SSO Configuration from Windows to ITS

Hi SAP Gurus,
WE have our BI 7.0 system in our landscape, where SSO from windows has been configured for the
BI portal and BI queries to be run and which is running fine.
Now, we have a requirement where in we need to configure SSO from windows to the web services which are running on ITS.
Like , we have certain web services , which have the URL as:
http://lv-cphsapbi1.cph.dk:8016/irj/servlet/prt/portal/prtroot/pcd!3aportal_content!2fcom.sap.pct!2fplatform_add_ons!2fcom.sap.ip.bi!2fiViews!2fcom.sap.ip.bi.bex?INITIAL_STATE=VIEW&INITIAL_STATE-VIEW=XV_PCA_FIN_RVW_MTH_YTD_V2
Where 8016 is the ITS port.
Has anybody worked on such a configuration before. IF yes, then sharing of some documentation and some guidance would be really helpful.
Thanks in advance,
Santosh Bhat

Dear Santosh Bhat
Regarding the application on ITS, i.e
http://lv-cphsapbi1.cph.dk:8016/irj/servlet/prt/portal/prtroot/pcd!3aportal_content!2fcom.sap.pct!2fplatform_add_ons!2fcom.sap.ip.bi!2fiViews!2fcom.sap.ip.bi.bex?INITIAL_STATE=VIEW&INITIAL_STATE-VIEW=XV_PCA_FIN_RVW_MTH_YTD_V2
Normally, how do you launch it?
- open a browser and type the URL directly?
or
- login the backend ABAP, and then jump to a browser from a certain transaction?
or
- login the portal firstly and open the ITS application as a kind of iView? if yes, what kind of iView it is?
I hope to be able to provide you some hints after you clarify the scenario.
Thanks
Thunder

Similar Messages

How to batch create SSO accounts from Windows or a PL/SQL script

We have just converted our 6i Forms and Reports to 10g (10.1.2.0.2), and run them against a 9i database. In order to be able to securely run reports we set up and configured SSO for a few accounts via the Oracle Identity Management Provisioning Console. We do not have PORTAL – nor do we want it. However, now we need to create about 500 SSO accounts at once. We would prefer to be able to create these accounts in a batch method – eg run something from Windows command line or run a PL/SQL script. We have the DBMS_LDAP package successfully installed in that 9i database. Currently our list of 500 users is simply in a table in the 9i db.
Spent several hours looking through both this site and Metalink, but so far no luck – especially because we don’t have or want PORTAL. If anyone can help, would appreciate it very much.
Thanks

User dbms_ldap package in the database to use PL SQL to create your database
account and then an OID account with a RAD to match the database login. If you
You may have to load the DBMS_Ldap package from the database ADMIN directory first to be available in the database.
LDAP SQL Ex.
user_username := LOWER(new_user) || '@domain.com'; -
retval := dbms_ldap.search_s(my_session, ldap_base,
dbms_ldap.scope_subtree, 'uid=' || user_username, my_attrs, 0,
my_message);
retval := dbms_ldap.count_entries(my_session, my_message);
my_entry := dbms_ldap.first_entry(my_session,my_message);
my_dn := dbms_ldap.get_dn(my_session,my_entry);
dbpassword := 'PASSWD01';
isvalidrad := forms_rad.newraddefinition(radname,new_user,dbpassword,
dbtnsnames,errormessage);
sessionestablished := forms_rad.createoidsession(ldap_user, ldap_passwd,
ldap_host, ldap_port, ldap_base);
radcreated := forms_rad.createradforcn(my_dn, 'false', errormessage);
-- Create new user's database account same as RAD account.
v_sql := 'CREATE USER "' || new_user || '" IDENTIFIED BY ' || dbpassword ||
' DEFAULT TABLESPACE JLIM TEMPORARY TABLESPACE TEMP';
EXECUTE IMMEDIATE v_sql;
v_sql := 'GRANT CONNECT TO ' || new_user;
EXECUTE IMMEDIATE v_sql;

Windows 8 wakes up from hibernation on its own

Hello guys,
I recently updated to Windows 8. I've found that everytime I hibernate my PC it will automatically wake up on it's own at random times.
I had this issue with Windows 7 and fixed it by disabling wake armed peripherals. I've done this in Windows 8 with no luck.
I checked the automatic maintanance option and that is also disabled from waking up my PC.
I have no idea what else to do. The powercfg -lastwake command shows me no devices, it only says:
Wake History Count - 1
Wake History [0]
Wake Source Count - 0
Any ideas on what the issue could be or where I could start looking?

