Service sids

Similar Messages

• Per-service SID's are not being granted correct permissions

  Hi,
  I had posted this here :
  https://connect.microsoft.com/SQLServer/feedback/details/770984/per-service-sid-s-are-not-being-granted-correct-permissions, but no response as yet.
  When installing SQL 2012 (on a VMWare VM), based on the following article :
  http://msdn.microsoft.com/en-us/library/ms143504(v=sql.110), I have noticed that the SQL per service SIDs are not being granted the correct permissions. From the initial install, the following is what was observed (the red x's being permissions that
  should have been granted but were not).
  When re-installing and changing from specifying a domain account, to the default values, during set-up, the 4 service SIDs that were not added to 'Log on as a Service' initially were then correctly granted permission, but the other 4 in 'Bypass traverse
  checking', 'Adjust Memory Quotas for a process' and 'Impersonate a Client after authentication' were still not added.
  When running a repair on this install, 'NT Service\MSSQLFDLauncher' was then granted the correct permissions, but 'NT SERVICE\MsDtsServer110' was still missing 'Bypass traverse checking' and 'Impersonate a Client after authentication'.
  This also resulted in the installation of Reporting Services - Native failing in the original installation with 'Attempted to perform an unauthorized operation'.
  If anyone has recently installed SQL 2012, can you check (via gpedit.msc) that the correct 'User Right Assignment' was granted to the per Service SIDs as per
  http://msdn.microsoft.com/en-us/library/ms143504(v=sql.110) ?

  Have you resolved this yet?  Group policy for the OU with my desktop removes all SQL per-service rights.  If group policy is your issue, I'd be interested in how some are retained.  
  Randy in Marin

• Service SID and setup account for DB engine service

  SQL supports service isolation of access control through granting permissions to the service SID. However, we also can give the privileges to service account. Which one of the service
  SID  and service account has higher priority? If we give the conflicting permissions to service SID and service account, which one will work?

  Hi smileahpu,
  In short, for account rights/privileges, there are two general types Allow and Deny. The "Allow" rights/privileges are combined, and the "Deny" rights/privileges are exclused. The DENY(SE_DENY) rights override the corresponding account
  rights. In this case, either the service account or the service sid is denied on a right, the service is denied on the right.
  To be more detailed, we need to go through the following topics:
  How does system validate a process's privileges while accessing securable objects
  How does per-service SID work while accessing securable objects
  How does Access Control work
  How a process accesses securable objects:
  The system uses an access token to identify the user when a thread(or a process) interacts with a securable object or tries to perform a system task that requires privileges.
  An access token is an object that describes the security context of a process or thread.
  Access token contains lots of information. Two of them are:
  •The security identifier (SID) for the user's account
  •A list of the privileges held by either the user or the user's groups
  Please review the following article for more information:
  http://msdn.microsoft.com/en-us/library/windows/desktop/aa374909(v=vs.85).aspx
  How does per-service SID work while accessing securable objects
  For a service without per-Service SID enable, we can image the security context is just from the user(service account). With per-Service SID enabled, we can make a security context that is not just a user, but a user AND a particular process.
  Actually, the per-Service SID's SID and privilege are included the access token directly.
  By checking with Windbg, we can see the service SID was included.
  0:072> !token
  Thread is not impersonating. Using process token...
  TS Session ID: 0
  User: S-1-5-21-3485830563-343820118-176642512-1008
  User Groups:
   00 S-1-5-21-3485830563-343820118-176642512-513
      Attributes - Mandatory Default Enabled
   01 S-1-1-0
      Attributes - Mandatory Default Enabled
   02 S-1-5-21-3485830563-343820118-176642512-1009
      Attributes - Mandatory Default Enabled
   03 S-1-5-32-545
      Attributes - Mandatory Default Enabled
   04 S-1-5-6
      Attributes - Mandatory Default Enabled
   05 S-1-2-1
      Attributes - Mandatory Default Enabled
   06 S-1-5-11
      Attributes - Mandatory Default Enabled
   07 S-1-5-15
      Attributes - Mandatory Default Enabled
   08 S-1-5-113
      Attributes - Mandatory Default Enabled
   09 S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003 < -- service SID
      Attributes - Default Enabled Owner
   10 S-1-5-5-0-274023807
      Attributes - Mandatory Default Enabled Owner LogonId
   11 S-1-2-0
      Attributes - Mandatory Default Enabled
   12 S-1-5-64-10
      Attributes - Mandatory Default Enabled
   13 S-1-16-12288
      Attributes - GroupIntegrity GroupIntegrityEnabled
  Primary Group: S-1-5-21-3485830563-343820118-176642512-513
  Privs:
   00 0x000000003 SeAssignPrimaryTokenPrivilege     Attributes -
   01 0x000000005 SeIncreaseQuotaPrivilege          Attributes -
   02 0x000000013 SeShutdownPrivilege               Attributes -
   03 0x000000017 SeChangeNotifyPrivilege           Attributes - Enabled Default
   04 0x000000019 SeUndockPrivilege                 Attributes -
   05 0x00000001d SeImpersonatePrivilege            Attributes - Enabled Default
   06 0x00000001e SeCreateGlobalPrivilege           Attributes - Enabled Default
   07 0x000000021 SeIncreaseWorkingSetPrivilege     Attributes -
   08 0x000000022 SeTimeZonePrivilege               Attributes -
  Auth ID: 0:105545a6
  Impersonation Level: Anonymous
  TokenType: Primary
  Is restricted token: no.
  SandBoxInert: 0
  Elevation Type: 1 (Default)
  Mandatory Policy: TOKEN_MANDATORY_POLICY_VALID_MASK
  Integrity Level: S-1-16-12288
  Process Trust Level: (null)
  Token Virtualized: Disabled
  UIAccess: 0
  IsAppContainer: 0
  Device Groups:
  How does Access Control work
  Please check from the following article for more information:
  http://technet.microsoft.com/en-us/library/cc740104(v=ws.10).aspx
  In addition, the following articles are helpful for understanding the concepts discussed in this reply:
  http://msdn.microsoft.com/en-us/library/windows/desktop/bb545671(v=vs.85).aspx
  http://msdn.microsoft.com/en-us/library/windows/desktop/ms684880(v=vs.85).aspx
  http://technet.microsoft.com/en-us/library/cc781716(v=ws.10).aspx
  http://blogs.technet.com/b/voy/archive/2007/03/22/per-service-sid.aspx
  Thanks,
  Jinchun Chen

