Provisioning TAM Policy Data & User Registry Data

I am using TAM API to provision the policy data. However I am not able to provision the user registry data using TAM API. Is this not possible?
( As a workaround I am using LDAP to provision TAM User Registry Data)

Anyone has integrated Sun Identity Manager with Tivoli Access manager via TAM API ?

Similar Messages

  • User Profile Disks - User registry data

    In Server 2012 standard (not R2)
     using RD
     in Session Collection
     and in the "User Profile Disks" tab
     I have ticked “Enable user profile disks”
    If I select the second radar-button
    "Store only the following folders on the user profile disk"
    What is the effect of ticking "User registry data" ?
    What is the result in the template.vhdx ?
    and when a new user logs in
    Is all the user registry "moved" to the UPD user .vhdx file where it is then maintained
    or
    Is a folder re-direction preserved in the UPD and the registry data still updated in its original location ?

    Hi,
    Thank you for your posting in Windows Server Forum.
    During first logon, a virtual disk (VHDX) is created from a template disk. This VHDX is attached to the virtual machine or RD Session Host server that the user is logging on to. The profile service is then notified to use this VHDX as the location for the user’s
    profile. When the user logs off, the VHDX is then detached from the virtual machine.
    By default, the entire user’s profile is stored on the user profile disk. This includes the Documents folder, the user’s registry hive (holds application and Windows settings), and much more.
    On subsequent logons to the collection, the VHDX is remounted to whatever virtual machine or RD Session Host server the user is logging on to. The user then has access to everything in his or her profile, even if this is a different virtual machine, or if the
    virtual machine has been rolled back to a clean state between logons.
    For more information, please check beneath article.
    Easier User Data Management with User Profile Disks in Windows Server 2012
    http://blogs.msdn.com/b/rds/archive/2012/11/13/easier-user-data-management-with-user-profile-disks-in-windows-server-2012.aspx
    Working with User Profile Disks on Session-Based Desktop Deployments
    http://www.virtualizationadmin.com/articles-tutorials/vdi-articles/general/working-with-user-profile-disks-on-session-based-desktop-deployments.html
    Hope it helps!
    Thanks,
    Dharmesh

  • Configuring group policy for user profiles in Windows Server 2012 R2 Domain

    Requesting some experts advise on configuring group policy for user profiles.
    We will be building new Windows Server 2012 R2 Domain Controllers (Domain of 400 users).
    The settings which I am concerned:
    1. Folder Redirection: Desktop, Documents, Favorites.
    2. Quota for Folder Redirection - 1 GB per user.
    3. Map a networked drive - 1 GB per user.
    4. Roaming profile - (Will ignore if it does not suit our requirement). 
    The question is how outlook profile will be retained / automatically moved if the users move from once computer to other?
    FYI, E-mails hosted on MS Office365 and OST file size of few users more than 25GB. So, in case the user moves from one computer to other, the entire mailbox will be downloaded via internet. This consumes high bandwidth if more than 3-4 users shift per day.
    Thanks a lot for your valuable time and efforts.

    Hi,
    >>The question is how outlook profile will be retained / automatically moved if the users move from once computer to other?
    This depends on where our outlook data files are stored. If these data files are stored under
    drive:\Users\<username>\AppData\Local, then these files can’t be redirected, for folder redirection can’t redirect appdata local or locallow.
    However, regarding your question, we can refer to the following thread to find the solution.
    Roam outlook profiles without roaming profiles
    http://social.technet.microsoft.com/Forums/office/en-US/3908b8e0-8f44-4a34-8eb5-5a024df3463e/roam-outlook-profiles-without-roaming-profiles
    In addition, regarding how to configure folder redirection, the following article can be referred to for more information.
    Configuring Folder Redirection
    http://technet.microsoft.com/library/cc786749.aspx
    Hope it helps.
    Best regards,
    Frank Shen

  • Event ID 1085 on DC - Failed to Apply the Group Policy Local Users and Groups Settings

    I have a domain with 2 DCs.  The primary DC is running Server 2012 and is raising Event ID 1085 every 10 minutes and 20 seconds.
    Windows failed to apply the Group Policy Local Users and Groups settings. Group Policy Local Users and Groups settings might have its own log file. Please click on the "More information" link.
    System
    - Provider
    [ Name] Microsoft-Windows-GroupPolicy
    [ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
    EventID 1085
    Version 0
    Level 3
    Task 0
    Opcode 1
    Keywords 0x8000000000000000
    - TimeCreated
    [ SystemTime] 2014-10-20T20:09:03.706992400Z
    EventRecordID 130087
    - Correlation
    [ ActivityID] {FDDFB8C5-9ECF-41B9-B2B4-3AD0B345A37A}
    - Execution
    [ ProcessID] 1000
    [ ThreadID] 3280
    Channel System
    Computer SERVER.DOMAIN.NAME
    - Security
    [ UserID] S-1-5-18
    - EventData
    SupportInfo1 1
    SupportInfo2 4404
    ProcessingMode 0
    ProcessingTimeInMilliseconds 10343
    ErrorCode 183
    ErrorDescription Cannot create a file when that file already exists.
    DCName \\SERVER.DOMAIN.name
    ExtensionName Group Policy Local Users and Groups
    ExtensionId {17D89FEC-5C44-4972-B12D-241CAEF74509}
    Everything I look up for Event ID 1085 seems to be about a different cause.
    Any ideas?

