Role getting revoked with Access Policy

Similar Messages

• Disable AD account with access policy

  Hi all,
  how can I disable AD account with access policy (or create AD account in disabled state)
  Regards,
  Vladimir

  Dewan.Rajiv wrote:
  Access Polcies are just for triggering provisioning. You can custom AD connector or write your own to create user in disabled state using JNDI.Hi Dewan,
  I have to create a simple demo system, and I need a solution which is not too weird (that means use as little of disparate technologies as possible).
  I have two connected systems:
  1. HR system, which is a trusted source for user and organizational data.
  2. AD system, which is my provision destination.
  I want to comply to the following requirements:
  1. When a user is created in HR system, a new OIM account shall be created, and a new AD account shall or shall not (depending on HR data) be created in AD in disabled state
  2. When a user is marked as dismissed in HR system, the AD account if exists, shall be disabled and moved to some special place in AD tree.
  3. Same rules shall apply if the OIM account is created or marked as "Dismissed" manually by OIM administrator.
  I use OIM reconciliation to get source data and it is no problem for me to create any reconciliation event I need.
  I was considering creating Group->Access Policy->Resource chains, but Access Policy allows only to manage AD attributes, not account enable status.
  Or should I add some unmapped pseudo-attribute to AD connector and a task which will enable/disable AD account based on the value of this attribute?
  What other options do I have?
  Regards,
  Vladimir

• OIM iPlanet Resource revoked using access policy

  Hi,
  I had created a group and access policy based upon which i tried to provisioned a iplanet resource to a user.
  For this I had created a UDF(say type with value C) and created a rule based on which user is assigned to group say business and also iPlanet resource is provisioned to user
  As I Edit the profile and clear UDF. User is removed from group and also iPlanet resource is revoked.(In Access Policy revoked if no longer applied)
  I am able to do this task Successfully But If iPlanet resource is already allocated to user and I update the UDF(value C) user is assigned to group and iplanet is already assigned to user(muliple resource UNTICK). and now if i again Updated the UDF(mean clear it) user is removed from the group but iPlanet resource is not revoked from the user......
  Can somebody tell me why it is happening??? wheather its a bug in OIM or I am missing something...
  Thanks
  Anil

  If I understand your requirement correctly, when you change the value in process form edit from C to other, iPlanet resource is getting revoked.
  But when you change the the same value from user profile edit, the iplanet is not getting revoked right?
  As per my knowledge I can say, when you update the value for UDF in user profile, you can use triggers USR.TRIGGERS which will update the process form. In this case your process form will gets updated by default.
  This in turn triggers access policy and revokes the resource.
  Hope this helps you

• Help Required With Access Policy Trigger On Enable User In Oim 11gR2

  My scenario is:
  We have a created a access policy for the user.
  Scenario1:
  As soon as the role is added to user, the account is provisioned.  -Working
  Scenario 2:
  As the user is disabled, the account gets revoked-Working
  Scenario 3:
  As the user is enabled, the new instance of the account should get provisioned.(It was earlier working in 11G r1)
  "Evaluate User Policies " is running every ten minutes.Manually also triggered it. but the account doesn't get provisioned after the user is enabled.
  Any inputs?
  Please help

  Your Scenario 2:
  As the user is disabled, the account gets revoked-Working ----> ITS WRONG if you are using OOTB feature of OIM
  -> When the user gets disabled, the accounts should get disabled. The result which u are getting above is not OOTB. Have you made any customization to any logic?
  Just for your info, there is one system property which is used to enable disabled resources when the user is enabled:
  http://docs.oracle.com/cd/E27559_01/admin.1112/e27149/system_props.htm#OMADM884
  Enable disabled resource instances when a user is enabled
  If the value is TRUE, then the disabled resource instances are enabled when a user is enabled.
  XL.EnableDisabledResources
  TRUE

• Strange behavior after granting a role associated to an access policy.

