Provisioning TAM Policy Data & User Registry Data
I am using TAM API to provision the policy data. However I am not able to provision the user registry data using TAM API. Is this not possible?
( As a workaround I am using LDAP to provision TAM User Registry Data)
Anyone has integrated Sun Identity Manager with Tivoli Access manager via TAM API ?
Similar Messages
-
User Profile Disks - User registry data
In Server 2012 standard (not R2)
using RD
in Session Collection
and in the "User Profile Disks" tab
I have ticked “Enable user profile disks”
If I select the second radar-button
"Store only the following folders on the user profile disk"
What is the effect of ticking "User registry data" ?
What is the result in the template.vhdx ?
and when a new user logs in
Is all the user registry "moved" to the UPD user .vhdx file where it is then maintained
or
Is a folder re-direction preserved in the UPD and the registry data still updated in its original location ?Hi,
Thank you for your posting in Windows Server Forum.
During first logon, a virtual disk (VHDX) is created from a template disk. This VHDX is attached to the virtual machine or RD Session Host server that the user is logging on to. The profile service is then notified to use this VHDX as the location for the user’s
profile. When the user logs off, the VHDX is then detached from the virtual machine.
By default, the entire user’s profile is stored on the user profile disk. This includes the Documents folder, the user’s registry hive (holds application and Windows settings), and much more.
On subsequent logons to the collection, the VHDX is remounted to whatever virtual machine or RD Session Host server the user is logging on to. The user then has access to everything in his or her profile, even if this is a different virtual machine, or if the
virtual machine has been rolled back to a clean state between logons.
For more information, please check beneath article.
Easier User Data Management with User Profile Disks in Windows Server 2012
http://blogs.msdn.com/b/rds/archive/2012/11/13/easier-user-data-management-with-user-profile-disks-in-windows-server-2012.aspx
Working with User Profile Disks on Session-Based Desktop Deployments
http://www.virtualizationadmin.com/articles-tutorials/vdi-articles/general/working-with-user-profile-disks-on-session-based-desktop-deployments.html
Hope it helps!
Thanks,
Dharmesh -
Configuring group policy for user profiles in Windows Server 2012 R2 Domain
Requesting some experts advise on configuring group policy for user profiles.
We will be building new Windows Server 2012 R2 Domain Controllers (Domain of 400 users).
The settings which I am concerned:
1. Folder Redirection: Desktop, Documents, Favorites.
2. Quota for Folder Redirection - 1 GB per user.
3. Map a networked drive - 1 GB per user.
4. Roaming profile - (Will ignore if it does not suit our requirement).
The question is how outlook profile will be retained / automatically moved if the users move from once computer to other?
FYI, E-mails hosted on MS Office365 and OST file size of few users more than 25GB. So, in case the user moves from one computer to other, the entire mailbox will be downloaded via internet. This consumes high bandwidth if more than 3-4 users shift per day.
Thanks a lot for your valuable time and efforts.Hi,
>>The question is how outlook profile will be retained / automatically moved if the users move from once computer to other?
This depends on where our outlook data files are stored. If these data files are stored under
drive:\Users\<username>\AppData\Local, then these files can’t be redirected, for folder redirection can’t redirect appdata local or locallow.
However, regarding your question, we can refer to the following thread to find the solution.
Roam outlook profiles without roaming profiles
http://social.technet.microsoft.com/Forums/office/en-US/3908b8e0-8f44-4a34-8eb5-5a024df3463e/roam-outlook-profiles-without-roaming-profiles
In addition, regarding how to configure folder redirection, the following article can be referred to for more information.
Configuring Folder Redirection
http://technet.microsoft.com/library/cc786749.aspx
Hope it helps.
Best regards,
Frank Shen -
Event ID 1085 on DC - Failed to Apply the Group Policy Local Users and Groups Settings
I have a domain with 2 DCs. The primary DC is running Server 2012 and is raising Event ID 1085 every 10 minutes and 20 seconds.
Windows failed to apply the Group Policy Local Users and Groups settings. Group Policy Local Users and Groups settings might have its own log file. Please click on the "More information" link.
System
- Provider
[ Name] Microsoft-Windows-GroupPolicy
[ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
EventID 1085
Version 0
Level 3
Task 0
Opcode 1
Keywords 0x8000000000000000
- TimeCreated
[ SystemTime] 2014-10-20T20:09:03.706992400Z
EventRecordID 130087
- Correlation
[ ActivityID] {FDDFB8C5-9ECF-41B9-B2B4-3AD0B345A37A}
- Execution
[ ProcessID] 1000
[ ThreadID] 3280
Channel System
Computer SERVER.DOMAIN.NAME
- Security
[ UserID] S-1-5-18
- EventData
SupportInfo1 1
SupportInfo2 4404
ProcessingMode 0
ProcessingTimeInMilliseconds 10343
ErrorCode 183
ErrorDescription Cannot create a file when that file already exists.
DCName \\SERVER.DOMAIN.name
ExtensionName Group Policy Local Users and Groups
ExtensionId {17D89FEC-5C44-4972-B12D-241CAEF74509}
Everything I look up for Event ID 1085 seems to be about a different cause.
