Script to access users causing locks in Apps db

Similar Messages

• Script to Determine Users Connected to Oracle Apps and For Imitating Users

  I found this great script (Note:430948.1 on Metalink) to track users connected to the E-Business Suite.
  My colleague though noticed that users who had shut their browsers without logging off or those users who had 'timed out of their session' would still come back in the report.
  He wanted an accurate measure of who was in fact using the e-Business suite.
  We took the original query and added the last line (below). It basically takes the ‘last connect’ time and adds 60 minutes to it to figure out who is ‘validly’ still connected.
  select distinct ic.disabled_flag, fu.user_name User_Name,fr.RESPONSIBILITY_KEY Responsibility, fu.user_name,fu.user_id, fu.description, fu.employee_id,
  ic.responsibility_application_id, ic.responsibility_id, ic.org_id, ic.function_type, ic.counter, ic.first_connect, ic.last_connect,
  ic.nls_territory, ic.time_out, fr.menu_id, fr.responsibility_key
  from apps_fnd.fnd_user fu,
  apps_fnd.fnd_responsibility fr, apps_fnd.icx_sessions ic
  where fu.user_id = ic.user_id AND
  fr.responsibility_id = ic.responsibility_id AND
  ic.disabled_flag='N' AND
  ic.responsibility_id is not null AND
  ic.last_connect > sysdate - (ic.time_out/60)/96
  Can anybody see any issues with this query? or a better way to do this?
  It looks like Oracle runs a clean up script to wipe out sessions after a certain amount of time so they are no longer active sessions - so this works around that.

  From my Exchange Server in an Exchange PS session:
  Name        : Admin Audit Log Agent
  Enabled     : True
  Priority    : 255
  WhenCreated : 6/15/2012 9:54:46 AM
  WhenChanged : 6/15/2012 9:54:46 AM
  Name        : Scripting Agent
  Enabled     : False
  Priority    : 6
  WhenCreated : 6/15/2012 9:54:46 AM
  WhenChanged : 6/15/2012 9:54:46 AM
  Name        : OAB Resources Management Agent
  Enabled     : True
  Priority    : 5
  WhenCreated : 6/15/2012 9:54:46 AM
  WhenChanged : 6/15/2012 9:54:46 AM
  Name        : Provisioning Policy Agent
  Enabled     : True
  Priority    : 4
  WhenCreated : 6/15/2012 9:54:46 AM
  WhenChanged : 6/15/2012 9:54:46 AM
  Name        : Mailbox Creation Time Agent
  Enabled     : True
  Priority    : 3
  WhenCreated : 6/15/2012 9:54:46 AM
  WhenChanged : 6/15/2012 9:54:46 AM
  Name        : Mailbox Resources Management Agent
  Enabled     : True
  Priority    : 2
  WhenCreated : 6/15/2012 9:54:46 AM
  WhenChanged : 6/15/2012 9:54:46 AM
  Name        : Rus Agent
  Enabled     : True
  Priority    : 1
  WhenCreated : 6/15/2012 9:54:46 AM
  WhenChanged : 6/15/2012 9:54:46 AM
  Name        : Query Base DN Agent
  Enabled     : True
  Priority    : 0
  WhenCreated : 6/15/2012 9:54:46 AM
  WhenChanged : 6/15/2012 9:54:46 AM
  The output is the same from my workstation after loading the PSSnapin Microsoft.Exchange.Management.PowerShell.E2010
  Rob Smura, MCSE

• HT1766 I can not access my itune/cloud music & apps! My pc crashed & I'm signed on as a temp. user; I can't sign-on ant other way! I lost my icon also

  I can not access my itune/cloud music & apps! My pc crashed & I'm signed on as a temp. user; I can't sign-on ant other way! I lost my icon also.

  Re: That garbage is unreadable.
  If you really want help, stop messing with the fonts and post so that others can read and offer suggestions.
  Or better yet... try a search, I'm certain you'll find a solution to whatever issue you're experiencing.
  I have found that many times it is the things that make you most angry that push you to action. This was the case here. Thank you for causing me to get so angry that I found the answer myself.

• I have a requirement where I have to give the list of users who can access a specific computer. I am new with PS. Do you have a script to list users that can access a computer object of AD ?

