Security Stories - funny and not-so-funny

Here we are on the last day of this event. Lots of good questions and answers.
I don't have anything useful to contribute, so I'll start this thread with a couple of stories illustrating how easy it is to get into trouble on the interwebs. You can have all the security software in the world, but it won't eliminate PEBKAC. I blame a certain community supermod for encouraging this...
1) My wife yelled at me that her computer was messed up. (It's always my fault) She couldn't open an email attachment. I asked her to show me. It was from a familiar email address, but the contents were in broken English and the attachment was waaay suspicious. She was just curious to see what it was.
The reason she couldn't open it was that the AV software had popped up a window screaming "do you really, really want to to open this!!!!!" Fortunately the popup was behind the browser window and she couldn't click "OK".
2) A co-worker complained that his desktop had been running slow for a month or so. I immediately noticed that the NIC LED was constantly blinking. Welcome to the botnet. We started playing 20 questions, and I finally got this out of him:
He had gotten an email - seemingly from corporate HQ (we were briefly owned by a large company) saying something like "Corporate has discovered infections on several machines. If you find a file "..\windows\system32\something-important.dll" remove it immediately!" He did. 24 hours later here came another email "Sincere apologies. The previous email was incorrect, and we should not have asked you to remove that dll. Please reinstall the attached file." He did. Hilarity ensued.
He didn't bother to run this by the IT guy (me, sort of) for a month.
3) A co-worker's spouse was visiting, and asked to use our wifi connection to conduct some of her business. She needed to contact the mother ship in another state. Check her email - or so I thought. After a while, she came into my office and said something like " the IT guy at my office needs the password to your router. He needs to change your firewall settings so my app will work." He was running a remote desktop on her machine and had already tried to fiddle the router without asking.
Insane. Criminally.
Anyone care to add to this? Or petition the mods to remove it?
Z.
The large print: please read the Community Participation Rules before posting. Include as much information as possible: model, machine type, operating system, and a descriptive subject line. Do not include personal information: serial number, telephone number, email address, etc. The fine print: I do not work for, nor do I speak for Lenovo. Unsolicited private messages will be ignored. ... GeezBlog
English Community Deutsche Community Comunidad en Español Русскоязычное Сообщество

Good idea, Z. A bit of levity doesn't detract from learning.
True story:
On one of the forums I admin, there was someone who was having ongoing problems with his computer. He was a regular contributor to the forum, although in the general areas, not with computer help. The problem I encountered with him is that he wouldn't follow through or would avoid answering questions that were directed at determining the nature of the problem. Instead, he would claim to reinstall the OS and all would be well . . . for a while anyway.
Finally we learned the real reason he had ongoing problems with his computer.
QUOTE:
"i am CERTAIN it is running hot, b/c, among other things, I cover all the airvents with a TOWEL while it is running!
yeah, i kno this is not ideal, but there are reasons (flying liquids!) why I am afraid to leave it exposed. anyway, i figured this was adding wear and tear to the machine, but i didn't think it was a cause of big problems in the SHORT-term.
HOWEVER, last night i left it uncovered (lid closed but no towel) and pointed a FAN at it. as of this morning (11 hrs or so) it is STILL running w/o a crash!"
Microsoft MVP, Consumer Security
Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!
Twitter: http://twitter.com/SecurityGarden
Security Information and Malware Removal @LandzDown Forum

Similar Messages

HT5312 Forgot answers to security ?s and not giving me optin for rescue email what do I do

Forgot answers to security ?s and not giving me optin for rescue email what do I do?

Didn't the link to contact the iTunes Store staff in the 'Additional Information' section of that article work for you? If you don't already have a valid rescue email address, only Apple itself can assist with recovering lost answers.
(88524)

Has anybody ever had their security questions changed and not have the answers?

Has anybody ever had their security questions changed and not have the answers for an ipod touch? I cannnot buy music or access my itunes account now. Thank you for any help or direction. Phone support and apple express was a deadend.

See Kappy's previous discussion.
HT5312 How to recover security...: Apple Support Communities

Secure Store Database and ActionType Entry Value Not Documented?