Any ideas?I enabled tracing on a domain gpo and I still get the error when running gpupdate /force .
I'm also still getting Event 1085. Here's the trace file. I've anonymized the site/domain and the GUIDs.
2014-10-21 11:16:54.003 [pid=0x3e8,tid=0xcd0] Entering ProcessGroupPolicyExLocUsAndGroups()
2014-10-21 11:16:54.018 [pid=0x3e8,tid=0xcd0] SOFTWARE\Policies\Microsoft\Windows\Group Policy\{GUID-1}
2014-10-21 11:16:54.018 [pid=0x3e8,tid=0xcd0] BackgroundPriorityLevel ( 0 )
2014-10-21 11:16:54.018 [pid=0x3e8,tid=0xcd0] DisableRSoP ( 0 )
2014-10-21 11:16:54.018 [pid=0x3e8,tid=0xcd0] LogLevel ( 2 )
2014-10-21 11:16:54.018 [pid=0x3e8,tid=0xcd0] Command subsystem initialized. [SUCCEEDED(S_FALSE)]
2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] Background priority set to 0 (Idle).
2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ----- Parameters
2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] CSE GUID : {GUID-1}
2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] Flags : ( X ) GPO_INFO_FLAG_MACHINE - Apply machine policy rather than user policy
2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( X ) GPO_INFO_FLAG_BACKGROUND - Background refresh of policy (ok to do slow stuff)
2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_SLOWLINK - Policy is being applied across a slow link
2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_VERBOSE - Verbose output to the eventlog
2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_NOCHANGES - No changes were detected to the Group Policy Objects
2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_LINKTRANSITION - A change in link speed was detected between previous policy application and current policy application
2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_LOGRSOP_TRANSITION - A change in RSoP logging was detected between the application of the previous policy and the application of the current policy.
2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( X ) GPO_INFO_FLAG_FORCED_REFRESH - Forced Refresh is being applied. redo policies.
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_SAFEMODE_BOOT - windows safe mode boot flag
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_ASYNC_FOREGROUND - Asynchronous foreground refresh of policy
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Token (computer or user SID): S-1-5-18
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Abort Flag : Yes (0x313be090)
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] HKey Root : Yes (0x80000002)
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Deleted GPO List : No
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Changed GPO List : Yes
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Asynchronous Processing : Yes
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Status Callback : No (0x00000000)
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] WMI namespace : Yes (0x32273740)
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] RSoP Status : Yes (0x320cc7f4)
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Planning Mode Site : (none)
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Computer Target : No (0x00000000)
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] User Target : No (0x00000000)
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Calculated list relevance. [SUCCEEDED(S_FALSE)]
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ----- Changed - 0
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Options : ( ) GPO_FLAG_DISABLE - This GPO is disabled.
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GPO_FLAG_FORCE - Do not override the settings in this GPO with settings in a subsequent GPO.
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Options (raw) : 0x00000000
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Version : 19267878 (0x01260126)
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] GPC : LDAP://CN=Machine,CN={GUID-2},CN=Policies,CN=System,DC=SITE,DC=DOMAIN
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] GPT : \\SITE.DOMAIN\sysvol\SITE.DOMAIN\Policies\{GUID-2}\Machine
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] GPO Display Name : Default Domain Policy
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] GPO Name : {GUID-2}
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] GPO Link : ( ) GPLinkUnknown - No link information is available.
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GPLinkMachine - The GPO is linked to a computer (local or remote).
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GPLinkSite - The GPO is linked to a site.
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( X ) GPLinkDomain - The GPO is linked to a domain.
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GPLinkOrganizationalUnit - The GPO is linked to an organizational unit.
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GP Link Error
2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] lParam : 0x00000000
2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] Prev GPO : No
2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] Next GPO : Yes
2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] Extensions : [{00000000-0000-0000-0000-000000000000}{GUID-3}][{GUID-1}{GUID-3}][{GUID-4}{GUID-5}{GUID-6}{GUID-7}{GUID-8}][{GUID-9}{GUID-10}][{GUID-11}{GUID-5}{GUID-6}]
2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] lParam2 : 0x3146f978
2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] Link : LDAP://DC=SITE,DC=DOMAIN
2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] Purge GPH : C:\ProgramData\Microsoft\Group Policy\History\{GUID-2}\Machine\Preferences\Groups\Groups.xml
2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] Read GPE XML data file (592 bytes total).
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ----- Changed - 1
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Options : ( ) GPO_FLAG_DISABLE - This GPO is disabled.
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ( ) GPO_FLAG_FORCE - Do not override the settings in this GPO with settings in a subsequent GPO.
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Options (raw) : 0x00000000
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Version : 1245203 (0x00130013)
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] GPC : LDAP://CN=Machine,CN={GUID-12},CN=Policies,CN=System,DC=SITE,DC=DOMAIN
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] GPT : \\SITE.DOMAIN\sysvol\SITE.DOMAIN\Policies\{GUID-12}\Machine
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] GPO Display Name : Default Domain Controllers Policy
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] GPO Name : {GUID-12}
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] GPO Link : ( ) GPLinkUnknown - No link information is available.