  Greetings.
  I am using OIM 11.1.1.3 and I am using also the DBUM Adapter 9.1.0.4.
  I Defined 3 roles in OIM after that I defined three access policies with the purpose of provision roles at a database.
  Every policy is associated to a role and a DBUM resource.
  At the end I have the following policies.
  Policy Name OIM Role Database Role
  1. Policy Role A - Role A - DBRoleA
  2. Policy Role B - Role B - DBRoleB
  3. Policy Role B - Role C - DBRoleC.
  When a role is granted to OIM User using the Administration Console the correct database role is provisioned at the specified database. But If I revoke a Role from the user and grant the same role again the specified role is not provisioned to the specified database.
  Example: An user have "Role A", "Role B" ,"Role C" at the database the user have DBRoleA, DBRoleB, DBRoleC.
  After revoking "Role A" from the user the database have the correct roles DBRoleB and DBRoleC.
  But if the "Role A" is granted again to the user the DBRoleA is not provisioned at the database.
  I enabled the dbum log file and it looks like the wrong role was chosen and the DBRoleB is the database role to be provisioned. Because we see at the log file when the "Role A" is granted to the user:
  [WLS_OIM1] [TRACE] [] [OIMCP.DBUM] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 0000JDjSF5i9h^5prOt1iY1EgfQX0000lD,0] [SRC_CLASS: com.thortech.util.logging.Logger] [APP: oim#11.1.1.3.0] [dcid: 4506c477d760fc7e:26c2d53a:1336a1dbc64:-7ffd-0000000000000d45] [SRC_METHOD: debug] oracle.iam.connectors.dbum.integration.DBUMProvisionManager : getChildFormData : Form Value2011-11-04[2011-11-04T11:37:14.392-05:00] [WLS_OIM1] [TRACE] [] [OIMCP.DBUM] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: oiminternal] [ecid: 0000JDjSF5i9h^5prOt1iY1EgfQX0000lD,0] [SRC_CLASS: com.thortech.util.logging.Logger] [APP: oim#11.1.1.3.0] [dcid: 4506c477d760fc7e:26c2d53a:1336a1dbc64:-7ffd-0000000000000d45] [SRC_METHOD: debug] oracle.iam.connectors.dbum.integration.DBUMProvisionManager : getChildFormData : Child form data map received:- {UD_DB_ORA_R_VERSION=0, UD_DB_ORA_R_KEY=3180, UD_DB_ORA_R_UPDATE=2011-11-04, UD_DB_ORA_R_CREATE=2011-11-04, Process Instance.Key=5916, UD_DB_ORA_R_UPDATEBY=6, UD_DB_ORA_R_ROLE=102~*DBRoleB*, Access Policies.Key=183, UD_DB_ORA_R_CREATEBY=6}
  The question is somebody has experienced the same issue?
  Is there another way to provisioning database roles after granting OIM Roles?
  Thanks!
  Ramiro Ortíz

  Finally we opened a Service Request to solve this issue, and it was a bug "OIM SENDING WRONG ENTITLEMENT NAME TO TARGET DURING ADD ENTITLEMENT OPERATION" and Oracle generated the patch 13499465 for DBUM Connector. Oracle had to provide us a new Readme to apply this patch because it wasn't well explained. So far the patch seems to work, we are making some tests now to be sure that the issue is solved. I just want to share that with the OIM community.
  Ramiro Ortiz

• Provisioing with Access Policy

  Hi All
  I have made one Access policy for Full-Time employees.
  I want that if admin creates a user who is Full-Time employee, it shouls automatically get provisioined with AD.
  I have made that Access Policy. But If Admin craetes one user who is Full-Time Employee then provisioing status goes into *"READY"* State.
  It stucks in Resource form.
  And in my resource form only one lookup field is there. And i have put Value already in that lookup.
  Could any one please tell me the solution for this.
  Thanks a lot!

  Hi
  I made access policy Without Approval.
  That extra field i.e. AD SERVER, I have already filled with ADITResource.
  Actually i have made one resource form, i'm giving value of AD Server from there & it is prepopulation in process form.
  But When user gp for provisioning then it stuck in Resource Form not in Process form. It shows status Ready.
  Is it possible to remove that Resource form from access policy, I think it may remove my problem ?
  But i don know how to remove resource form from Access Policy region.
  Please suggest.
  Thanks for these replies.

