Purpose of Naming service in Access Manager

Can anyone please explain the
(1)purpose of Naming service in access manager
(2) where and how the naming service is used ( it would be great if anyone can explain the sequence of steps)?
Thanks,
Benjamin

1) You can compare it with a kind of "yellow page service". It tells clients which URL to use for spceific services.
2) Client sends naming request to naming service using an XML/HTTP protocol and also an SSOToken. Server sends back the naming-response. URLs within the response relate to the server where the SSOToken has been created.
-Bernhard
P.S. Please you Access Manager forum

Similar Messages

Securing Web Services with Access Manager

Hello All
I have installed the java_app_platform_sdk-5_04-windows.exe that comes with Acces Manager 7.1.
I want to secure a webservice, so I have created a webapplication (with netbeans 6) with a webservice inside. I have also create a web client application that calls the webservice. The providers are configured in the server and I have enabled the soap security .
When I use anonymous authentication everything works fine, but if I used any other security method the following exception arises:
[#|2008-04-29T09:41:07.343+0200|SEVERE|sun-appserver9.1|javax.enterprise.system.core.security|_ThreadID=21;_ThreadName=httpSSLWorkerThread-8080-0;_RequestID=1a997eb3-6287-41f4-a540-0b9c86841683;|AMServerAuthModule.validateRequest: Failed in Securing the Request.|#]
[#|2008-04-29T09:41:07.375+0200|WARNING|sun-appserver9.1|javax.enterprise.system.stream.err|_ThreadID=21;_ThreadName=httpSSLWorkerThread-8080-0;_RequestID=1a997eb3-6287-41f4-a540-0b9c86841683;|java.lang.reflect.InvocationTargetException
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at com.sun.identity.agents.jsr196.as9soap.AMServerAuthModule.validateRequest(AMServerAuthModule.java:173)
     at com.sun.enterprise.security.jmac.config.GFServerConfigProvider$GFServerAuthContext.validateRequest(GFServerConfigProvider.java:1179)
     at com.sun.enterprise.webservice.CommonServerSecurityPipe.processRequest(CommonServerSecurityPipe.java:168)
     at com.sun.enterprise.webservice.CommonServerSecurityPipe.process(CommonServerSecurityPipe.java:129)
     at com.sun.xml.ws.api.pipe.helper.PipeAdapter.processRequest(PipeAdapter.java:115)
     at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:595)
     at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:554)
     at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:539)
     at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:436)
     at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:243)
     at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:444)
     at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:244)
     at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:135)
     at com.sun.enterprise.webservice.JAXWSServlet.doPost(JAXWSServlet.java:159)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:738)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:831)
     at org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:411)
     at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:290)
     at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:271)
     at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:202)
     at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
     at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
     at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:94)
     at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:206)
     at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
     at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
     at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
     at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
     at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:150)
     at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
     at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
     at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
     at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
     at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:272)
     at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:637)
     at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:568)
     at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.process(DefaultProcessorTask.java:813)
     at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.executeProcessorTask(DefaultReadTask.java:341)
     at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:263)
     at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:214)
     at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:265)
     at com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:106)
Caused by: com.sun.identity.wss.security.SecurityException: Unsupported security mechanism.
     at com.sun.identity.wss.security.handler.SOAPRequestHandler.validateRequest(SOAPRequestHandler.java:232)
     ... 46 more
|#]
[#|2008-04-29T09:41:07.390+0200|SEVERE|sun-appserver9.1|javax.enterprise.system.core.security|_ThreadID=21;_ThreadName=httpSSLWorkerThread-8080-0;_RequestID=1a997eb3-6287-41f4-a540-0b9c86841683;|SEC2002: Container-auth: wss: Error validating request
com.sun.enterprise.security.jauth.AuthException: Validating Request failed
     at com.sun.identity.agents.jsr196.as9soap.AMServerAuthModule.validateRequest(AMServerAuthModule.java:188)
     at com.sun.enterprise.security.jmac.config.GFServerConfigProvider$GFServerAuthContext.validateRequest(GFServerConfigProvider.java:1179)
     at com.sun.enterprise.webservice.CommonServerSecurityPipe.processRequest(CommonServerSecurityPipe.java:168)
     at com.sun.enterprise.webservice.CommonServerSecurityPipe.process(CommonServerSecurityPipe.java:129)
     at com.sun.xml.ws.api.pipe.helper.PipeAdapter.processRequest(PipeAdapter.java:115)
     at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:595)
     at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:554)
     at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:539)
     at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:436)
     at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:243)
     at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:444)
     at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:244)
     at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:135)
     at com.sun.enterprise.webservice.JAXWSServlet.doPost(JAXWSServlet.java:159)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:738)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:831)
     at org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:411)
     at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:290)
     at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:271)
     at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:202)
     at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
     at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
     at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:94)
     at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:206)
     at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
     at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
     at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
     at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
     at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:150)
     at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
     at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
     at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
     at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
     at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:272)
     at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:637)
     at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:568)
     at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.process(DefaultProcessorTask.java:813)
     at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.executeProcessorTask(DefaultReadTask.java:341)
     at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:263)
     at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:214)
     at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:265)
     at com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:106)
Caused by: java.lang.reflect.InvocationTargetException
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at com.sun.identity.agents.jsr196.as9soap.AMServerAuthModule.validateRequest(AMServerAuthModule.java:173)
     ... 41 more
Caused by: com.sun.identity.wss.security.SecurityException: Unsupported security mechanism.
     at com.sun.identity.wss.security.handler.SOAPRequestHandler.validateRequest(SOAPRequestHandler.java:232)
     ... 46 more
|#]
It�s says something about th security mechanism is not supported. But I don�t know why. �Any idea?
Thank you