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ( ) GPLinkMachine - The GPO is linked to a computer (local or remote).
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ( ) GPLinkSite - The GPO is linked to a site.
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ( ) GPLinkDomain - The GPO is linked to a domain.
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ( X ) GPLinkOrganizationalUnit - The GPO is linked to an organizational unit.
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ( ) GP Link Error
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] lParam : 0x00000000
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Prev GPO : Yes
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Next GPO : No
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Extensions : [{00000000-0000-0000-0000-000000000000}{GUID-3}][{GUID-1}{GUID-3}][{GUID-9}{GUID-10}]
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] lParam2 : 0x324e8198
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Link : LDAP://OU=Domain Controllers,DC=SITE,DC=DOMAIN
2014-10-21 11:16:54.127 [pid=0x3e8,tid=0xcd0] Purge GPH : C:\ProgramData\Microsoft\Group Policy\History\{GUID-12}\Machine\Preferences\Groups\Groups.xml
2014-10-21 11:16:54.127 [pid=0x3e8,tid=0xcd0] Read GPE XML data file (592 bytes total).
2014-10-21 11:16:54.143 [pid=0x3e8,tid=0xcd0] Completed get next GPO. [SUCCEEDED(S_FALSE)]
2014-10-21 11:16:54.143 [pid=0x3e8,tid=0xcd0] WQL : SELECT * FROM RSOP_PolmkrSetting WHERE polmkrBaseCseGuid = "{GUID-1}"
2014-10-21 11:16:54.143 [pid=0x3e8,tid=0xcd0] Purged 2 old RSoP entries.
2014-10-21 11:16:54.143 [pid=0x3e8,tid=0xcd0] Logging 2 new RSoP entries.
2014-10-21 11:16:54.159 [pid=0x3e8,tid=0xcd0] RSoP Entry 0
2014-10-21 11:16:54.174 [pid=0x3e8,tid=0xcd0] RSoP Entry 1
2014-10-21 11:16:54.174 [pid=0x3e8,tid=0xcd0] Completed get GPO list. [SUCCEEDED(S_FALSE)]
2014-10-21 11:16:54.174 [pid=0x3e8,tid=0xcd0] IsRsopPlanningMode() [SUCCEEDED(S_FALSE)]
2014-10-21 11:17:04.252 [pid=0x3e8,tid=0xcd0] Completed settings update (csePostProcess). [ hr = 0x800700b7 "Cannot create a file when that file already exists." ]
2014-10-21 11:17:04.252 [pid=0x3e8,tid=0xcd0] Completed CSE post-processing. [ hr = 0x800700b7 "Cannot create a file when that file already exists." ]
2014-10-21 11:17:04.267 [pid=0x3e8,tid=0xcd0] Leaving ProcessGroupPolicyExLocUsAndGroups() returned 0x000000b7 -
Hi,
I am getting some problems with the Lotus Notes Connector. The resource is provisioned but the Create User task is rejected. In the Lotus Notes server log, there is no problem and the account was created successfully.
Below is the response OIM has set to the task:
Respuesta: ERROR_UNID_SET
Descripción de Respuesta: User created successfully. Error while updating user unique attribute in the process form.
Notas:
As you can see below, there was no error when the adapter was executed:
DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvisionsetPropertyEntered method
INFO [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::loadAttributeMapping: START
DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision: :loadAttributeMapping : Attribute Mapping file : C:\oracle\oim9101\xellerate/XLIntegrations/LotusNotes/config/attributemapping_prov.properties
DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvisiongetParsedPropertiesEntered method
DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvisiongetParsedProperties---- END
DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : CreateMailDb true
DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : ShortName
DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : SecurityType 1
DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : MailSystem 0
DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : Storeaddbook true
DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : SynchInternetPwd true
DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : InternetAddress
DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : CertifierIDFile C:\Lotus\Domino\Data\cert.id
DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : Registrationlog
DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : MailOwnerAccess 0
DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : MinPwdlen 8
DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : Addbook true
DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : RegistrationServer win2k3base/oimdev
DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : OrgUnit during create -- oimdev
DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : OrgUnit oimdev
DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : MailQuotaWarning 40
DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : Received null values for ExpirationDate:
DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::getDefaultDate : Setting Default date
DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : IdType 173
DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : MailTemplateName
DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : MailQuotaLimit 50
DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : LastName : Gerente
DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : IdFilePath : C:\Lotus\Domino\id
DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : MailServer : win2k3base/oimdev
DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : FirstName : Teste
DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : Comment :
DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : MiddleName :
DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : Location :
DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : MailDBPath : mail\
DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : ForwardDomain : oimdev
DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvisioncheckUserExistsEntered method
DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::getUserName: Org Unit: oimdev
DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::getUserName: Final UserName --- CN=Teste Gerente/OU=oimdev/oimdev
DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvisioncheckUserExistsExiting method
DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::getUserName: Org Unit: oimdev
DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::getUserName: Final UserName --- CN=Teste Gerente/OU=oimdev/oimdev
DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : User Name: CN=Teste Gerente/OU=oimdev/oimdev
DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : Full Name: CN=Teste Gerente/O=oimdev
INFO [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : User Created Successfully
INFO [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::triggerAdminP : Invoking trigger AdminP
DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::triggerAdminP : MailServer : win2k3base/oimdev
DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::loadAdminpProperties : AdminP properties file : C:\oracle\oim9101\xellerate/XLIntegrations/LotusNotes/config/adminP.properties
DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::triggerAdminP : AdminPCommand : tell adminp process all
I've retried the Create User task and got the Lotus Console messages below. There is no error:
10/20/2009 02:02:56 AM Admin Process: Checking for all requests to perform
10/20/2009 02:03:30 AM DIIOP Server: 192.168.200.6 connected
10/20/2009 02:03:36 AM Opened session for win2k3base/oimdev (Release 6.5.6)
10/20/2009 02:03:36 AM Closed session for win2k3base/oimdev Databases accessed: 2 Documents read: 0 Documents written: 0
10/20/2009 02:03:37 AM Certifying Teste Gerente/oimdev
10/20/2009 02:03:48 AM Opened session for win2k3base/oimdev (Release 6.5.6)
tell adminp process all >C:\DOCUME~1\ADMINI~1.WIN\LOCALS~1\Temp\rem22706.con
10/20/2009 02:03:49 AM Admin Process: Checking for all requests to perform
10/20/2009 02:03:49 AM Remote console command issued by win2k3base/oimdev: tell adminp process all
10/20/2009 02:03:49 AM Closed session for win2k3base/oimdev Databases accessed: 0 Documents read: 0 Documents written: 0
10/20/2009 02:03:49 AM DIIOP Server: 192.168.200.6 disconnected
Any suggestion?
Edited by: Renato.Guimaraes on 19/10/2009 21:04Sunny,
I figured out the problem... Wrong configurations. See what I did:
a) Reviewed the explanation below about the paramater certifierOU of Lotus Notes ITRes, so I set it to empty.
certifierOU Specifies the OU of the certifier to be used when creating user accounts If you use a certifier on the target system, then you must specify the certifier OU value. If
you do not have a certifier on the target system, then leave this parameter field empty.
If there are multiple certifiers on the target system, then you must create one IT resource (of the Lotus Notes IT resource type) for each certifier. Refer to Oracle Identity Manager
Design Console Guide for information about creating IT resources. If you specify a value for the certifierOU parameter, then the user OU value that you specify on the process form is ignored during the creation of a DN for a new user account.
If you do not specify a value for the certifierOU parameter, then the user OU value that you specify on the process form is used in the DN. This feature ensures that only one OU value
is included in the DN.
If you specify a value for the certifierOU IT resource parameter, then user records for which the certifier OU value in the DN does not match the certifierOU parameter value are not
reconciled. This is because the user DN is used to match records in the target system and Oracle Identity Manager, and a difference in the certifier OU value would lead to a
mismatch in DN values. The following example illustrates this type of scenario:
Suppose a user account on Lotus Notes has the following DN:
CN=John Doe/OU=testcertou/O=test/C=US
If testcertou has not been assigned as the value of the certifierOU parameter for any of the IT resources created on this Oracle Identity Manager installation, then the records of this
user cannot be reconciled into Oracle Identity Manager.
Sample value: NY
b) The MailServer paramater was win2k3base/oimdev and I've changed it to CN=win2k3base/O=oimdev.
c) As the certifierOU is clear now, so I have to inform the Orgnation Unit field in the process form.
Thanks.
Edited by: Renato.Guimaraes on 24/10/2009 23:19
Edited by: Renato.Guimaraes on 24/10/2009 23:27 -
Provisioning Calendar to a user causes them to lose their local calendar
Hi,
Does anyone know of a workaround for the following situation?
- After provisioning Calendar to a user who previously was using an Oracle email account through the Connector, when opening up the existing profile in Outlook (after entering the Calendar server details) their previous local Calendar, Tasks, Notes and Contacts are lost.
- I realise that you can export them to a pst file but that has to be done manually and is not a realistic solution for us since we have a large number of users in this situation (i.e. we would require an automated fix).
Yay or nay woud suffice :)
Cheers,
DamianSurprisingly, this morning all calendars showed up in my iPhone. Apparently there is a delay.
But now there is another issue with the error:
"The server responded with an error.
Access to “event from years ago” in “the second added calendar” in account “local” is not permitted.
The server responded:
“403” to operation CalDAVWriteEntityQueueableOperation."
[Ignore] [Try Again] [Revert to Server]
Each event starting with the beginning of that calendar (years ago) seems to generate an error. It will take a day to click on Ignore for all those events.
Will ask this in a new thread. For now the issue this thread is about is solved, thank you. I also updated my profile, except for my iPad. No 'edit' option next to that one. Strange. -
List of Provisioned Resources for a user
hi
is there a way of Getting list of all the resources that have been provisioned to a particular user through API provided with OIM.
i can to do it through a SQL query but wanted to know if its possible through the OIM API , basically i will pass in the userkey and it should give me list of all the resources that have been provisioned to the user and are enabled.
thankstcUserOperationsIntf.getObjects seems to do exactly just that .
please ignore the post -
Processing of Group Policy failed - User Policy - Windows 7
OP:
http://social.technet.microsoft.com/Forums/en-US/w7itpronetworking/thread/191f1ee1-a551-446b-9808-ff66a952bb25
When running a gpupdate I get the following message:
Updating Policy...