Hello,
I enabled auditing of Secure Store operations when I implemented SharePoint 2013. I am just now getting around to looking at the entries in the SSSAudit table and have discovered that there is an entry in the ActionType column that is undocumented in the Secure
Store Database Protocol Specification. The entry is a value of 137 but the protocol specification only goes to 136 (A SSS user has set his/her own credentials in the SSS store.).
Can someone please tell me what the value of 137 is in the ActionType column in the SSSAudit table of the Secure Store database? I need this for documentation and auditing purposes.
Thank you in advance!

Hello,
I enabled auditing of Secure Store operations when I implemented SharePoint 2013. I am just now getting around to looking at the entries in the SSSAudit table and have discovered that there is an entry in the ActionType column that is undocumented in the Secure
Store Database Protocol Specification. The entry is a value of 137 but the protocol specification only goes to 136 (A SSS user has set his/her own credentials in the SSS store.).
Can someone please tell me what the value of 137 is in the ActionType column in the SSSAudit table of the Secure Store database? I need this for documentation and auditing purposes.
Thank you in advance!

Secure store directory does not exist

hi guys,
i installed EP in my server and it is succefully installed .
but in the post installation steps when i am running the templates it is showing the following error .
com.sap.engine.frame.core.configuration.ConfigurationException: Error occurred: Secure Store lib Dir does not exist
eds/sapmnt/EP2/SYS/global/sapmnt/EP2/SYS/global/security/lib\tools
I am not able to access the portal screen i.e., ( http://host:port/irj/portal ) . It is showing the message (404 not found). any one plzz help me in this issue.
thanks
rahul

Read,
Error occurred: Secure Store lib Dir does not exist
/thread/1116440 [original link is broken]
That might help
Regards
Juan

Secure Store Service and Schedule Data Refresh

Hi
Can you please let us know how many (max) target application's we can create under 1 secure store service application?
As we know, Manage Data Refresh feature is only available for PowerPivot Service Report and we can access it from Sharepoint to schedule the Workbook for Data Refresh.
As per our requirement, we need to build a interface to use this Schedule data refresh feature in a separate browser not from SharePoint. Please let us know how to build this interface, is there any option to use API Web Service.
Thanks in advance.
Regards
K.V.B.Gururaaja

Hi,
For your first question, refer to the following link:
https://social.technet.microsoft.com/Forums/en-US/ab7f24eb-0cbf-4101-931e-1f89446e2149/secure-store-service-target-application-max-number?forum=sharepointgeneral
For your second problem, could you offer a screenshot about what is your intention?
Besides, take a look at the article about PowerPivot data refresh options:
http://www.sqlchick.com/entries/2012/11/17/powerpivot-data-refresh-options.html
Best Regards,
Lisa Chen
Forum Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected]
Lisa Chen
TechNet Community Support

EJB 3.0 Security with ACEGI and not with Container Managed Security

Hi,
     Currently we are using EJB 2.0 in our project, We want to use EJB 3.0
     But for security we want to use Spring ACEGI Security and we don�t want to use container managed security (No Portability, Difficult, �)
     ACEGI supports Servlet/JSP security very well (I am able to call isUserInRole(), getUserPrincipal() because ACEGI implements by ServletRequestWrapper in a filter)
     But for EJB, it lacks this feature. (There is no standard EJB interceptor API as there is with servlets (using filters), so there's no generic way of modify in the EJB context for the invocation)
     Without using container managed security, Is there any way to propogate my security context from Servlet Layer to EJB Layer, So that I can use EJB Declartive security and getCallerPrincipal(), isCallerInRole() API.
     For more info please see this thread http://forum.springframework.org/showthread.php?t=26514
     Why don�t you provide standard EJB interceptor API as there is with servlets (using filters), so there I am able add security identity to EJB context.
     I am eagerly waiting for the reply

Reason: javax.naming.NameNotFoundException: jdbc not bound
Although i am quite new to this as well i would say that there is a problem with your connection with the database.
It seems it cannot connect to Mysql.
have you download the mysql package library and imported it ?
Also in your deploy folder in you Jboss
have you altered the jdbc to connect to you database in your dataset ? ( i am not sure about mysql, but postgre reguired this)
Most probably it would be the same in mysql.
<connection-url>jdbc:postgresql://127.0.0.1:5432/Dissertation</connection-url>
Not sure if this is what you reguire, i am new at this my self

Secure Store Service Application takes a lot of time and does not create the database