Hello again,
I am not using ssl. I am using the usernametoken or de saml-voucer mechanish and It happens in both. But with the anonymous mechanism doesnt happen.
...

New Segment of Access Manager-Federation Manager FAQ on Liberty and SAML

Sun Developer Network just published a new segment of a Sun Java System Access Manager and Sun Java System Federation Manager FAQ on Liberty Alliance and Security Assertion Markup Language (SAML). See http://developers.sun.com/identity/overview/faq/libertysaml.jsp.
The Q&As also shed light on those products' support for identity-based services in Access Manager, on the utilities for creating and maintaining federated connections, on the components in Federation Manager, and on other related topics.

This may not be the same as the problem you are seeing, but I was recently struggling with debugging an SSL connection out of the amserver, and eventually noticed that the amserver uses its own protocol handler rather than the sun.net.www.protocol included in java 1.4 and above. My guess is that this is because the amserver is older than java 1.4 but I'm not sure, they may have some other reason for using their own implementation.
If you look at the web server server.xml after the amserver install, you will see a line like:
<JVMOPTIONS>-Djava.protocol.handler.pkgs=com.iplanet.services.comm</JVMOPTIONS>
if you replace that with:
<JVMOPTIONS>-Djava.protocol.handler.pkgs=sun.net.www.protocol</JVMOPTIONS>
you might get the pre-amserver behaviour that you are after. Basically all of the httpsURLConnection things behave subtly differently otherwise, as when getting a HttpsURLConnection you are getting a com.iplanet.services.comm.https.HttpsURLConnection rather than a sun.net.www.protocol.https.HttpsURLConnection as you might be expecting.

Disabling JavaScript on Access Manager

Hi,
We are testing the liberty samples that come with the access manager using an LECP-enabled client. During the single sign on process, the service provider redirects to the identity provider but after typing the login information on identity provider, the access manager responds with a few redirects and finally sends content that contains javascript. The client browser in our case does not support javascript. We tried disabling javascript for our client on the "Browser UA" screen on the "Edit Client Types" page in the Client Detection Service on Access Manager console but it does not seem to have any effect. Is there any other way to disable Access Manager from sending javascript ?
Please help.
Thanks in advance.
Regards,
Aditya

does your client support meta-refresh tags? AM often uses javascript to redirect the user. You would have to go in and modify/create new template files for your client to work around it.

