SAP most unproffessional with certs --plz beware before taking exams

Similar Messages

• What is activity in SAP CRM  with examples plz?

  Dear All
     What is activity in SAP CRM  with examples plz?
  Thanks
  CRM Newbee

  Activities are explained in CR010 & CR300. It is a transaction type used to record sales activities e.g. telephone call, email or customer visit or a follow up call, request to fill up a questionnaire or request to set the status to complete etc. in customer/partner engagement lifecycle. This has mainly information like: Activity type partner, texts & dates. However it is an order document like opportunity, sales order etc. & extra information can be added by including customer set types like we do in opportunity, quotation, sales order, conttract etc.
  Activities are a central part of SAP CRM & used across application e.g. Interaction Center, Sales, Marketing etc.
  I hope this should be sufficient & helpful.
  If you need to understand more about basic concept of Activities please see the dropdown list for Activity types..this will give you a good idea as to what are the kinds of business transactions which can be activities.
  Regarding Quotation thing...Quotation is not an activity but 'Create Quotation' or 'Create Quotation as follow up to a lead or opportunity' can be an activity.
  Thanks,
  Vivek

• Cannot open your default e-mail folders. You must connect to Microsoft Exchange with the current profile before you can synchronize your folders with your Outlook data file (.ost)

  Fresh installation of Exchange Server 2013 on Windows Server 2012.
  Our first test account cannot access their email via Outlook but can access fine through OWA. The following message appears - "Cannot open your default e-mail folders. You must connect to Microsoft Exchange with the current profile before you can synchronize
  your folders with your Outlook data file (.ost)" is displayed.
  If I turn off cached Exchange mode, setting the email account to not
  cache does not resolve the issue and i get a new error message - "Cannot open your default e-mail folders. The file (path\profile name).ost is not an Outlook data file (.ost). Very odd since it creates its own .ost file when you run it for the first
  time.
  I cleared the appdata local Outlook folder and I tested on a new laptop that has never connected to Outlook, same error message on any system.
  Microsoft Exchange RPC Client Access service is running.
  No warning, error or critical messages in the eventlog, it's like the healthiest server alive.
  Any help would be greatly appreciated. I haven't encountered this issue with previous versions of Exchange.

  So it looks like a lot of people are having this issue and seeing how Exchange 2013 is still new (relatively to the world) there isn't much data around to answer this. I've spend ALOT of time trying to figure this out.
  Here is the answer. :) - No I don't know all but I'm going to try to give you the most reasonable answer to this issue, in a most logical way.
  First thing I did when I was troubleshooting this issue is that I ignored Martina Miskovic's suggestion for Step4 http://technet.microsoft.com/library/jj218640(EXCHG.150)because it didn't make sense to me because I was trying to connect
  Outlook not outside the LAN but actually inside. However, Martina's suggestion does fix the issue if it's applied in the correct context.
  This is where the plot thickens (it's stew). She failed to mention that things like SSL (which I configure practically useless - anyone who ever worked in a business environment where the owner pretty much trusts anyone in the company, otherwise they don't
  work there - very good business practice in my eyes btw, can confirm that...) are some sort of fetish with Microsoft lately. Exchange 2013 was no exception.
  In exchange 2003, exchange 2007 and exchange 2010 - you could install it and then go to outlook and set it up. And when outlook manual Microsoft Exchange profile would ask you for server name, you would give it and give the name of the person who you setting
  up - as long as machine is on the domain, not much more is needed. IT JUST WORKS! :) What a concept, if the person already on premises of the business - GIVE HIM ACCESS. I guess that was too logical for Microsoft. Now if you're off premises you can use things
  like OutlookAnywhere - which I might add had their place under that scenario.
  In Exchange 2013, the world changed. Ofcourse Microsoft doesn't feel like telling it in a plain english to people - I'm sure there is an article somewhere but I didn't find it. Exchange 2013 does not support direct configuration of Outlook like all of it's
  previous versions. Did you jaw drop? Mine did when I realized it. So now when you are asked for your server name in manual outlook set up and you give it Exchange2013.yourdomain.local - it says cannot connect to it. This happens because ALL - INTERNAL AND
  EXTERNAL connection are now handled via OutlookAnywhere. You can't even disable that feature and have it function the reasonable way.
  So now the question still remains - how do you configure outlook. Well under server properties there is this nice section called Outlook anywhere. You have a chance to configure it's External and Internal address. This is another thing that should be logical
  but it didn't work that way for me. When I configured the external address different from the internal - it didn't work. So I strongly suggest you get it working with the same internal address first and then ponder how you want to make it work for the outside
  users.
  Now that you have this set up you have to go to virtual directories and configure the external and internal address there - this is actually what the Step 4 that Martina was refering to has you do.
  Both external and internal address are now the same and you think you can configure your outlook manually - think again. One of the most lovely features of Outlook Anywhere, and the reason why I had never used it in the past is that it requires a TRUSTED
  certificate.
  See so it's not that exchange 2013 requires a trusted certificate - it's that exchange 2013 lacks the feature that was there since Windows 2000 and Exchange 5.5.
  So it's time for you to install an Active Direction Certificate Authority. Refer to this wonderful article for exact steps - http://careexchange.in/how-to-install-certificate-authority-on-windows-server-2012/
  Now even after you do that - it won't work because you have to add the base private key certificate, which you can download now from your internal certsrv site, to Default Domain Policy (AND yes some people claim NEVER mess with the Default Domain Policy,
  always make an addition one... it's up to you - I don't see direct harm if you know what you want to accomplish) see this: http://technet.microsoft.com/en-us/library/cc738131%28v=ws.10%29.aspx if you want to know exact steps.
  This is the moment of ZEN! :) Do you feel the excitement? After all it is your first time. Before we get too excited lets first request and then install the certificate to actual Exchange via the gui and assign it to all the services you can (IIS, SMTP and
  there is a 3rd - I forgot, but you get the idea).
  Now go to your client machine where you have the outlook open, browse to your exchange server via https://exchang2013/ in IE and if you don't get any certificate errors - it's good. If you do run on hte client and the server: gpupdate /force This will refresh
  the policy. Don't try to manually install the certificate from Exchange's website on the client. If you wanna do something manually to it to the base certificate from the private key but if you added it to the domain policy you shouldn't have to do it.
  Basically the idea is to make sure you have CA and that CA allows you to browse to exchange and you get no cert error and you can look at the cert and see that's from a domain CA.
  NOW, you can configure your outlook. EASY grasshoppa - not the manual way. WHY? Cause the automatic way will now work. :) Let it discover that exachange and populate it all - and tell you I'm happy! :)
  Open Outlook - BOOM! It works... Was it as good for you as it was for me?
  You may ask, why can't I just configure it by manual - you CAN. It's just a nightmare. Go ahead and open the settings of the account that got auto configed... How do you like that server name? It should read something like [email protected]
  and if you go to advanced and then connection tab - you'll see Outlook Anywhere is checked as well. Look at the settings - there is the name of the server, FQDN I might add. It's there in 2 places and one has that Mtdd-something:Exchange2013.yourdomain.local.
  So what is that GUID in the server name and where does it come from. It's the identity of the user's mailbox so for every user that setting will be different but you can figure it out via the console on the Exchange server itself - if you wish.
  Also a note, if your SSL certs have any trouble - it will just act like outlook can't connect to the exchange server even though it just declines the connection cause the cert/cert authority is not trusted.
  So in short Outlook Anywhere is EVERYWHERE! And it has barely any gui or config and you just supposed to magically know that kind of generic error messages mean what... Server names are now GUIDs of the [email protected] - THAT MAKES PERFECT
  SENSE MICROSOFT! ...and you have to manage certs... and the only place where you gonna find the name of the server is inside the d*** Outlook Anywhere settings in the config tab, un it's own config button - CAN WE PUT THE CONFIG ANY FURTHER!
  Frustrating beyond reason - that should be Exchange's new slogan...
  Hope this will help people in the future and won't get delete because it's bad PR for Microsoft.
  PS
  ALSO if you want to pick a fight with me about how SSL is more secure... I don't wanna hear it - go somewhere else...