Hi everybody,
I was trying to configure sharepoint performance point and I was following the instruction. After I created the performance point services application I tried to creat the secure store service application. When I do this, the progress window stays open forever
even after 2 hours. If I close the window, I will see that the secure store service and proxy app is created and the application pool also is created in IIS but the database is not and the application service is stopped. even when I want to delete it, it's
the same story and the progress window stays until I close it manually. Nothing has been logged in the event viewer because it doesn't throw any exceptions.
I don't think that I have permission issues on the database server side because I have created the performance point service app and the database is there. I have used the same credentials to crete the secure store.
I have restarted the secure store service and IIS for many times and even the server itself.
I'm wondering if anybody has had this issue because I couldn't find anything on the web.
Thanks,
Edwin

Alex, please ignore my previous answer. I found more information in the ULS. At the time that I started creating the service application by power shell these things are logged and they are repeated several times:
it starts with:
11/13/2013 15:19:55.52 PowerShell.exe (0x1698)
0x170C
Secure Store Service
Secure Store
esj6 High
Creating Secure Store Service Application 'Secure Store Service Application'.
c402af0c-5ff6-4995-83b8-3f95210a8b3d
11/13/2013 15:19:55.54 PowerShell.exe (0x1698)
0x170C
Secure Store Service
Secure Store
esj9 Medium
Creating "database object" 'SP_SecureStore' for application. At this time database is not created.
c402af0c-5ff6-4995-83b8-3f95210a8b3d
11/13/2013 15:19:55.54 PowerShell.exe (0x1698)
0x170C
Secure Store Service
Secure Store
esk0 Medium
Saving "database object" 'SP_SecureStore' in the config db.
c402af0c-5ff6-4995-83b8-3f95210a8b3d
11/13/2013 15:19:55.83 w3wp.exe (0x0944)
0x0DB4
Secure Store Service
Secure Store
d4gx Verbose
BackgroundTasks instance accesed.
11/13/2013 15:19:55.83 SPUCWorkerProcessProxy.exe (0x13A0)
0x02B0
Secure Store Service
Secure Store
d4gx Verbose
BackgroundTasks instance accesed.
11/13/2013 15:19:55.83 PowerShell.exe (0x1698)
0x1740
Secure Store Service
Secure Store
f7wk Verbose
StartTracker called for secure store ''
11/13/2013 15:19:55.83 PowerShell.exe (0x1698)
0x1740
Secure Store Service
Secure Store
f7wl Verbose
Tracker not started because call not made from Service Host.
11/13/2013 15:19:55.83 WebAnalyticsService.exe (0x0A6C)
0x1B88 Secure Store Service
Secure Store
f7wk Verbose
StartTracker called for secure store ''
Finally it says:
11/13/2013 15:19:55.90 PowerShell.exe (0x1698)
0x170C
Secure Store Service
Secure Store
esk9 High
Secure Store Service Application 'Secure Store Service Application' created.
c402af0c-5ff6-4995-83b8-3f95210a8b3d

FAQ: BC-SSF (Secure Store & Forward)

Version: 20060317
Q: Where can i find more information to the BC-SSF interface ?
A: Have a look on our ICC webpage in the SDN:
SAP NetWeaver - Secure Store & Forward and Digital Signatures (BC-SSF) [original link is broken]
Q: What costs are arising when we want our product to be certified ?
A: See also out SDN page under the headline "Price List".
Q: Is there a link/page for the already certified products for this interface ?
A: Sure, have a look on our ICC page under the headline "Certified Solutions"
Q: Who can we ask in case of general question ?
A: Have a look at our general ICC forum:
SAP Integration and Certification Center (SAP ICC)
Of course, if you have urgent requests you can send them also directly to our local ICC's:
ICC Walldorf in Germany: [email protected]
ICC Palo Alto in USA: [email protected]
ICC Bangalore in India: [email protected]
Q: Who can we ask in case of technical questions ?
A: This depends on the state of your certification project.
1.) If the certification contracts have been signed then you can ask in this forum and if this does not solve your question go back to your assigned integration consultant.
2.) When the certification contracts have not been signed then you can ask questions in this forum.
Q: Can we just implement our own Hash algorithms or do we need to implement MD5 and SHA1 also ?
A: Both hash algorithms are mandatory for getting certified. This means you have to implement MD5 and SHA1 for the certification.
Q: There is a conflict between our signaturealgorithm and the MD5 and/or SHA1 hashalgorithm in the way that they are not allowed to be used together. What can we do ?
A: If this is the case then get in contact with your assigned integration consultant to find a way out of this situation.