  I have a requirement where I have to give the list of users who can access a specific computer define in AD.
  I am new with PS.
  Do you have a script to list users that can access a computer object of AD ?
  I have executed the following script  but it does not give me the access rights of who can access the computer 'computername'
  How can i have this information. please help
  Import-Module activedirectory
  $computer=get-adcomputer "computername" -properties ntSecurityDescriptor
  $omputer.ntsecurityDescriptor.Access | select-object -expandproperty IdentityReference | sort-object -unique

  I would say that, since the OP has so little info, there are no policies in use.  It there were then this question would never be asked the way it is being asked.
  I had a client call with a letter from their insurance company; an accountant with malpractice insurance.  THey asked the same question inmuch the same way.  "What computer can you users access?"  The question should be more like
  "Do you have a policy that restricts access to computers and do you audit for compliance?"
  I have had other clients whose insurance asked the question in that way.  It produces a better view of what should be happening and how to show compliance.
  I recommend that companies being asked these questions by their legal departments or insurance companies should contract with a god computer security consultant to assist with answering these very tricky questions.  Of course if it is just you boss's
  curiosity  then you may need to discuss his requirements with him in more depth.
  ¯\_(ツ)_/¯

• No Access Error with Locked User iView

  Hi
  We are running EP6SP2 Patch 35
  I’m trying to give access to the Locked User iView to a group of users (I don’t want them to have full User Management functionality)
  I’ve created a role and added Locked User iView to it.  The role has the same property values as the standard User Admin role (eg UME Action ID: UME.Manage_All = Yes), but when I try to access the Locked User iView I get:
  No Access
  You have no permission to perform this action.
  Can anybody advise what else I need to do to get this to work?
  Thanks.

  Hi Mike,
  just to make sure: did you restart the server after assigning the UME Action to the role???
  Unfortunately, this has to be done in order for your changes to take effect.
  Best regards,
  Robert

• Is it possible to access user account in an air android app ?

  Is it possible to access user account in an air android app in as3 ?
  The only thing I've found on internet is that one has to add to its manifest permissions to acccess account :
  <uses-permission android:name="android.permission.GET_ACCOUNTS" />
  and this documentation for native android coding :
  http://developer.android.com/training/id-auth/identify.html
  thanks for any help.

  There is no API in the AIR runtime to get user's accounts.
  But you may write an ANE to get the same.

• When accessing email in IE an error says a script in movie is causing adobe flash player to run slow

  when accessing email in IE an error says a script in movie is causing adobe flash player to run slowly. and email keeps loading and doesn't open.

  Here is the download page for Click-to-PlugIn:
  http://hoyois.github.com/safariextensions/clicktoplugin/

• How to detect apps users holding locks

  Dear all
  Finding out users holding locks is easy for database and then killing them using alter statement
  But when the Sid is revealed, how can i link them to apps users and find who the user actually was

  Sawwan,
  On my test server, i logged in from a user farid and held a lock on MTL_SYSTEMS_ITEMS_B table through the item master form
  Then i did as follows just to analyze how to find apps username holding the lock
  SQL> select object_id from dba_objects where object_name='MTL_SYSTEM_ITEMS_B';
  OBJECT_ID
  38489
  38715
  SQL> select * from v$lock where id2=38489 or id2=38715;
  no rows selected
  SQL> select * from v$lock where id1=38489 or id1=38715;
  ADDR KADDR SID TY ID1 ID2 LMODE
  REQUEST CTIME BLOCK
  000000009D869FE8 000000009D86A010 347 TM 38489 0 3
  0 165 0
  SQL> select paddr from v$session where sid=347;
  PADDR
  000000009F912AE0
  SQL> select addr,pid from v$process where addr='000000009F912AE0';
  ADDR PID
  000000009F912AE0 57
  SQL> select
  2 d.user_name "User Name",
  3 b.sid SID,b.serial# "Serial#", c.spid "srvPID", a.SPID "ClPID",
  4 to_char(START_TIME,'DD-MON-YY HH:MM:SS') "STime"
  5 from
  6 fnd_logins a, v$session b, v$process c, fnd_user d
  7 where
  8 b.paddr = c.addr
  9 and a.pid=c.pid
  10 and a.spid = b.process
  11 and d.user_id = a.user_id
  12 and a.SPID = &PID;
  Enter value for pid: 57
  old 12: and a.SPID = &PID
  new 12: and a.SPID = 57
  no rows selected
  Now can you plz tell me if all i did was right and the query doesnt work or something i did was wrong in the above action plan