    I enabled tracing on a domain gpo and I still get the error when running gpupdate /force .
    I'm also still getting Event 1085.  Here's the trace file.  I've anonymized the site/domain and the GUIDs.
    2014-10-21 11:16:54.003 [pid=0x3e8,tid=0xcd0] Entering ProcessGroupPolicyExLocUsAndGroups()
    2014-10-21 11:16:54.018 [pid=0x3e8,tid=0xcd0] SOFTWARE\Policies\Microsoft\Windows\Group Policy\{GUID-1}
    2014-10-21 11:16:54.018 [pid=0x3e8,tid=0xcd0] BackgroundPriorityLevel ( 0 )
    2014-10-21 11:16:54.018 [pid=0x3e8,tid=0xcd0] DisableRSoP ( 0 )
    2014-10-21 11:16:54.018 [pid=0x3e8,tid=0xcd0] LogLevel ( 2 )
    2014-10-21 11:16:54.018 [pid=0x3e8,tid=0xcd0] Command subsystem initialized. [SUCCEEDED(S_FALSE)]
    2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] Background priority set to 0 (Idle).
    2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ----- Parameters
    2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] CSE GUID : {GUID-1}
    2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] Flags : ( X ) GPO_INFO_FLAG_MACHINE - Apply machine policy rather than user policy
    2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( X ) GPO_INFO_FLAG_BACKGROUND - Background refresh of policy (ok to do slow stuff)
    2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_SLOWLINK - Policy is being applied across a slow link
    2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_VERBOSE - Verbose output to the eventlog
    2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_NOCHANGES - No changes were detected to the Group Policy Objects
    2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_LINKTRANSITION - A change in link speed was detected between previous policy application and current policy application
    2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_LOGRSOP_TRANSITION - A change in RSoP logging was detected between the application of the previous policy and the application of the current policy.
    2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( X ) GPO_INFO_FLAG_FORCED_REFRESH - Forced Refresh is being applied. redo policies.
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_SAFEMODE_BOOT - windows safe mode boot flag
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_ASYNC_FOREGROUND - Asynchronous foreground refresh of policy
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Token (computer or user SID): S-1-5-18
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Abort Flag : Yes (0x313be090)
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] HKey Root : Yes (0x80000002)
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Deleted GPO List : No
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Changed GPO List : Yes
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Asynchronous Processing : Yes
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Status Callback : No (0x00000000)
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] WMI namespace : Yes (0x32273740)
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] RSoP Status : Yes (0x320cc7f4)
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Planning Mode Site : (none)
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Computer Target : No (0x00000000)
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] User Target : No (0x00000000)
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Calculated list relevance. [SUCCEEDED(S_FALSE)]
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ----- Changed - 0
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Options : ( ) GPO_FLAG_DISABLE - This GPO is disabled.
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GPO_FLAG_FORCE - Do not override the settings in this GPO with settings in a subsequent GPO.
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Options (raw) : 0x00000000
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Version : 19267878 (0x01260126)
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] GPC : LDAP://CN=Machine,CN={GUID-2},CN=Policies,CN=System,DC=SITE,DC=DOMAIN
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] GPT : \\SITE.DOMAIN\sysvol\SITE.DOMAIN\Policies\{GUID-2}\Machine
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] GPO Display Name : Default Domain Policy
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] GPO Name : {GUID-2}
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] GPO Link : ( ) GPLinkUnknown - No link information is available.
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GPLinkMachine - The GPO is linked to a computer (local or remote).
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GPLinkSite - The GPO is linked to a site.
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( X ) GPLinkDomain - The GPO is linked to a domain.
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GPLinkOrganizationalUnit - The GPO is linked to an organizational unit.
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GP Link Error
    2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] lParam : 0x00000000
    2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] Prev GPO : No
    2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] Next GPO : Yes
    2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] Extensions : [{00000000-0000-0000-0000-000000000000}{GUID-3}][{GUID-1}{GUID-3}][{GUID-4}{GUID-5}{GUID-6}{GUID-7}{GUID-8}][{GUID-9}{GUID-10}][{GUID-11}{GUID-5}{GUID-6}]
    2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] lParam2 : 0x3146f978
    2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] Link : LDAP://DC=SITE,DC=DOMAIN
    2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] Purge GPH : C:\ProgramData\Microsoft\Group Policy\History\{GUID-2}\Machine\Preferences\Groups\Groups.xml
    2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] Read GPE XML data file (592 bytes total).
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ----- Changed - 1
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Options : ( ) GPO_FLAG_DISABLE - This GPO is disabled.
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ( ) GPO_FLAG_FORCE - Do not override the settings in this GPO with settings in a subsequent GPO.
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Options (raw) : 0x00000000
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Version : 1245203 (0x00130013)
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] GPC : LDAP://CN=Machine,CN={GUID-12},CN=Policies,CN=System,DC=SITE,DC=DOMAIN
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] GPT : \\SITE.DOMAIN\sysvol\SITE.DOMAIN\Policies\{GUID-12}\Machine
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] GPO Display Name : Default Domain Controllers Policy
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] GPO Name : {GUID-12}
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] GPO Link : ( ) GPLinkUnknown - No link information is available.
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ( ) GPLinkMachine - The GPO is linked to a computer (local or remote).
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ( ) GPLinkSite - The GPO is linked to a site.
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ( ) GPLinkDomain - The GPO is linked to a domain.
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ( X ) GPLinkOrganizationalUnit - The GPO is linked to an organizational unit.
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ( ) GP Link Error
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] lParam : 0x00000000
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Prev GPO : Yes
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Next GPO : No
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Extensions : [{00000000-0000-0000-0000-000000000000}{GUID-3}][{GUID-1}{GUID-3}][{GUID-9}{GUID-10}]
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] lParam2 : 0x324e8198
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Link : LDAP://OU=Domain Controllers,DC=SITE,DC=DOMAIN
    2014-10-21 11:16:54.127 [pid=0x3e8,tid=0xcd0] Purge GPH : C:\ProgramData\Microsoft\Group Policy\History\{GUID-12}\Machine\Preferences\Groups\Groups.xml
    2014-10-21 11:16:54.127 [pid=0x3e8,tid=0xcd0] Read GPE XML data file (592 bytes total).
    2014-10-21 11:16:54.143 [pid=0x3e8,tid=0xcd0] Completed get next GPO. [SUCCEEDED(S_FALSE)]
    2014-10-21 11:16:54.143 [pid=0x3e8,tid=0xcd0] WQL : SELECT * FROM RSOP_PolmkrSetting WHERE polmkrBaseCseGuid = "{GUID-1}"
    2014-10-21 11:16:54.143 [pid=0x3e8,tid=0xcd0] Purged 2 old RSoP entries.
    2014-10-21 11:16:54.143 [pid=0x3e8,tid=0xcd0] Logging 2 new RSoP entries.
    2014-10-21 11:16:54.159 [pid=0x3e8,tid=0xcd0] RSoP Entry 0
    2014-10-21 11:16:54.174 [pid=0x3e8,tid=0xcd0] RSoP Entry 1
    2014-10-21 11:16:54.174 [pid=0x3e8,tid=0xcd0] Completed get GPO list. [SUCCEEDED(S_FALSE)]
    2014-10-21 11:16:54.174 [pid=0x3e8,tid=0xcd0] IsRsopPlanningMode() [SUCCEEDED(S_FALSE)]
    2014-10-21 11:17:04.252 [pid=0x3e8,tid=0xcd0] Completed settings update (csePostProcess). [ hr = 0x800700b7 "Cannot create a file when that file already exists." ]
    2014-10-21 11:17:04.252 [pid=0x3e8,tid=0xcd0] Completed CSE post-processing. [ hr = 0x800700b7 "Cannot create a file when that file already exists." ]
    2014-10-21 11:17:04.267 [pid=0x3e8,tid=0xcd0] Leaving ProcessGroupPolicyExLocUsAndGroups() returned 0x000000b7