• Including service-side file

  Hi,
  According to the lessons in my book, I inserted a service-side file in
  my HTML-code.
  It seems to work fine in the Design Mode and in the Live-View.
  But when starting a browser, no matter which one, the service side
  file is not visible.
  What can be the problem?
  Thanks in advance.
  PR.

  Sorry, you're right, I'm talking about server-side. And I think I found the answer as well, in my book ("classroom in a book").
  At the end of the chapter it says: "You won't be able to see the SSI in a browser without a testing server as long as it's stored
  only on your local hard drive."
  And I'm not using a test-server yet.
  Thanks for your attention anyway!

• GPO and Service SID?

   
  Hi, I'm a DBA installing SQL Server 2012.  SQL Server setup is creating service SIDs (e.g., NT SERVICE\MSSQLSERVER, NT SERVICE\MsDtsServer110, etc.) and granting them rights (e.g., SeServiceLogonRight,
  SeAssignPrimaryTokenPrivilege, etc.). 
  Our GPO is removing rights from the service SIDs created by SQL setup.  We have been unable to add a service SID to GPO.  I think there is an error that the account does not exist. 
  We can add just the name (e.g., MSSQLSERVER, MsDtsServer110, etc.), but this does not seem to work as rights on the service SID are still removed. 
  We did add NT SERVICE\ALL SERVICES (no error) and grant it SeServiceLogonRight.  I think this covers all service SIDs.  This appears to be working; however, I’m reluctant to grant
  some of the other rights to all services using service SIDs. 
  Are only “well known” service SID values valid in GPO?  Is there any way to add a service SID such as "NT SERVICE\MsDtsServer110" into GPO?  Is there a best practice for
  handling service SIDs and group policy? 
  Thanks.
  Randy in Marin

  It's a service SID and local by nature. 
  http://support.microsoft.com/kb/2620201
  http://msdn.microsoft.com/en-us/library/ms143504(v=sql.110).aspx 
  Below is from the "Virtual Accounts" item in the above link.
  Virtual accounts in Windows Server 2008 R2 and Windows 7 are
  managed local accounts that provide the following features to simplify service administration. The virtual account is auto-managed, and the virtual account can access the network in a domain environment. If the default value is
  used for the service accounts during SQL Server setup on Windows Server 2008 R2 or Windows 7, a virtual account using the instance name as the service name is used, in the format
  NT SERVICE\<SERVICENAME>. Services that run as virtual accounts access network resources by using the credentials of the computer account in the format
  <domain_name>\<computer_name>$. When specifying a virtual account to start SQL Server, leave the password blank. If the virtual account fails
  to register the Service Principal Name (SPN), register the SPN manually. For more information on registering a SPN manually, see
  Register a Service Principal Name for Kerberos Connections.
  Virtual accounts cannot be used for SQL Server Failover Cluster Instance, because the virtual account would not have the same SID on each node of the cluster.
  Randy in Marin

• SQL Server 2008 Service SIDs

  Hello,
  I've recently installed SQL Server 2008 and when I look at the groups created, the Windows Domain accounts I specified for each service do not appear. Instead the service SID has been placed into that group, however when I run cmd>>sc showsid [servicename]
  the SIDs do not match.
  How can I confirm the SID of the SQL services?
  Thanks in advance.