Access Manager 6 2005Q1 naming service behind load balancer

Access Manager is running on box A & box B using the Sun Web Server as its front end web server. Box A & B both have a complete install of Sun Web Server, Access Manager, and Directory Server. The Directory servers are set up to replicate changes between each other. Our Policy Agents are running on box C & box D under the Apache web servers.
Users will access applications on box C/D via https. The policy agents on box C/D should redirect the user to box A/B (via a load balancer VIP)for authentication. The redirect will be https. Once authenticated the user should be redirected back to box C/D.
All subsequent communications between the Agents on box C/D to AM on box A/B (via load balancer VIP) are http.
The load balancer VIP is setup in active/failover mode so all requests go to one server. We implemented it this way because our load balancers do not support SSL with cookies.
The data returned to the agent from a call to the naming service contains the host name of our AM hosts instead of the load balancer VIP. Subsequent calls from the agent to AM bypass the load balancer and go directly to one of the AM hosts.
We are looking to upgrade our load balancers to a version that supports cookies with ssl in order to take advantage of the second AM host.
How do we configure AM so the values returned by the naming service contain the load balancer VIP instead of the actual AM host names?

Bernhard,
We have upgraded our Web PA to version 2.1-09. One of your previous replies stated the com.iplanet.am.naming.ignoreNamingservice property was not availalbe in the PA agent properties but only in the Java SKD. Indeed we do not see such a key in the new Web PA AMAgent.properties.
Can you please explain how to configure the AMAgent.properties and/or the Access Manager server (or properties) so that subsequent calls to the services (returned by the call to the naming service) get directed thru the load balancer? Below are the setting in our AMAgent and AMConfig properties files
AMAgent.properties
com.sun.am.namingURL = https://lb-mydomain.com:443/amserver/namingservice
com.sun.am.policy.am.loginURL = https://lb-mydomain.com:443/amserver/UI/Login
AMConfig.properties
com.iplanet.am.server.protocol=https
com.iplanet.am.server.host=am.mydomain.com
com.iplanet.am.server.port=443
com.iplanet.am.console.protocol=https
com.iplanet.am.console.host=lb-mydomain.com
com.iplanet.am.console.port=443
com.iplanet.am.profile.host=lb-mydomain.com
com.iplanet.am.profile.port=443
com.iplanet.am.naming.url=https://lb-mydomain.com:443/amserver/namingservice
com.iplanet.am.notification.url=https://lb-mydomain.com:443/amserver/notifica
tionservice
If we set com.iplanet.am.server.host=lb-mydomain.com we get an exception when trying to start the AM web container. I don't know if this may be partof our issue or not. Please comment.
Thanks,
Craig

Securing web services with Sun Access Manager

Hi!
I have gone through some documentation about Sun Access Manager, and I'm a little bit confused.
What I want is to secure some web services which are deployed on a BEA WebLogic 9.1 server (WLS). Two solutions are possible: To install some kind of plugin into WLS or to place some kind of proxy in front of WLS. In both cases, the purpose would be to authenticate the caller based on some kind of ticket (SAML or similar) and authorize access to the web service.
I have read about the "Sun Java System Access Manager Policy Agent 2.2 for Weblogic 9.1" (those guys really like long names....), but in this documentation web services aren't mentioned at all. They only seem to care about HTTP requests from a browser.
I have also read about the Policy Agent 2.2 in the documentation called "Sun Java System Access Manager Policy Agent 2.2 Guide for Sun Java System Application Server 9.0/Web Services" (puh...). This document explicitly talks about securing web services the way I want.
My questions are:
1) Is it possible to secure WLS based web services in the same way using the Policy Agent for WLS?
2) Are there any documentation/tutorials/etc?
Thanks in advance :-)
Anders