User policy could not be updated successfully. The following errors were encount
ered:
The processing of Group Policy failed. Windows could not authenticate to the Act
ive Directory service on a domain controller. (LDAP Bind function call failed).
Look in the details tab for error code and description.
Computer Policy update has completed successfully.
To diagnose the failure, review the event log or run GPRESULT /H GPReport.html f
rom the command line to access information about Group Policy results.
This only happens on one computer under a certain account; other accounts work fine and the problem account works fine on other computers. Therefore the problem is located on the Windows 7 computer.
I have tracked it down to an LDAP error code 49.
I tried the MS sollution (http://technet.microsoft.com/en-us/library/cc727283(v=ws.10).aspx) but the credentials are sound.
I can also connect to the DC with LDP.exe fine.
Here are the diagnostic read outs (GPResult was too long to post):
Log Name: System
Source: Microsoft-Windows-GroupPolicy
Date: 2/29/2012 1:56:09 PM
Event ID: 1006
Task Category: None
Level: Error
Keywords:
User: Domain\UserAccount
Computer: Win7-ComputerA.FQDomain
Description:
The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" />
<EventID>1006</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>1</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2012-02-29T19:56:09.732842600Z" />
<EventRecordID>32458</EventRecordID>
<Correlation ActivityID="{CECE6DDC-E7CC-4563-8109-E62382F645D4}" />
<Execution ProcessID="984" ThreadID="3688" />
<Channel>System</Channel>
<Computer>Win7-ComputerA.FQDomain</Computer>
<Security UserID="S-1-5-21-416373151-1271962822-2142307910-40105" />
</System>
<EventData>
<Data Name="SupportInfo1">1</Data>
<Data Name="SupportInfo2">5012</Data>
<Data Name="ProcessingMode">0</Data>
<Data Name="ProcessingTimeInMilliseconds">1326</Data>
<Data Name="ErrorCode">49</Data>
<Data Name="ErrorDescription">Invalid Credentials</Data>
<Data Name="DCName">
</Data>
</EventData>
</Event>
Windows IP Configuration
Host Name . . . . . . . . . . . . : WIN7-ComputerA
Primary Dns Suffix . . . . . . . : FQDomain
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : FQDomain
ParentDomain
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : FQDomain
Description . . . . . . . . . . . : Intel(R) 82579LM Gigabit Network Connecti
on
Physical Address. . . . . . . . . : 00-21-CC-5F-CF-DF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 216.71.244.28(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, February 29, 2012 12:38:25 PM
Lease Expires . . . . . . . . . . : Thursday, March 01, 2012 12:38:24 PM
Default Gateway . . . . . . . . . : 216.71.244.1
DHCP Server . . . . . . . . . . . : 216.71.244.2
DNS Servers . . . . . . . . . . . : 216.71.244.2
216.71.240.120
216.71.240.132
Primary WINS Server . . . . . . . : 216.71.244.2
Secondary WINS Server . . . . . . : 216.71.240.130
216.71.240.122
NetBIOS over Tcpip. . . . . . . . : Enabled
Wireless LAN adapter Wireless Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) WiFi Link 1000 BGN
Physical Address. . . . . . . . . : 8C-A9-82-B0-67-E8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : YesHi,
It sound like port blocking issue, Seems your client system connecting 216.71.240.x DNS Servers as a logon server and which seems on different subnet
as per subnet mask, So there must be a router or firewall in between and so it might be Active directory ports are being blocked.
So first for testing purpose just remove other
216.71.240.x DNS
servers from TCP/IP configuration and clear dns cache
ipconfig/flushdns
and restart the system. check if it works.
or run this command on DC
dcdiag /test:dns
and share the error report.
Cheers!
Sanjay -
Best way to force password policy on users within 1-2 weeks?
We have a Server 2008 R2 domain.
I'd read that the password policy in GPO is only available for Computer Configuration, not User Configuration? Is that correct?
If so, that's not very flexible and will make things trickier for us.
And regarding enforcing a password policy with a GPO on our local domain, do you know of a way to force users to change their passwords within say 1 week? (the only options I know of are on the AD User account properties check a box "User
must change password at next logon" (then you'd have to force them to log out) OR relying on AD's internal formula:
webactivedirectory.com/.../how-active-directory-calculates-account-password-expiration-dates . The problem I see with the latter is if your user hasn't changed their pw for a year you'd have to wait a year+how many days you set for max password
age?
spnewbieTo add, the password policy is applied at the domain level and only works at the domain level. It's not the fact that it's at the "Computer Level" or "User Level" or not, it's the fact that it's only set at the domain level.
Account policies (Password, Lockout and Kerb), are all under the Computer Config because it forces it to apply to all user accounts that access all machines.
If you tried to create a password policy at any other level (any OU), it won't work. The only option is to use PSOs, as Mahdi pointed out.
