Project Server 2010 Web services access with Client Certificate Authentication

We switched our SharePoint/Project Server 2010 farm to use client certificate authentication with Active Directory Federation Services (AD FS) 2.0, which is working without issue. We have some administrative Project Server Interface (PSI)
web service applications that no longer connect to server with the new authentication configuration.  Our custom applications are using the WCF interface to access the public web services.
Please let us know if it is possible to authenticate with AD FS 2.0 and then call
Project Server web services. Any help or coding examples would be greatly appreciated.

what is the error occurred when the custom PSI app connects?
can you upload the ULS logs here for research?
What is the user account format you specified in the code for authentication?
For proper authorization, the “user logon account” in PWA for the user needs to be changed from domain\username to the claims token (e.g.
'I:0#.w|mybusinessdomain\ewmccarty').
It requires you to manually call the UpnLogon method of
“Claims to Windows Token Service”. if (Thread.CurrentPrincipal.Identity is ClaimsIdentity)  
{  var identity = (ClaimsIdentity)Thread.CurrentPrincipal.Identity;  }  
if (Thread.CurrentPrincipal.Identity is ClaimsIdentity)
var identity = (ClaimsIdentity)Thread.CurrentPrincipal.Identity;
Than you need to extract UPN-Claim from the identity.
Upload the verbose log if possible.
Did you see this?
http://msdn.microsoft.com/en-us/library/ff181538(v=office.14).aspx
Cheers. Happy troubleshooting !!! Sriram E - MSFT Enterprise Project Management