I have generate the Security certificate using STRUST.
I am calling function SSF_SIGN_BY_USER to digitally sign the document.
But I am getting CRC = 1 in return.
can anybody help me to assign SSF data to the User in su01.
I have to fill some fields by usign security certificate :
fields are : SSF ID , SSF ID Part2 , SSF Profile
Certficate is :
Owner : CN=DEB, OU=I0020538104, OU=Server, O=SAP Trust Community, C=DE
Issuer : CN=Server CA, OU=Server, O=SAP Trust Community, C=DE
Serial Number : 6B2CA5FC7E69D658100301001819
How to relate this. Please help

Secure Store Service problems

Hi, I am getting the following error when trying to manage the Secure Store Service (CMA -> Application Management -> Service Applications -> Manage Service Applications)
"Cannot complete this action as the Secure Store Shared Service is not responding. Please contact your administrator."
Looking at the Sharepoint logs I noticed the following errors:
The Secure Store Service application Secure Store Service is not accessible. The full exception text is: Could not connect to http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc/actas.
TCP error code 10061: No connection could be made because the target machine actively refused it 127.0.0.1:32843.
Unexpected exception from endpoint address : https://extsharepoint:32844/49c2533b83924aed91e0059a9ee957d9/SecureStoreService.svc/https
Error occured while managing Secure Store Application 190b7e02-1aff-4a9b-bf01-007f953df8d1. Error message: Secure Store Service did not performed the operation..
Logging unknown/unexpected client side exception: EndpointNotFoundException. This will cause this application server to be removed from the load balancer
queue. Exception: System.ServiceModel.EndpointNotFoundException: Could not connect to http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc/actas. TCP error code 10061: No connection could be made because the target machine actively refused
it 127.0.0.1:32843. ---> System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it 127.0.0.1:32843 at System.Net.Sockets.Socket.DoConnect(EndPoint
endPointSnapshot, SocketAddress socketAddress) at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Int32
timeout, Exception& exception) --- End of inner exception stack trace --- at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context) at System.Net.HttpWebRequest.GetRequestStream()
at System.ServiceModel.Channels.HttpOutput.WebRequestHttpOutput.GetOutputStream() --- End of inner exception stack trace --- Server stack trace: at System.ServiceModel.Channels.HttpOutput.WebRequestHttpOutput.GetOutputStream()
at System.ServiceModel.Channels.HttpOutput.Send(TimeSpan timeout) at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.SendRequest(Message message, TimeSpan timeout) at System.ServiceModel.Channels.RequestChannel.Request(Message
message, TimeSpan timeout) at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout) at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message,
TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) at Microsoft.IdentityModel.Protocols.WSTrust.IWSTrustContract.Issue(Message message) at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken
rst, RequestSecurityTokenResponse& rstr) at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst) at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken,
SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo) at Microsoft.SharePoint.SPSecurityContext.<>c__DisplayClass7.<GetProcessSecurityTokenForServiceContext>b__6() at Microsoft.SharePoint.Utilities.SecurityContext.RunAsProcess(CodeToRunElevated
secureCode) at Microsoft.SharePoint.SPSecurityContext.GetProcessSecurityTokenForServiceContext() at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForServiceContext(Uri contextUri) at Microsoft.SharePoint.SPChannelFactoryOperations.InternalCreateChannelActingAsLoggedOnUser[TChannel](ChannelFactory`1
factory, EndpointAddress address, Uri via) at Microsoft.SharePoint.SPChannelFactoryOperations.CreateChannelActingAsLoggedOnUser[TChannel](ChannelFactory`1 factory, EndpointAddress address) at Microsoft.Office.SecureStoreService.Server.SecureStoreServiceApplicationProxy.GetChannel(Uri
address) at Microsoft.Office.SecureStoreService.Server.SecureStoreServiceApplicationProxy.Execute[T](String operationName, Boolean validateCanary, ExecuteDelegate`1 operation).
An exception occurred when trying to issue security token: Could not connect to http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc/actas.
TCP error code 10061: No connection could be made because the target machine actively refused it 127.0.0.1:32843. .
Request for security token failed with exception: System.ServiceModel.EndpointNotFoundException: Could not connect to http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc/actas.
TCP error code 10061: No connection could be made because the target machine actively refused it 127.0.0.1:32843. ---> System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: No connection could
be made because the target machine actively refused it 127.0.0.1:32843 at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress) at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure,
Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Int32 timeout, Exception& exception) --- End of inner exception stack trace --- at System.Net.HttpWebRequest.GetRequestStream(TransportContext&
context) at System.Net.HttpWebRequest.GetRequestStream() at System.ServiceModel.Channels.HttpOutput.WebRequestHttpOutput.GetOutputStream() --- End of inner exception stack trace --- Server stack trace:
at System.ServiceModel.Channels.HttpOutput.WebRequestHttpOutput.GetOutputStream() at System.ServiceModel.Channels.HttpOutput.Send(TimeSpan timeout) at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.SendRequest(Message
message, TimeSpan timeout) at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout) at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan
timeout) at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[]
ins, Object[] outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
msgData, Int32 type) at Microsoft.IdentityModel.Protocols.WSTrust.IWSTrustContract.Issue(Message message) at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse&
rstr) at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst) at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken
actAs, SecurityToken delegateTo)
Please help, I've been trying all sorts of solutions for a few days to no avail, including uninstalling and reinstalling.
Thanks.
Nicholas