• [OIM 9.1.0.2] RESOURCE NOT REVOKED BY ACCESS POLICY WHEN USER DISABLED

  Hi Experts,
  OIM Build Number: 1866.62 ( BP15 )
  IHAC that faced an unexpected behavior on User disabling.
  Some users were associated to groups that had access policies applied.
  When those users were disabled, they didnt lose their associated groups and also the resource and permission associated thru access policy applied to those groups.
  I saw that there was a bug reported to that issue. So I performed the action plan and set up the XL.EvaluateMembershipForInactiveUser System Property as TRUE. Now after disabling the users are properly removed from groups.
  Customer problem: For those users, almost 1000, I did a recon just to estimule the identity, so the membership rule was applied and the groups were removed, but OIM didn't evaluate the access policies and didn't revoke the resources.
  I ran the Evaluate User Policies task, and it seems to be stuck. Should the Evaluate User Policies schedule task work for that scenario? Should the resource after running that task be revoked?
  Any help would be very appreciated.

  Hi Nishith,
  I ran the task, but it seems really stuck. It displays the RUNNING status, but any effect is observed. I have to change task status to INACTIVE in the Design Console.
  This task has 2 attributes: Batch Size= 500 and Number of Threads=20.
  But I have noticed this task in another environment (w/ BP 18 applied), it has 3 attributes: Batch Size= 500 ; Number of Threads=20 and Time Limit in mins=1.
  Is it any enhancement for this task in order to improve its performance, or something like that?
  What else I can check?
  Thanks in advance.

• Problem with Access Policy

  Hi All!
  OIM 11g:
  1. I have installed DBUM 9.1.0.4
  2. I have configured IT Resurce, and RO for granting user MS SQL User and database role (for example in HRData db)
  3. I have created Role named: "HRData DB User" and Access Policy named: "HR Data DB User" wchich grants correct RO.
  4. When role is granted by xelsysadm for specific oim user everything is OK.
  Problem:
  when user request for role: "HRData DB User" from Self-Service portal, and request is approved by xelsysadm, role is granted but RO is not granted. I have following error:
  +<Nov 19, 2010 1:12:46 PM CET> <Error> <XELLERATE.SERVER> <BEA-000000> <Class/Method+
  +: tcDataObj/eventPreInsert Error :Insert permission is denied>+
  +<Nov 19, 2010 1:12:46 PM CET> <Error> <oracle.iam.accesspolicy.impl.handlers.provis+
  ioning> <IAM-4030308> <An error occurred in oracle.iam.accesspolicy.impl.handlers.p
  rovisioning.ProvisionAccountActionHandler while provisioning resource 161 to user 4
  +3 and the cause of error is DOBJ.INSERT_PERMISSION_DENIED: H: You do not have permi+
  ssion to insert this object..>
  +<Nov 19, 2010 1:12:46 PM CET> <Warning> <oracle.iam.callbacks.common> <IAM-2030081>+
  +<[CALLBACKMSG] Inside completion plugin for request 68.>+
  +<Nov 19, 2010 1:12:46 PM CET> <Warning> <oracle.iam.callbacks.common> <IAM-2030082>+
  +<[CALLBACKMSG] Inside completion plugin for request 68, target tye is Role and ope+
  ration is SELFASSIGNROLES.>
  +<Nov 19, 2010 1:12:46 PM CET> <Warning> <oracle.iam.callbacks.common> <IAM-2030082>+
  +<[CALLBACKMSG] Inside completion plugin for request 68, target tye is RoleUser and+
  operation is CREATE.>
  Any suggestions?
  best
  mp

  Hi Rajiv,
  So, there is no way we can implement this?
  My requirement is same as this,
  OIM: Question about "Auto Save" option on Resource Object
  I have a Resource Object that needs to be provisioned at least two ways:
  1) thru an access policy by group membership
  2) thru user self-request, who is not already in that group membership
  The problem is if I don't check the "Auto Save" check box the automatic assignment thru access policy is not completing and If I do check the check box then user request is not letting the user to enter values into the resource form. Instead it is directly going to submit request. Looks like these are mutually exclusive.
  Is there a way to make both work on the same Resource Object?
  Thanks
  SK

• Problem with Access policy Provisioning on AD

  Hi,
  I have created an access policy, which will trigger the provisioning the user to AD when the user is added to group 'abc'.
  Its without approval.
  We have object form and process form. Process form is autosave.
  But, the problem is, as soon as the user is added to the group 'abc'.
  It triggers the provisioning flow. But the provisioning will be in ready state only.
  When we go and save the resource form only the provisioning flow triggers.
  If we make the object as auto save, it will work. But in our case we cannot make the object autosave as it has a resource form to be filled by user in other flow.
  Is there any approach to solve the issue?
  Regards,
  SK