what you need is a webservices agent that would enable you to "protect" your webservice provider, which I assume is on a BEA weblogic provider.
the "Sun Java System Access Manager Policy Agent 2.2 for Weblogic 9.1" is "NOT" awebservices agent, but a normal J2EE policy agent.
So.. having said that. here's what I'd recommend.
1. install the webservices agent on bea weblogic. (note: NOT the J2EE policy agent)
2. configure it to use your access manager instance for authentication.
3. configure your webservices client to use the webservice provider. (note: you'd need the webservices APi's available on the client too... so the quick dirty method would be to install the webservices agent on your client too....) you can later bundle the webservices client independently and provide your"customers" with a webservices client bundle...
4. voila... your webservices are not "protected" by acces manager ;-)

Configuring Access Manager as Service Provider

Hi All,
What documentation explains how to configure SSO with Access Manager 7 as Sefrvice Provider using redirect-artifact (or else) binding according to SAML v.2? I have SiteMinder 6.0 as IdP ready to go.
Thanks

Bernhard,
We have upgraded our Web PA to version 2.1-09. One of your previous replies stated the com.iplanet.am.naming.ignoreNamingservice property was not availalbe in the PA agent properties but only in the Java SKD. Indeed we do not see such a key in the new Web PA AMAgent.properties.
Can you please explain how to configure the AMAgent.properties and/or the Access Manager server (or properties) so that subsequent calls to the services (returned by the call to the naming service) get directed thru the load balancer? Below are the setting in our AMAgent and AMConfig properties files
AMAgent.properties
com.sun.am.namingURL = https://lb-mydomain.com:443/amserver/namingservice
com.sun.am.policy.am.loginURL = https://lb-mydomain.com:443/amserver/UI/Login
AMConfig.properties
com.iplanet.am.server.protocol=https
com.iplanet.am.server.host=am.mydomain.com
com.iplanet.am.server.port=443
com.iplanet.am.console.protocol=https
com.iplanet.am.console.host=lb-mydomain.com
com.iplanet.am.console.port=443
com.iplanet.am.profile.host=lb-mydomain.com
com.iplanet.am.profile.port=443
com.iplanet.am.naming.url=https://lb-mydomain.com:443/amserver/namingservice
com.iplanet.am.notification.url=https://lb-mydomain.com:443/amserver/notifica
tionservice
If we set com.iplanet.am.server.host=lb-mydomain.com we get an exception when trying to start the AM web container. I don't know if this may be partof our issue or not. Please comment.
Thanks,
Craig

When I download itunes, it says that Ipod Service failed to start. I checked the services under task manager and when I try to start it, it says access denied. How to I get access and for the ipod service to start and run?

Please help. My ipod classic could not be recognised by itunes when I connect my ipod to PC. Previously it has been recognised before I updated. This was a while ago now and so I removed all apple files and re installed the latest itunes but am having the same problem.
When I download itunes, it says that Ipod Service failed to start. I checked the services under task manager and when I try to start it, it says access denied. How to I get access and for the ipod service to start and run?

Some anti-virus programs (e.g., McAfee) have this rule that can be invoked under the "maximum protection" settings: PREVENT PROGRAMS REGISTERING AS A SERVICE. If that rule is set to BLOCK, then any attempt to install or upgrade iTunes will fail with an "iPod service failed to start" message.
If you are getting this problem with iTunes, check to see if your anti-virus has this setting and unset it, at least for as long as the iTunes install requires. Exactly how to find the rule and turn it on and off will vary, depending upon your anti-malware software. However, if your anti-virus or anti-malware software produces a log of its activities, examining the log may help you find the problem.
For example, here's the log entry for McAfee:
9/23/2009 3:18:45 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\WINDOWS\system32\services.exe \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\iPod Service Common Maximum Protection:Prevent programs registering as a service Action blocked : Create
Note that the log says "Common Maximum Protection: Prevent programs registering as a service". The "Common Maximum Protection" is the location of the rule, "Prevent programs registering as a service" is the rule. I used that information to track down the location in the McAfee VirusScan Console where I could turn the rule off.
After I made the change, iTunes installed without complaint.