can you browse this page "http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc"
also try to run the IISreset on the server?
what you mean installing and uninstalling?
check this post:
https://blogs.blackmarble.co.uk/blogs/rhepworth/post/2010/01/07/reassigning-the-correct-ssl-certificate-to-sharepoint-2010-web-services-iis-site.aspx
Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog

Search issue caused by Secure Store Service Sporadic Failures

I am running into a fun issue. I am getting a lot of errors in my search crawl logs that say the following:
The crawler could not communicate with the server. Check that the server is available and that the firewall access is configured correctly.
And
The filtering process has been terminated
And
An unrecognized HTTP response was received when attempting to crawl this item. Verify whether the item can be accessed using your browser. ( Error from SharePoint site: WebExceptionStatus TrustFailure The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. )
And finally,
The SharePoint item being crawled returned an error when requesting data from the web service. ( Error from SharePoint site )
The thing is, I still get most of the results. Probably 3/4ths of the pages and external content are crawled. These happen sporadically. I believe it to be caused by a spotty secure store service.
When I try to manage the secure store service, sometimes the page loads. Other times it says:
Cannot complete this action as the Secure Store Shared Service is not responding. Please contact your administrator
If I refresh the page a couple times, it comes back up. I believe this constant up and down is causing issues. I have tried the following to resolve this:
IIS resets on all servers
Restarting individual app pools on all servers
Making sure the correct services were running on all servers, and restarting them
Restarting the servers
Creating a new secure store service is not an option, as the custom software running on the environment requires it heavily, and rebuilding all the credentials is a huge pain. If this were not a live environment, it would be worth it. However, this IS a
live site.
Has anyone else seen a spotty SSS like this one?

You may be right, and these two could be unrelated, or both be caused by some underlying environmental issue (quite possible). The Secure Store Service is indeed used when indexing. I'm not logged into the servers right now, but when crawling
the external content source, the errors are about the secure store service.
I've set fiddler as a proxy on search and watched the crawls. I'll have to review those again to find the response, but I believe the errors were all authentication-related.
I'll probably spend my day today going through logs and report back.