As for that Spiceworks thread, I would suggest to post a question about a specific product to the product vendor's support forum for accurate responses.
Here's an excerpt from MOC 6425C Configuring and Troubleshooting Windows Server 2008 Active Directory, page 10-8 (and this applies to all versions of AD):
Active Directory supports one set of password and lockout policies for a domain. These policies are configured in a GPO that is scoped to the domain. A new domain contains a GPO called the Default Domain Policy that is linked to the domain and that includes
the default policy settings for password, account lockout, and Kerberos policies. You can change the settings by editing the Default Domain Policy GPO.
The best practice is to edit the Default Domain Policy GPO to specify the password policy settings for your organization. You should also use the Default Domain Policy GPO to specify account lockout policies and Kerberos policies. Do not use the Default
Domain Policy GPO to deploy any other custom policy settings. In other words, the Default Domain Policy GPO only defines the password, account lockout, and Kerberos policies for the domain. Additionally, do not define password, account lockout, or Kerberos
policies for the domain in any other GPO.
The password settings configured in the Default Domain Policy affect all user accounts in the domain. The settings can be overridden, however, by the password-related properties of the individual user accounts. On the Account tab of a user's Properties dialog
box, you can specify settings such as Password Never Expires or Store Passwords Using Reversible Encryption. For example, if five users have an application that requires direct access to their passwords, you can configure the accounts for those users to store
their passwords by using reversible encryption.
Ace Fekay
MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
This posting is provided AS-IS with no warranties or guarantees and confers no rights. -
Provisioning EP roles and user groups through CUP
Hello experts,
I am configuring EP provisioning through CUP.
I created the EP connector as per the instructions in the config guide. But I have not added any parameter values or did any field mapping. I have imported necessary Portal roles.
My EP connector is tested successful. But when I try to provision a role through CUP, I get this error:
Error processing your request, Request no: 4 in stage : NEW_AS11.
In the log it shows, Field Mapping is not set for Application (EP)
But when I go to field mapping, I get this error for EP.
Data retrieval from system XP1 failed : com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
I could not find much documentation on fieldmapping.
Are there any steps that I am missing for EP provisioning?
Thanks in advance..
KeeThanks for your response.
I have set up the parameters while setting up the EP connector in CUP.
My role search URI is correct but I am not sure about the last three parameters...
ASSIGN_GROUPS:OC sapgroup
ASSIGN_ROLES:OC saprole
CHANGE_USER:OC sapuser
CREATE_USER:OC sapuser
CREATE_USER:password password
DELETE_USER:OC sapuser
LOCK_USER:OC sapuser
LOCK_USER:islocked true
RESET_PASSWORD:OC sapuser
RESET_PASSWORD:password password
ROLESEARCH_URI - http://portalserver name:port number/UserRoleSearchForAEService_5_3/Config1?wsdl&style=document
ROLESEARCH_URI_USERNAME - same user Id I provided for the connector
ROLESEARCH_URI_PASSWORD See your system administrator for the value.
UNLOCK_USER:OC Sapuser
UNLOCK_USER:islocked false
ROLE_DATA_SOURCE -- ROLE.UME_ROLE_PERSISTENCE.un: ??? What is the role data source?? Is the value that is provided is correct for the UME roles
SCHEMA_ID SAPprincipals ?? What does this Schema Id mean???
USER_DATA_SOURCE ???? Should we mention the user data source on the Portal system. In our case, it is the LDAP. But what would be the corresponding parameter value for LDAP.
So when I go to field mapping to create one for EP, I get the following error:
Data retrieval from system XP1 failed : com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
Log Details:
2009-03-03 14:28:48,055 [SAPEngine_Application_Thread[impl:3]_19] ERROR Error in gettting Field Def
com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.sendSchemaRequest(SchemaRequest.java:131)
at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.getSchemaAttributes(SchemaRequest.java:142)
at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.getFieldDefinition(SchemaRequest.java:163)
at com.virsa.ae.configuration.bo.FieldMappingBO.getSAPFieldDefList(FieldMappingBO.java:126)
at com.virsa.ae.configuration.actions.LoadFieldMapAction.execute(LoadFieldMapAction.java:56)
at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:271)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:425)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:455)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
Caused by: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.setContent(SOAPPartImpl.java:192)
at com.sap.engine.services.webservices.jaxm.soap.SOAPMessageImpl.<init>(SOAPMessageImpl.java:83)
at com.sap.engine.services.webservices.jaxm.soap.MessageFactoryImpl.createMessage(MessageFactoryImpl.java:35)
at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.sendSchemaRequest(SchemaRequest.java:118)
... 25 more
Caused by: com.sap.engine.lib.xml.parser.NestedSAXParserException: Fatal Error: com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)(:main:, row=5, col=18) -> com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)
at com.sap.engine.lib.xml.parser.DOMParser.parse(DOMParser.java:139)
at com.sap.engine.lib.xml.parser.DOMParser.parse(DOMParser.java:173)
at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.parseDocument(SOAPPartImpl.java:221)