• SLD User gets locked; four unsuccessful logons every 15 minutes

  I have a landscape with a PI with the SLD on it. I defined a user with the name SLDUSER and the appropriate authorizations. The PI is a Unicode system, like all systems in the landscape.
  There were already some application servers (CRM, Banking Services, Composition Environment) connecting to this SLD and everything went fine.
  Now I added another application server, an ERP, for FI-CAx (NW 7.02). As the business partners are distributed via XI through the PI system, the ERP needs to connect to the SLD, too.
  I set it up as usual:
  - sldapicust: host, port, SLDUSER, password. (What is weird is that there is no test button as in all the other systems ... maybe that depends on the installed EhPs.)
  - This generated the destinations (type T = TCP/IP) SLD_UC and SLD_NUC automatically.
  - I created destinations SAPSLDAPI and LCRSAPRFC manually in sm59, type T = TCP/IP, set them to Unicode, entered the same (two different) Registered Server Programs that are used in these destinations on all the other servers (CRM, PI, BaS).
  - I ran rz70, entered the host and gateway, activated, executed the data collection.
  SLDCHECK runs successfully on the ERP system!
  The technical system for the BS1 showed up in the SLD as expected.
  - I configured the clients / business systems on the SLD.
  Now begins the problem. The SLDUSER is now getting locked all the time! It's definitely the ERP system causing it - when I prevent it from accessing the PI (by changing the hosts file on the operating system), the problem stops.
  I activated everything critical related to logons and RFCs in sm19 and looked at the logs in sm20. This is what it looks like:
  17.08.2011     19:40:04     BNK_RFC     ilbnkpi1          SAPMSSY1     Password check failed for user SLDUSER in client 001
  17.08.2011     19:40:04     BNK_RFC     ilbnkpi1          SAPMSSY1     Logon Failed (Reason = 1, Type = U)
  17.08.2011     19:40:04     BNK_RFC     ilbnkpi1          SAPMSSY1     Password check failed for user SLDUSER in client 001
  17.08.2011     19:40:04     BNK_RFC     ilbnkpi1          SAPMSSY1     Logon Failed (Reason = 1, Type = U)
  17.08.2011     19:40:04     BNK_RFC     ilbnkpi1          SAPMSSY1     Password check failed for user SLDUSER in client 001
  17.08.2011     19:40:04     BNK_RFC     ilbnkpi1          SAPMSSY1     Logon Failed (Reason = 1, Type = U)
  17.08.2011     19:40:04     BNK_RFC     ilbnkpi1          SAPMSSY1     Password check failed for user SLDUSER in client 001
  17.08.2011     19:40:04     BNK_RFC     ilbnkpi1          SAPMSSY1     Logon Failed (Reason = 1, Type = U)
  17.08.2011     19:55:04     BNK_RFC     ilbnkpi1          SAPMSSY1     Password check failed for user SLDUSER in client 001
  17.08.2011     19:55:04     BNK_RFC     ilbnkpi1          SAPMSSY1     User SLDUSER Locked in Client 001 After Erroneous Password Checks
  17.08.2011     19:55:04     BNK_RFC     ilbnkpi1          SAPMSSY1     Logon Failed (Reason = 1, Type = U)
  17.08.2011     19:55:04     BNK_RFC     ilbnkpi1          SAPMSSY1     Logon Failed (Reason = 53, Type = U)
  17.08.2011     19:55:05     BNK_RFC     ilbnkpi1          SAPMSSY1     Logon Failed (Reason = 53, Type = U)
  17.08.2011     19:55:05     BNK_RFC     ilbnkpi1          SAPMSSY1     Logon Failed (Reason = 53, Type = U)
  And it goes on like this. So what happens is this: Every 15 minutes, at :10, :25, :40, :55, there are four unsuccessful logons with SLDUSER. With the fifth logon it gets locked.
  Again:
  - This stops when I make the PI inaccessible to the ERP.
  - SLDCHECK still works completely fine in ERP - until the SLDUSER is locked, of course; then it stops working in all connected systems. It does not result in unsuccessful logons on the PI.
  - When I run rz70 on the ERP and run the data collection this also reports success and does not create unsuccessful logons on the PI.
  - I have not used the SLDUSER in any other locations besides sldapicust.
  So what the hell is wrong with this system?!

  I have created a separate user SLDUSER_ER1 just for use in the sldapicust in the new ERP system that causes the problem. Still SLDUSER is getting locked (not SLDUSER_ER1)!
  I powered down this ERP system ER1, just to make absolutely sure it is causing the problem - indeed the unsuccessful logon attempts every 15 minutes stopped right away.
  As a workaround and for narrowing down the problem I have created separate users SLDUSER_CR1 etc. for each of the other systems in the landscape (CRM and so on) - indeed those do not get any unsuccessful logon attempts.
  I have deleted all four SLD-related destinations in ER1 and recreated them from scratch (SLD_NUC and SLD_UC being generated when running rz70). I also used the "delete all batch jobs" button in rz70.
  Still, SLDUSER is getting locked.
  I checked on the PI system in C:\usr\sap\PI1\DVEBMGS00\j2ee\cluster\server0\log\system\httpaccess\responses_00.0.trc and see it is indeed the IP of the ERP system that gets the error 401 exactly at the times when the unsuccessful logon attempts occur:
  [Oct 2, 2011 2:46:06 PM   ] - 10.26.83.234 : POST /sld/cimom HTTP/1.1 401 1499 [140]
  [Oct 2, 2011 2:46:06 PM   ] - 10.26.83.234 : POST /sld/cimom HTTP/1.1 401 1499 [79]
  [Oct 2, 2011 2:46:06 PM   ] - 10.26.83.234 : POST /sld/cimom HTTP/1.1 401 1499 [62]
  [Oct 2, 2011 2:46:06 PM   ] - 10.26.83.234 : POST /sld/cimom HTTP/1.1 401 1499 [47]
  As the ERP has no Java instance and the sldapicust does not contain the SLDUSER (but the new SLDUSER_ER1) it is a mystery to me what it is that is still running every 15 minutes in the ERP and tries to use SLDUSER.
  I went through the entries in SECSTORE and could not find any use of SLDUSER (only of SLDUSER_ER1, as it should be).
  Edited by: Monika Eggers on Oct 2, 2011 3:08 PM