Unable to connect to the Data Access service for this management server

Hate to raise a sleeping horse but was hoping someone might have some insight into why SCOM Report Server install is failing. I am using a domain account for SCOM 2012 R2 services in a distributive environment
with 2 management servers and 2 SQL servers…one for Ops db and one for DW db.
Install was failing on selecting the management server. Research led me to
Kevin Holman's site. I followed his doc and SPN are set per your config and can telnet to MGMT1 on 5723…firewall is off on all servers. I am a domain admin and scom.mgmt account (MSOMSdkSvc) is a local admin on the MGMT servers.
>setspn -l domain\scom.mgmt
Registered ServicePrincipalNames for CN=scom.mgmt,OU=Service Accounts,DC= domain,DC=net:
MSOMSdkSvc/SCOM-MGMT1
MSOMSdkSvc/SCOM-MGMT1.domain.net
MSOMSdkSvc/SCOM-MGMT2
MSOMSdkSvc/SCOM-MGMT2.domain.net
>setspn -l domain\scom-mgmt1
Registered ServicePrincipalNames for CN=SCOM-MGMT1,OU=SCOM,OU=INTERNAL,DC=domain,DC=net:
MSOMHSvc/SCOM-MGMT1.domain.net
TERMSRV/SCOM-MGMT1.domain.net
WSMAN/SCOM-MGMT1.domain.net
RestrictedKrbHost/SCOM-MGMT1.domain.net
HOST/SCOM-MGMT1.domain.net
MSOMHSvc/SCOM-MGMT1
TERMSRV/SCOM-MGMT1
WSMAN/SCOM-MGMT1
RestrictedKrbHost/SCOM-MGMT1
HOST/SCOM-MGMT1
>setspn -l domain\scom-mgmt2
Registered ServicePrincipalNames for CN=SCOM-MGMT2,OU=SCOM,OU=INTERNAL,DC=domain,DC=net:
MSOMHSvc/ SCOM-MGMT2.domain.net
MSOMHSvc/ SCOM-MGMT2
WSMAN/SCOM-MGMT2.domain.net
WSMAN/SCOM-MGMT2
        TERMSRV/SCOM-MGMT2.domain.net
TERMSRV/SCOM-MGMT2
RestrictedKrbHost/SCOM-MGMT2
HOST/CHH-SCOM-MGMT2
RestrictedKrbHost/CHH-SCOM-MGMT2.osi-asp.net
HOST/CHH-SCOM-MGMT2.osi-asp.net
>setspn -l domain\scom-ssrs
Registered ServicePrincipalNames for CN=SCOM-SSRS,OU=SCOM SQL,OU=SCOM,OU=CHH-INTERNAL,DC=domain,DC=net:
    WSMAN/SCOM-SSRS
WSMAN/SCOM-SSRS.domain.net
MSSQLSvc/SCOM-SSRS.domain.net
MSSQLSvc/SCOM-SSRS.domain.net:1433
    TERMSRV/SCOM-SSRS.domain.net
TERMSRV/SCOM-SSRS
RestrictedKrbHost/SCOM-SSRS
  HOST/SCOM-SSRS
RestrictedKrbHost/SCOM-SSRS.domain.net
HOST/SCOM-SSRS.domain.net
When I point to the MGMT server, I keep getting “Unable to connect to the Data Access service for this management server. Ensure the Data Access service is running and that the service, the management group, and setup are
all the same version”.
OpsMgrSetupWizard.log states…
Info:
:Could not connect to Management Server: scom-mgmt1.domain.net with exception: Threw Exception.Type: System.ArgumentException, Exception Error Code: 0x80070057, Exception.Message: Version string portion was too short or
too long.
Info:
:StackTrace:   at System.Version.TryParseVersion(String version, VersionResult& result) at System.Version..ctor(String version) at Microsoft.EnterpriseManagement.OperationsManager.Setup.Common.SetupHelpers.IsManagementServerCurrentVersion(String
managementServer) at Microsoft.EnterpriseManagement.OperationsManager.Setup.Common.SetupHelpers.CanConnectToManagementGroup(String managementServer)
When I searched on "Exception.Message: Version string portion was too short or too long" it led me to .Net strings in the reg. i deleted all refs to older versions (3.x) but still no good.
Bob