Similar Messages

  • Weblogic app server wsdl web service call with SSL Validation error = 16

    Weblogic app server wsdl web service call with SSL Validation error = 16
    I need to make wsdl web service call in my weblogic app server. The web service is provided by a 3rd party vendor. I keep getting error
    Cannot complete the certificate chain: No trusted cert found
    Certificate chain received from ws-eq.demo.xxx.com - xx.xxx.xxx.156 was not trusted causing SSL handshake failure
    Validation error = 16
    From the SSL debug log, I can see 3 verisign hierarchy certs are correctly loaded (see 3 lines in the log message starting with “adding as trusted cert”). But somehow after first handshake, I got error “Cannot complete the certificate chain: No trusted cert found”.
    Here is how I load trustStore and keyStore in my java program:
         System.setProperty("javax.net.ssl.trustStore",”cacerts”);
         System.setProperty("javax.net.ssl.trustStorePassword", trustKeyPasswd);
         System.setProperty("javax.net.ssl.trustStoreType","JKS");
    System.setProperty("javax.net.ssl.keyStoreType","JKS");
    System.setProperty("javax.net.ssl.keyStore", keyStoreName);
         System.setProperty("javax.net.ssl.keyStorePassword",clientCertPwd);      System.setProperty("com.sun.xml.ws.transport.http.client.HttpTransportPipe.dump","true");
    Here is how I create cacerts using verisign hierarchy certs (in this order)
    1.6.0_29/jre/bin/keytool -import -trustcacerts -keystore cacerts -storepass changeit -file VerisignClass3G5PCA3Root.txt -alias "Verisign Class3 G5P CA3 Root"
    1.6.0_29/jre/bin/keytool -import -trustcacerts -keystore cacerts -storepass changeit -file VerisignC3G5IntermediatePrimary.txt -alias "Verisign C3 G5 Intermediate Primary"
    1.6.0_29/jre/bin/keytool -import -trustcacerts -keystore cacerts -storepass changeit -file VerisignC3G5IntermediateSecondary.txt -alias "Verisign C3 G5 Intermediate Secondary"
    Because my program is a weblogic app server, when I start the program, I have java command line options set as:
    -Dweblogic.security.SSL.trustedCAKeyStore=SSLTrust.jks
    -Dweblogic.security.SSL.ignoreHostnameVerification=true
    -Dweblogic.security.SSL.enforceConstraints=strong
    That SSLTrust.jks is the trust certificate from our web server which sits on a different box. In our config.xml file, we also refer to the SSLTrust.jks file when we bring up the weblogic app server.
    In addition, we have working logic to use some other wsdl web services from the same vendor on the same SOAP server. In the working web service call flows, we use clientgen to create client stub, and use SSLContext and WLSSLAdapter to load trustStore and keyStore, and then bind the SSLContext and WLSSLAdapter objects to the webSerive client object and make the webservie call. For the new wsdl file, I am told to use wsimport to create client stub. In the client code created, I don’t see any way that I can bind SSLContext and WLSSLAdapter objects to the client object, so I have to load certs by settting system pramaters. Here I attached the the wsdl file.
    I have read many articles. It seems as long as I can install the verisign certs correctly to web logic server, I should have fixed the problem. Now the questions are:
    1.     Do I create “cacerts” the correct order with right keeltool options?
    2.     Since command line option “-Dweblogic.security.SSL.trustedCAKeyStore” is used for web server jks certificate, will that cause any problem for me?
    3.     Is it possible to use wsimport to generate client stub that I can bind SSLContext and WLSSLAdapter objects to it?
    4.     Do I need to put the “cacerts” to some specific weblogic directory?
    ---------------------------------wsdl file
    <wsdl:definitions name="TokenServices" targetNamespace="http://tempuri.org/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:tns="http://tempuri.org/" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract" xmlns:wsa10="http://www.w3.org/2005/08/addressing" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata">
         <wsp:Policy wsu:Id="TokenServices_policy">
              <wsp:ExactlyOne>
                   <wsp:All>
                        <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                             <wsp:Policy>
                                  <sp:TransportToken>
                                       <wsp:Policy>
                                            <sp:HttpsToken RequireClientCertificate="true"/>
                                       </wsp:Policy>
                                  </sp:TransportToken>
                                  <sp:AlgorithmSuite>
                                       <wsp:Policy>
                                            <sp:Basic256/>
                                       </wsp:Policy>
                                  </sp:AlgorithmSuite>
                                  <sp:Layout>
                                       <wsp:Policy>
                                            <sp:Strict/>
                                       </wsp:Policy>
                                  </sp:Layout>
                             </wsp:Policy>
                        </sp:TransportBinding>
                        <wsaw:UsingAddressing/>
                   </wsp:All>
              </wsp:ExactlyOne>
         </wsp:Policy>
         <wsdl:types>
              <xsd:schema targetNamespace="http://tempuri.org/Imports">
                   <xsd:import schemaLocation="xsd0.xsd" namespace="http://tempuri.org/"/>
                   <xsd:import schemaLocation="xsd1.xsd" namespace="http://schemas.microsoft.com/2003/10/Serialization/"/>
              </xsd:schema>
         </wsdl:types>
         <wsdl:message name="ITokenServices_GetUserToken_InputMessage">
              <wsdl:part name="parameters" element="tns:GetUserToken"/>
         </wsdl:message>
         <wsdl:message name="ITokenServices_GetUserToken_OutputMessage">
              <wsdl:part name="parameters" element="tns:GetUserTokenResponse"/>
         </wsdl:message>
         <wsdl:message name="ITokenServices_GetSSOUserToken_InputMessage">
              <wsdl:part name="parameters" element="tns:GetSSOUserToken"/>
         </wsdl:message>
         <wsdl:message name="ITokenServices_GetSSOUserToken_OutputMessage">
              <wsdl:part name="parameters" element="tns:GetSSOUserTokenResponse"/>
         </wsdl:message>
         <wsdl:portType name="ITokenServices">
              <wsdl:operation name="GetUserToken">
                   <wsdl:input wsaw:Action="http://tempuri.org/ITokenServices/GetUserToken" message="tns:ITokenServices_GetUserToken_InputMessage"/>
                   <wsdl:output wsaw:Action="http://tempuri.org/ITokenServices/GetUserTokenResponse" message="tns:ITokenServices_GetUserToken_OutputMessage"/>
              </wsdl:operation>
              <wsdl:operation name="GetSSOUserToken">
                   <wsdl:input wsaw:Action="http://tempuri.org/ITokenServices/GetSSOUserToken" message="tns:ITokenServices_GetSSOUserToken_InputMessage"/>
                   <wsdl:output wsaw:Action="http://tempuri.org/ITokenServices/GetSSOUserTokenResponse" message="tns:ITokenServices_GetSSOUserToken_OutputMessage"/>
              </wsdl:operation>
         </wsdl:portType>
         <wsdl:binding name="TokenServices" type="tns:ITokenServices">
              <wsp:PolicyReference URI="#TokenServices_policy"/>