  Hi Vijay, thank you for your response,
  The server build is Windows 2008 R2 with SQL Server 2008 installed.
  I can see that in the groups (under computer management) created by SQL Server the service for the database engine is NT SERVICE\MSSQLSERVER with a SID. What I am trying to work out is, compared to SQL Server 2005, where the account for the service was dropped
  into the corresponding group,  a service SID is now in the group.
  However when I use the cmd>>sc showsid [MSSQLSERVER] the SID displayed does not match the SID assigned to the NT SERVICE\MSSQLSERVER account in the group.
  I'm pretty sure I am missing something, I would just like to understand how the correct permissions are assigned to the SQL Server services,
  Regards,
  Andrew

• LISTENER: Service/SID Aliases

  Hi,
  I have this db instance that answer correctly to DEVDB from a service DEVDB
  Now, I would like to have it accept connection to TESTDB as well.
  I know it is possible to use some sort of aliases but not sure how to setup the .ora files
  here are the files;
  # listener.ora Network Configuration File: /usr/app/oracle/product/10.2.0/db_1/network/admin/listener.ora
  # Generated by Oracle configuration tools.
  SID_LIST_LISTENER =
  (SID_LIST =
  (SID_DESC =
  (SID_NAME = PLSExtProc)
  (ORACLE_HOME = /usr/app/oracle/product/10.2.0/db_1)
  (PROGRAM = extproc)
  (SID_DESC =
  (GLOBAL_DBNAME = DEVDB.DEV)
  (ORACLE_HOME = /usr/app/oracle/product/10.2.0/db_1)
  (SID_NAME = DEVDB)
  (SID_DESC =
  (GLOBAL_DBNAME = DEVDB.DEV)
  (ORACLE_HOME = /usr/app/oracle/product/10.2.0/db_1)
  (SID_NAME = TESTDB)
  LISTENER =
  (DESCRIPTION_LIST =
  (DESCRIPTION =
  (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1))
  (ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521))
  ~
  # sqlnet.ora Network Configuration File: /usr/app/oracle/product/10.2.0/db_1/network/admin/sqlnet.ora
  # Generated by Oracle configuration tools.
  NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
  NAMES.DEFAULT_DOMAIN = DEV
  ~
  # tnsnames.ora Network Configuration File: /usr/app/oracle/product/10.2.0/db_1/network/admin/tnsnames.ora
  # Generated by Oracle configuration tools.
  #DEV =
  # (DESCRIPTION =
  # (ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521))
  # (CONNECT_DATA =
  # (SERVER = DEDICATED)
  # (SERVICE_NAME = dev)
  DEVDB.DEV =
  (DESCRIPTION =
  (ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521))
  (CONNECT_DATA =
  (SERVER = DEDICATED)
  (SERVICE_NAME = DEVDB)
  DEVDB.DEV =
  (DESCRIPTION =
  (ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521))
  (CONNECT_DATA =
  (SERVER = DEDICATED)
  (SERVICE_NAME = TESTDB)
  EXTPROC_CONNECTION_DATA =
  (DESCRIPTION =
  (ADDRESS_LIST =
  (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1))
  (CONNECT_DATA =
  (SID = PLSExtProc)
  (PRESENTATION = RO)
  ~

  each name must be in single quotes and the list is separated by commas.Not necessarily :
  SQL> sho parameter service
  NAME                                 TYPE        VALUE
  service_names                        string
  SQL> alter system set service_names='devdb, testdb';
  System altered.
  SQL> sho parameter service
  NAME                                 TYPE        VALUE
  service_names                        string      devdb, testdb
  SQL> alter system set service_names='devdb','testdb';
  System altered.
  SQL> sho parameter service
  NAME                                 TYPE        VALUE
  service_names                        string      devdb, testdb
  SQL>
  How can I make this alias work so I can connect to the short name;
  testdb and it will connectd by default to the dev domain but if I specify testdb.prod it will go the the production database??Not sure to understand... you'd want to simultaneously use two different domains for the same database ?