• Execution of Reports phase error during SAP EHP4 upgrade with EHPi

  I started getting an error message in the "Execution of reports after put" phase
  (within the Downtime phase) during the SAP EHP4 upgrade with Enhancement
  Package Installer.
  ***** LIST OF ERRORS
  AND RETURN CODES *****
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~XPRA ERRORS and RETURN CODE in SAPRB70104.OPQ
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~1AETR012XProgram terminated (job: "RDDEXECL", no.: "09064300") Long
  text: Cause Program "&V#&", which was started in the background, was
  terminated abnormally. System Response The system created a job log for
  the terminated program. What to do Proceed as follows: Log onto the
  system in which the program was executed. The system is specified at the
  beginning of the transport log. Then call transaction SM37 to display the
  job log. Enter "&V#&" as job name and "DDIC" as user name. Restrict the
  starting date to the starting date specified in the transport log. For
  the other selection criteria, select only jobs with the status
  "cancelled". Then press <LS>Execute</>. A list of the jobs satisfying the
  selection criteria is displayed. You can display the log by pressing
  <LS>Job log</>. If the list contains several jobs, you can select the job
  with the ID " &V#&" with <LS>Display</> -> <LS>Job details</> or define
  further details for the selection criteria in the initial screen of
  transaction SM37. If the ABAP processor reports cancellation,
  double-clicking on the corresponding message in the job log branches to
  the display of the corresponding short dump. 1AEPU320 See job
  log"RDDEXECL""09064300""OPQ" 1 ETP111 exit code : "12" >>> PLEASE READTHE REPORT DOCUMENTATION OF THE REPORTS MENTIONED ABOVE <<< XPRAs are
  application reports that run at the end of an upgrade.
  Most XPRA reportshave a report documentation that explains what the report does and how
  errors can be corrected. Call transaction se38 in the SAP system, enter
  the report name, select 'Documentation' and click the 'Display' button.
  >>> The problematic XPRAs are mentioned in messages of type PU132 above
  <<<
  I tried to follow the instructions in note 1269960, but the enhancement spot
  CLASSIFICATION_TOOL was already active. I activated it again and reran the phase
  but got the same error. Also, I couldn't implement the note using SNOTE because it is
  the middle of the upgrade process.
  I also found the following long text in ST22
  "Internal error during syntax check: ("//bas/710_REL/src/krn/gen/scsymb.c#11"
  Processing had to be terminated because an internal error
  occurred when generating the ABAP/4 program
  "CL_CLS_BADI_CHARACTERIZATION==CP".
  The internal system error cannot be fixed by ABAP means only."
  I am on a 64 bit System with CentOS Linux. 8 GB RAM, 250 GB HD with 20 GB free space.
  So far, I could not find any information on this. Any help would be greatly appreciated!
  Thanks,
  Victor

  Hi Victor,
  Go to SM37 and put in the username as DDIC and see the job log.
  Also check  Sm50 and see whether you have BTC processes available.
  Last but not the least check your filesystem space  usage too.
  Gerard

• HT1535 I own an iPhone4, an iPod 3rd generation and an iPad 2. I use the same iTunes library but unfortunately synced iPad with a different computer before syncing to my own. Do I risk losing the films/apps I've downloaded onto my iPad if I sync with my i

  I don't want to sync what is on my iPod to my iPad. (I have a 32gb iPod but only 16gb on iPad. The iPod I use mostly for music.) I can't seem to add the films I have downloaded onto iPad to iTunes. If I could do that, I could erase them from iPad to create more storage.
  This is intensely confusing, sorry.