• Error when access User Administration / Identity Management

  The user 'administrator' is locked.
  When I try to access User Administration / Identity Management area to unlock the 'administrator' user I got the following error:
  Can anyone help me ?
  #1.5#0050569F4EE700610000003F0000070400043B1305FE89C8#1190852804709#com.sap.security.core.wd.jmxmodel.JmxModelCompInterface#sap.com/tcwddispwda#com.sap.security.core.wd.jmxmodel.JmxModelCompInterface#daniel.silva#498####531a11606c9011dcb22f0050569f4ee7#SAPEngine_Application_Thread[impl:3]_18##0#0#Error##Java###public void supplyUmeProperties(IPrivateJmxModelCompInterface.IUmePropertiesNode node, IPrivateJmxModelCompInterface.IContextElement parentElement)
  [EXCEPTION]
  #1#java.lang.reflect.UndeclaredThrowableException
       at com.sap.security.core.jmx._gen.IJmxServer$Impl.getUmeProperties(IJmxServer.java:1199)
       at com.sap.security.core.wd.jmxmodel.JmxModelCompInterface.supplyUmeProperties(JmxModelCompInterface.java:847)
       at com.sap.security.core.wd.jmxmodel.wdp.InternalJmxModelCompInterface.supplyUmeProperties(InternalJmxModelCompInterface.java:506)
       at com.sap.security.core.wd.jmxmodel.wdp.IPublicJmxModelCompInterface$IUmePropertiesNode.doSupplyElements(IPublicJmxModelCompInterface.java:3892)
       at com.sap.tc.webdynpro.progmodel.context.Node.supplyElements(Node.java:408)
       at com.sap.tc.webdynpro.progmodel.context.Node.getElementList(Node.java:351)
       at com.sap.tc.webdynpro.progmodel.context.Node.createMappedElementList(Node.java:500)
       at com.sap.tc.webdynpro.progmodel.context.Node.supplyElements(Node.java:395)
       at com.sap.tc.webdynpro.progmodel.context.Node.getElementList(Node.java:351)
       at com.sap.tc.webdynpro.progmodel.context.Node.createMappedElementList(Node.java:500)
       at com.sap.tc.webdynpro.progmodel.context.Node.supplyElements(Node.java:395)
       at com.sap.tc.webdynpro.progmodel.context.Node.getElementList(Node.java:351)
       at com.sap.tc.webdynpro.progmodel.context.Node.createMappedElementList(Node.java:500)
       at com.sap.tc.webdynpro.progmodel.context.Node.supplyElements(Node.java:395)
       at com.sap.tc.webdynpro.progmodel.context.Node.getElementList(Node.java:351)
       at com.sap.tc.webdynpro.progmodel.context.Node.getElements(Node.java:339)
       at com.sap.tc.webdynpro.progmodel.context.Node.getElementAtInternal(Node.java:617)
       at com.sap.tc.webdynpro.progmodel.context.Node.getCurrentElementInternal(Node.java:870)
       at com.sap.tc.webdynpro.progmodel.context.Node.getCurrentElement(Node.java:877)
       at com.sap.security.core.wd.navigation.wdp.IPrivateNavigationFrameView$IContextNode.currentUmePropertiesElement(IPrivateNavigationFrameView.java:161)
       at com.sap.security.core.wd.navigation.NavigationFrameView.onActionSmallSize(NavigationFrameView.java:159)
       at com.sap.security.core.wd.navigation.NavigationFrameView.wdDoInit(NavigationFrameView.java:97)
       at com.sap.security.core.wd.navigation.wdp.InternalNavigationFrameView.wdDoInit(InternalNavigationFrameView.java:161)
       at com.sap.tc.webdynpro.progmodel.generation.DelegatingView.doInit(DelegatingView.java:61)
       at com.sap.tc.webdynpro.progmodel.controller.Controller.initController(Controller.java:215)
       at com.sap.tc.webdynpro.progmodel.view.View.initController(View.java:398)
       at com.sap.tc.webdynpro.progmodel.controller.Controller.init(Controller.java:200)
       at com.sap.tc.webdynpro.progmodel.view.ViewManager.getView(ViewManager.java:690)
       at com.sap.tc.webdynpro.progmodel.view.ViewManager.bind(ViewManager.java:536)
       at com.sap.tc.webdynpro.progmodel.view.ViewManager.getView(ViewManager.java:705)
       at com.sap.tc.webdynpro.progmodel.view.ViewManager.bindRoot(ViewManager.java:560)
       at com.sap.tc.webdynpro.progmodel.view.ViewManager.init(ViewManager.java:155)
       at com.sap.tc.webdynpro.progmodel.view.InterfaceView.initController(InterfaceView.java:43)
       at com.sap.tc.webdynpro.progmodel.controller.Controller.init(Controller.java:200)
       at com.sap.tc.webdynpro.progmodel.view.ViewManager.getView(ViewManager.java:690)
       at com.sap.tc.webdynpro.progmodel.view.ViewManager.bind(ViewManager.java:536)
       at com.sap.tc.webdynpro.progmodel.view.ViewManager.getView(ViewManager.java:705)
       at com.sap.tc.webdynpro.progmodel.view.ViewManager.bindRoot(ViewManager.java:560)
       at com.sap.tc.webdynpro.progmodel.view.ViewManager.init(ViewManager.java:155)
       at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.doOpen(WebDynproWindow.java:311)