              <soap12:binding transport="http://schemas.xmlsoap.org/soap/http"/>
              <wsdl:operation name="GetUserToken">
                   <soap12:operation soapAction="http://tempuri.org/ITokenServices/GetUserToken" style="document"/>
                   <wsdl:input>
                        <soap12:body use="literal"/>
                   </wsdl:input>
                   <wsdl:output>
                        <soap12:body use="literal"/>
                   </wsdl:output>
              </wsdl:operation>
              <wsdl:operation name="GetSSOUserToken">
                   <soap12:operation soapAction="http://tempuri.org/ITokenServices/GetSSOUserToken" style="document"/>
                   <wsdl:input>
                        <soap12:body use="literal"/>
                   </wsdl:input>
                   <wsdl:output>
                        <soap12:body use="literal"/>
                   </wsdl:output>
              </wsdl:operation>
         </wsdl:binding>
         <wsdl:service name="TokenServices">
              <wsdl:port name="TokenServices" binding="tns:TokenServices">
                   <soap12:address location="https://ws-eq.demo.i-deal.com/PhxEquity/TokenServices.svc"/>
                   <wsa10:EndpointReference>
                        <wsa10:Address>https://ws-eq.demo.xxx.com/PhxEquity/TokenServices.svc</wsa10:Address>
                   </wsa10:EndpointReference>
              </wsdl:port>
         </wsdl:service>
    </wsdl:definitions>
    ----------------------------------application log
    adding as trusted cert:
    Subject: CN=VeriSign Class 3 International Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
    Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
    Algorithm: RSA; Serial number: 0x641be820ce020813f32d4d2d95d67e67
    Valid from Sun Feb 07 19:00:00 EST 2010 until Fri Feb 07 18:59:59 EST 2020
    adding as trusted cert:
    Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
    Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
    Algorithm: RSA; Serial number: 0x3c9131cb1ff6d01b0e9ab8d044bf12be
    Valid from Sun Jan 28 19:00:00 EST 1996 until Wed Aug 02 19:59:59 EDT 2028
    adding as trusted cert:
    Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
    Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
    Algorithm: RSA; Serial number: 0x250ce8e030612e9f2b89f7054d7cf8fd
    Valid from Tue Nov 07 19:00:00 EST 2006 until Sun Nov 07 18:59:59 EST 2021
    <Mar 7, 2013 6:59:21 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Cipher: SunPKCS11-Solaris version 1.6 for algorithm DESede/CBC/NoPadding>
    <Mar 7, 2013 6:59:21 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Cipher for algorithm DESede>
    <Mar 7, 2013 6:59:21 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA/ECB/NoPadding>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSetup: loading trusted CA certificates>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 28395435>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 115>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <25779276 SSL3/TLS MAC>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <25779276 received HANDSHAKE>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHello>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: Certificate>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Cannot complete the certificate chain: No trusted cert found>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 0 in the chain: Serial number: 2400410601231772600606506698552332774
    Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
    Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
    Not Valid Before:Tue Dec 18 19:00:00 EST 2012
    Not Valid After:Wed Jan 07 18:59:59 EST 2015
    Signature Algorithm:SHA1withRSA
    >
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 1 in the chain: Serial number: 133067699711757643302127248541276864103
    Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
    Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
    Not Valid Before:Sun Feb 07 19:00:00 EST 2010
    Not Valid After:Fri Feb 07 18:59:59 EST 2020
    Signature Algorithm:SHA1withRSA
    >
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <validationCallback: validateErr = 16>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[0] = Serial number: 2400410601231772600606506698552332774
    Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
    Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
    Not Valid Before:Tue Dec 18 19:00:00 EST 2012
    Not Valid After:Wed Jan 07 18:59:59 EST 2015
    Signature Algorithm:SHA1withRSA
    >
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[1] = Serial number: 133067699711757643302127248541276864103
    Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
    Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
    Not Valid Before:Sun Feb 07 19:00:00 EST 2010
    Not Valid After:Fri Feb 07 18:59:59 EST 2020
    Signature Algorithm:SHA1withRSA
    >
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <weblogic user specified trustmanager validation status 16>
    <Mar 7, 2013 6:59:22 PM EST> <Warning> <Security> <BEA-090477> <Certificate chain received from ws-eq.demo.xxx.com - xx.xxx.xxx.156 was not trusted causing SSL handshake failure.>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validation error = 16>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Certificate chain is untrusted>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLTrustValidator returns: 16>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Trust status (16): CERT_CHAIN_UNTRUSTED>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 42
    java.lang.Exception: New alert stack
         at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
         at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
         at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
         at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
         at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
         at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
         at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
         at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
         at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
         at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
         at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
         at com.certicom.tls.record.WriteHandler.write(Unknown Source)
         at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
         at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
         at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
         at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
         at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:154)
         at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:358)
         at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:37)
         at weblogic.wsee.util.is.InputSourceUtil.loadURL(InputSourceUtil.java:100)
         at weblogic.wsee.util.dom.DOMParser.getWebLogicDocumentImpl(DOMParser.java:118)
         at weblogic.wsee.util.dom.DOMParser.getDocument(DOMParser.java:65)
         at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:311)
         at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:305)
         at weblogic.wsee.jaxws.spi.WLSProvider.readWSDL(WLSProvider.java:296)