  Hi Rajiv,
  So, there is no way we can implement this?
  My requirement is same as this,
  OIM: Question about "Auto Save" option on Resource Object
  I have a Resource Object that needs to be provisioned at least two ways:
  1) thru an access policy by group membership
  2) thru user self-request, who is not already in that group membership
  The problem is if I don't check the "Auto Save" check box the automatic assignment thru access policy is not completing and If I do check the check box then user request is not letting the user to enter values into the resource form. Instead it is directly going to submit request. Looks like these are mutually exclusive.
  Is there a way to make both work on the same Resource Object?
  Thanks
  SK

• Issue with UAG/TMG communication to published SharePoint application is blocked by access policy settings

  We have a UAG/TMG server set up with SharePoint published. The UAG is also doing load balancing for the SharePoint farm. We have an MDM application that is trying to connect to our SharePoint but our SharePoint is routed through the UAG. The MDM application
  does not need to be published neither is there any component that can be accessed directly by end users. It is more of a proxy to relay content to mobile devices. It is using 443 and two other secondary ports.
  On the TMG logs, we can see requests hitting the TMG over port 443 from the MDM application server. We can also see that it is trying to be routed to our SharePoint but we get the following error in the TMG log:
  “Filter information: A request from source IP address xx.xx.xx.xx, user to trunk portal; Secure=1 for application SharePoint of type SharePoint15 failed. The endpoint device does not comply with access policy settings ([%PolicyId%]) for session [%SessionId]”
  The source IP is the internal IP of the host running the MDM application. In the UAG side, under the SharePoint publishing rule, for Access Policy Settings we have tried selecting the 'Always' option but that had no effect. It appears like there is a policy
  blocking communication to SharePoint. Does anyone have a suggestion on which policy or where the policy that is controlling this is located so that we can try to resolve this issue? Thanks.

  Looking at the UAG Web Monitor, it says that the access policy is 'Hybrid_Default_Session_Access' and the URL is /_vti_bin/Webs.asmx. 
  We can't find a 'Hybrid Default Session Access' policy. In the Endpoint Policy Settings tab, we tried using 'Always' for the Access Policy for the published SharePoint application but that did not make any difference. 

• Access Policy is not getting trigggered after creation of user through GTC

  Hi,
  I have an access policy for ALL USER role and that provision users to an RO after getting created in oim. I have a trusted source flat file reconciliation GTC for user creation. I am facing issue when user is getting created through GTC, access policy is not getting triggered. But while creating an user through web console the same access policy is working fine and user is getting provisioned with RO.
  If anybody have any idea how to resolve this, please help me in this regards.
  Regards,
  Avijit

  Hi ,
  its good to know that its working. As per my experience it works for once (through reconciliation) but then stops working. Now to confirm try to revoke the user by changing the group member-ship through reconciliation and see if the resource is revoked or not (repeat it for 2 -3 times). Note that don't do it form within IDM web admin console, do it through reconciliation.
  do post your results.......
  Regards.

• AD Access Policy Update or Revoke Not Happening

  Hi
  Problem:
  I am automating the AD user Provisioning through OIM Access Policy. I am able to provision user in AD, But the provisioned user is not visible in Resources tab. If anything is modified OIM attributes and that are not transferring from OIM to AD User Process Form. If I removed User from the Role, The user was not revoked from the AD.
  Configuration:
  I have created the following task to automate the user provisioning. They are
  1) Rule
  Name: ALL AD Users
  Rule Criteria : User Login != NULL
  2) Role
  Name : AD Role
  Member Ship Rule : ALL AD Users
  3) Access Policy:
  Access Policy Information Provided
  Access Policy Name:      AD Access Policy
  Access Policy Description:      AD Access Policy
  With Approval:      No
  Retrofit Access Policy:      Yes
  Priority:1
  Resources to be provisioned by this access policy
  Resource Name: AD User
  Revoke resource and entitlement(s) if no longer applies: Checked
  Process Forms: AD User Details
  AD User form details are populating through pre-populate adapter in create and Change <FieldName> populating in update Operation.
  Role           
  Name : AD Role
  I couldn't see any error in the AD Connector log file.
  Do I need to do anything apart from AD Access Policy to view the resource in Resource TAB, and also Updating the user attributes ( Change Process Tasks are configured), and Revoke.
  Help is greatly appreciated.