  Question.....
  "I own an iPhone4, an iPod 3rd generation and an iPad 2. I use the same iTunes library but unfortunately synced iPad with a different computer before syncing to my own. Do I risk losing the films/apps I've downloaded onto my iPad if I sync with my iPod?"
  Answer.....
  Yes you will lose the films that you downloaded to the iPad when you sync with your own iTunes unless you transfer the purchases into your own iTunes library. Were these movies that you purchased? If so, you might be able to download them again for free. Do you have multiple computers that you sync from or is this someone else's purchased content?
  You can select whatever you want to sync to all of your devices in iTunes, you do not have to sync the same content to all device.
  iTunes 11 for Windows: Set up syncing for iPod, iPhone, or iPad
  iOS: Syncing with iTunes - Support - Apple

• SSL LLE together with Cert-C PKI Encryption

  I could successfully set up LLE encrytion for WSL without Cert-C or message encrpytion with Cert-C plugin. But could not mange to get them both working in the same application.
  I am using Tuxedo10.3 + OpenLDAP on RH5.
  Native client tpinit gives me tpinit failure and in ULOG I see LIBTUX_CAT:6657: ERROR: Could not copy SSL context, err = -1
  Encrpyted PKCS8 private key dont work for me with Cert-C. SEC_PRINCIPAL_PASSVER and decPassword attribute for cert-c/key_manager didnt change anything and finaly i used unencrypted PK.
  ULOG ---------------------------------8<----------------------------------------------------------------
  173342.730.borjomi!WSH.14905.3086448320.0: 09-17-2010: Tuxedo Version 10.3.0.0, 32-bit
  173342.730.borjomi!WSH.14905.3086448320.0: PIFREG: instantiate(intf=engine/pif/registry, impl=registry.so, flags=0
  173342.730.borjomi!WSH.14905.3086448320.0: PIFREG: GetAlias(intf=engine/security/map_proof, alias=bea/mapfile)
  173342.731.borjomi!WSH.14905.3086448320.0: PIFREG: GetAlias(intf=engine/security/authentication, alias=native/security/authentication)
  173342.731.borjomi!WSH.14905.3086448320.0: PIFREG: GetAlias(intf=engine/security/authentication, alias=bea/native/atn)
  173342.732.borjomi!WSH.14905.3086448320.0: PIFREG: instantiate(intf=engine/pif/registry, impl=registry.so, flags=0
  173342.732.borjomi!WSH.14905.3086448320.0: PIFREG: destroy(priv=0x8199ee0)
  173342.732.borjomi!WSH.14905.3086448320.0: WSNAT_CAT:1030: INFO: Work Station Handler joining application
  173342.734.borjomi!WSH.14905.3086448320.0: PIFREG: GetAlias(intf=engine/security/map_proof, alias=native/security/map_proof)
  173342.734.borjomi!WSH.14905.3086448320.0: PIFREG: GetAlias(intf=engine/security/pk_initialization, alias=native/security/pk_initialization)
  173342.734.borjomi!WSH.14905.3086448320.0: PIFREG: GetAlias(intf=engine/security/pk_initialization, alias=bea/native/pkifile)
  173342.734.borjomi!WSH.14905.3086448320.0: PIFREG: GetAlias(intf=engine/security/authentication, alias=ws/security/authentication)
  173342.734.borjomi!WSH.14905.3086448320.0: PIFREG: GetAlias(intf=engine/security/authentication, alias=bea/ws/atn)
  173342.739.borjomi!?proc.14904.3086374592.0: 09-17-2010: Tuxedo Version 10.3.0.0, 32-bit
  173342.739.borjomi!?proc.14904.3086374592.0: PIFREG: instantiate(intf=engine/pif/registry, impl=registry.so, flags=0
  173342.739.borjomi!?proc.14904.3086374592.0: PIFREG: GetAlias(intf=engine/security/map_proof, alias=bea/mapfile)
  173342.740.borjomi!?proc.14904.3086374592.0: PIFREG: GetAlias(intf=engine/security/authentication, alias=ws/security/authentication)
  173342.740.borjomi!?proc.14904.3086374592.0: PIFREG: GetAlias(intf=engine/security/authentication, alias=bea/ws/atn)
  173342.744.borjomi!WSH.14905.3086448320.0: PIFREG: GetAlias(intf=engine/security/key_management, alias=native/security/key_management)
  173342.751.borjomi!WSH.14905.3086448320.0: INFO: CERTDBG level is 255
  173342.751.borjomi!WSH.14905.3086448320.0: CCDBG:{ _ep_dl_certc_key_management()
  173342.751.borjomi!WSH.14905.3086448320.0: CCDBG: regData: privateKeyDir=file:///home/uldisa/trunk/src/cs.test.tuxq_crypt--dev/
  173342.751.borjomi!WSH.14905.3086448320.0: CCDBG: regData: decPassword=password
  173342.751.borjomi!WSH.14905.3086448320.0: CCDBG: { parseFileURL(dir file:///home/uldisa/trunk/src/cs.test.tuxq_crypt--dev/)
  173342.751.borjomi!WSH.14905.3086448320.0: CCDBG: return file /home/uldisa/trunk/src/cs.test.tuxq_crypt--dev/
  173342.751.borjomi!WSH.14905.3086448320.0: CCDBG: } parseFileURL(50) return EE_SUCCESS