         at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:77)
         at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:62)
         at javax.xml.ws.Service.<init>(Service.java:56)
         at ideal.ws2j.eqtoken.TokenServices.<init>(TokenServices.java:64)
         at com.citi.ilrouter.util.IpreoEQSSOClient.invokeRpcPortalToken(IpreoEQSSOClient.java:165)
         at com.citi.ilrouter.servlets.T3LinkServlet.doPost(T3LinkServlet.java:168)
         at com.citi.ilrouter.servlets.T3LinkServlet.doGet(T3LinkServlet.java:206)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
         at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
         at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
         at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(Unknown Source)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
         at weblogic.security.service.SecurityManager.runAs(Unknown Source)
         at weblogic.servlet.internal.WebAppServletContext.securedExecute(Unknown Source)
         at weblogic.servlet.internal.WebAppServletContext.execute(Unknown Source)
         at weblogic.servlet.internal.ServletRequestImpl.run(Unknown Source)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
    >
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write ALERT, offset = 0, length = 2>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <close(): 6457753>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <close(): 6457753>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.removeContext(ctx): 22803607>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 14640403>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 115>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <23376797 SSL3/TLS MAC>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <23376797 received HANDSHAKE>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHello>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: Certificate>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Cannot complete the certificate chain: No trusted cert found>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 0 in the chain: Serial number: 2400410601231772600606506698552332774
    Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
    Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
    Not Valid Before:Tue Dec 18 19:00:00 EST 2012
    Not Valid After:Wed Jan 07 18:59:59 EST 2015
    Signature Algorithm:SHA1withRSA
    >
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 1 in the chain: Serial number: 133067699711757643302127248541276864103
    Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
    Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
    Not Valid Before:Sun Feb 07 19:00:00 EST 2010
    Not Valid After:Fri Feb 07 18:59:59 EST 2020
    Signature Algorithm:SHA1withRSA
    >
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <validationCallback: validateErr = 16>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[0] = Serial number: 2400410601231772600606506698552332774
    Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
    Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
    Not Valid Before:Tue Dec 18 19:00:00 EST 2012
    Not Valid After:Wed Jan 07 18:59:59 EST 2015
    Signature Algorithm:SHA1withRSA
    >
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[1] = Serial number: 133067699711757643302127248541276864103
    Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
    Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
    Not Valid Before:Sun Feb 07 19:00:00 EST 2010
    Not Valid After:Fri Feb 07 18:59:59 EST 2020
    Signature Algorithm:SHA1withRSA
    >
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <weblogic user specified trustmanager validation status 16>
    <Mar 7, 2013 6:59:22 PM EST> <Warning> <Security> <BEA-090477> <Certificate chain received from ws-eq.demo.xxx.com - 12.29.210.156 was not trusted causing SSL handshake failure.>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validation error = 16>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Certificate chain is untrusted>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLTrustValidator returns: 16>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Trust status (16): CERT_CHAIN_UNTRUSTED>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 42
    java.lang.Exception: New alert stack
         at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
         at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
         at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
         at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
         at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
         at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
         at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
         at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
         at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
         at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
         at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
         at com.certicom.tls.record.WriteHandler.write(Unknown Source)
         at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
         at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
         at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
         at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
         at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:154)
         at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:358)
         at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:37)
         at weblogic.wsee.util.is.InputSourceUtil.loadURL(InputSourceUtil.java:100)
         at weblogic.wsee.util.dom.DOMParser.getWebLogicDocumentImpl(DOMParser.java:118)
         at weblogic.wsee.util.dom.DOMParser.getDocument(DOMParser.java:65)
         at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:311)
         at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:305)
         at weblogic.wsee.jaxws.spi.WLSProvider.readWSDL(WLSProvider.java:296)
         at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:77)
         at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:62)
         at javax.xml.ws.Service.<init>(Service.java:56)
         at ideal.ws2j.eqtoken.TokenServices.<init>(TokenServices.java:64)
         at com.citi.ilrouter.util.IpreoEQSSOClient.invokeRpcPortalToken(IpreoEQSSOClient.java:165)
         at com.citi.ilrouter.servlets.T3LinkServlet.doPost(T3LinkServlet.java:168)
         at com.citi.ilrouter.servlets.T3LinkServlet.doGet(T3LinkServlet.java:206)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
         at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
         at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
         at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(Unknown Source)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
         at weblogic.security.service.SecurityManager.runAs(Unknown Source)
         at weblogic.servlet.internal.WebAppServletContext.securedExecute(Unknown Source)
         at weblogic.servlet.internal.WebAppServletContext.execute(Unknown Source)
         at weblogic.servlet.internal.ServletRequestImpl.run(Unknown Source)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
    >
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write ALERT, offset = 0, length = 2>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <close(): 16189141>