Well, I’m back to trying to get SCOM Report Server up and running. This time I decided to try the command line silent install and rely on logs to debug. But it still fails.
This is the script: SETUP /install /InstallPath:D:\Program Files\Microsoft System Center 2012 R2\Operations Manager /components:OMReporting /ManagementServer:<server>.<domain> /SRSInstance:<instance> /DataReaderUser:<domain>\<account>
/DataReaderPassword:******** /SendODRReports:0 /UseMicrosoftUpdate:0 /AcceptEndUserLicenseAgreement:1
When I run the script, I get a pop-up: “System CenterOperations Manager Setup has stopped working with the following:
Problem signature:
Problem Event Name:
CLR20r3
Problem Signature 01:
setupchainerui.exe
Problem Signature 02:
7.0.5000.0
Problem Signature 03:
522a5b85
Problem Signature 04:
mscorlib
Problem Signature 05:
4.0.0.0
Problem Signature 06:
53b4fc1e
Problem Signature 07:
e4d
Problem Signature 08:
5a
Problem Signature 09:
System.FormatException
OS Version:
6.1.7601.2.1.0.274.10
Locale ID:
1033
Additional Information 1:
4911
Additional Information 2:
49111a576c61a461b7f2900e4224563c
Additional Information 3:
a1e6
Additional Information 4:
a1e62e9c159c1d7601a31ccff83dbf94
App Event Log:
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name=".NET Runtime" />
<EventID Qualifiers="0">1026</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2015-01-29T19:02:39.000000000Z" />
<EventRecordID>4999</EventRecordID>
<Channel>Application</Channel>
<Computer>SERVER NAME</Computer>
<Security />
</System>
- <EventData>
<Data>Application: SetupChainerUI.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception.
Exception Info: System.FormatException Stack: at Microsoft.SystemCenter.Essentials.SetupFramework.Program.Main()</Data>
</EventData>
</Event>
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2015-01-29T19:02:41.000000000Z" />
<EventRecordID>5000</EventRecordID>
<Channel>Application</Channel>
<Computer>SERVER NAME</Computer>
<Security />
</System>
- <EventData>
<Data>SetupChainerUI.exe</Data>
<Data>7.1.10226.0</Data>
<Data>522a5b85</Data>
<Data>KERNELBASE.dll</Data>
<Data>6.1.7601.18409</Data>
<Data>5315a05a</Data>
<Data>e0434352</Data>
<Data>000000000000940d</Data>
<Data>a64</Data>
<Data>01d03bf626a03a7a</Data>
<Data>C:\Users\USER NAME\AppData\Local\SCOM\Setup\SetupChainerUI.exe</Data>
<Data>C:\Windows\system32\KERNELBASE.dll</Data>
<Data>65be21be-a7e9-11e4-a4d7-005056966e1b</Data>
</EventData>
</Event>
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Windows Error Reporting" />
<EventID Qualifiers="0">1001</EventID>
<Level>4</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2015-01-29T19:03:27.000000000Z" />
<EventRecordID>5001</EventRecordID>
<Channel>Application</Channel>
<Computer>SERVER NAME</Computer>
<Security />
</System>
- <EventData>
<Data />
<Data>0</Data>
<Data>CLR20r3</Data>
<Data>Not available</Data>
<Data>0</Data>
<Data>setupchainerui.exe</Data>
<Data>7.0.5000.0</Data>
<Data>522a5b85</Data>
<Data>mscorlib</Data>
<Data>4.0.0.0</Data>
<Data>53b4fc1e</Data>
<Data>e4d</Data>
<Data>5a</Data>
<Data>System.FormatException</Data>
<Data />
<Data />
<Data>C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_setupchainerui.e_9724aaa8eec4ffba07c27fea369e612e949d75_5b269652</Data>
<Data />
<Data>0</Data>
<Data>65be21be-a7e9-11e4-a4d7-005056966e1b</Data>
<Data>0</Data>
</EventData>
</Event>
OpsMgrSetupWizard.log
[13:48:16]:
Error:     :Uncaught Exception: Threw Exception.Type: System.FormatException, Exception Error Code: 0x80131537, Exception.Message: Input string was not in a correct format.
[13:48:16]:
Error:     :StackTrace:
at System.Number.StringToNumber(String str, NumberStyles options, NumberBuffer& number, NumberFormatInfo info, Boolean parseDecimal)
   at System.Number.ParseInt32(String s, NumberStyles style, NumberFormatInfo info)
   at System.Convert.ChangeType(Object value, Type conversionType, IFormatProvider provider)
   at Microsoft.SystemCenter.Essentials.SetupFramework.PropertyBagDictionary.GetProperty[T](String property)
   at Microsoft.EnterpriseManagement.OperationsManager.Setup.Common.SetupHelpers.ValidateBureaucraticSwitches()
   at Microsoft.EnterpriseManagement.OperationsManager.Setup.Common.RationalizeCommandLineArguments.ValidateSilentInstallCommandLineOptions()
   at Microsoft.EnterpriseManagement.OperationsManager.Setup.Common.RationalizeCommandLineArguments.Rationalize()
   at Microsoft.EnterpriseManagement.OperationsManager.Setup.Common.SetupHelpers.RationalizeGeneralInstall()
   at Microsoft.SystemCenter.Essentials.SetupFramework.Program.RationalizeInstall()
   at Microsoft.SystemCenter.Essentials.SetupFramework.Program.Main()
Any ideas? I feel like I’m just going in circles…Bob