• Handling error on service side

  We have WCF service implemented in our project and it contains very complicated error handling. Pretty much all methods start with Try\catch block which are catching generic exception. Mean catch all. We would like to rework this service and I was trying
  to find some information's about error handling for WCF services. However information's which I found are very confusing. Let's say that we have following OperationContract implementation :
  public IEnumerable<string> GetInstanceUids(string seriesInstanceUid)
  if (string.IsNullOrEmpty(seriesInstanceUid))
  throw new ArgumentException("Given serieInstanceUid can't be null or empty string;");
  return myIsaDataProvider.QueryDicomInstances(seriesInstanceUid).ToList();
  Now what I found on internet is following statement (or similar). In instances where an unhandled non-FaultException is thrown, one of the following may happen based on the instance management settings of your service. For sessionful services: The session
  is terminated, the service instance is disposed and the channel will be in the faulted state, thus the proxy cannot be reused.
  This doesn't make much sense to me as base on the MSDN all such exception are automatically converted to FaultException. So in which case code call cal lead to non-FaultException exception type ? Also from my synthetic test (debug environment) I can call
  that method many times with null argument and service is still in operational state (it will not refuse to make additional calls). On client side I'm just handling FaultException which will log message.
  So main question is. Are code as in our contract going to fault service as such so no further calls will be possible in service instance ? Which mean that all our service methods need to be wrapped in try\catch blocks and swallow all exceptions. Which is
  not optimal from performance reasons.

  thnx for your response, but I don't see how your reply can be marked as answer if it's not answering original question ! Question was if service will be in faulty state.
  It wouldn't be in a faulted state if you had learned how to develop a WCF service properly, which would have involved request/response objects and catching the exception properly and returned the response object.  Something is causing the service
  to crash, and you don't know what it is.
  https://msdn.microsoft.com/en-us/library/ff699490.aspx
  If you have ever seen or used the Web Service factory that builds the WCF Web service and uses Request/Response objects, you would appreciate the Request/Response objects in play. And there wouldn't have been some kind of generic exceptions where WCF
  swallowed the real exception on tossed you back the catch 22 exceptions.   It should have never made it to a fault exception.

• Service sid XDB is down alert

  I constantly receive the alert <SID>XBD is down. We are not using XDB nor DISPATCHERS, or multi-threaded servers.
  At database creation time, from dbca, the parameter DISPATCHERS had a value. Afterwards we created a pfile and removed this parameter and restarted the database. It is now NULL.
  I have gone to All Metrics and taken the 'Down' out of server status and the alert went away. (I use this technique with Grid sometimes when it's not catching up to an alert that shold be cleared.)
  When I up the 'down' back in to this metric, the alert immediately shows up.
  Somewhere Grid is thinking it should be looking for an XDB service and is alerting, but as far as the database is concerned, XDB is not configured.
  Does anyone have an idea on where this could be lurking?

  If I am correct you can edit Key Values for this Metric.
  So go to the Database Home Page, select Metric and Policy Settings
  Select the Metric "Service Status", press Edit
  and add a row for the specific Service and leave both Warning and Critical Threshold empty.
  This will automatically introduce a row saying "Others". If you leave the Warning and Critical threshold to it's default value you will endup in the situation where you won't receive an alert for rptwdXDB but you will receive an alert for all other (if the go down)
  Regards
  Rob
  For more information on using OEM GC, you might want to check http://oemgc.wordpress.com

• SAP Service named SAP SID _ Instance Number is missing in services.msc

  Hi,
  SAP Service named SAP<SID>_<Instance Number> is missing in services.msc
  Example :
  SID = DM0
  Instance Number = 01
  SAP Service Name = SAPDM0_01
  Please help me to resolve the issue.
  Thanks in Advance.
  Warm Regards,
  Sathya

  SAPSTARTSRV.EXE
  Values :
  Operation Selected is "Install Service + Register COM Interface + Start Service"
  SID = DM0
  NR = 00 or 01
  Startprofile = D:\usr\sap\DM0\SYS\profile\START_DVEBMGS01_sapserver
  User = DOMAIN\SAPService<SID>
  Password = ....
  Now the SAP Service, SAP<SID>_<Instance Number> is created in services.msc.
  Thanks www.sdn.sap.com
  Edited by: Sathya Kala Veeraraj on May 6, 2010 12:12 AM