    I received a workaround by an internal message.
    The how to guide is :
    -Download the wsdl file (with bindings, not the one from ESR)
    -Correct it in order that the schema corresponds to the answer (remove minOccurs or other things like this)
    -Deploy the wsdl file on you a server (java web project for exemple). you can deploy on your local
    -Create a new logicial destination that point to the wsdl file modified
    -Change the metadata destination in your web dynpro project for the corresponding model and keep the execution desitnation as before.
    Then the received data is check by the metadata logical destination but the data is retrieved from the correct server.

  • Web Service access with J2EE1.3?

    Hi,
    I'm relatively new to the whole Web Services technology, so my question might be dumb... but anyway:
    What I'm trying to do is to write some code to access a Web Service (I'm not trying to make one, it's supplied by an outside provider). We currently use WebSphere 4, so that puts me with J2EE 1.3. I started looking for tutorials on java.sun.com, and strangely, I couldn't run any one of them (tried SAAJ and JAX-RPC). I then inspected the J2EE API specifications and found out that the packages used in the tutorials do not exist in J2EE 1.3, only in 1.4. So, my question is - do I have to use J2EE 1.4 to use Web Services, or there's a way to access them in 1.3, and if so, how?
    Thanks,
    Alex Savitsky

    You can write an AXIS client for any web services that can run from JDK1.3. See http://ws.apache.org/axis for details.

  • Web service security with mutiple certificates

    Is it possible to secure a web service on OC4J such that multiple clients can securely access the same web service. I have been trying to send messages to the same web service end point using multiple signature keys. The problem that I am getting is that if I do not use the signature key specified within OC4J to sign the message I am receiving the following error "javax.xml.rpc.soap.SOAPFaultException: Chain does not terminate with a trusted CA". Note all the certificates are present in the configure OC4J keystore.
    Can anyone point me in the direction of some documentation on how to configure a web service to be securely accessed by multiple clients (certificates)
    Cheers
    Neil

    Here is an example where we have two keystores, Bob and Alice.
    Bob's Keystore:
    Entry Alias: alice (Trusted Certificate) >>> No password
    Entry Alias: bob (Key Pair + CA Certs) >>> password welcome1
    Alice's Keystore:
    Entry Alias: bob (Trusted Certificate) >>> No password
    Entry Alias: Alice (Key Pair + CA Certs) >>> password welcome1
    In our scheme each party on the end of the message exchange have two key-pairs one for signature and one of encryption:
    In the Oracle Web Service.xml you should see something to the effect:
    <key-store name="mykeystore" store-pass="welcome1"
    path="META-INF/bob.jks"/>
    <signature-key key-pass="welcome1" alias="bob"/>
    <encryption-key key-pass="welcome1" alias="bob"/>
    Later in this XML, you would see the encrypt element, here we let it know to use alice for XML Encryption:
    <encrypt>
    <recipient-key alias="alice"/>
    <encryption-method>AES-128</encryption-method>
    <tbe-elements>
    <tbe-element local-part="Body"
    name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
    </tbe-elements>
    </encrypt>
    The default behavior is to only work with one client. If you need to work with multiple, then we have a means here:
    http://download-west.oracle.com/docs/cd/B31017_01/web.1013/b28976/adminasc.htm#BABFFICH

  • Project Server 2010 - Customizing the Ribbon with no code

    Is there any way to add a print button to the ribbon with no code in PWA?  Thanks!

    Hello,
    Most pages do have a print button by default. To add any buttons to the ribbon does require code, not much code, but you do need to create the feature for this. See the example from Alex for adding a print button to the PDPs.
    http://epmsource.com/2012/01/26/adding-print-capabilities-to-project-detail-pages/
    Thanks
    Paul
    Paul Mather | Twitter |
    http://pwmather.wordpress.com | CPS

  • Authenticating to weblogic web service using a client cert with webserver

    I am trying to think of how to authenticate a client to a weblogic web service
    using a client certificate. The wrinkle is that a Web Server (iis or whatever)
    will be handling the ssl part and forwarding non-secure to weblogic. The cert
    will still be accessable in the request using: HttpServletRequest req.getAttribute("javax.net.ssl.peer_certificates).
    At this point it is not clear to me what I can do. When does CertAuthenticator
    get called? Can I even use it? Will I have to write my own version of the weblogic.soap.server.servlet.StatelessBeanAdapter
    class?
    Any help will be appreciated, even explaining why it can't be done.
    Thanks,
    Scott

    I am trying to think of how to authenticate a client to a weblogic web service
    using a client certificate. The wrinkle is that a Web Server (iis or whatever)
    will be handling the ssl part and forwarding non-secure to weblogic. The cert
    will still be accessable in the request using: HttpServletRequest req.getAttribute("javax.net.ssl.peer_certificates).
    At this point it is not clear to me what I can do. When does CertAuthenticator
    get called? Can I even use it? Will I have to write my own version of the weblogic.soap.server.servlet.StatelessBeanAdapter
    class?
    Any help will be appreciated, even explaining why it can't be done.
    Thanks,
    Scott

  • Email Notifications from Project 2013 has Project Server 2010 in the subject

    When Project 2013 sends out task reminders it has "Task reminders - Microsoft Project Server 2010
    notification service" in the subject line.  Anyone know how or where this can be changed from 2010 to 2013. 
    New On premise installation of Project 2013 sp1

    I think it is a known bug, not sure if it has been corrected in the latest CU. Contact MS, they should help you with a script:
    https://social.technet.microsoft.com/Forums/en-US/6441b337-785e-48a6-a40a-6406a141001d/task-reminder-emails-for-project-server-2013-have-subject-line-task-reminders-microsoft-project?forum=projectserver2010general
    Hope this helps,
    Guillaume Rouyre, MBA, MVP, P-Seller |

  • Why does WFE server take 95% of RAM in Project server 2010

    Hi everyone,
    I have lunched a project server 2010 in a farm with 3 servers: application server, WFE and Report server
    application server: 8G RAM
    WFE:8G RAM
    report server:8G RAM
    I have no idea why WFE take more than 95% of RAM while there are just 3 project server-related processes:
    w3wp.exe = 491M
    w3wp.exe=212M
    owstimer.exe=330M
    what should I do?

