTPS, HTTP and SSH, only works ping. Problem with network is not because we try access Ironport direct from Managment port. After reboot, then access is fine. Please can you tell me how I can figure out what was a problem, which logs I need to analyze.... Why I could not access to ironport via HTTP/S, SSH?I dont think that problem is exchange because problem also was about accessing to ironport, I think that some problem is on ironport:
Tue Apr 16 16:08:52 2013 Info: New SMTP DCID 15929874 interface 172.30.20.4 address 65.55.37.88 port 25
Tue Apr 16 16:08:52 2013 Info: ICID 5276886 Receiving Failed: Out of Memory
Tue Apr 16 16:08:52 2013 Info: ICID 5276886 close
Tue Apr 16 16:08:53 2013 Info: Delayed: DCID 15929873 MID 11206813 to RID 0 - 4.1.0 - Unknown address error ('450', ['too many connections from your IP (rate controlled)']) []
Tue Apr 16 16:08:53 2013 Info: MID 11206813 to RID [0] pending till Tue Apr 16 17:08:53 2013 [Default]
Tue Apr 16 16:08:53 2013 Info: Connection Error: DCID 15929873 domain: shop.com IP: 216.136.0.12 port: 25 details: EOF interface: 172.30.20.4 reason: network error
Tue Apr 16 16:08:53 2013 Info: ICID 5276890 Receiving Failed: Out of Memory
Tue Apr 16 16:08:53 2013 Info: ICID 5276890 close
Tue Apr 16 16:08:53 2013 Info: New SMTP DCID 15929875 interface 172.30.20.4 address 216.136.0.12 port 25
Tue Apr 16 16:08:53 2013 Info: Delivery start DCID 15929874 MID 11744351 to RID [0]
Tue Apr 16 16:08:53 2013 Info: New SMTP ICID 5276899 interface data (172.30.20.4) address 172.29.18.137 reverse dns host unknown verified no
Tue Apr 16 16:08:53 2013 Info: ICID 5276899 RELAY SG RELAY match 172.0.0.0/8 SBRS rfc1918
Tue Apr 16 16:08:53 2013 Info: Connection Error: DCID 15929874 domain: hotmail.com IP: 65.55.37.88 port: 25 details: 421-"RP-001 (COL0-MC2-F35) Unfortunately, some messages from 195.222.56.65 weren't sent. Please try again. We have limits for how many messages can be sent per hour and per day. You can also refer to http://mail.live.com/mail/troubleshooting.aspx#errors." interface: 172.30.20.4 reason: unexpected SMTP response
Tue Apr 16 16:08:53 2013 Info: Delayed: DCID 15929874 MID 11744351 to RID 0 - 4.3.2 - Not accepting messages at this time ('421', ["RP-001 (COL0-MC2-F35) Unfortunately, some messages from 195.222.56.65 weren't sent. Please try again. We have limits for how many messages can be sent per hour and per day. You can also refer to http://mail.live.com/mail/troubleshooting.aspx#errors."]) []
Maybe you are looking for
-
I had to buy a new laptop after my old one died, after authorizing my new one nearly my whole library has disappeared. How do I get all my songs back?
-
Hi Guru's In CRM 7.0 WEb UI I want to restrict users access to a Maintain or Display BP's I want to be able to restrict based on: BP Type (Person, Org, Group) BP Partner Type Is there standard authority objects I can use fo
-
Use of Fiber Channel in Boot Camp with Windows XP
Hi All, I am looking at getting a Mac Pro for a project that requires I use Windows XP under boot camp and wanted to know if there were any problems accessing a RAID array via the standard 4GB Fiber Channel adapter available through apple. I don't ne
-
Apple product registration/ apple iPad 2 accessories
How to register Apple accessories like IPad dock, iPad camera connection kit? As u know, the product inside comes with a paper tht states 1 year warranty! But when I go to apple product registration page to register my products, I couldn find the na
-
Got a 2006 mac pro desktop, dual 3.0 Xeon, running OSX 10.7.5, and sometimes, the fans will speed up, and run at max, even though the CPU is running cool... sleeping the computer for a minute, and then turn it back on seems to stop it for a while. An