• Problems invoking a method from a web service

  Am using netbeans 6.1 and my problem is when i invoke a method from a web service that has a custom class as a return type.
  When I debug the client that consumes my web service, It get Stack in this line:
  com.webservice.WebServiceInfoBean result = port.getWebServiceInfo(nameSpace, serviceName, portName, wsdlURL);
  i don't get any error on the console.
      static public void function1() {
          try { // Call Web Service Operation
              com.webservice.WebServiceMonitorService service = new com.webservice.WebServiceMonitorService();
              com.webservice.WebServiceMonitor port = service.getWebServiceMonitorPort();
              // TODO initialize WS operation arguments here
              java.lang.String nameSpace = "NameSpaceHere";
              java.lang.String serviceName = "WebServicePrueba";
              java.lang.String portName = "Soap";
              java.lang.String wsdlURL = "http://localhost/Prueba/WebServicePrueba.asmx?wsdl";
              // TODO process result here
              com.webservice.WebServiceInfoBean result = port.getWebServiceInfo(nameSpace, serviceName, portName, wsdlURL); // <--- here it stack
              System.out.println("getWebServiceInfo");
              Iterator i = result.getMethods().iterator();
              while (i.hasNext()) {
                  MethodBean method = (MethodBean) i.next();
                  System.out.print("Nombre: " + method.getname());
                  System.out.print(" Returns: " + method.getreturnType());
                  Iterator j = method.getparameters().iterator();
                  while (j.hasNext()) {
                      ParameterBean parameter = (ParameterBean) j.next();
                      System.out.print(" ParameterName: " + parameter.getname());
                      System.out.print(" ParameterType: " + parameter.gettype());
                  System.out.print("\n");
                  System.out.print(method.getfirma());
                  System.out.print("\n");
                  System.out.print("\n");
          } catch (Exception ex) {
              ex.printStackTrace();
      }Web Service side
       * Web service operation
      @WebMethod(operationName = "getWebServiceInfo")
      public WebServiceInfoBean getWebServiceInfo(@WebParam(name = "nameSpace")
      String nameSpace, @WebParam(name = "portName")
      String portName, @WebParam(name = "serviceName")
      String serviceName, @WebParam(name = "wsdlURL")
      String wsdlURL) throws Throwable {
          //TODO write your implementation code here:
          webservicemonitor instance = new webservicemonitor();
          return instance.getWebServiceInfo(nameSpace, serviceName, portName, wsdlURL);
      }I have tested my internal code from the web service side and everything works fine. The problem occurs when i invoke it from a client side. probably I did not made the right serialization form my class WebServiceInfoBean? or am missing something. here it is:
  * To change this template, choose Tools | Templates
  * and open the template in the editor.
  package com.beans;
  import java.util.ArrayList;
  * @author Tequila_Burp
  public class WebServiceInfoBean implements java.io.Serializable {
       * Holds value of property wsdlURL.
      private String wsdlURL;
       * Getter for property wsdlURL.
       * @return Value of property wsdlURL.
      public String getwsdlURL() {
          return this.wsdlURL;
       * Setter for property wsdlURL.
       * @param wsdlURL New value of property wsdlURL.
      public void setwsdlURL(String wsdlURL) {
          this.wsdlURL = wsdlURL;
       * Holds value of property namespace.
      private String namespace;
       * Getter for property namespace.
       * @return Value of property namespace.
      public String getnamespace() {
          return this.namespace;
       * Setter for property namespace.
       * @param namespace New value of property namespace.
      public void setnamespace(String namespace) {
          this.namespace = namespace;
       * Holds value of property serviceName.
      private String serviceName;
       * Getter for property serviceName.
       * @return Value of property serviceName.
      public String getserviceName() {
          return this.serviceName;
       * Setter for property serviceName.
       * @param serviceName New value of property serviceName.
      public void setserviceName(String serviceName) {
          this.serviceName = serviceName;
       * Holds value of property wsdlURL.
      private String portName;
       * Getter for property wsdlURL.
       * @return Value of property wsdlURL.
      public String getportName() {
          return this.portName;
       * Setter for property wsdlURL.
       * @param wsdlURL New value of property wsdlURL.
      public void setportName(String portName) {
          this.portName = portName;
       * Holds value of property methods.
      private ArrayList methods = new ArrayList();
       * Getter for property methods.
       * @return Value of property methods.
      public ArrayList getmethods() {
          return this.methods;
       * Setter for property methods.
       * @param methods New value of property methods.
      public void setmethods(ArrayList methods) {
          this.methods = methods;
      public MethodBean getMethod(int i) {
          return (MethodBean)methods.get(i);
  }by the way, everything has been worked on the same PC.

  Hi Paul,
  This sound familiar, but I cannot at the moment locate a reference to
  the issue. I would encourage you to seek the help of our super support
  team [1].
  Regards,
  Bruce
  [1]
  http://support.bea.com
  [email protected]
  Paul Merrigan wrote:
  >
  I'm trying to invoke a secure 8.1 web service from a 6.1 client application and keep getting rejected with the following message:
  Security Violation: User: '<anonymous>' has insufficient permission to access EJB:
  In the 6.1 client, I've established a WebServiceProxy and set the userName and password to the proper values, but I can't seem to get past the security.
  If there something special I need to do on either the 8.1 securing side or on the 6.1 accessing side to make this work?
  Any help would be GREATLY appreciated.