  • Lotus Notes Connector: Resource is provisioned but the Create User task...

    Hi,
    I am getting some problems with the Lotus Notes Connector. The resource is provisioned but the Create User task is rejected. In the Lotus Notes server log, there is no problem and the account was created successfully.
    Below is the response OIM has set to the task:
    Respuesta: ERROR_UNID_SET
    Descripción de Respuesta: User created successfully. Error while updating user unique attribute in the process form.
    Notas:
    As you can see below, there was no error when the adapter was executed:
    DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvisionsetPropertyEntered method
    INFO [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::loadAttributeMapping: START
    DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision: :loadAttributeMapping : Attribute Mapping file : C:\oracle\oim9101\xellerate/XLIntegrations/LotusNotes/config/attributemapping_prov.properties
    DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvisiongetParsedPropertiesEntered method
    DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvisiongetParsedProperties---- END
    DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : CreateMailDb true
    DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : ShortName
    DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : SecurityType 1
    DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : MailSystem 0
    DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : Storeaddbook true
    DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : SynchInternetPwd true
    DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : InternetAddress
    DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : CertifierIDFile C:\Lotus\Domino\Data\cert.id
    DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : Registrationlog
    DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : MailOwnerAccess 0
    DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : MinPwdlen 8
    DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : Addbook true
    DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : RegistrationServer win2k3base/oimdev
    DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : OrgUnit during create -- oimdev
    DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : OrgUnit oimdev
    DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : MailQuotaWarning 40
    DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : Received null values for ExpirationDate:
    DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::getDefaultDate : Setting Default date
    DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : IdType 173
    DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : MailTemplateName
    DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : MailQuotaLimit 50
    DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : LastName : Gerente
    DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : IdFilePath : C:\Lotus\Domino\id
    DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : MailServer : win2k3base/oimdev
    DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : FirstName : Teste
    DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : Comment :
    DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : MiddleName :
    DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : Location :
    DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : MailDBPath : mail\
    DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : ForwardDomain : oimdev
    DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvisioncheckUserExistsEntered method
    DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::getUserName: Org Unit: oimdev
    DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::getUserName: Final UserName --- CN=Teste Gerente/OU=oimdev/oimdev
    DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvisioncheckUserExistsExiting method
    DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::getUserName: Org Unit: oimdev
    DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::getUserName: Final UserName --- CN=Teste Gerente/OU=oimdev/oimdev
    DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : User Name: CN=Teste Gerente/OU=oimdev/oimdev
    DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : Full Name: CN=Teste Gerente/O=oimdev
    INFO [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::createUser : User Created Successfully
    INFO [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::triggerAdminP : Invoking trigger AdminP
    DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::triggerAdminP : MailServer : win2k3base/oimdev
    DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::loadAdminpProperties : AdminP properties file : C:\oracle\oim9101\xellerate/XLIntegrations/LotusNotes/config/adminP.properties
    DEBUG [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' ADAPTER.LOTUSNOTES - LotusNotesProvision::triggerAdminP : AdminPCommand : tell adminp process all
    I've retried the Create User task and got the Lotus Console messages below. There is no error:
    10/20/2009 02:02:56 AM Admin Process: Checking for all requests to perform
    10/20/2009 02:03:30 AM DIIOP Server: 192.168.200.6 connected
    10/20/2009 02:03:36 AM Opened session for win2k3base/oimdev (Release 6.5.6)
    10/20/2009 02:03:36 AM Closed session for win2k3base/oimdev Databases accessed: 2 Documents read: 0 Documents written: 0
    10/20/2009 02:03:37 AM Certifying Teste Gerente/oimdev
    10/20/2009 02:03:48 AM Opened session for win2k3base/oimdev (Release 6.5.6)
    tell adminp process all >C:\DOCUME~1\ADMINI~1.WIN\LOCALS~1\Temp\rem22706.con
    10/20/2009 02:03:49 AM Admin Process: Checking for all requests to perform
    10/20/2009 02:03:49 AM Remote console command issued by win2k3base/oimdev: tell adminp process all
    10/20/2009 02:03:49 AM Closed session for win2k3base/oimdev Databases accessed: 0 Documents read: 0 Documents written: 0
    10/20/2009 02:03:49 AM DIIOP Server: 192.168.200.6 disconnected
    Any suggestion?
    Edited by: Renato.Guimaraes on 19/10/2009 21:04