  173342.751.borjomi!WSH.14905.3086448320.0: CCDBG: Using Private keys in directory /home/uldisa/trunk/src/cs.test.tuxq_crypt--dev/
  173342.751.borjomi!WSH.14905.3086448320.0: PIFREG: GetAlias(intf=engine/security/certificate_lookup, alias=native/security/certificate_lookup)
  173342.760.borjomi!WSH.14905.3086448320.0: PIFREG: GetAlias(intf=engine/security/certificate_parsing, alias=native/security/certificate_parsing)
  173342.760.borjomi!WSH.14905.3086448320.0: INFO: CERTDBG level is 255
  173342.760.borjomi!WSH.14905.3086448320.0: CCDBG: { _e_dl_certc_certificate_parsing()
  173342.761.borjomi!WSH.14905.3086448320.0: CCDBG: } edl_certc_certificate_parsing(30), returns 0
  173342.761.borjomi!WSH.14905.3086448320.0: PIFREG: GetAlias(intf=engine/security/certificate_validation, alias=native/security/certificate_validation)
  173342.761.borjomi!WSH.14905.3086448320.0: PIFREG: GetAlias(intf=engine/security/certificate_validation, alias=bea/cert-c/certificate_validation)
  173342.761.borjomi!WSH.14905.3086448320.0: INFO: CERTDBG level is 255
  173342.761.borjomi!WSH.14905.3086448320.0: CCDBG: { _ep_dl_certc_validate_certificate()
  173342.761.borjomi!WSH.14905.3086448320.0: CCDBG: Trusted CA file file:///home/uldisa/trunk/src/cs.test.tuxq_crypt--dev/camyapp_crt.der
  173342.761.borjomi!WSH.14905.3086448320.0: CCDBG: CRL file file:///home/uldisa/trunk/src/cs.test.tuxq_crypt--dev/my_crl.der
  173342.761.borjomi!WSH.14905.3086448320.0: CCDBG: { parseFileURL(dir file:///home/uldisa/trunk/src/cs.test.tuxq_crypt--dev/camyapp_crt.der)
  173342.761.borjomi!WSH.14905.3086448320.0: CCDBG: return file /home/uldisa/trunk/src/cs.test.tuxq_crypt--dev/camyapp_crt.der
  173342.761.borjomi!WSH.14905.3086448320.0: CCDBG: } parseFileURL(50) return EE_SUCCESS
  173342.761.borjomi!WSH.14905.3086448320.0: CCDBG: { parseFileURL(dir file:///home/uldisa/trunk/src/cs.test.tuxq_crypt--dev/my_crl.der)
  173342.761.borjomi!WSH.14905.3086448320.0: CCDBG: return file /home/uldisa/trunk/src/cs.test.tuxq_crypt--dev/my_crl.der
  173342.761.borjomi!WSH.14905.3086448320.0: CCDBG: } parseFileURL(50) return EE_SUCCESS
  173342.761.borjomi!WSH.14905.3086448320.0: CCDBG: { validate_init()
  173342.761.borjomi!WSH.14905.3086448320.0: CCDBG: { addCertFromFileToList(fname /home/uldisa/trunk/src/cs.test.tuxq_crypt--dev/camyapp_crt.der)
  173342.761.borjomi!WSH.14905.3086448320.0: CCDBG: open file /home/uldisa/trunk/src/cs.test.tuxq_crypt--dev/camyapp_crt.der, read 537 of bytes
  173342.762.borjomi!WSH.14905.3086448320.0: CCDBG: } addCertFromFileToList(50) return 0
  173342.762.borjomi!WSH.14905.3086448320.0: CCDBG: open file /home/uldisa/trunk/src/cs.test.tuxq_crypt--dev/my_crl.der, read 279 of bytes
  173342.762.borjomi!WSH.14905.3086448320.0: CCDBG: } validate_init(140) return SUCCESS
  173342.762.borjomi!WSH.14905.3086448320.0: CCDBG: } epdl_certc_validate_certificate(80) return SUCCESS
  173342.797.borjomi!WSH.14905.3086448320.0: CCDBG: { certc_trust(principal myapp)
  173342.797.borjomi!WSH.14905.3086448320.0: CCDBG: } certc_trust(50) return SUCCESS
  173342.797.borjomi!WSH.14905.3086448320.0: CCDBG: { certc_get_issuer_name()
  173342.797.borjomi!WSH.14905.3086448320.0: issuer dn (81 bytes):
  173342.797.borjomi!WSH.14905.3086448320.0: 30 4f 31 10 30 0e 06 03 55 04 03 13 07 63 61 6d 0O1.0...U....cam
  173342.797.borjomi!WSH.14905.3086448320.0: 79 61 70 70 31 0e 30 0c 06 03 55 04 0b 13 05 54 yapp1.0...U....T
  173342.797.borjomi!WSH.14905.3086448320.0: 69 65 74 6f 31 0d 30 0b 06 03 55 04 07 13 04 52 ieto1.0...U....R
  173342.797.borjomi!WSH.14905.3086448320.0: 69 67 61 31 0f 30 0d 06 03 55 04 08 13 06 4c 61 iga1.0...U....La
  173342.797.borjomi!WSH.14905.3086448320.0: 74 76 69 61 31 0b 30 09 06 03 55 04 06 13 02 4c tvia1.0...U....L
  173342.797.borjomi!WSH.14905.3086448320.0: 56 V
  173342.797.borjomi!WSH.14905.3086448320.0: CCDBG: { getNameFromNameObject()
  173342.798.borjomi!WSH.14905.3086448320.0: CCDBG: avaCount 5
  173342.798.borjomi!WSH.14905.3086448320.0: CCDBG: valueTag PRINTABLE STRING
  173342.798.borjomi!WSH.14905.3086448320.0: CCDBG: type = 55, 4, 55
  173342.798.borjomi!WSH.14905.3086448320.0: CCDBG: name camyapp, 0x81ccb40
  173342.798.borjomi!WSH.14905.3086448320.0: CCDBG: } getNameFromNameObject(40) return SUCCESS
  173342.798.borjomi!WSH.14905.3086448320.0: CCDBG: issuer name is camyapp
  173342.798.borjomi!WSH.14905.3086448320.0: CCDBG: } certc_get_issuer_name(60) return 0