       at com.sap.tc.webdynpro.clientserver.window.ApplicationWindow.open(ApplicationWindow.java:204)
       at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.init(ClientApplication.java:347)
       at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.initApplication(ApplicationSession.java:668)
       at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:268)
       at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingPortal(ClientSession.java:725)
       at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:661)
       at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:227)
       at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:150)
       at com.sap.tc.webdynpro.clientserver.session.core.ApplicationHandle.doProcessing(ApplicationHandle.java:73)
       at com.sap.tc.webdynpro.portal.pb.impl.AbstractApplicationProxy.sendDataAndProcessActionInternal(AbstractApplicationProxy.java:739)
       at com.sap.tc.webdynpro.portal.pb.impl.AbstractApplicationProxy.create(AbstractApplicationProxy.java:208)
       at com.sap.portal.pb.PageBuilder.updateApplications(PageBuilder.java:1240)
       at com.sap.portal.pb.PageBuilder.createPage(PageBuilder.java:340)
       at com.sap.portal.pb.PageBuilder.init(PageBuilder.java:538)
       at com.sap.portal.pb.PageBuilder.wdDoInit(PageBuilder.java:177)
       at com.sap.portal.pb.wdp.InternalPageBuilder.wdDoInit(InternalPageBuilder.java:150)
       at com.sap.tc.webdynpro.progmodel.generation.DelegatingComponent.doInit(DelegatingComponent.java:108)
       at com.sap.tc.webdynpro.progmodel.controller.Controller.initController(Controller.java:215)
       at com.sap.tc.webdynpro.progmodel.controller.Controller.init(Controller.java:200)
       at com.sap.tc.webdynpro.clientserver.cal.ClientComponent.init(ClientComponent.java:429)
       at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.init(ClientApplication.java:345)
       at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.initApplication(ApplicationSession.java:668)
       at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:268)
       at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingStandalone(ClientSession.java:705)
       at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:659)
       at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:227)
       at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:150)
       at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:56)
       at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doPost(DispatcherServlet.java:47)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:390)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:264)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:347)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:325)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:887)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:241)
       at com.sap.engine.services.httpserver.server.Client.handle(Client.java:92)
       at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:148)
       at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
       at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
       at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
       at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
  Caused by: javax.management.InstanceNotFoundException: com.sap.default:name=IJmxServer,j2eeType=UmeJmxServer,SAP_J2EECluster=KMD not in repository
       at com.sap.pj.jmx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:940)
       at com.sap.pj.jmx.server.interceptor.MBeanServerWrapperInterceptor.invoke(MBeanServerWrapperInterceptor.java:288)
       at com.sap.engine.services.jmx.CompletionInterceptor.invoke(CompletionInterceptor.java:400)
       at com.sap.pj.jmx.server.interceptor.BasicMBeanServerInterceptor.invoke(BasicMBeanServerInterceptor.java:277)
       at com.sap.jmx.provider.ProviderInterceptor.invoke(ProviderInterceptor.java:258)
       at com.sap.engine.services.jmx.RedirectInterceptor.invoke(RedirectInterceptor.java:340)
       at com.sap.pj.jmx.server.interceptor.MBeanServerInterceptorChain.invoke(MBeanServerInterceptorChain.java:330)
       at com.sap.engine.services.jmx.MBeanServerSecurityWrapper.invoke(MBeanServerSecurityWrapper.java:287)
       at com.sap.engine.services.jmx.ClusterInterceptor.invoke(ClusterInterceptor.java:813)
       at com.sap.pj.jmx.server.interceptor.MBeanServerInterceptorChain.invoke(MBeanServerInterceptorChain.java:330)
       at com.sap.security.core.jmx._gen.IJmxServer$Impl.getUmeProperties(IJmxServer.java:1172)
       ... 84 more