    Sunny,
    I figured out the problem... Wrong configurations. See what I did:
    a) Reviewed the explanation below about the paramater certifierOU of Lotus Notes ITRes, so I set it to empty.
    certifierOU Specifies the OU of the certifier to be used when creating user accounts If you use a certifier on the target system, then you must specify the certifier OU value. If
    you do not have a certifier on the target system, then leave this parameter field empty.
    If there are multiple certifiers on the target system, then you must create one IT resource (of the Lotus Notes IT resource type) for each certifier. Refer to Oracle Identity Manager
    Design Console Guide for information about creating IT resources. If you specify a value for the certifierOU parameter, then the user OU value that you specify on the process form is ignored during the creation of a DN for a new user account.
    If you do not specify a value for the certifierOU parameter, then the user OU value that you specify on the process form is used in the DN. This feature ensures that only one OU value
    is included in the DN.
    If you specify a value for the certifierOU IT resource parameter, then user records for which the certifier OU value in the DN does not match the certifierOU parameter value are not
    reconciled. This is because the user DN is used to match records in the target system and Oracle Identity Manager, and a difference in the certifier OU value would lead to a
    mismatch in DN values. The following example illustrates this type of scenario:
    Suppose a user account on Lotus Notes has the following DN:
    CN=John Doe/OU=testcertou/O=test/C=US
    If testcertou has not been assigned as the value of the certifierOU parameter for any of the IT resources created on this Oracle Identity Manager installation, then the records of this
    user cannot be reconciled into Oracle Identity Manager.
    Sample value: NY
    b) The MailServer paramater was win2k3base/oimdev and I've changed it to CN=win2k3base/O=oimdev.
    c) As the certifierOU is clear now, so I have to inform the Orgnation Unit field in the process form.
    Thanks.
    Edited by: Renato.Guimaraes on 24/10/2009 23:19
    Edited by: Renato.Guimaraes on 24/10/2009 23:27

  • Provisioning Calendar to a user causes them to lose their local calendar

    Hi,
    Does anyone know of a workaround for the following situation?
    - After provisioning Calendar to a user who previously was using an Oracle email account through the Connector, when opening up the existing profile in Outlook (after entering the Calendar server details) their previous local Calendar, Tasks, Notes and Contacts are lost.
    - I realise that you can export them to a pst file but that has to be done manually and is not a realistic solution for us since we have a large number of users in this situation (i.e. we would require an automated fix).
    Yay or nay woud suffice :)
    Cheers,
    Damian

    Surprisingly, this morning all calendars showed up in my iPhone. Apparently there is a delay.
    But now there is another issue with the error:
    "The server responded with an error.
    Access to “event from years ago” in “the second added calendar” in account “local” is not permitted.
    The server responded:
    “403” to operation CalDAVWriteEntityQueueableOperation."
    [Ignore] [Try Again] [Revert to Server]
    Each event starting with the beginning of that calendar (years ago) seems to generate an error. It will take a day to click on Ignore for all those events.
    Will ask this in a new thread. For now the issue this thread is about is solved, thank you. I also updated my profile, except for my iPad. No 'edit' option next to that one. Strange.

  • List of Provisioned Resources for a user

    hi
    is there a way of Getting list of all the resources that have been provisioned to a particular user through API provided with OIM.
    i can to do it through a SQL query but wanted to know if its possible through the OIM API , basically i will pass in the userkey and it should give me list of all the resources that have been provisioned to the user and are enabled.
    thanks

    tcUserOperationsIntf.getObjects seems to do exactly just that .
    please ignore the post