Impact of generating a new key for Secure Store Application

I inherited my development environment from a predecessor, who did not document the secure store pass phrase anywhere. There are a couple of projects doing development on the system that cannot be impacted, but I need to get Project Server running on the
system, and I cannot get the secure store to accept the credentials I set for the target application. I have recreated the target application several times, but nothing works.
MossHostSsoHost.GetSecureStoreCredentials: Failed to get credentials from Secure Store. SecureStoreProvider threw a SecureStoreException. Exception: Microsoft.Office.SecureStoreService.Server.SecureStoreServiceException: Access is denied to the Secure Store
Service. at Microsoft.Office.SecureStoreService.Server.SecureStoreServiceApplicationProxy.Execute[T](String operationName, Boolean validateCanary, ExecuteDelegate`1 operation) at Microsoft.Office.SecureStoreService.Server.SecureStoreServiceApplicationProxy.GetCredentials(Guid
rawPartitionId, String applicationId) at Microsoft.Office.SecureStoreService.Server.SecureStoreProvider.GetCredentials(String appId) at Microsoft.Office.Excel.Server.MossHost.MossHostSsoHost.GetSecureStoreCredentials(String
secureStoreApplicationId)
So, I am wondering if I need to generate a new key for the secure store application, and what impact that would have on the existing target applications. Can someone please tell me if I generate a new key, will this break the existing applications? Thanks.

Hi Susan,
Once you decide to generate a new encryption key, you could follow the steps in Generate an encryption Key part in the link below:
http://technet.microsoft.com/en-us/library/ee806866(v=office.15).aspx
You should back up the database of the Secure Store Service application before generating a new key. Then refresh the encryption key to propagate the key to all the application servers in the farm.
Regards,
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected] .
Rebecca Tu
TechNet Community Support

SQL Developer, Deploy Cloud Cart Status is at Approved for a long time and not moving forward i.e. not processing.

SQL Developer, Deploy Cloud Cart Status is at Approved for a long time and not moving forward i.e. not processing.
Please help.
Thanks
Srinivas

Hi Gustavo,
It appears your Service SFTP user was not created correctly. Please contact support and mention the fact that your Service SFTP user appears on Security/Users tab and not on Security/SFTP Users tab.
Vlad

Problem during SAP Solution Manager Migration - create secure store

Hi all,
I have a problem during a migration of my SAP SOLUTION MANAGEER from Linux ORACLE to AIX 6.1 ORACLE 10.2.0.4
Release SOLUTION MANAGER 4.0 KERNEL 700
I have done the export of the database and now i start with the import.
SAPINST stopped at Create Secure Store phase and this is the log of SercureStoreCreate.log file.
Unhandled exception
Type=Segmentation error vmState=0x00000000
J9Generic_Signal_Number=00000004 Signal_Number=0000000b Error_Value=00000000 Signal_Code=00000033
Handler1=09001000A1271B80 Handler2=09001000A1269C20
R0=0000000000000000 R1=0FFFFFFFFFFFD460 R2=0000000000000010 R3=0000000000000010
R4=000000000000000B R5=09000000089B70A0 R6=0000000111BBE829 R7=0000000000000018
R8=0000000111C23D58 R9=000000003A470000 R10=0000000111B99CB8 R11=09000000089CD638
R12=0900000008970594 R13=000000011000D0C0 R14=0000000111BBE7B8 R15=0000000110096400