• How to create a service for TAF without LB?

  Hi,all:
  env: 11.2.0.1 RAC (2 nodes of test6/test7 ,corresponding instance: testrac1/testrac2),db :testrac
  I want to create a service to use Service-side TAF ,and also need let some app use rac1 only ,while other app use rac2 only. So I issue the following command:
  testrac1: srvctl add service -d testrac -s testsrv -r testrac1 -a testrac2 -P BASIC -y AUTOMATIC -j LONG -e SELECT     -m BASIC -z 5 -w 30
  srvctl start service -d testrac -s testsrv
  create user cxall to test:
  create user cxall identified by cxall ;
  grant resource,create session,select any dictionary to cxall;
  and I add entry in tns:
  testrac_11g_staf =
  (DESCRIPTION=
  (ADDRESS = (PROTOCOL = TCP)(HOST = test6-vip)(PORT = 1521))
  (ADDRESS = (PROTOCOL = TCP)(HOST = test7-vip)(PORT = 1521))
  (CONNECT_DATA=(SERVICE_NAME=testsrv))
  on client:
  sqlplus cxall/cxall@testrac_11g_staf
  select host_name from v$instance;
  HOST_NAME
  test6
  and then I shutdown testrac1 to simulate testrac1 is off service:
  srvctl stop instance -d testrac -i testrac1
  and then re-execute the above command:
  select host_name from v$instance;
  It return error.report ORA-03113.
  Can not fail over to testrac2!
  why ?

  $>srvctl status service -d testrac -s testsrv
  Service testsrv is running on instance(s) testrac1
  $>srvctl config service -d testrac -s testsrv
  Service name: testsrv
  Service is enabled
  Server pool: testrac_testsrv
  Cardinality: 1
  Disconnect: false
  Service role: PRIMARY
  Management policy: AUTOMATIC
  DTP transaction: false
  AQ HA notifications: false
  Failover type: SELECT
  Failover method: BASIC
  TAF failover retries: 5
  TAF failover delay: 30
  Connection Load Balancing Goal: LONG
  Runtime Load Balancing Goal: NONE
  TAF policy specification: BASIC
  Preferred instances: testrac1
  Available instances: testrac2
  if I stop instance testrac1,
  srvctl stop instance -d testrac -i testrac1
  $>srvctl status service -d testrac -s testsrv
  Service testsrv is not running.
  the testsrv service cannot start on instance testrac2 auto,so the client connection will return ORA-12514 due to the testsrv is not running.
  I have a doubt why Available instances doesn't effect!
  If I use the following :
  srvctl add service -d testrac -s testsrv -r testrac1,testrac2 -P BASIC -y AUTOMATIC -j LONG -e SELECT     -m BASIC -z 5 -w 30
  the TAF will work well.But that may let some connection use testrac2 instance.
  So I have such idea:
  1.create service
  srvctl add service -d testrac -s testsrv -r testrac1,testrac2 -P BASIC -y AUTOMATIC -j LONG -e SELECT     -m BASIC -z 5 -w 30
  2.
  srvctl start service -d testrac -s testsrv
  3.
  client tns:
  testrac_11g_staf =
  (DESCRIPTION=
  (load_balance=off)
  (ADDRESS = (PROTOCOL = TCP)(HOST = test6-vip)(PORT = 1521)) ---I need app only use test6,but also need TAF
  (ADDRESS = (PROTOCOL = TCP)(HOST = test7-vip)(PORT = 1521))
  (CONNECT_DATA=(SERVICE_NAME=testsrv))
  4.
  some test script:
  in test6:
  I make a huge file copy to make the test6 high load.
  cat a.sh
  count=0
  while [ $count -lt 3 ] ;
  do
  count=`expr $count + 1`
  cp *.zip aa
  rm -rf aa/*.zip
  done
  nohup sh a.sh &
  test.sh ---a loop shell to test which instance it connect
  count=0
  while [ $count -lt $1 ] ;
  do
  count=`expr $count + 1`
  sqlplus -s cxall/cxall@testrac_11g_staf<test.sql
  done
  test.sql
  col host_name format a30
  select host_name from v$instance;
  5.
  perform the test:
  test6:
  sh test6.sh 10000 --- the output is test6
  sh a.sh ---make the test6 high load,the tes6.sh output is still "test6"
  srvctl stop instance -d testrac -i testrac1 -o abort ---stop testrac1 of test6
  ---the test6.sh output become to "test7" ,TAF is affect.
  srvctl start instance -d testrac -i testrac1 ---restart instance testrac1 of test6 again
  ---the test6.sh output revert to "test6"
  the test indicate the TAF and non-LB all work well.