  • Processing of Group Policy failed - User Policy - Windows 7

    OP:
    http://social.technet.microsoft.com/Forums/en-US/w7itpronetworking/thread/191f1ee1-a551-446b-9808-ff66a952bb25
    When running a gpupdate I get the following message:
    Updating Policy...
    User policy could not be updated successfully. The following errors were encount
    ered:
    The processing of Group Policy failed. Windows could not authenticate to the Act
    ive Directory service on a domain controller. (LDAP Bind function call failed).
    Look in the details tab for error code and description.
    Computer Policy update has completed successfully.
    To diagnose the failure, review the event log or run GPRESULT /H GPReport.html f
    rom the command line to access information about Group Policy results.
    This only happens on one computer under a certain account; other accounts work fine and the problem account works fine on other computers. Therefore the problem is located on the Windows 7 computer.
    I have tracked it down to an LDAP error code 49. 
    I tried the MS sollution (http://technet.microsoft.com/en-us/library/cc727283(v=ws.10).aspx) but the credentials are sound.
    I can also connect to the DC with LDP.exe fine. 
    Here are the diagnostic read outs (GPResult was too long to post):
    Log Name:      System
    Source:        Microsoft-Windows-GroupPolicy
    Date:          2/29/2012 1:56:09 PM
    Event ID:      1006
    Task Category: None
    Level:         Error
    Keywords:     
    User:          Domain\UserAccount
    Computer:      Win7-ComputerA.FQDomain
    Description:
    The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" />
        <EventID>1006</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>1</Opcode>
        <Keywords>0x8000000000000000</Keywords>
        <TimeCreated SystemTime="2012-02-29T19:56:09.732842600Z" />
        <EventRecordID>32458</EventRecordID>
        <Correlation ActivityID="{CECE6DDC-E7CC-4563-8109-E62382F645D4}" />
        <Execution ProcessID="984" ThreadID="3688" />
        <Channel>System</Channel>
        <Computer>Win7-ComputerA.FQDomain</Computer>
        <Security UserID="S-1-5-21-416373151-1271962822-2142307910-40105" />
      </System>
      <EventData>
        <Data Name="SupportInfo1">1</Data>
        <Data Name="SupportInfo2">5012</Data>
        <Data Name="ProcessingMode">0</Data>
        <Data Name="ProcessingTimeInMilliseconds">1326</Data>
        <Data Name="ErrorCode">49</Data>
        <Data Name="ErrorDescription">Invalid Credentials</Data>
        <Data Name="DCName">
        </Data>
      </EventData>
    </Event>
    Windows IP Configuration
       Host Name . . . . . . . . . . . . : WIN7-ComputerA
       Primary Dns Suffix  . . . . . . . : FQDomain
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : FQDomain
                                           ParentDomain
    Ethernet adapter Local Area Connection:
       Connection-specific DNS Suffix  . : FQDomain
       Description . . . . . . . . . . . : Intel(R) 82579LM Gigabit Network Connecti
    on
       Physical Address. . . . . . . . . : 00-21-CC-5F-CF-DF
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 216.71.244.28(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Lease Obtained. . . . . . . . . . : Wednesday, February 29, 2012 12:38:25 PM
       Lease Expires . . . . . . . . . . : Thursday, March 01, 2012 12:38:24 PM
       Default Gateway . . . . . . . . . : 216.71.244.1
       DHCP Server . . . . . . . . . . . : 216.71.244.2
       DNS Servers . . . . . . . . . . . : 216.71.244.2
                                           216.71.240.120
                                           216.71.240.132
       Primary WINS Server . . . . . . . : 216.71.244.2
       Secondary WINS Server . . . . . . : 216.71.240.130
                                           216.71.240.122
       NetBIOS over Tcpip. . . . . . . . : Enabled
    Wireless LAN adapter Wireless Network Connection:
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Intel(R) WiFi Link 1000 BGN
       Physical Address. . . . . . . . . : 8C-A9-82-B0-67-E8
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes

    Hi,
    It sound like port blocking issue, Seems your client system connecting 216.71.240.x DNS Servers as a logon server and which seems on different subnet
    as per subnet mask, So there must be a router or firewall in between and so it might be Active directory ports are being blocked.
    So first for testing purpose just remove other
    216.71.240.x DNS
    servers from TCP/IP configuration and clear dns cache
    ipconfig/flushdns
    and restart the system. check if it works.
    or run this command on DC
    dcdiag /test:dns
    and share the error report.
    Cheers!
    Sanjay

  • Best way to force password policy on users within 1-2 weeks?

    We have a Server 2008 R2 domain.
    I'd read that the password policy in GPO is only available for Computer Configuration, not User Configuration? Is that correct? 
    If so, that's not very flexible and will make things trickier for us.  
    And regarding enforcing a password policy with a GPO on our local domain, do you know of a way to force users to change their passwords within say 1 week?    (the only options I know of are on the AD User account properties check a box "User
    must change password at next logon" (then you'd have to force them to log out) OR relying on AD's internal formula:
    webactivedirectory.com/.../how-active-directory-calculates-account-password-expiration-dates .  The problem I see with the latter is if your user hasn't changed their pw for a year you'd have to wait a year+how many days you set for max password
    age?
    spnewbie

    To add, the password policy is applied at the domain level and only works at the domain level. It's not the fact that it's at the "Computer Level" or "User Level" or not, it's the fact that it's only set at the domain level.
    Account policies (Password, Lockout and Kerb), are all under the Computer Config because it forces it to apply to all user accounts that access all machines.
    If you tried to create a password policy at any other level (any OU), it won't work. The only option is to use PSOs, as Mahdi pointed out.
    As for that Spiceworks thread, I would suggest to post a question about a specific product to the product vendor's support forum for accurate responses.
    Here's an excerpt from MOC 6425C Configuring and Troubleshooting Windows Server 2008 Active Directory, page 10-8 (and this applies to all versions of AD):
    Active Directory supports one set of password and lockout policies for a domain. These policies are configured in a GPO that is scoped to the domain. A new domain contains a GPO called the Default Domain Policy that is linked to the domain and that includes
    the default policy settings for password, account lockout, and Kerberos policies. You can change the settings by editing the Default Domain Policy GPO.
    The best practice is to edit the Default Domain Policy GPO to specify the password policy settings for your organization. You should also use the Default Domain Policy GPO to specify account lockout policies and Kerberos policies. Do not use the Default
    Domain Policy GPO to deploy any other custom policy settings. In other words, the Default Domain Policy GPO only defines the password, account lockout, and Kerberos policies for the domain. Additionally, do not define password, account lockout, or Kerberos
    policies for the domain in any other GPO.
    The password settings configured in the Default Domain Policy affect all user accounts in the domain. The settings can be overridden, however, by the password-related properties of the individual user accounts. On the Account tab of a user's Properties dialog
    box, you can specify settings such as Password Never Expires or Store Passwords Using Reversible Encryption. For example, if five users have an application that requires direct access to their passwords, you can configure the accounts for those users to store
    their passwords by using reversible encryption.
    Ace Fekay
    MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