  173342.836.borjomi!WSH.14905.3086448320.0: CCDBG: { certc_trust(principal camyapp)
  173342.836.borjomi!WSH.14905.3086448320.0: CCDBG: } certc_trust(40) return TRUSTED
  173342.836.borjomi!WSH.14905.3086448320.0: CCDBG: { certc_open_private(cd 0x81cd260, principal myapp, location /home/uldisa/trunk/src/cs.test.tuxq_crypt--dev/myapp.der)
  173342.836.borjomi!WSH.14905.3086448320.0: CCDBG: req_usage 0x2, cd->cds_usage 0x2
  173342.837.borjomi!WSH.14905.3086448320.0: CCDBG: open file /home/uldisa/trunk/src/cs.test.tuxq_crypt--dev/myapp.der, read 634 of bytes
  173342.837.borjomi!WSH.14905.3086448320.0: CCDBG: got the key info for type 0
  173342.837.borjomi!WSH.14905.3086448320.0: CCDBG: private key 0x81cbdf0, *keyp 0x81cbdf0
  173342.837.borjomi!WSH.14905.3086448320.0: CCDBG: } certc_open_private(70) return SUCCESS
  173342.837.borjomi!WSH.14905.3086448320.0: CCDBG: { certc_open_public(cd 0x81cd260, principal myapp, req_usage 0x2)
  173342.837.borjomi!WSH.14905.3086448320.0: CCDBG: public key match type 0
  173342.837.borjomi!WSH.14905.3086448320.0: CCDBG: public key 0x81d19c8, *keyp 0x81d19c8
  173342.837.borjomi!WSH.14905.3086448320.0: CCDBG: } certc_open_public(70) return SUCCESS
  173342.837.borjomi!WSH.14905.3086448320.0: CCDBG: { certc_validate(principal myapp)
  173342.840.borjomi!WSH.14905.3086448320.0: CCDBG: } certc_validate(100) return SUCCESS
  173342.848.borjomi!WSH.14905.3086448320.0: LIBTUX_CAT:6657: ERROR: Could not copy SSL context, err = -1
  173342.848.borjomi!WSH.14905.3086448320.0: LIBTUX_CAT:6741: ERROR: SSL error -1
  173342.848.borjomi!WSH.14905.3086448320.0: LIBTUX_CAT:6633: ERROR: Could not create SSL context on accept
  173344.852.borjomi!?proc.14904.3086374592.0: LIBWSC_CAT:1032: ERROR: Failed to receive expected reply
  173344.852.borjomi!?proc.14904.3086374592.0: LIBWSC_CAT:2003: ERROR: Unable to get reply to gssapi token message
  ---------------------------------8<----------------------------------------------------------------
  Test setup script:
  ---------------------------------8<----------------------------------------------------------------
  LDAP_HOST=10.57.5.167
  LDAP_PORT=8080
  LDAP_ROOTDN="dc=com"
  LDAP_BASEDN="cn=Manager,$LDAP_ROOTDN"
  LDAP_PASSWORD="password"
  ## Create openssl config
  cat <<EOF >openssl.cfg
  [ ca ]
  default_ca = CA_default # The default ca section
  [ CA_default ]
  dir = . # top dir
  database= index.txt
  default_days = 365 # how long to certify for
  default_crl_days= 30 # how long before next CRL
  default_md = md5 # md to use
  [ req ]
  default_bits = 1024
  distinguished_name = req_distinguished_name
  encrypt_rsa_key = no
  default_md = md5
  default_days = 365 # how long to certify for
  default_crl_days= 30 # how long before next CRL
  [ req_distinguished_name ]
  EOF
  ## Generate self-signed CA
  openssl req -x509 -newkey rsa:1024 -keyform PEM -keyout camyapp_key.pem -out camyapp_crt.pem -days 365 -subj '/CN=camyapp/OU=Tieto/L=Riga/ST=Latvia/C=LV' -config openssl.cfg
  openssl x509 -in camyapp_crt.pem -out camyapp_crt.der -outform DER
  cat camyapp_crt.pem >> $TUXDIR/udataobj/security/certs/trust_ca.cer
  ## Generate user certificate for PRINCIPAL myapp
  openssl req -newkey rsa:1024 -keyform PEM -keyout myapp_key.pem -outform PEM -out myapp_csr.pem -days 365 -subj '/CN=myapp/OU=Tieto/L=Riga/ST=Latvia/C=LV' -config openssl.cfg
  # myapp.pem works fine for LLE when using libplugin.so
  #openssl pkcs8 -topk8 -in myapp_key.pem -passout pass:password -outform PEM -out myapp.pem
  # It look like libcertctux.so accepts only unencrypted keys. Is it true?
  openssl pkcs8 -topk8 -in myapp_key.pem -outform DER -nocrypt -out myapp.der
  openssl pkcs8 -topk8 -in myapp_key.pem -outform DER -nocrypt -out myapp.pvt
  openssl x509 -req -in myapp_csr.pem -CA camyapp_crt.pem -CAkey camyapp_key.pem -CAcreateserial -outform DER -out myapp_crt.der -days 356
  #Reload LDAP
  ldapdelete -h $LDAP_HOST -p $LDAP_PORT -D $LDAP_BASEDN -w $LDAP_PASSWORD -r "$LDAP_ROOTDN"
  cat <<EOF > myapp.ldif
  dn: $LDAP_ROOTDN
  dc: ${LDAP_ROOTDN/*=}
  objectClass: dcObject
  objectClass: organization
  o: something
  dn: o=TUX,$LDAP_ROOTDN
  o: TUX
  objectClass: organization
  dn: cn=myapp,o=TUX,$LDAP_ROOTDN
  userPassword: password
  objectClass: inetOrgPerson
  objectClass: person
  objectClass: pkiUser
  objectClass: strongAuthenticationUser
  sn: myapp
  cn: myapp
  # For SSL search:SRCH base="o=TUX,dc=com" scope=2 deref=0 filter="(&(objectClass=strongAuthenticationUser)(mail=myapp))"
  mail: myapp