• WCF service connection forcibly closed by the remote host for large data

  Hello ,
                      WCF service is used to generate excel report , When the stored procedure returns large data around 30,000 records. Service fails
  to return the data . Below is the mentioned erorr log :
  System.ServiceModel.CommunicationException: An error occurred while receiving the HTTP
  response to <service url> This could be due to the service
   endpoint binding not using the HTTP protocol. This could also be due to an HTTP request context being aborted by
  the server (possibly due to the service shutting down). See server logs for more details. ---> System.Net.WebException:
  The underlying connection was closed: An unexpected error occurred on a receive. ---> System.IO.IOException:
  Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
  ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
     at System.Net.Sockets.Socket.Receive(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
     at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
     --- End of inner exception stack trace ---
     at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
     at System.Net.PooledStream.Read(Byte[] buffer, Int32 offset, Int32 size)
     at System.Net.Connection.SyncRead(HttpWebRequest request, Boolean userRetrievedStream, Boolean probeRead)
     --- End of inner exception stack trace ---
     at System.Net.HttpWebRequest.GetResponse()
     at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout).
     --- End of inner exception stack trace ---
  Server stack trace:
     at System.ServiceModel.Channels.HttpChannelUtilities.ProcessGetResponseWebException(WebException webException, HttpWebRequest request, HttpAbortReason abortReason)
     at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
     at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
     at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
     at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
     at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
     at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
  Exception rethrown at [0]:
     at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
     at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
     at IDataSetService.GetMastersData(Int32 tableID, String userID, String action, Int32 maxRecordLimit, Auditor& audit, DataSet& resultSet, Object[] FieldValues)
     at SPARC.UI.Web.Entities.Reports.Framework.Presenters.MasterPresenter.GetDataSet(Int32 masterID, Object[] procParams, Auditor& audit, Int32 maxRecordLimit).
  WEB CONFIG SETTINGS OF SERVICE
  <httpRuntime maxRequestLength="2147483647" executionTimeout="360"/>
  <binding name="BasicHttpBinding_Common"  closeTimeout="10:00:00"  openTimeout="10:00:00"
         receiveTimeout="10:00:00"  sendTimeout="10:00:00"  allowCookies="false"
         bypassProxyOnLocal="false"  hostNameComparisonMode="StrongWildcard"
         maxBufferSize="2147483647"  maxBufferPoolSize="0"  maxReceivedMessageSize="2147483647"
         messageEncoding="Text"  textEncoding="utf-8"   transferMode="Buffered"
         useDefaultWebProxy="true">
  <readerQuotas     maxDepth="2147483647"
        maxStringContentLength="2147483647"  maxArrayLength="2147483647"
        maxBytesPerRead="2147483647"  maxNameTableCharCount="2147483647" />
       <security mode="None"> 
  WEB CONFIG SETTINGS OF CLIENT
  <httpRuntime maxRequestLength="2147483647" requestValidationMode="2.0"/>
  <binding name="BasicHttpBinding_Common"
         closeTimeout="10:00:00"       openTimeout="10:00:00"
         receiveTimeout="10:00:00"       sendTimeout="10:00:00"
          allowCookies="false"        bypassProxyOnLocal="false"
          hostNameComparisonMode="StrongWildcard"        maxBufferSize="2147483647"
          maxBufferPoolSize="2147483647"        maxReceivedMessageSize="2147483647"
          messageEncoding="Text"        textEncoding="utf-8"
          transferMode="Buffered"        useDefaultWebProxy="true">
   <readerQuotas
         maxDepth="2147483647"
         maxStringContentLength="2147483647"
         maxArrayLength="2147483647"
         maxBytesPerRead="2147483647"
         maxNameTableCharCount="2147483647" />   

  Doing binding configuration on a WCF service to override the default settings is not done the sameway it would be done on the client-side config file.
  A custom bindng must be used on the WCF service-side config to override the defualt binding settings on the WCF service-side.
  http://robbincremers.me/2012/01/01/wcf-custom-binding-by-configuration-and-by-binding-standardbindingelement-and-standardbindingcollectionelement/
  Thee readerQuotas and everything else must be given in the Custom Bindings to override any default setttings on the WCF service side.
  Also, you are posting to the wrong forum.
  http://social.msdn.microsoft.com/Forums/vstudio/en-us/home?forum=wcf