  Hey,
  Try this steps
  C:\usr\sap\J2E\JC01\j2ee\configtool->configtool.bat->open it
  1. Click on Secure store
  2. Right you will find :
  admin/password/J2E->retype your admin passowrd which you gave during installation=>SAVE properly
  Restart the server and try login visual admin

• Help solve OIM puzzle - OIM Authenticator == "weblogic user soft locked"

  Hi,
  I just completed an installation of IDAM 11g including OIM. I've done several, with different configurations, but this one is on Centos 64-bit.
  Everything seems to be working, but whenever I start the soa_server1 and oim_server1 managed server, I start seeing messages in the Adminserver stdout from <OIMAuthenticator>, saying that the weblogic user is "soft locked". If I go into OIM Admin, the 'WEBLOGIC' user is locked, and if I unlock that user in OIM Admin, the msgs from Adminserver change to "failed authentication" a few times, then I get the "soft locked" messages again.
  I've been trying to track this problem down for almost a week now. I'm "close" to understanding what might be going on, but I'm kind of at an impasse right now, so I figured I'd post what I've found thus far, and see if anyone here has any ideas.
  1) With this installation, I first installed a basic WebLogic domain, with a password (e.g., "password1").
  2) When I got to the IDAM installation, because there was a password policy, I had to use a password with upper-case in it (e.g., "Password1"), for all responses, except when it asked for the info for accessing the WebLogic Adminserver, in which case I responded with the original weblogic password (e.g., "password1").
  3) I have both the DefaultAuthenticator and the OIMAuthenticator in the security realm, with the DefaultAuthenticator at the top, above the OIMAuthenticator. Both authenticators are set to "SUFFICIENT".
  4) I think that SOMETHING is intermittently (~ every minute) trying to authenticate using the "weblogic" user, but whatever that is, it has the "wrong" password.
  5) My understanding is that normally, when OIM is installed, the 'WEBLOGIC' user is added to OIM, with an "empty" password, and I confirmed via sqlplus, that the USR_PASSWORD in the OIM USR table is indeed empty.
  6) I think that with the order that the authenticators are in, DefaultAuthenticator would attempt to authenticate, and then OIMAuthenticator would attempt to authenticate. Since both are set to SUFFICIENT, if an authentication against DefaultAuthenticator succeeds, the authentication would be considered "successful".
  Based on all of the above, it seems like whatever the process that is trying to do those authentications is, it has a password that is not "password1" (since if it was using "password1", then the DefaultAuthenticator" would successfully authenticate, and it shouldn't try the OIMAuthenticator), and then OIMAuthenticator is trying to authenticate. Since the USR_PASSWORD is empty, OIMAuthenticator would always fail authentication, and thus the "failed authentication" errors followed by the "soft locked" msgs.
  7) I've tried to track down "what" process is doing the authentications, and I believe that it is EMAGENT. The reason that I say this is that if I stop EMAGENT using opmnctl, the "soft locked" messages stop.
  8) I've tried to set the "monitoring credentials" for the "weblogic" user in EM, to match the "password1", but even after I do that, I still see the "soft locked" msgs, and if I unlock the 'WEBLOGIC' use in OIM, then I get several "failed authentication" followed by the "soft locked" msgs again.
  9) I did an experiment (I'm running this under VMware, so I was able to do a snapshot and then revert after the experiment), where I set the password for the 'WEBLOGIC' user in OIM Admin to the "Password1", and after I did that, the "soft locked" errors stopped, so I believe that whatever process is attempting to authenticate is using the "Password1" password, rather than the "password1" password.
  I also have another earlier installation, that I installed using the "normal" way, i.e., letting the config.sh create a new WL domain, and that works and I don't get these "soft locked" msgs at all. That configuration also has USR_PASSWORD empty in the OIM database USR table.
  So, the question that I have is how do I get the EMAGENT to use the "password1" password instead of the "Password1" password?
  As I mentioned above, I tried changing that in the EM monitoring credentials, but that didn't seem to fix the problem (still got "soft locked" msgs).
  Maybe I've been staring at this problem too long, and am missing something, so I hope that someone can post some suggestions.
  Thanks,
  Jim

  Hi,
  I'm afraid that I'm not doing a very good job explaining what worries me.
  Specifically, I don't understand WHY the authentication of the 'weblogic' user against the DefaultAuthenticator is failing. I know that the reason that OIM is locking the 'WEBLOGIC' user is that the DefaultAuthenticator authentication is failing, causing the attempt to authenticate against the OIMAuthenticator (which also fails because USR_PASSWORD is empty), but why is that authentication against DefaultAuthenticator failing?
  More particularly, I'd really like to find out how to change the password that whatever is trying to do that authentication is using.
  As I said, I tried changing the monitoring credentials in EM already. I think that that actually changed SOMETHING, but not everything. Before that I was seeing 3 soft locked msgs every minute. After I changed the monitoring credentials to a completely different user that I created in the WL Console (emagent_monitor, member of the Monitors group in WL Console), instead of getting 3 msgs per minute, I'm now getting 1 msg per minute.
  So, it appears that it's something else, other than the monitoring credentials, i.e., something else (I don't know what) is trying to authenticate with the 'weblogic' user, but with bad password.
  Jim

• "Custom Access" permissions are locking me out of my own computer!