  userCertificate;binary:<file://`pwd`/myapp_crt.der
  EOF
  ldapadd -h $LDAP_HOST -p $LDAP_PORT -D $LDAP_BASEDN -f myapp.ldif -w $LDAP_PASSWORD -c
  ## Generate empty CRL. The same CRL is used for ARL
  echo > index.txt
  openssl ca -gencrl -keyfile camyapp_key.pem -cert camyapp_crt.pem -out my_crl.pem -config openssl.cfg
  openssl crl -in my_crl.pem -out my_crl.der -outform DER
  cat <<EOF > ca.ldif
  dn: cn=camyapp,o=TUX,$LDAP_ROOTDN
  userPassword: password
  objectClass: inetOrgPerson
  objectClass: person
  objectClass: certificationAuthority
  sn: camyapp
  mail: camyapp
  cACertificate;binary:<file://`pwd`/camyapp_crt.der
  certificateRevocationList;binary:<file://`pwd`//my_crl.der
  authorityRevocationList;binary:<file://`pwd`//my_crl.der
  EOF
  ldapadd -h $LDAP_HOST -p $LDAP_PORT -D $LDAP_BASEDN -f ca.ldif -w $LDAP_PASSWORD -c
  ## Installation values
  epifregedt -s -k SYSTEM/impl/security/BEA/certificate_lookup -a Params=userCertificateLdap=ldap://10.57.5.167:8080/ -a Params=ldapBaseObject=o=TUX,dc=com -a Params=binaryCertificate=YES
  epifregedt -s -k SYSTEM/impl/security/BEA/certificate_validation -a Params=caCertificateFile=file://$TUXDIR/udataobj/security/certs/trust_ca.cer -a Params=peerValidationRuleFile=file://$TUXDIR/udataobj/security/certs/peer_val.rul
  epifregedt -s -k SYSTEM/impl/security/BEA/key_management -a Params=privateKeyDir=file://$TUXDIR/udataobj/security/keys
  # ** Modify Validation Interface **
  epifreg -r -p bea/cert-c/certificate_validation -i engine/security/certificate_validation -v 1.0 -f libcertctux.so -e epdl_certc_validate_certificate -u caCertificateFile=file://`pwd`/camyapp_crt.der -u crlFile=file://`pwd`/my_crl.der
  epifregedt -s -k SYSTEM/impl/bea/valfile -a InterceptionSeq=bea/cert-c/certificate_validation
  epifregedt -s -k SYSTEM/interfaces/engine/security/certificate_validation -a DefaultImpl=bea/valfile
  # ** Modify Lookup Interface ** Use OpenLDAP
  # Not using cert-c certificate lookup. Lookup from libplugin is compatible with OpenLDAP
  #epifreg -r -p bea/cert-c/certificate_lookup -i engine/security/certificate_lookup -v 1.0 -f libcertctux.so -e epdl_certc_certificate_lookup -u ldapUserCertificate=ldap://10.57.5.167:8080 -u ldapBaseObject="o=TUX,dc=com" -u ldapFilterAttribute="cn" -u ldapBaseDNAttribute="dc,o,cn,c,ou"
  epifregedt -s -k SYSTEM/impl/security/BEA/certificate_lookup -a Params=userCertificateLdap=ldap://$LDAP_HOST:$LDAP_PORT/ -a Params=ldapBaseObject=o=TUX,$LDAP_ROOTDN -a Params=binaryCertificate=YES -a Params=filterFileLocation="file://$TUXDIR/udataobj/security/bea_ldap_filter.dat"
  epifregedt -s -k SYSTEM/interfaces/engine/security/certificate_lookup -a DefaultImpl=security/BEA/certificate_lookup
  # ** Modify Key Management Interface **
  epifreg -r -p bea/cert-c/key_management -i engine/security/key_management -v 1.0 -f libcertctux.so -e epdl_certc_key_management -u privateKeyDir=file://`pwd`/ -u decPassword="password"
  epifregedt -s -k SYSTEM/interfaces/engine/security/key_management -a DefaultImpl=bea/cert-c/key_management
  # ** Modify Certificate Parsing Interfaces **
  epifreg -r -p bea/cert-c/certificate_parsing -i engine/security/certificate_parsing -v 1.0 -f libcertctux.so -e epdl_certc_certificate_parsing
  epifregedt -s -k SYSTEM/interfaces/engine/security/certificate_parsing -a DefaultImpl=bea/cert-c/certificate_parsing
  ----------------------------8<------------------------------------------------
  Ldap log:
  ----------------------------8<------------------------------------------------
  conn=0 fd=12 ACCEPT from IP=10.57.5.167:34885 (IP=10.57.5.167:8080)
  conn=0 op=0 BIND dn="" method=128
  conn=0 op=0 RESULT tag=97 err=0 text=
  conn=0 op=1 SRCH base="o=TUX,dc=com" scope=2 deref=0 filter="(&(objectClass=strongAuthenticationUser)(mail=myapp))"
  <= bdb_equality_candidates: (mail) not indexed
  conn=0 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
  conn=0 op=2 SRCH base="o=TUX,dc=com" scope=2 deref=0 filter="(&(objectClass=certificationAuthority)(cn=camyapp)(sn=camyapp))"
  <= bdb_equality_candidates: (cn) not indexed
  <= bdb_equality_candidates: (sn) not indexed
  conn=0 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
  ----------------------------8<------------------------------------------------
  Message signing works fine
  Note.
  OpenLDAP must allow bind_v2
  ULOGDEBUG, PIFDBG and CERTCDBG environment variables are set.
  Any ideas?