  What do you mean by this statement :
  But the provisioned user is not visible in Resources tabDo you mean that when you go to Resource Profile of a user then you can't see AD User is provisioned to that user ?
  Check "Auto Save" check box on "AD User" Process Defintion
  Add one user into that Role explicitly into that Role/Group
  Resources to be provisioned by this access policyI hope you are giving values for AD Server and Organization Name on the process form in this section.
  Enable the logs as well whether AD User tasks are getting called or not
  And
  For sending Modified Attributes to AD, have you create corresponding tasks like Change First Name, Change Last Name etc in AD User Process Defintion and made its entry in Trigger Lookup ?
  If yes then it will work only when you'll see AD User in Provisioned/Enables status in User's Resource Profile
  Let me know the results

• Create Access Policy with OIM API: can't fill child form

  Hi!
  I'm having a problem with creating OIM Access Policy with API. I'm doing the following:
  1. Create a new access policy via AccessPolicyIntf
  2. Add a resource object which will be provisioned to all users who are within policy scope
  3. Get Resource Object (Parent) Form Definition via FormDefinitionIntf
  4. Add data to parent form (AccessPolicyIntf setFormData(FormDefinitionKey))
  5. Now I want to add data to the child form, for that purpose I need to know child form definition key, but I can' get one, because there's no method like 'getChildFormDefinitionKey' in FormDefinitionIntf interface.
  Please, help me to get child form definition key, knowing parent form definition key and version

  See if this code helps:
  public String addChildTableValue(long userKey, String group, String objectName, String fieldName tcDataProvider ioDatabase) {
  log.debug("addChildTableValue() Parameter Variables passed are:" +
  "userKey=[" + userKey + "]" +
  "group=[" + group + "]" +
  "fieldName=[" + fieldName + "]" +
  "objectName=[" + objectName + "]");
  try{
  tcUserOperationsIntf userIntf = (tcUserOperationsIntf)tcUtilityFactory.getUtility(ioDatabase, "Thor.API.Operations.tcUserOperationsIntf");
  tcFormInstanceOperationsIntf formIntf = (tcFormInstanceOperationsIntf)tcUtilityFactory.getUtility(ioDatabase, "Thor.API.Operations.tcFormInstanceOperationsIntf");
  boolean roleExists = false;
  //Result set of all Object for user
  tcResultSet obResultSet = userIntf.getObjects(userKey);
  if (obResultSet.isEmpty()){
  log.error("User has no provisioned objects");
  return "NO_OBJECTS_EXIST";
  }else{
  for (int ii=0; ii&lt;obResultSet.getRowCount(); ii++){
  obResultSet.goToRow(ii);
  if ((obResultSet.getStringValue("Objects.Name").equals(objectName)) &&
  (!(obResultSet.getStringValue("Objects.Object Status.Status").equals("Revoked")) &&
  !(obResultSet.getStringValue("Objects.Object Status.Status").equals("Provisioning")))){
  log.debug("Resource object found: " + objectName);
  //Process Instance Key of the object
  long plProcessInstanceKey = obResultSet.getLongValue("Process Instance.Key");
  log.debug("Process instance key: " + plProcessInstanceKey);
  //Process Key for the parent for
  long plParentFormDefinitionKey = obResultSet.getLongValue("Process.Process Definition.Process Form Key");
  log.debug("Parent form definition key: " + plParentFormDefinitionKey);
  //Form version of the parent form
  int pnParentFormVersion = formIntf.getProcessFormVersion(plProcessInstanceKey);
  log.debug("Parent form version: " + pnParentFormVersion);
  //Result set of Child Form information
  tcResultSet childFormResultSet = formIntf.getChildFormDefinition(plParentFormDefinitionKey, pnParentFormVersion);
  //Child form definition key
  long plChildFormDefinitionKey = childFormResultSet.getLongValue("Structure Utility.Child Tables.Child Key");
  String plChildTableName = childFormResultSet.getStringValue("Structure Utility.Table Name");
  log.debug("Child form definition key: " + plChildFormDefinitionKey);
  log.debug("Child table name: " + plChildTableName);
  tcResultSet childFormData = formIntf.getProcessFormChildData(plChildFormDefinitionKey, plProcessInstanceKey);
  if (!(childFormData.isEmpty())){
  log.debug("Searching child table current values");
  for (int iii=0; iii&lt;childFormData.getRowCount();iii++){
  childFormData.goToRow(iii);
  String fieldValue = childFormData.getStringValue(fieldName);
  log.debug("Child table entry: " + iii + " | value: " + fieldValue);
  if (fieldValue.equals(group)){
  roleExists = true;
  log.debug("Value already exists in child table");
  return "DUPLICATE_VALUE";
  log.debug("Value not found in child table");
  if (!roleExists){
  Hashtable childFormHash = new Hashtable();
  childFormHash.put(fieldName, group);
  formIntf.addProcessFormChildData(plChildFormDefinitionKey, plProcessInstanceKey, childFormHash);
  log.debug("Value successfully added to table");
  return "VALUE_ADDED";
  log.debug("Provisioned resource " + objectName + " object not found");
  return "OBJECT_NOT_FOUND";
  catch(Exception ex){
  ex.printStackTrace();
  return "ERROR";