  "Custom Access" permissions are locking me out of my own computer!
  I have a Mac Book Pro which I can no longer access, due, I believe, to a problem with disk and file permissions. When I attempt to open up the volume, which I am able to put in FireWire target mode and mount on the desktop of a nearby iMac G5, I get an error message saying: "The folder 'MacBook Pro' could not be opened because you do not have sufficient access privileges."
  When I select the 'MacBook Pro' volume and run the Get Info command, I learn that the system, admin, and everyone else groups now have "custom access." I suppose that this newly acquired "custom access" is the reason that the volume icon now appears on the desktop with a lock at its lower left corner! Unfortunately, that lock is keeping me out, so I need help in finding the key back in!
  How all this came about overnight is a mystery wrapped in a enigma similar to my getting pneumonia last summer. Coming down with both diseases would require telling long stories that would only have as their common objective the desire to be cured. I might have gotten the pneumonia at my college reunion; my laptop computer might have caught a cold last night when I ran TechTool Pro and optimized my volume prior to installing its eDrive today. Or, my laptop computer may have choked when I tried to add Disk Warrior to the TechTool Pro eDrive and inadvertently issued some command that resulted in my normal permission settings getting changed and rendering everything on the computer completely inaccessible to me. Who knows for sure? Right now, the cause doesn't matter: finding the solution does.
  I used TechTool Pro to run a series of tests before (and after) I got locked out of my own computer and the volume passed all the tests for volume integrity and file integrity. TechTool also rebuilt the directory, defragged all the files, and optimized the hard drive into one, large, well-organized segment of files --that I unfortunately can no longer access!
  *What I think I need now are some very explicit, error-free, Terminal (UNIX) instructions telling me how to change the permissions on an external FireWire volume called "MacBook Pro" containing Leopard Mac OS X 10.5.7 from its current custom access privileges back to my settings before my poor computer caught this disabling cold.*
  I do have a SuperDuper clone of this MacBook Pro computer on an external FireWire, which I could probably use to relieve me of my pain. But, if at all possible, I would like to call upon that option only as a last resort for two reasons:
  (1) I am not entirely comfortable that the clone is completely reliable at this moment. My last cloning operation last night (before this corrupted permissions problem occurred) did not complete itself, leaving the cloned volume in an unknown, or unstable, state. (2) I would like to use this problem as an opportunity to grow and learn more about the Terminal and UNIX commands.
  I have read the relevant sections in David Pogue's missing manual on Mac OS X Leopard, so I am familiar (in theory) with the concepts he explained regarding ownership, file permissions, the root, Terminal, the CHMOD command, and the SUDO command. It's just that, considering the awesome power of the SuperUser Do command, I'm not all that confident yet that I could write the command(s) that could affect the state of my entire computer hard drive. So, *I'm asking for guidance from a UNIX guru to guide my hand this first time out.*
  I know about the idea of safe booting up as a single user, but since I do have my laptop computer mounted on the desktop of my iMac as a Firewire volume, I would prefer to use Terminal on the iMac to fix the permissions on that mounted volume, called "MacBook Pro".
  *Experts only, please*. Theories about what might have caused this problem would be nice, but what I really need is explicit command line code to cure this one. Since other people may occasionally encounter this problem of being locked out of their own computer, it would be fine with me if some knowledgeable guru wants to use this as a springboard to write a detailed tutorial on the topic along the way to the solution. Thanks.
  bowlerboy_jmb