  I got workaround by putting WSL parameters in a separate registry file.
  System.rdp is registry with cert-c PKI plugin setup.
  System_wsl.rdp is registry with key_management from libplugin.so (default installation values).
  WSL is configured to read parameters from System_wsl.rdp.
  ubbt SERVER section:
  WSL         SRVGRP=NOTMS_GROUP SRVID=200      CLOPT="-A -- -d /dev/tcp -n //10.57.5.167:12500 -S 12501 -z 40 -Z 128" ENVFILE="<absolute path>/WSL.env"<absolutel path>/WSL.env:
  REG_KEY_SYSTEM=<absolute path>/System_wsl.rdpStill I am curious about Cert-C + SSL.

• Problem with SCs that created before the Name Server was configured

  Hello,
  I have created an SC and developed it.
  When I created it, the Name Server wasn't configured and because of that, when I created new DC for this SC I needed to write the vendor manually. Lets assume I wrote example.org.
  Sometime after I did configured the Name Server and I reserved example.org as a namespace prefix.
  When I create new SC and new DCs in it everything is OK: Instead of writing example.org as my vendor I can choose from a combo box between sap.com and my own which is example.org.
  The problem arises with the SC that has been developed before the Name server was configured: If I create new DC for it the vendor is shaded with sap.com inside with no option to change it, even though the previous DCs for this SC were created under the vendor example.org (which I entered manually).
  I assume I can (with a lot of manual work) create new SC and move the DCs (or only their code) to the newly created SC, where I have the option to choose, but I am looking for more simpler solution. For example, changing a certain configuration file at the SC or so.
  Anyone has an idea?
  Thank you in advance,
  Roy

  Anyone...?

• No receiver could be determined while doing SAP ECC Integraion with MDM 7

  Dear All,
  Can you please help me to resolve the following issue.
  We are doing SAP ECC Integration with MDM 7.1 by using MDM PI Adapter.
  Source side we are processing MATMAS.MATMAS05 IDoc and Receiver side we are using MDM PI Adapter to Connect the MDM System.
  I have checked the Configuration by using Test Configuration Wizard, it showing every thing fine there.
  Is it because of any network connection issue at the Target system (MDM) side?
  Plz check the error message for your reference;
  <?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
  - <!--
  Receiver Determination
  -->
  - <SAP:Error xmlns:SAP="http://sap.com/xi/XI/Message/30" xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/" SOAP:mustUnderstand="">
  <SAP:Category>XIServer</SAP:Category>
  <SAP:Code area="RCVR_DETERMINATION">NO_RECEIVER_CASE_ASYNC</SAP:Code>
  <SAP:P1 />
  <SAP:P2 />
  <SAP:P3 />
  <SAP:P4 />
  <SAP:AdditionalText />
  <SAP:Stack>No receiver could be determined</SAP:Stack>
  <SAP:Retry>M</SAP:Retry>
  </SAP:Error>
  Thanks
  Mahesh

  Hi,
  From error looks like it is not failing at receiver determination step. if you all configurations are fine, then this could be because of system cache refresh.
  Go to Edit mode in your scenario and again save it and activate it. Do a cache refresh and check if it works.
  Regards,
  Shiv

• CAreer in SAP BASIS comaprision with SAP GRC/Security

  Hi Everyone,
  I am an SAP BASIS consultant with 2 years of experience working in a MNC company,
  I want to change my career to SAP GRC/SAP Security, i have some basic knowledge on SAP Security,
  COuld you please advice me, which one to choose,?
  Does  SAP GRC/Security has demand , and can we get oportunities to work abroad compared to SAP BASIS ?
  which one has more scope SAP BASIS or SAP Security/GRC ?
  Because in BASIS, i am not getting enough scope to work on some good things like Installation, upgrades, Migration,
  i am doing a very basic kind of work like tranports, job scheduling, monitoring, and other small activities ?
  So request you people to advice me ?
  <removed_by_moderator>
  Read the "Rules of Engagement"
  regards
  Rakesh  Rao
  Message was edited by: Juan Reyes

  Hi Rakesh
  I saw your post in GRC and was waiting of it to appear here
  First up - 2 years is still junior. You may find batch jobs, transports, monitoring, etc all mundane but it is a foundation and learning ground work and foundations to being a good Basis Administration. And one things for sure, an awesome basic (I name my best-techy-friend) makes a huge difference on project timelines and deliverables for the rest of us.
  Installation and Upgrades come with time. Whilst still performing junior tasks you could focus on reading up on approaches in case an opportunity in your job comes us and be prepared to prove to your management that you are ready for a bigger responsibility.
  Switching to GRC/Security would be pointless unless you have a desire to learn GRC or Security. These are my background and they are undervalued until things go wrong (insurance policy in a way).
  If you do switch you will reset your 2 years of domain experience back to 0 and you will start off with password resets and basic user administration
  It takes time to work through the ranks. It was 3 years before I got to build my first role. I spent my first few years in security on email chasing approvals, password resets, user account creation, running reports for audit - sounds familiar to what you are doing now?
  You have to master the basics before you are trusted and ready for the more complex activities. By knowing what you are doing now you will be more successful when the time comes to step up and do migrations, upgrades and installations. Support production by mastering you technical analysis skills is how you can break through being a fresher/junior
  Regards
  Colleen
  Ps - if your motivation is more than "good things" happy to answer questions specific to security and GRC.
  Also, boring doesn't mean it can't get interesting nor does it mean it's a worthless activity: SPAU transport imported before patching!!
  Message was edited by: Colleen Lee
  Added link for when transports go bad

• Points before taking backup of R3 which is integrated with CRM

  Dear Experts,
  We have integrated SAP R3 with SAP CRM 6.0.
  We are planning to take a backup of Production system(of R3) and load the Master Data into Quality system of R3 (System Refresh).
  As we have integrated R3 with CRM , we feel that the system refresh will create issues in CRM system (like large number of inbound queues, GUID errors etc.)
  Please share your thoughts and experiences before performing the system refresh/backup.
  Also, please provide the necessary steps to be carried out before taking backup of R3 system in an CRM integrated scenario.
  Thanks,
  Techie

  Hi
  I am working to create a strategy to backup and restore the productive systems ERP and CRM,  they replicate all BP information.  Do you found information about the points before taking backup of ERP which is integrated with CRM?
  Thanks,
  Osmany M.