  • Provisioning EP roles and user groups through CUP

    Hello experts,
    I am configuring EP provisioning through CUP.
    I created the EP connector as per the instructions in the config guide. But I have not added any parameter values or did any field mapping. I have imported necessary Portal roles.
    My EP connector is tested successful. But when I try to provision a role through CUP, I get this error:
    Error processing your request, Request no: 4 in stage : NEW_AS11.
    In the log it shows,  Field Mapping is not set for Application  (EP)
    But when I go to field mapping, I get this error for EP.
    Data retrieval from system XP1 failed : com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
    I could not find much documentation on fieldmapping.
    Are there any steps that I am missing for EP provisioning?
    Thanks in advance..
    Kee

    Thanks for your response.
    I have set up the parameters while setting up the EP connector in CUP.
    My role search URI is correct  but I am not sure about the last three parameters...
    ASSIGN_GROUPS:OC sapgroup
    ASSIGN_ROLES:OC saprole
    CHANGE_USER:OC sapuser
    CREATE_USER:OC sapuser
    CREATE_USER:password password
    DELETE_USER:OC sapuser
    LOCK_USER:OC sapuser
    LOCK_USER:islocked true
    RESET_PASSWORD:OC sapuser
    RESET_PASSWORD:password password
    ROLESEARCH_URI -  http://portalserver name:port number/UserRoleSearchForAEService_5_3/Config1?wsdl&style=document
    ROLESEARCH_URI_USERNAME -  same user Id I provided for the connector
    ROLESEARCH_URI_PASSWORD See your system administrator for the value.
    UNLOCK_USER:OC Sapuser
    UNLOCK_USER:islocked false
    ROLE_DATA_SOURCE -- ROLE.UME_ROLE_PERSISTENCE.un:   ??? What  is the role data source?? Is the value that is  provided is correct for the UME roles
    SCHEMA_ID SAPprincipals   ?? What does this Schema Id mean???
    USER_DATA_SOURCE  ????  Should we mention the user data source on the Portal system. In our case, it is the LDAP. But what would be the corresponding parameter value for LDAP.
    So when I go to field mapping to create one for EP, I get the following error:
    Data retrieval from system XP1 failed : com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
    Log Details:
    2009-03-03 14:28:48,055 [SAPEngine_Application_Thread[impl:3]_19] ERROR Error in gettting Field Def
    com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
         at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.sendSchemaRequest(SchemaRequest.java:131)
         at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.getSchemaAttributes(SchemaRequest.java:142)
         at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.getFieldDefinition(SchemaRequest.java:163)
         at com.virsa.ae.configuration.bo.FieldMappingBO.getSAPFieldDefList(FieldMappingBO.java:126)
         at com.virsa.ae.configuration.actions.LoadFieldMapAction.execute(LoadFieldMapAction.java:56)
         at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:271)
         at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:425)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
         at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
         at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:455)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
         at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
         at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
         at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
         at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
         at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
         at java.security.AccessController.doPrivileged(Native Method)
         at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
         at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
    Caused by: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
         at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.setContent(SOAPPartImpl.java:192)
         at com.sap.engine.services.webservices.jaxm.soap.SOAPMessageImpl.<init>(SOAPMessageImpl.java:83)
         at com.sap.engine.services.webservices.jaxm.soap.MessageFactoryImpl.createMessage(MessageFactoryImpl.java:35)
         at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.sendSchemaRequest(SchemaRequest.java:118)
         ... 25 more
    Caused by: com.sap.engine.lib.xml.parser.NestedSAXParserException: Fatal Error: com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)(:main:, row=5, col=18) -> com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)
         at com.sap.engine.lib.xml.parser.DOMParser.parse(DOMParser.java:139)
         at com.sap.engine.lib.xml.parser.DOMParser.parse(DOMParser.java:173)
         at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.parseDocument(SOAPPartImpl.java:221)
         at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.setContent(SOAPPartImpl.java:189)
         ... 28 more
    Caused by: com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)
         at com.sap.engine.lib.xml.parser.XMLParser.scanAttValue(XMLParser.java:1403)
         at com.sap.engine.lib.xml.parser.XMLParser.scanAttList(XMLParser.java:1577)
         at com.sap.engine.lib.xml.parser.XMLParser.scanElement(XMLParser.java:1712)
         at com.sap.engine.lib.xml.parser.XMLParser.scanContent(XMLParser.java:2442)
         at com.sap.engine.lib.xml.parser.XMLParser.scanElement(XMLParser.java:1843)
         at com.sap.engine.lib.xml.parser.XMLParser.scanContent(XMLParser.java:2442)
         at com.sap.engine.lib.xml.parser.XMLParser.scanElement(XMLParser.java:1843)
         at com.sap.engine.lib.xml.parser.XMLParser.scanContent(XMLParser.java:2442)
         at com.sap.engine.lib.xml.parser.XMLParser.scanElement(XMLParser.java:1843)
         at com.sap.engine.lib.xml.parser.XMLParser.scanDocument(XMLParser.java:2845)
         at com.sap.engine.lib.xml.parser.XMLParser.parse0(XMLParser.java:231)
         at com.sap.engine.lib.xml.parser.AbstractXMLParser.parseAndCatchException(AbstractXMLParser.java:145)
         at com.sap.engine.lib.xml.parser.AbstractXMLParser.parse(AbstractXMLParser.java:160)
         at com.sap.engine.lib.xml.parser.AbstractXMLParser.parse(AbstractXMLParser.java:261)
         at com.sap.engine.lib.xml.parser.Parser.parseWithoutSchemaValidationProcessing(Parser.java:280)
         at com.sap.engine.lib.xml.parser.Parser.parse(Parser.java:342)
         at com.sap.engine.lib.xml.parser.DOMParser.parse(DOMParser.java:101)
         ... 31 more
    2009-03-03 14:28:48,055 [SAPEngine_Application_Thread[impl:3]_19] ERROR com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
    com.virsa.ae.core.BOException: com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
         at com.virsa.ae.configuration.bo.FieldMappingBO.getSAPFieldDefList(FieldMappingBO.java:134)
         at com.virsa.ae.configuration.actions.LoadFieldMapAction.execute(LoadFieldMapAction.java:56)
         at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:271)
         at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:425)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
         at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
         at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:455)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
         at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
         at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
         at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
         at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
         at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
         at java.security.AccessController.doPrivileged(Native Method)
         at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
         at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
    Caused by: com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
         at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.sendSchemaRequest(SchemaRequest.java:131)
         at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.getSchemaAttributes(SchemaRequest.java:142)
         at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.getFieldDefinition(SchemaRequest.java:163)
         at com.virsa.ae.configuration.bo.FieldMappingBO.getSAPFieldDefList(FieldMappingBO.java:126)
         ... 22 more
    Caused by: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
         at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.setContent(SOAPPartImpl.java:192)
         at com.sap.engine.services.webservices.jaxm.soap.SOAPMessageImpl.<init>(SOAPMessageImpl.java:83)
         at com.sap.engine.services.webservices.jaxm.soap.MessageFactoryImpl.createMessage(MessageFactoryImpl.java:35)
         at com.virsa.ae.provisioning.idm.spml.request.SchemaRequest.sendSchemaRequest(SchemaRequest.java:118)
         ... 25 more
    Caused by: com.sap.engine.lib.xml.parser.NestedSAXParserException: Fatal Error: com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)(:main:, row=5, col=18) -> com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)
         at com.sap.engine.lib.xml.parser.DOMParser.parse(DOMParser.java:139)
         at com.sap.engine.lib.xml.parser.DOMParser.parse(DOMParser.java:173)
         at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.parseDocument(SOAPPartImpl.java:221)
         at com.sap.engine.services.webservices.jaxm.soap.SOAPPartImpl.setContent(SOAPPartImpl.java:189)
         ... 28 more
    Caused by: com.sap.engine.lib.xml.parser.ParserException: XMLParser: Bad Attribute value: ' or " expected!(:main:, row:5, col:18)
    Appreciate your response.
    Thanks
    Kee