  {I read that article you sent me to, Baltwo, but it does not seem appropriate, because the disk is not invisible. It's locked! I also went through all the discussions on flag changing you directed to me to look up, and I tried to apply something from there to my situation. But that's not working for me yet either. The topics there seem to be close enough to be relevant to my case, but none are exactly on the mark, and so far they deliver no cigar. Maybe I missed the one thread you had in mind from among the twenty I looked through: I can't be sure. You point it out, if you have one in mind. Anyway, in the absence of anyone providing me with specific Unix code or suggestions about my particular situation, I plunged ahead on my own, and I attempted to write some Unix code that might fix my problem. So far, I've had no success. This posting intersperses my comments along with the lines of Unix code which were displayed on my MacBook Pro during my recent attempts to tinker under the hood. My remarks are contained inside of curly brackets like { and } while the results of my Unix experimenting in Single User Mode on the laptop are presented without curly brackets. These were initially notes to myself, so I'm creating a post around my Unix dabbling to see if it triggers any feedback, corrections, and guidance for moving ahead. I'm stuck right now.}
  date
  Fri Jun 19 17:52:25 EDT 2009
  :/ root# sudo chflags nouchg /
  sudo: can't open /private/etc/sudoers: Permission denied
  :/ root# sendmail: warning: valid_hostname: empty hostname
  sendmail: fatal: unable to use my own hostname
  :/ root# ls -l
  {The screen filled up with rows of file names and their permissions, like...}
  drwxrwxr-x+ 43 root admin 1462 Jun 16 04:36 Applications
  :/ root# exit
  {Nothing happens for quite a while, then...}
  jettisoning kernel linker.
  {...and then several lines of replies fill up the screen, ending in that same loop regarding no such file or directory found, in regards to mDNSResponder. I had tried the {chmod 775 > solution recommended by a user at a web site I Googled to deal with the mDNSResponder problem he had. The chmod 775 / command worked for him, he reported, but it does not succeed for me. The mDNSResponderline continues to repeat itself ad infinitum, so I must force the Mac to turn off by holding down the power button for several seconds. Upon restart in Single User mode, I observe that, as before, "Root device is mounted read-only," so this time I try to amend permissions at the root level with...}
  :/ root# sudo chmod 755 /
  {If I understand what I've just learned about Unix, this tells the Mac to give me permission to do anything, but to give all others permission only to read and execute. Unfortunately, the command fails. The computer again responded with the same lines that it gave me when I had issued the command regarding no user flags, namely:}
  sudo: can't open /private/etc/sudoers: Permission denied
  :/ root# sendmail: warning: valid_hostname: empty hostname
  sendmail: fatal: unable to use my own hostname
  {So, to summarize, I have a MacBook Pro which I am apparently locked out of and cannot change. The hard disk is not invisible: it will appear as an external drive when placed in Target Mode and connected via a Firewire cable to an iMac. I tried to use Terminal on that iMac to change permissions on the MacBook Pro, but permission was denied.
  {So, I have tried to make changes on the MacBook Pro directly. I learned that it will neither start-up under normal circumstances nor via Safe Boot mode. It will, however, start-up under Single User mode. Based on my bleary-eyed crash course in Unix throughout all of last night and early this morning, I did gain some additional understanding about UNIX from some [free online books|http://www.scribd.com/doc/12747795/Made-Easy-Unix-for-Beginners] and articles, especially from a thorough and lucidly written article at Indiana University called [In Unix, how do I change the permissions for a file?|http://kb.iu.edu/data/data/abdb.html]
  {Also, I followed the links to the Apple discussions on user flags, and I cherry picked the most appropriate solutions suggested there to see if they will apply to my situation. However, none quite fit. None have thus far succeeded. I think I now know how to formulate the syntax of Unix commands in regards to modifying permissions, and I'm willing to plow ahead and try things out. But I'm only a rank beginner in this Unix realm, so maybe I'm doing something wrong in that department.
  {It just boggles my mind that someone can inadvertently be locked out of their computer without a way back in, so all I'm asking for is some trouble-shooting guidance to find the key back in. Anyone got it? Is this a problem that can be cured by writing some Unix commands to the system? Or, does the solution lie elsewhere?}
  bowlerboy_jmb

• Since updating my iPhone 4 to ios6 I can no longer access itunes through the itunes app.  I just get a blank white screen.  Is there a fix for this yet?

  Since upgrading my iPhone 4 to the new ios6 software I can no longer access itunes through the itunes app.  I there a fix for this yet?

  Scalesy05 wrote:
  I there a fix for this yet?
  Why would there be a fix?  YOU are having the problem.  I'm not, no one I know is having the problem.  No fix is needed.
  Basic troubleshooting steps clearly outlined in the User Guide are restart, reset, restore from backup, restore as new.  Have you been through any, if not all of these troubleshooting steps yet?

• Can you put a lock on apps?

  Hi there,
  I was just wondering if there is any way of locking an app on my "ipad with retina display" which i purchased from the app store for example sketchbook express so only i can access it. i was wondering if i could lock an app via another app on the app store, is that possible?
  Thanks!
  Johnny2000

  Due to the sandbox nature of how iOS programs work, one app cannot
  control or affect another. Therefore, an app cannot lock another app.
  As Diavonex stated, unless the app comes with a passcode lock feature.
  the app cannot be locked.

• I am looking for a child lock out app that entertains them

  i am looking for a childs lock out app that will entertain them without allowing them access to phone while locked.

  iTunes: Using Parental Controls
  iOS: Understanding Restrictions (parental controls)
  in absence of any detail in your post