• LV2012 Web Services w/ NI Auth login not working w/ static files in Firefox 19

  Hi!
  I followed this procedure to password protect my web service and the static files. 
  http://digital.ni.com/public.nsf/allkb/DF41D5DA8EEB4840862577D90058C208
  When testing it out with my web service it seems to work fine on any web browser.  http://localhost:8080/add/add/1/2 first will present a login.  Once the user is logged in the page refreshes and the results of the operation are shown.  http://localhost:8080/logout works as well.
  I followed the procedure in the FAQ to include an index.html file.
  http://www.ni.com/white-paper/7747/en#toc15
  When I try to access the page (via http:localhost:8080/add/web/index.html) I'm greeted with the National Instruments login screen.  I enter my credentials and in Chrome and Internet Explorer the screen refreshes and I see my html file.  In Firefox it hangs for awhile on the authentication screen and then reloads back to the authenticaiton screen (as if the username and password did not take).
  Attached are my files.  If you want to try and recreate this please follow this procedure:
  * Unzip the attached project to a folder
  * Open the project in LabVIEW 2012
  * Check the properties of the web service to ensure that the build paths are correct
  * Follow the procedure above for setting up NI Auth on your web service and adding the "testpermission2" permission.  Be sure to remove "Everyone" from that "testpermission2" or you will never see a login prompt.
  * Build/Deploy the web service
  * open http://localhost:8080/logout to ensure that you are not currently authenticated
  * open http://localhost:8080/add/add/1/2 and login, observe behavior
  * open http://localhost:8080/add/web/index.html you should still be logged in so you will see the "Hello World!" just fine
  * open http://localhost:8080/logout to log back out
  * open http://localhost:8080/add/web/index.html and see if you are able to login.
  I've tried disabelling my plugins in Firefox and still have this problem.  I'm really scratching my head on how to overcome this other than throwing away NI Auth and use something else.  My web service is going to run off of a static front end driven by javascript and html.  So the access point will be the html file.  I need to have some username and password scheme worked out.  I also need to be able to see what user is currently logged in with my Web Service VIs (does anyone know if that is possible with NI Auth)? 
  The other BIG issue I have with NI Auth is that it requires Silverlight.  So much for mobile support, eh?  Anyone know of a good plug-and-play alternative so I don't have to reinvent the wheel?  I guess I could impliment some kind of token system on my web service side.
  In the meantime, getting NI Auth to properly work with Firefox would help.
  Thanks for your input,
  -Nic
  Attachments:
  Example Web Service.zip ‏15 KB

  Disclaimer: I in no way mean to bash NI and I have used NI Auth myself in the past
  If you are going to go to the trouble of abstracting NI Auth, I would recommend instead investing your time in your own authentication scheme (or implementing a standard scheme in LV).
  NI Auth is great and works for low security applications where you just don't want people fooling around with your application who shouldn't be.
  However, NI Auth is really not that secure.  If I remember correctly, the username is transmitted in plain text and I don't think the encryption algorithm is that sophisticated.  It is nice that it's already integrated into LV, but there really are very few features at this time.
  If you want something to be really secure, you need to take measures beyond what NI Auth provides and before you go to the work of building abstraction on top of a basic and somewhat shaky protocol, I'd seriously consider implementing a more stable base.
  <insert 2 cents complete>
  Chris
  Certified LabVIEW Architect
  Certified TestStand Architect

• Change the flow of the BPEL service based on WSDL operation

  Hi,
  I have a wsdl which has three types on operations:
  1) SOAP
  2) HTTP GET
  3) HTTP POST
  I have a BPEL process in which the flow need to be decided on basis of operation of the incoming message... i.e; If it is a SOAP then I should execute a particular flow .. similarly if it is HTTP GET or POST I need to perform different activities flows respectiviely.
  1) At the BPEL side can I implement this using PICK activity with different branches for different operations in Receive activity ?? If not, Please let me know any other alternative ...
  2) Since I have three different types of Protocols of operations (SOAP, HTTP GET, HTTP POST), how do I give input to BPEL through the same partnerlink ?? Should I use three partner links to invoke a bpel process (at Exposed Services side) to receive input from (two HTTP Adapters for GET, POST and one for SOAP operation) ?
  Thanks
  Edited by: bpeltechie on Jul 2, 2012 4:01 PM

  Hi,
  Can you make one thing clear please - Your bpel process by definition has 3 operations to start with, or you want to call a WS with 3 operations?
  See more information on using SOAP header here: http://docs.oracle.com/cd/E23943_01/dev.1111/e10224/bp_manipdoc.htm#CIHFCBAD
  If you need to call a WS with 3 operations, you have to use an invoke activity(x3). Meaning, you can:
  1. Seperate your process into 3, according to the needed operation. Each process will execute one operation.
  2. Use some logic and call the same partner link 3 times(3 invokes), each time with a different operation.
  A pick activity will help you when you want to receive one message or more, and/or you want to have time limitation on the receive.
  For understanding the pick activity - in your example, let's say the WS you are calling is a bpel process. Then, it will start with a pick activity, and according to the operation, it will execute the right flow.
  Arik