  • Policy Schedule - User Logout or System Shutdown

    I'm having issues running inventory on these events. Running the
    inventory on "User Logout" runs as per the scheduler but the inventory
    doesn't seem to be submitted unless the user actually selected "Log
    Off". If I set the policy schedule to "System Shutdown" the inventory
    never seems to run as per the scheduler and no inventory data is submitted.
    My reasoning for testing inventory on these two events backs into a
    recent post I made re: real-time av scanning. Having the inventory run
    on startup, which is the current schedule (below normal priority),
    generates a large number of file opens/reads (>10000). The real-time av
    components on each PC must scan each of the files, which consumes too
    much CPU time for too long. This results in delays on login that are
    gaining visibility...
    In short, i'm looking for alternatives to running inventory on system
    startup that still allow the a current inventory to be maintained.

    jd,
    It appears that in the past few days you have not received a response to your posting. That concerns us, and has triggered this automated reply.
    Has your problem been resolved? If not, you might try one of the following options:
    - Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp
    - Check all of the other support tools and options available at http://support.novell.com in both the "free product support" and "paid product support" drop down boxes.
    - You could also try posting your message again. Make sure it is posted in the correct newsgroup. (http://support.novell.com/forums)
    If this is a reply to a duplicate posting, please ignore and accept our apologies and rest assured we will issue a stern reprimand to our posting bot.
    Good luck!
    Your Novell Product Support Forums Team
    http://support.novell.com/forums/

  • Policy Agent User ID

    Hello everybody I have configured a Policy Agent for Web Server, but I want to set the REMOTE_USER variable to the user's mail attribute instead of the user id.
    in the AMAgent.properties says:
    # This property allows the user to configure the User Id parameter passed
    # by the session information from the identity server. The value of User
    # Id will be used by the agent to set the value of REMOTE_USER server
    # variable. By default this parameter is set to "UserId"
    #com.sun.am.policy.am.userIdParam=UserId
    But I don't know what values are valid, I have tried with mail and does not work. Any ideas?
    Thanks

    Weird enough, changing to ADAM data store (and not "standard" AD datastore) solved the problem :D
    I still wonder why since both plugins share the same java [implementing] class...
    Regards,
    Tony