• Not able to get the AD organizations list while creating access policy

  Hi All,
  Had created IT Resource for AD server, and was able to successfully connect to it. And Now when I try to create a access policy, where I am not able to view any organization from AD.
  Can someone please let me know how to resolve this.
  Thanks in advance.....
  Regards
  Arun

  Please check the error log which I am getting when I ran the schedule job
  ======= Start Stack Trace =======================>
  <Aug 3, 2012 2:30:55 PM GMT+05:30> <Error> <OIMCP.ADCS> <BEA-000000> <com.thortech.xl.schedule.tasks.ADLookupReconTask : performReconciliation>
  <Aug 3, 2012 2:30:55 PM GMT+05:30> <Error> <OIMCP.ADCS> <BEA-000000> <[LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece ]>
  <Aug 3, 2012 2:30:55 PM GMT+05:30> <Error> <OIMCP.ADCS> <BEA-000000> <Description : [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecu
  rityContext error, data 52e, vece ]>
  <Aug 3, 2012 2:30:55 PM GMT+05:30> <Error> <OIMCP.ADCS> <BEA-000000> <com.thortech.xl.exception.ConnectionException: [LDAP: error code 49 - 80090308: LdapErr: D
  SID-0C090334, comment: AcceptSecurityContext error, data 52e, vece ]
  at com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController.searchResultPageEnum(Unknown Source)
  at com.thortech.xl.schedule.tasks.ADLookupReconTask.performReconciliation(Unknown Source)
  at com.thortech.xl.schedule.tasks.ADLookupReconTask.execute(Unknown Source)
  at com.thortech.xl.scheduler.tasks.SchedulerBaseTask.execute(SchedulerBaseTask.java:384)
  at oracle.iam.scheduler.vo.TaskSupport.executeJob(TaskSupport.java:145)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at oracle.iam.scheduler.impl.quartz.QuartzJob.execute(QuartzJob.java:196)
  at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
  at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
  >
  <Aug 3, 2012 2:30:55 PM GMT+05:30> <Error> <OIMCP.ADCS> <BEA-000000> <================= End Stack Trace =======================>
  Based on which I had checked the credentials I provided, and they are correct. I am able to connect to AD with same credentials when I create new IT Resource.
  Not sure what went wrong
  Regards
  Arun

• E1200 V2 with no "internet access policy" in built-in web-based setup

  I just bought a factory refurbished E1200.  The label on the bottom says it is a Version 2 model.  When I purchased it, it was loaded with 2.0.02 firmware but I upgraded the firmware to 2.0.04
  My problem is that I'm trying to setup MAC address-based restrictions thru the manual/web-based setup and when I click on the "Access Restrictions" tab, I only have simple "Parental Controls" and not the advanced "Internet Access Policy".
  Is it possible that I have a mislabeled V1 device?  If that is the case, how is it that I was able to upgrade the firmware using firmware from the V2 downloads section.
  Do V! and V2 units use the same firmware but  more importantly, how do I upgrade the built-in software so that I have the advanced "Internet Access Policy" controls?
  Thanks!
  Eric
  Solved!
  Go to Solution.

  Very strange indeed then!  My subtab only has "Parental Controls" listed.  
  I've compared it to the one shown here  ( http://ui.linksys.com/files/E1200/2.0.00/inter_access.htm ) - and mine does not look like this at all!
  I think i have a mislabeled V1 model or at least V1 software loaded,
  Does anyone know if it is possible to download and reload the software that is built in to the router or do I need to return it and get a (hopefully) new one?
  Thanks!
  Eric