at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.setContent(SOAPPartImpl.java:189)
... 28 more
Caused by: com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)
at com.sap.engine.lib.xml.parser.XMLParser.scanAttValue(XMLParser.java:1403)
at com.sap.engine.lib.xml.parser.XMLParser.scanAttList(XMLParser.java:1577)
at com.sap.engine.lib.xml.parser.XMLParser.scanElement(XMLParser.java:1712)
at com.sap.engine.lib.xml.parser.XMLParser.scanContent(XMLParser.java:2442)
at com.sap.engine.lib.xml.parser.XMLParser.scanElement(XMLParser.java:1843)
at com.sap.engine.lib.xml.parser.XMLParser.scanContent(XMLParser.java:2442)
at com.sap.engine.lib.xml.parser.XMLParser.scanElement(XMLParser.java:1843)
at com.sap.engine.lib.xml.parser.XMLParser.scanContent(XMLParser.java:2442)
at com.sap.engine.lib.xml.parser.XMLParser.scanElement(XMLParser.java:1843)
at com.sap.engine.lib.xml.parser.XMLParser.scanDocument(XMLParser.java:2845)
at com.sap.engine.lib.xml.parser.XMLParser.parse0(XMLParser.java:231)
at com.sap.engine.lib.xml.parser.AbstractXMLParser.parseAndCatchException(AbstractXMLParser.java:145)
at com.sap.engine.lib.xml.parser.AbstractXMLParser.parse(AbstractXMLParser.java:160)
at com.sap.engine.lib.xml.parser.AbstractXMLParser.parse(AbstractXMLParser.java:261)
at com.sap.engine.lib.xml.parser.Parser.parseWithoutSchemaValidationProcessing(Parser.java:280)
at com.sap.engine.lib.xml.parser.Parser.parse(Parser.java:342)
at com.sap.engine.lib.xml.parser.DOMParser.parse(DOMParser.java:101)
... 31 more
2009-03-03 14:28:48,055 [SAPEngine_Application_Thread[impl:3]_19] ERROR com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
com.virsa.ae.core.BOException: com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
at com.virsa.ae.configuration.bo.FieldMappingBO.getSAPFieldDefList(FieldMappingBO.java:134)
at com.virsa.ae.configuration.actions.LoadFieldMapAction.execute(LoadFieldMapAction.java:56)
at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:271)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:425)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:455)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
Caused by: com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.sendSchemaRequest(SchemaRequest.java:131)
at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.getSchemaAttributes(SchemaRequest.java:142)
at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.getFieldDefinition(SchemaRequest.java:163)
at com.virsa.ae.configuration.bo.FieldMappingBO.getSAPFieldDefList(FieldMappingBO.java:126)
... 22 more
Caused by: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.setContent(SOAPPartImpl.java:192)
at com.sap.engine.services.webservices.jaxm.soap.SOAPMessageImpl.<init>(SOAPMessageImpl.java:83)
at com.sap.engine.services.webservices.jaxm.soap.MessageFactoryImpl.createMessage(MessageFactoryImpl.java:35)
at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.sendSchemaRequest(SchemaRequest.java:118)
... 25 more
Caused by: com.sap.engine.lib.xml.parser.NestedSAXParserException: Fatal Error: com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)(:main:, row=5, col=18) -> com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)
at com.sap.engine.lib.xml.parser.DOMParser.parse(DOMParser.java:139)
at com.sap.engine.lib.xml.parser.DOMParser.parse(DOMParser.java:173)
at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.parseDocument(SOAPPartImpl.java:221)
at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.setContent(SOAPPartImpl.java:189)
... 28 more
Caused by: com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)
Appreciate your response.
Thanks
Kee -
Policy Schedule - User Logout or System Shutdown
I'm having issues running inventory on these events. Running the
inventory on "User Logout" runs as per the scheduler but the inventory
doesn't seem to be submitted unless the user actually selected "Log
Off". If I set the policy schedule to "System Shutdown" the inventory
never seems to run as per the scheduler and no inventory data is submitted.
My reasoning for testing inventory on these two events backs into a
recent post I made re: real-time av scanning. Having the inventory run
on startup, which is the current schedule (below normal priority),
generates a large number of file opens/reads (>10000). The real-time av
components on each PC must scan each of the files, which consumes too
much CPU time for too long. This results in delays on login that are
gaining visibility...
In short, i'm looking for alternatives to running inventory on system
startup that still allow the a current inventory to be maintained.jd,
It appears that in the past few days you have not received a response to your posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp
- Check all of the other support tools and options available at http://support.novell.com in both the "free product support" and "paid product support" drop down boxes.
- You could also try posting your message again. Make sure it is posted in the correct newsgroup. (http://support.novell.com/forums)
If this is a reply to a duplicate posting, please ignore and accept our apologies and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://support.novell.com/forums/ -
Hello everybody I have configured a Policy Agent for Web Server, but I want to set the REMOTE_USER variable to the user's mail attribute instead of the user id.
in the AMAgent.properties says:
# This property allows the user to configure the User Id parameter passed
# by the session information from the identity server. The value of User
# Id will be used by the agent to set the value of REMOTE_USER server
# variable. By default this parameter is set to "UserId"
#com.sun.am.policy.am.userIdParam=UserId
But I don't know what values are valid, I have tried with mail and does not work. Any ideas?