  • [OIM 9.1.0.2] RESOURCE NOT REVOKED BY ACCESS POLICY WHEN USER DISABLED

    Hi Experts,
    OIM Build Number: 1866.62 ( BP15 )
    IHAC that faced an unexpected behavior on User disabling.
    Some users were associated to groups that had access policies applied.
    When those users were disabled, they didnt lose their associated groups and also the resource and permission associated thru access policy applied to those groups.
    I saw that there was a bug reported to that issue. So I performed the action plan and set up the XL.EvaluateMembershipForInactiveUser System Property as TRUE. Now after disabling the users are properly removed from groups.
    Customer problem: For those users, almost 1000, I did a recon just to estimule the identity, so the membership rule was applied and the groups were removed, but OIM didn't evaluate the access policies and didn't revoke the resources.
    I ran the Evaluate User Policies task, and it seems to be stuck. Should the Evaluate User Policies schedule task work for that scenario? Should the resource after running that task be revoked?
    Any help would be very appreciated.

    Hi Nishith,
    I ran the task, but it seems really stuck. It displays the RUNNING status, but any effect is observed. I have to change task status to INACTIVE in the Design Console.
    This task has 2 attributes: Batch Size= 500 and Number of Threads=20.
    But I have noticed this task in another environment (w/ BP 18 applied), it has 3 attributes: Batch Size= 500 ; Number of Threads=20 and Time Limit in mins=1.
    Is it any enhancement for this task in order to improve its performance, or something like that?
    What else I can check?
    Thanks in advance.

  • Can i see the Version of a Policy in the Registry

    Hello,
    we plan to do an update of our Zenclients, an we are looking for a way, that we can find out the Version of the Policy, which is enforced on the Client.
    Is there a way to find this out in the Registry of the Vlient?
    Thx

    ufrich1,
    It appears that in the past few days you have not received a response to your
    posting. That concerns us, and has triggered this automated reply.
    Has your problem been resolved? If not, you might try one of the following options:
    - Visit http://www.novell.com/support and search the knowledgebase and/or check all
    the other self support options and support programs available.
    - You could also try posting your message again. Make sure it is posted in the
    correct newsgroup. (http://forums.novell.com)
    Be sure to read the forum FAQ about what to expect in the way of responses:
    http://forums.novell.com/faq.php
    If this is a reply to a duplicate posting, please ignore and accept our apologies
    and rest assured we will issue a stern reprimand to our posting bot.
    Good luck!
    Your Novell Forums Team
    http://forums.novell.com

  • Best Practice: Deploying Group Policy to Users on different OUs

    Greetings, everyone! I am needing some advice on how to deploy some group policy objects to specific users stored on different OUs.
    Let me set the stage: I work for a large school district, and have recently taken over the district's career center. The idea behind the career center is that students from different high schools around the city come in to take classes based on their choice
    of career, such as radio broadcasting or auto mechanic and such. The AD structure is set up so that each school has their own OU.  When a user (staff, student, etc.) is assigned to a school OU, they automatically are added to
    their school's security group (i.e. EASTHIGH-STUDENT), and that when any user moves from one school to another, we have to move their AD account to that school's OU, which will remove the security group from the old school and apply the new school
    security group.
    For the career center, since we have students coming from different buildings every day, rather than trying to find a way to move their AD account from their high school OU to the career center OU, the previous techs created generic accounts (such as tv001,
    tv002, etc.) in AD and stored them in the career center OU.  This way, teachers can assign students that particular generic account so that they can access the drives and printers from the career center, as well as access the career center network
    drives while they are at their home high school.
    Since I have moved to the career center, and apparently I have more knowledge about group policy than most of the techs in the district, the district system engineers want me to remove all of the generic accounts from the career center OU, and have students
    use their own AD accounts.  Obviously I also want to do this since the generic accounts are very confusing to me, but I'm trying to figure out the best way to do this.
    For simplicity sake, I'm just going to start off by figuring out how to set up a group policy for mapping the career center drives.  Now, I obviously know that the best way would be to create security groups for each career area, and that we would need
    to add students to those groups so that only those particular students would get the GPO for the career center, but my question is where would I like the group policies to?  Do I need to link it at the root of the domain so that every OU is hit? 
    Just curious about this.
    Thanks!

    Don't link it to the root.... apply the drive mapping as a policy at the OU or you could apply the drive mapping using Group Policy Preferences using security group targeting... .I would also strongly recommend you check out my articles
    Best Practice: Active Directory Structure Guidelines
    – Part 1
    Best Practice: Group Policy Design Guidelines – Part 2
    Hope it helps...

Maybe you are looking for

  • Regarding BOM report

    Hi friends,      If anyone have developed ALV report for Bill Of Material.than pls give me sample code.... Material A    Mterial B      Material C

  • Can't get apache to parse xml pages

    have installed xmlbean cocoon jdk and still can't get apache to parse the xml pages please help...does any one have a win32 compiled mod_xml?

  • Email & SMS issues : E71

    Hi, Problem started recently, it was working fine for about 1 week. I could not open and email or sms. Not sure whether is it any software i installed, but have since remove most of it. The other issues that's bothering me is when ever i reset my HP,

  • Eudora crashing since installing Security Update 2010-001

    Eudora has been crashing 100% of the time since I installed Security Update 2010-001 for Leopard. Is anyone else having this problem? Any suggestions for a resolution? Thanks.

  • User_dump_dest

    In the initars.ora file, I have background_dump_dest= /u01/home/dba/oracle/admin/ars/bdump core_dump_dest = /u01/home/dba/oracle/admin/ars/cdump user_dump_dest = /u01/home/dba/oracle/admin/ars/udump When I try to create database it from the scripts (