R16=00000001110EC8B0 R17=0000000111C23FD8 R18=09001000A12753A8 R19=0000000000000013
R20=0000000111C23FB8 R21=0000000111BBE848 R22=0000000110096480 R23=0000000000000000
R24=0000000000000000 R25=0000000110001098 R26=0000000110096400 R27=0000000110016870
R28=0000000000000000 R29=07000000001DD260 R30=000000000000000B R31=0000000000000010
IAR=09000000089CD638 LR=00000001108BB6C0 MSR=A00000000000D032 CTR=09000000089CD638
CR=4222422420000004 FPSCR=8202200000000000 XER=2000000482022000
FPR0 3fe8000000000000 (f: 0.000000, d: 7.500000e-01)
FPR1 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR2 3fe8000000000000 (f: 0.000000, d: 7.500000e-01)
FPR3 4530000000000000 (f: 0.000000, d: 1.934281e+25)
FPR4 4330000000400000 (f: 4194304.000000, d: 4.503600e+15)
FPR5 4330000000000000 (f: 0.000000, d: 4.503600e+15)
FPR6 3fb9999999999999 (f: 2576980480.000000, d: 1.000000e-01)
FPR7 3c63333333333333 (f: 858993472.000000, d: 8.326673e-18)
FPR8 0000000082024000 (f: 2181185536.000000, d: 1.077649e-314)
FPR9 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR10 4330000000000000 (f: 0.000000, d: 4.503600e+15)
FPR11 4077f00000000000 (f: 0.000000, d: 3.830000e+02)
FPR12 3fe8000000000000 (f: 0.000000, d: 7.500000e-01)
FPR13 4071f40000000000 (f: 0.000000, d: 2.872500e+02)
FPR14 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR15 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR16 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR17 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR18 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR19 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR20 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR21 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR22 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR23 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR24 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR25 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR26 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR27 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR28 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR29 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR30 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR31 0000000000000000 (f: 0.000000, d: 0.000000e+00)
Module=/usr/java14_64/jre/bin/libj9jit23.so
Module_base_address=0900000008998000
Target=2_30_20070530_12820_BHdSMr (AIX 6.1)
CPU=ppc64 (4 logical CPUs) (0x80000000 RAM)
JVMDUMP006I Processing Dump Event "gpf", detail "" - Please Wait.
JVMDUMP007I JVM Requesting System Dump using '/tmp/sapinst_instdir/SOLMAN/LM/COPY/ORA/SYSTEM/CENTRAL/AS/core.20110907.081216.6947032.dmp'
JVMDUMP010I System Dump written to /tmp/sapinst_instdir/SOLMAN/LM/COPY/ORA/SYSTEM/CENTRAL/AS/core.20110907.081216.6947032.dmp
JVMDUMP007I JVM Requesting Snap Dump using '/tmp/sapinst_instdir/SOLMAN/LM/COPY/ORA/SYSTEM/CENTRAL/AS/Snap0002.20110907.081216.6947032.trc'
JVMDUMP010I Snap Dump written to /tmp/sapinst_instdir/SOLMAN/LM/COPY/ORA/SYSTEM/CENTRAL/AS/Snap0002.20110907.081216.6947032.trc
JVMDUMP007I JVM Requesting Java Dump using '/tmp/sapinst_instdir/SOLMAN/LM/COPY/ORA/SYSTEM/CENTRAL/AS/javacore.20110907.081216.6947032.txt'
JVMDUMP010I Java Dump written to /tmp/sapinst_instdir/SOLMAN/LM/COPY/ORA/SYSTEM/CENTRAL/AS/javacore.20110907.081216.6947032.txt
JVMDUMP013I Processed Dump Event "gpf", detail "".
Could please help me for finishing the migration?
Thanks in advance
Andrea