    8 GB is the MINIMUM amount of memory a SharePoint server should have. That you're using 95% isn't necessarily surprising.
    Is this a Hyper-V VM using dynamic memory?
    Where are the search service components running? Are there any crawls in progress?
    Where is SQL Server running? Another server you haven't listed?
    Task Manager should list all the processes. You can sort by memory and you should see where it's going.
    Alternatively you can set up a performance monitor log to determine which processes are taking the most memory.
    Jason Warren
    @jaspnwarren
    jasonwarren.ca
    habaneroconsulting.com/Insights

  • Project Server 2010 Migration

    Hi
    Just for my information, I wanted to know, if any one can provide me (best) procedures to follow regarding PWA 2010 instances migration from test server to new server with workspaces as well.
    I am preparing for a (major) migration. So please, if you can give me links on web or to some posts by EPM leadears, it will be very helpful for me.
    Thanks.
    Manish

    Hi Manish,
     The Project Detail Pages (PDPs) are stored in the Content DB. Did you restored the content database too?
    http://blogs.technet.com/b/epmcontent/archive/2010/06/10/restoring-or-migrating-project-web-app-2010-instances.aspx
    If you have restored the content database but getting the error, Here is the code which might help you.
    http://blogs.msdn.com/b/brismith/archive/2010/05/18/project-server-2010-my-pwa-site-thinks-it-is-a-workspace-site-revisited.aspx
    Web properties may be pointing to old URL, so read the Web properties to get the PWA URL & verify
    using (SPSite site = new SPSite("hhtp://servername/pwa"))
    using (SPWeb web = site.OpenWeb())
    String sPWAURL = web.AllProperties["PWAURL"].ToString();
    String sMsPWAPROJUID = web.AllProperties["MSPWAPROJUID"].ToString();
    Once you know that migrated instance is pointing to the source PWA url, you can update using the console application:
    using (SPSite site = new SPSite("http://servername/pwa”))
    using (SPWeb web = site.OpenWeb())
    web.AllProperties["PWAURL"]="";
    web.AllProperties["MSPWAPROJUID"]="";
    web.Update();
    To fix it from powershell:
    http://blogs.msdn.com/b/brismith/archive/2010/05/07/project-server-2010-my-first-fix-with-powershell-a-pwa-site-that-thought-it-was-also-a-workspace.aspx
    Hope that helps.
    Thanks, Amit Khare |EPM Consultant| Blog: http://amitkhare82.blogspot.com http://www.linkedin.com/in/amitkhare82

  • Project Server 2010 PWA Provisioning Error - System.UnauthorizedAccessException: Access is denied.