ThanksWeird enough, changing to ADAM data store (and not "standard" AD datastore) solved the problem :D
I still wonder why since both plugins share the same java [implementing] class...
Regards,
Tony -
Hi Experts,
OIM Build Number: 1866.62 ( BP15 )
IHAC that faced an unexpected behavior on User disabling.
Some users were associated to groups that had access policies applied.
When those users were disabled, they didnt lose their associated groups and also the resource and permission associated thru access policy applied to those groups.
I saw that there was a bug reported to that issue. So I performed the action plan and set up the XL.EvaluateMembershipForInactiveUser System Property as TRUE. Now after disabling the users are properly removed from groups.
Customer problem: For those users, almost 1000, I did a recon just to estimule the identity, so the membership rule was applied and the groups were removed, but OIM didn't evaluate the access policies and didn't revoke the resources.
I ran the Evaluate User Policies task, and it seems to be stuck. Should the Evaluate User Policies schedule task work for that scenario? Should the resource after running that task be revoked?
Any help would be very appreciated.Hi Nishith,
I ran the task, but it seems really stuck. It displays the RUNNING status, but any effect is observed. I have to change task status to INACTIVE in the Design Console.
This task has 2 attributes: Batch Size= 500 and Number of Threads=20.
But I have noticed this task in another environment (w/ BP 18 applied), it has 3 attributes: Batch Size= 500 ; Number of Threads=20 and Time Limit in mins=1.
Is it any enhancement for this task in order to improve its performance, or something like that?
What else I can check?
Thanks in advance. -
Can i see the Version of a Policy in the Registry
Hello,
we plan to do an update of our Zenclients, an we are looking for a way, that we can find out the Version of the Policy, which is enforced on the Client.
Is there a way to find this out in the Registry of the Vlient?
Thxufrich1,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://www.novell.com/support and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Forums Team
http://forums.novell.com -
Best Practice: Deploying Group Policy to Users on different OUs
Greetings, everyone! I am needing some advice on how to deploy some group policy objects to specific users stored on different OUs.
Let me set the stage: I work for a large school district, and have recently taken over the district's career center. The idea behind the career center is that students from different high schools around the city come in to take classes based on their choice
of career, such as radio broadcasting or auto mechanic and such. The AD structure is set up so that each school has their own OU. When a user (staff, student, etc.) is assigned to a school OU, they automatically are added to
their school's security group (i.e. EASTHIGH-STUDENT), and that when any user moves from one school to another, we have to move their AD account to that school's OU, which will remove the security group from the old school and apply the new school
security group.
For the career center, since we have students coming from different buildings every day, rather than trying to find a way to move their AD account from their high school OU to the career center OU, the previous techs created generic accounts (such as tv001,
tv002, etc.) in AD and stored them in the career center OU. This way, teachers can assign students that particular generic account so that they can access the drives and printers from the career center, as well as access the career center network
drives while they are at their home high school.
Since I have moved to the career center, and apparently I have more knowledge about group policy than most of the techs in the district, the district system engineers want me to remove all of the generic accounts from the career center OU, and have students
use their own AD accounts. Obviously I also want to do this since the generic accounts are very confusing to me, but I'm trying to figure out the best way to do this.
For simplicity sake, I'm just going to start off by figuring out how to set up a group policy for mapping the career center drives. Now, I obviously know that the best way would be to create security groups for each career area, and that we would need
to add students to those groups so that only those particular students would get the GPO for the career center, but my question is where would I like the group policies to? Do I need to link it at the root of the domain so that every OU is hit?
Just curious about this.
Thanks!Don't link it to the root.... apply the drive mapping as a policy at the OU or you could apply the drive mapping using Group Policy Preferences using security group targeting... .I would also strongly recommend you check out my articles
Best Practice: Active Directory Structure Guidelines
– Part 1
Best Practice: Group Policy Design Guidelines – Part 2
Hope it helps...
Maybe you are looking for
-
Hi friends, If anyone have developed ALV report for Bill Of Material.than pls give me sample code.... Material A Mterial B Material C
-
Can't get apache to parse xml pages
have installed xmlbean cocoon jdk and still can't get apache to parse the xml pages please help...does any one have a win32 compiled mod_xml?
-
Email & SMS issues : E71
Hi, Problem started recently, it was working fine for about 1 week. I could not open and email or sms. Not sure whether is it any software i installed, but have since remove most of it. The other issues that's bothering me is when ever i reset my HP,
-
Eudora crashing since installing Security Update 2010-001
Eudora has been crashing 100% of the time since I installed Security Update 2010-001 for Leopard. Is anyone else having this problem? Any suggestions for a resolution? Thanks.
-
In the initars.ora file, I have background_dump_dest= /u01/home/dba/oracle/admin/ars/bdump core_dump_dest = /u01/home/dba/oracle/admin/ars/cdump user_dump_dest = /u01/home/dba/oracle/admin/ars/udump When I try to create database it from the scripts (