Hi,
this is the a part of sapinst.log:
ERROR 2011-09-07 10:12:18.24
FCO-00011 The step createSecureStore with step key |NW_Doublestack_OneHost|ind|ind|ind|ind|0|0|NW_Onehost_System|ind|ind|ind|ind|2|0|NW_CreateDBandLoad|ind|ind|ind|ind|10|0|NW_SecureStore|ind|ind|ind|ind|8|0|createSecureStore was executed with status ERROR ( Last error reported by the step :Cannot create the secure store. SOLUTION: See output of log file SecureStoreCreate.log:
Unhandled exception
Type=Segmentation error vmState=0x00000000
J9Generic_Signal_Number=00000004 Signal_Number=0000000b Error_Value=00000000 Signal_Code=00000033
Handler1=09001000A1271B80 Handler2=09001000A1269C20
R0=0000000000000000 R1=0FFFFFFFFFFFD460 R2=0000000000000010 R3=0000000000000010
R4=000000000000000B R5=09000000089B70A0 R6=0000000111BBE829 R7=0000000000000018
R8=0000000111C23D58 R9=000000003A470000 R10=0000000111B99CB8 R11=09000000089CD638
R12=0900000008970594 R13=000000011000D0C0 R14=0000000111BBE7B8 R15=0000000110096400
R16=00000001110EC8B0 R17=0000000111C23FD8 R18=09001000A12753A8 R19=0000000000000013
R20=0000000111C23FB8 R21=0000000111BBE848 R22=0000000110096480 R23=0000000000000000
R24=0000000000000000 R25=0000000110001098 R26=0000000110096400 R27=0000000110016870
R28=0000000000000000 R29=07000000001DD260 R30=000000000000000B R31=0000000000000010
IAR=09000000089CD638 LR=00000001108BB6C0 MSR=A00000000000D032 CTR=09000000089CD638
CR=4222422420000004 FPSCR=8202200000000000 XER=2000000482022000
FPR0 3fe8000000000000 (f: 0.000000, d: 7.500000e-01)
FPR1 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR2 3fe8000000000000 (f: 0.000000, d: 7.500000e-01)
FPR3 4530000000000000 (f: 0.000000, d: 1.934281e+25)
FPR4 4330000000400000 (f: 4194304.000000, d: 4.503600e+15)
FPR5 4330000000000000 (f: 0.000000, d: 4.503600e+15)
FPR6 3fb9999999999999 (f: 2576980480.000000, d: 1.000000e-01)
FPR7 3c63333333333333 (f: 858993472.000000, d: 8.326673e-18)
FPR8 0000000082024000 (f: 2181185536.000000, d: 1.077649e-314)
FPR9 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR10 4330000000000000 (f: 0.000000, d: 4.503600e+15)
FPR11 4077f00000000000 (f: 0.000000, d: 3.830000e+02)
FPR12 3fe8000000000000 (f: 0.000000, d: 7.500000e-01)
FPR13 4071f40000000000 (f: 0.000000, d: 2.872500e+02)
FPR14 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR15 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR16 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR17 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR18 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR19 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR20 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR21 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR22 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR23 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR24 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR25 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR26 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR27 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR28 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR29 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR30 0000000000000000 (f: 0.000000, d: 0.000000e+00)
FPR31 0000000000000000 (f: 0.000000, d: 0.000000e+00)
Module=/usr/java14_64/jre/bin/libj9jit23.so
Module_base_address=0900000008998000
Target=2_30_20070530_12820_BHdSMr (AIX 6.1)
CPU=ppc64 (4 logical CPUs) (0x80000000 RAM)
JVMDUMP006I Processing Dump Event "gpf", detail "" - Please Wait.
JVMDUMP007I JVM Requesting System Dump using '/tmp/sapinst_instdir/SOLMAN/LM/COPY/ORA/SYSTEM/CENTRAL/AS/core.20110907.081216.6947032.dmp'
JVMDUMP010I System Dump written to /tmp/sapinst_instdir/SOLMAN/LM/COPY/ORA/SYSTEM/CENTRAL/AS/core.20110907.081216.6947032.dmp
JVMDUMP007I JVM Requesting Snap Dump using '/tmp/sapinst_instdir/SOLMAN/LM/COPY/ORA/SYSTEM/CENTRAL/AS/Snap0002.20110907.081216.6947032.trc'
JVMDUMP010I Snap Dump written to /tmp/sapinst_instdir/SOLMAN/LM/COPY/ORA/SYSTEM/CENTRAL/AS/Snap0002.20110907.081216.6947032.trc
JVMDUMP007I JVM Requesting Java Dump using '/tmp/sapinst_instdir/SOLMAN/LM/COPY/ORA/SYSTEM/CENTRAL/AS/javacore.20110907.081216.6947032.txt'
JVMDUMP010I Java Dump written to /tmp/sapinst_instdir/SOLMAN/LM/COPY/ORA/SYSTEM/CENTRAL/AS/javacore.20110907.081216.6947032.txt
JVMDUMP013I Processed Dump Event "gpf", detail ""..).
Thanks
Andrea

Javax.security.auth.Subject and weblogic.security.acl.User

Hello,
We are trying to move some old authentication code (Weblogic 5.1) to JAAS
which comes with Weblogic 6.1. Here is my problem:
I can succesfully authenticate the Subject through my RDBMS Realm. But then, the rest of my code uses weblogic.security.acl.User
and not javax.security.auth.Subject for authorization and other tasks. So, how can I extract weblogic.security.acl.User from javax.security.auth.Subject?
I tried subject.getPrincipals(), since User indirectly implements Principal, but it comes back empty.
Any suggestions?

Hello,
We are trying to move some old authentication code (Weblogic 5.1) to JAAS
which comes with Weblogic 6.1. Here is my problem:
I can succesfully authenticate the Subject through my RDBMS Realm. But then, the rest of my code uses weblogic.security.acl.User
and not javax.security.auth.Subject for authorization and other tasks. So, how can I extract weblogic.security.acl.User from javax.security.auth.Subject?
I tried subject.getPrincipals(), since User indirectly implements Principal, but it comes back empty.
Any suggestions?

Security Stories - funny and not-so-funny

Similar Messages

Maybe you are looking for