Integration access manager and web services manager

Hi,
Can the SSO token sent by the access manager be used by the SOA suite web services manager ? I would assume that this is a trivial configuration.
Can anyone help with some ideas ?
Thanks,
Mohan

SOA Suite has Oracle Web Services Manger which can accept Oracle Access manger token. Instead of passing the obSSOCookie to all the services in SOA Suite ( in which case you are making the services available only to OAM authenticated users) you can create SAML token from your obSSOCookie and then send the SAML token to the SOA.
If you want to just pass obSSOCookie to SOA Suite/ Oracle WSM, yes it is straightforward. (you have to follow the steps in OWSM document)
Thanks
Ram

Using IBM Tivoli Access Manager to Secure Tuxedo Services

Wondering if anybody has any experience using 'IBM Tivoli Access Manager for e-business' to perform tuxedo service authorization ?
Is there an out-of-the-box integrated solution available or does one have to basically build a security service that use the Tivoli Access Manager APIs to determine if the user is authorized to invoke service?
Thanks,

Hi,
I followed the steps of establishing SSO using TAM for OBIEE application.
Below is the piece of code that i had inserted in the "instanceconfig.xml" to enable SSO:
<Listener>

</Listener>
<CredentialStore>
<CredentialStorage type="file" path="<OracleBIData>/web/config/credentialstore.xml" passphrase="another"/> </CredentialStore>