    Hi,
    When migrating from a Prod Environment to a Test Environment using the Project Server 2010 5 Database backup and restore process (actually 6 DB's with the Project Sites DB), upon encountering a failure during provisioning the PWA Instance, we get the errors listed
    at the base of this posting in our Event Logs.
    To clarify what we have done already, we have:
    1. Backed up the 6 databases from the Source Environment.
    2. Removed the existing PWA_Content and PWS_Content (Project Sites) databases from the Target Environment Farm.
    3. Restored the 6 databases in the Target Environment.
    4. Given the SP Farm Service Account 'db_owner' rights to each of the 6 restored databases.
    5. Added the PWA_Content and PWS_Content databases  (exact same names) to the Target Environment.
    6. Locked down (offline/stopped), all of the SharePoint Content databases in the Farm except for the PWA_Content database.
    7. Run the PWA Provisioning process from the 'Project Server' SharePoint Service in Central Admin.
    It is during the PWA provisioning that we encounter these errors.
    As the Target Environment is for Test/Dev purposes, the SP Farm Service Account is setup to support all of the SharePoint Farm Services, is in the Local Admin Group of each of the Servers (App, WFE and DB), and is actually in the sysadmin
    role on the DB Server.
    Any suggestions on what is causing this denied access situation would be most appreciated.
    Cheers,
    Wayne
    Event Log Entries:
    ============================================
    Log Name:      Application
    Source:        Microsoft-SharePoint Products-Project Server
    Date:          1/22/2014 2:47:34 PM
    Event ID:      6971
    Task Category: Provisioning
    Level:         Error
    Keywords:     
    User:          ACCOUNTS\svc_psfarm
    Computer:      SERVER.accounts.domain.com
    Description:
    Failed to provision site PWA with error: Microsoft.Office.Project.Server.Administration.ProvisionException: Membership synchronization failed. ---> System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
       at Microsoft.SharePoint.Library.SPRequest.AddRoleDef(String bstrUrl, String bstrName, String bstrDescription, Boolean bHidden, Int32 lRoleOrder, UInt64 iPermMask, Byte iType, Int32 lRoleDefID)
       at Microsoft.SharePoint.SPRoleDefinitionCollection.AddCore(SPRoleDefinition role)
    etc....
    Failed to create the Report Center web (Exception: PSI Entry Point:
    Project User: DOMAIN\svc_psfarm Correlation Id: c0a30b18-46e4-4447-b469-f8fd3bb1490a
    PWA Site URL: http://pstest2010/PWA
    SSP Name: Project Server
    PSError: NoError (0))
    Failed to grant 'DOMAIN\svc_psfarm' access to web application 'SPWebApplication Name=Portal'.
    Error: System.Security.SecurityException: Access denied.  Only machine administrators are allowed to create administration service job definitions of type: Microsoft.SharePoint.Administration.SPUpdateWorkerProcessGroup, Microsoft.SharePoint, Version=14.0.0.0,
    Culture=neutral, PublicKeyToken=71e9bce111e9429c.
       at Microsoft.SharePoint.Administration.SPAdministrationServiceJobDefinition..ctor(String name, SPService service, SPServer server, SPJobLockType lockType)
       at Microsoft.SharePoint.Administration.SPUpdateWorkerProcessGroup..ctor(SPTimerService timerService, String[] loginsToAdd, String[] loginsToRemove)
       at Microsoft.SharePoint.Administration.SPWebApplication.GrantAccessToProcessIdentity(String username, SPPolicyRoleType policyRole)
       at Microsoft.Office.Project.Server.Administration.PsiServiceApplication.GrantAccessToWebApp(List`1 webApps, String userName) The Zone of the assembly that failed was: MyComputer

    Is the Test and Production in the same domain. If they are not, then the SIDs associated with the SQL accounts may look the same but they are not.  At times, I have had to recreated accounts when in different domains.
    I would also use PowerShell cmdlets and see if it finds any issues, such as Test-SPContentDatase.. Validate the SharePoint content databases, because if not setup properly the Provisioning will fail.
    Also check these properties.
    $web=get-spweb http://prodproj01/pwa
    $Web.AllProperties[“PWAURL”] ### see what the value is.. you may have to blank it out, specially if it is pointing to a different URL
    Here is how to fix.
    $Web.AllProperties[“PWAURL”]=””
    $web.Update()
    Michael Wharton, MVP, MBA, PMP, MCT, MCTS, MCSD, MCSE+I, MCDBA
    Website http://www.WhartonComputer.com
    Blog http://MyProjectExpert.com contains my field notes and SQL queries

  • Getting the "401 : Unauthorized" exception with bulk edit tool in Project Server 2010

    Hi all,
    We are using the Bulkedit tool in our Project server 2010 environment.
    When users click the button "bulk edit projects" from the ribbon, it is giving the error with a correlation id.
    I checked the id in uls logs and find that it is giving the below message.
    Does anyone know why we are getting this error ?
     Best Regards
    Anil Kumar Alladi

    Hi Paul,
    Thanks for your reply.
    The loopbackcheck was already disabled. The users who are accessing the url from the client machines also getting this error.
    Best Regards
    Anil Kumar Alladi

  • Any Problem Running Office 2010 SP2 with Project Server 2010 SP1?

    We are running Project Server 2010 SP1 April 2013 CU and the desktop clients have now been upgraded to SP2 October 13 CU. We are having issues with projects in local cache showing as checked out when they are not actually checked out on the server. I was
    wondering if it is problematic to run the desktop client on a newer service pack than the server and if it could cause this type of issue?

    Hello, Aaron.
    The answer is YES, you'll probably have some issues.
    I would recommend:
    Downgrade clients to match Server's version
    Upgrade Server to SP2+October '13 CU
    And my preferred:
    Upgrade Server and clients to SP2 + '14 April CU

  • Unable open Project details or a project from PWA Project server 2010 with Alias name

    Hi,
    I am unable to open the Projects from Project center with the Alias name with the server name i am able to open the projects, version is  project server 2010,
    My system is ABC.DC.IN  alias name i have given is DEF.AD.COM  
    With the system name i can able access PWA and all are working fine.
    As i have observed with alias name i can able to login to  pwa and all the server  setting approval center all are working fine but only in the project center i am not able to open the projects (http://DEF.AD.COM/pwa/ProjectDrillDown.aspx .xxxx)
    its is coming in the below of the ie. 
    But with Alias name these are the issues i am facing,
    1.when longing with alias name its asking two times for user name and password
    2.when i click on a project from project center its taking some time and asking for user name and password after i enter user name and password "PAGE cannot displayed" error i am getting.
    can any one Help me. 
    vijay kommireddi