• Send/Receive IDOCs (XML) from/to SAP R/3 with XI-SOAP without XI!

  Dear SAP specialists,
  (BACKGROUND) We are using the Microsoft BizTalk Adapter for SAP 1.0, developed on top of the SAP DCOM Connector (we are using the version 6.20 Patch Nr. 177), with Microsoft BizTalk Server 2002 SP1 in order to send and receive IDOC via the tRFC transport protocol. We are using the Microsoft BizTalk Adapter for SAP 1.0 since February 2002, and today we are exchanging more than 25,000 IDOC/day with this architecture.
  When we migrate our SAP R/3 system to the version 4.7 with WAS 6.20, I was very enthusiastic about the possibility of sending the IDOC in XML via the standard HTTP transport protocol, because it would considerably simplify my architecture, i.e. no need of any (expensive) adapter any more! But, I had to realise that the quality of service exactly once will not be there anymore with HTTP as it exists with tRFC. Then, we carry on using the tRFC transport protocol with the adapter.
  (QUESTION) But recently, I followed the SAP Course TBIT40 XI Foundations and I learn that:
  1.     On one hand, the XI-SOAP protocol supports the quality of service exactly once by the usage of a message GUID within the XI-SOAP envelope;
  2.     On the other hand, all mySAP solutions using WAS 6.20 (or higher) carry a “small” Integration Engine (with XI-SOAP as the “native” transport protocol).
  Then, my question is: << Is it possible to exchange IDOC (XML) directly with an SAP R/3 4.7 (WAS 6.20) via the XI-SOAP transport protocol using the “small” Integration Engine embedded into it, with the quality of service exactly once? >>
  Many thanks in advance and best regards,
  Patrice Krakow

  Hello Patrice
  We have same issue. Is it possible to use IDoc (XML) directly with SAP 5.0 with SOAP (HTTP) without XI?
  Since your que is three years old, I'm sure you must have found some method for this.
  We'll highly appreciate your help.
  Regards: Gaurave

• I just sent the following in a drop down box that allowed reporting system problems:I am most unhappy with your Lion 10.7.3 operating system that I installed on this MacBook:  Hardware Overview:    Model Name:     MacBook Pro   Model Identifier:     MacBo

  I am most unhappy with your Lion 10.7.3 operating system that I installed on this MacBook:
  Hardware Overview:
    Model Name:          MacBook Pro
    Model Identifier:          MacBookPro5,4
    Processor Name:          Intel Core 2 Duo
    Processor Speed:          2.53 GHz
    Number of Processors:          1
    Total Number of Cores:          2
    L2 Cache:          3 MB
    Memory:          4 GB
    Bus Speed:          1.07 GHz
    Boot ROM Version:          MBP53.00AC.B03
    SMC Version (system):          1.49f2
    Serial Number (system):          W8******7XJ
    Hardware UUID: ******
    Sudden Motion Sensor:
    State:          Enabled
  1. The scrolling, as far as I've been able to determine, is by using the slide bar to the right of most diplays. There are no up or down arrows that allow slow movement
  2. The top and botton toolbars are not visible. The top one appears when you point the arrow to the top of the screen but the same doesn't work well if at all pointing the cursor to the bottom.
  3. When downloading, something jumps to the upper right of the screen. I could point and click it and get a diplay if my downloads. I was attempting to fix some of the above. Now the little thing jumps off the screen and I can't get to it.
  4I was trying to installMacBook Pro EFI Firmware Update 2.3. I got message it couldn't be installed on my system.
  5. The red yellow and blue bullets that allow shutting down, minimizing and maximizing are missing on most open windows.
  Can you do something about these problems
  It's problematical that one can't communicate directly with Apple to resolve these problems
  <Edited By Host>

  1: I'm scrolling this page right now using the arrow keys.
  2: Press the escape (esc) key to exit full-screen mode. Select Apple menu > Dock > Turn Hiding Off.
  3: ???
  4: That's because you downloaded an update for another model.
  5: See 2.

• My external monitor worked with my MacBook Pro before I took it on a little trip, now it won't work.  Any suggestions?

  My external monitor worked with my MacBook Pro before I took it on a little trip, now it won't work.  Any suggestions?

  Never mind.  Sorry.  It fixed itself.

• Adobe always quits unexpectedly in Mac when I read a bit fast. How can i deal with it, plz?

  Adobe always quits unexpectedly in Mac when I read a bit fast.
  It is the latest update.
  How can i deal with it, plz?

  You posted in the forum for iPad and iPhone (different app). I've moved your question to the Reader forum for desktop/laptop computers.

• HT5622 The Game Center used to work with my Apple ID before I updated to iOS 7.4, I used to play multiple player with EA Real Racing 3 game but it doesn't work at all and every time I tried to go to the Game Center it's just blank, even to the settings no

  The Game Center used to work with my Apple ID before I updated to iOS 7.4, I used to play multiple player with EA Real Racing 3 game but it doesn't work at all and every time I tried to go to the Game Center it's just blank, even to the settings nothing!

  Try:
  - Reset the iOS device. Nothing will be lost
  Reset iOS device: Hold down the On/Off button and the Home button at the same time for at
  least ten seconds, until the Apple logo appears.
  - Go to Settings>Game Center and sign out and sign back in
  - Reset all settings      
  Go to Settings > General > Reset and tap Reset All Settings.
  All your preferences and settings are reset. Information (such as contacts and calendars) and media (such as songs and videos) aren’t affected.
  - Restore from backup. See:                                                
  iOS: How to back up                                                                                     
  - Restore to factory settings/new iOS device.