<Auth>
<SSO enabled="true">
<ParamList>

<Param name="IMPERSONATE"
source="httpHeader" nameInSource="iv-user"/>
</ParamList> 
<LogonUrl>http://pkmslogin</LogonUrl>
<LogoffUrl>http://pkmslogout</LogoffUrl>
</SSO>
</Auth>
My credential store file look Like on below
<sawcs:credential type="usernamePassword" alias="impersonation">
<sawcs:username>USER</sawcs:username>
<sawcs:password>password</sawcs:password>
</sawcs:credential>
In the above code i am trying to get the userID of a User through the header of the application's URL, who has been already been authenticated by Windows desktop Authentication mechanism .
but then i try creating a junction using TAM and access the application through the junction i still get the logon page of OBIEE application...
Can any one help me out in this issue..
Thanks in Advance...

Network Access Manager - Service (Secure Mobility Client)

We are currently working on Deploying the Secure Mobility Client.
1. We are looking at the ability to stop the Network Acess Manager without Admin rights, According to the Cisco Documentation on this:
"Stopping and Starting the Network Access Manager"
Users with local administrator privileges can start and stop the Network Access Manager. Users without local administrator privileges cannot start and stop the Network Access Manager without using the service password defined in the Authentication panel of the profile editor.
Question: I am unable to find the said option in the Authentication panel in the profile editor
2. Since we will be using NAM for all of our computers, and since some users will not be using the VPN, we will need to push out profiles to the users (This is easy however we are concerned about updates and getting those pushed). A collegue shared that he head at Cisco Live2011 that there is an option in NAM to update it's profiles by connecting to the VPN-Headend without actually authenticating and logging into the VPN.
I know if a user connects to the VPN Headend we can update the profiles on NAM/VPN etc... however without them connecting I'm not sure if there is any way to do so?

Hi Alwin,
There is nothing to be done with your anyconnnect client.... if needed changes needs to ne done at VPN FW/Router where your anyconnect connection is established..... here i guess your corporate office is having this VPN server.....
They have configured it as tunnel all mode... means all traffic will be taken through VPN... see from your output preferred default route is pointed to 192.168.0.101, which is a vpn gateway....
If needed anyconnect vpn configuration needs to be changed from tunnel all to split-tunnel....
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.101 20
0.0.0.0 0.0.0.0 146.236.12.1 146.236.12.73 2
Regards
Karthik

Difference bewteen Single Client Access Name (SCAN) & Grid Naming Service

Hi ,
Whats the difference bewteen Single Client Access Name (SCAN) & Grid Naming Service in 11g RAC R2?
Regards,
Stephen

Hi Stephen,
There is a very good document about it (http://www.oracle.com/technetwork/products/clustering/overview/scan-129069.pdf).
Best regards,
Gennady

Access Management Service

when i try to run the AccessManagerSamples.java which is provided as part of access manager sdk, i am getting an error like The Access Management Service is disabled.
Any idea on how to fix this issue.

You need to enable the Access Management Service in your AccessGate configuration as well as in the configuration of the Access server it connects to. Both these changes can be done from the Access System console.
-Vinod

Naming Service in Oracle Net Manager

Hello,
I've downloaded ODTwithODAC1020221.exe and did the install ODP.NET sucessfully and when I try to create a Naming Service by Clicking on the + icon nothing happens.
I have a working TNSNAMES.ORA in the ADMIN/NETWORK folder where I installed the ODP.NET. In the same folder I have SQLNET.ORA and a LISTENER.ORA files.
I am using Visual Basic 2005 for my GUI.
Thank you,
Fred

I click on the '+' sign or use the menu 'create' option but I do not get a screen to enter any information.
I hard coded my tnsnames connection in my application and it work fine.
Thanks for getting back to me with the information and link. I've tried all possible combination without successfully being able to use the 'Naming Service' function.
Fred

Purpose of Naming service in Access Manager

Similar Messages

Maybe you are looking for