    Hi Eric,
    Thanks for your Reply.
    As you said i have added in Manged Path as  (Testpwa/projects.aspx as <Wildcard inclusion>) But still problem is there it is asking user
    name password again if click on any project in project center and  and showing page cannot be displayed error. 
    This is url its is showing in the below of the IE ( http://def.ad.com/testpwa/projectdrilldown.aspx?ProjUid=e28c6d43-85b6-478d-9542-2961cc81a69e)
    I have observed one more thing if click on Project
    details then only this issue  is coming project schedule and project information
    is also opening with Alias name.
    My farm version is 14.0.7015.1000
    Vijay Kommireddi

  • Project Server 2010 - Error 20010 with a master project and 3 sub-projects during publication

    Hi,
    Here is the situation :
    One master project with three sub projects.
    Sub projects are really similar (Same ressources and nearly same tasks but only the first contain real work for now).
    Sub projects got no sub projects nor links between projects.
    The owner of the master project got read rights through projects permissions on sub projects.
    Sub projects are link in "read only".
    We applied Project Server 2010 SP2 last week end and the issue appeared monday.
    Here are the symptoms :
    When we link only one sub project (Doesn't matter which one), the owner can publish, no problems.
    With 2 sub projects, the error may occur.
    With 3 sub projects, the error always occurs.
    With admin rights, the error doesn't occur.
    Here is the error :
    ID : 20010 (0x4E2A)
    Description : You don't have required permissions to perform the action (Average traduction)
    Detail : <detail><errinfo><general><class name="Project"><error id="20010" name="GeneralSecurityAccessDenied" uid="19515c1d-2624-466f-953a-b7fc67337b81"/></class></general></errinfo></detail>
    I'm unable to determine which sub project is the culprit, if there is one, as it's working when I link only one of them.
    Thanks for your time !

    Fylim --
    If the project manager in question does not need to edit any of the three projects, the PM does not need to have Read/Write access to any of the three projects.  Because you said that the PM needs to set links in all three projects, this means that
    the PM will be editing all three projects.  In order to edit the three projects, the PM must have Read/Write access to all three.  Setting cross-project links constitutes editing of the projects, which is why the PM must have Read/Write permission. 
    Make sense?
    Regarding SP2, I am not aware that this would change anything, but I could be wrong.  The reality is that regardless of which SP you have applied to Microsoft Project and Project Server 2010, the PM in this situation MUST have Read/Write access to the
    projects that he/she needs to edit with cross-project links.  Hope this helps.
    Dale A. Howard [MVP]

  • PerformancePoint Services of Project Server 2010

    Hi guys. Now I am using Business Intelligence Feature in Project Server 2010. I did build a report show all Project by Dashboard Designer. In report i use Analysis Services type of Data Connection. I did build a Analysis Services Project by SQL Server
    Business Intelligence Development Studio in Server. Everything ok, I see all project. But when I add more Project and refresh page, data not updated. Please help me to find out

    With the cube you will need to rebuild it in order to refresh the data, if you are using cube you will need to schedule the cube build time, in order for cubes to be updated it can be scheduled and frequency of update can be set, however depending upon the
    frequency impact on servers should be considered accordingly as cube build take quite a bit of resource while building
    On a side note, curios to understand why are you not using the reporting DB which has nearly real time data and doesn't requires a refresh or update, though it may not have all the prebuilt measures & dimensions along with data, as in cube, but i am
    sure you can manipulate them to show whatever you want
    Thanks | Sunil Kr Singh | http://epmxperts.wordpress.com

Maybe you are looking for

  • Negative values on customer consignment stock

    Hello, Is it possible to have negative values on customer consignment stock? i.e. the same material is sent to a customer, as consignment stock (special stock W), from different plants. If the material is not used by the customer (then it has not bee

  • -XXdisablefatspin in 1.4.2_04...what does this mean ?

    I am not able to find any doc on this vm option. We are having a issue with this VM ( without the disablefatspin option set ) running weblogic, where after a few hundred requests ( on a SMP machine ), the VM does not respond. We are forced to restart

  • JS / forms question

    I have a <select box that will potentially have several hundred entries, populated from a SQL Server db. The value of each option will be a number, but the part that users will see is a string (person's name). In order to break up the large list of n

  • Error when trying to install DAC

    I am trying to install DAC - download from edelivery infalinux64_dac_10.3.4. I understand that I should do initially a windows DAC install. Trouble is that setup from DAC/Disk1/install and setup from DAC/Disk1/win32 both fails complaining about Java

  • Videos stop playing after 4 minutes

    Is there a setting for the length of time a video plays. Video streams are stopping after playing for about 4 minutes.