I have that exact problem as well unfortunately the "powercfg
-devicequery wake_armed" is largely useless as it is showing only USB mouse and keyboard to be able to wake the computer up and I know nobody touched it in the period when the computer decided to wake up by itself.
Additionally when I physically disconnect the network cable then the computer does NOT wake up by itself anymore. But I already disabled my network card from being able to wake up my computer - why is it waking up with the network cable in? And more
importantly - how can I stop this from happening?
Today I noticed the computer got woken up and immediately clientwindowsupdate program installed some updates. But I have configured the windows update to NOT wake up my computer..

Windows AD SSO Configuration using Vintela

Hi All
We are doing a BOE XIR3.1 deployment with 4 machines, Weblogic 9.2 as the Application server, and oracle DB as the CMS and Audit Database, we plan to do the CMS clustering too.
BO1 used as CMS1 machine
BO2 used as CMS2 machine
BO3 used as BO clustering
WL used as the Weblogic machine for the Web-tier part.
We also plan to have the Windows AD SSO configuration done, as discussed we will be having 3 SIA node, SIA1 on the BO1 machine SIA2 on the BO2 (CMS cluster machine) and SIA3 on the BO3 machine (here all server components will be installed except the CMS and the u2018Web Appl container serveru2019).
During the SSO configuration, should the SIA1, SIA2 and the SIA3 be run under the server account?
Ie. In the properties of SIA, under the u2018Log on asu2019 section, will be using the DOMAIN\<service account>. Does this need to be done for all 3 SIAu2019s u2026. SIA1, SIA2 and SIA3 ?
- Thanks
Ranjit

It only needs to be done where there is a CMS (per your scenario SIA1 & 2).
[Section 1|https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/d0f6ac3c-b3ac-2b10-1b95-c9bd46194977] of my doc details planning your service account(s)
Regards,
Tim

How to get the SSO user from PL/SQL with Windows native authen

I connect to a 10g daabase using SSO through Windows Native Authentication wher the OID user mapps to a single Database user.
I need to get the SSO user from pl/sql
My fornt end is Portal & Forms

Hmm, I see.
Well your problem boils down to being in the database and needing to have access to web environment variables. The SSO sets specific variables in the environment but your stored procedure is not privy to them.
Now having said that, note that the mod_plsql Web Toolkit has a utility for accessing cgi variables. For instance,
owa_util.get_cgi_env('Osso-User-Dn')
If your web application cannot capture the SSO info and pass it to the stored proc in a parameter, OWA may be the only way.
Check out the Single Sign-On Developers Guide, specifically the part about developing statically protected PLSQL applications.
Hope this helps.
regards,
tt

I tried to update itunes to the latest version yet it wont update. Im currently getting a error message,from Window Installer, configuration dat for this product is corru

I'm trying to update itunes but not very successful and im not making much progress. Im currently getting a message on the screen from Window Installer quoting configuration data for this product is corrupt while trying

The path 'C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Apple\Apple Software Update\iTunes.msi' cannot be found. Verify that you have access to this location and try again, or try to find the installation package 'iTunes.msi' in a folder from which you can install the product iTunes.
Unfortunately, this sort of trouble has gotten more complicated to deal with ever since Microsoft pulled the Windows Installer CleanUp utility from their Download Center on June 25. First we have to find a copy of the utility.
Let's try Googling. (Best not to use Bing, I think.) Look for a working download site for at least version 3.0 of the Windows Installer CleanUp utility. After downloading the utility installer file (msicuu2.exe), scan the file for malware, just in case. (I use the free version of Malwarebytes AntiMalware to do single-file scans for that.)
If the file is clean, to install the utility, doubleclick the msicuu2.exe file you've downloaded.
Now run the utility ("Start > All Programs > Windows Install Clean Up"). In the list of programs that appears in CleanUp, select any iTunes entries and click "Remove".
Quit out of CleanUp, restart the PC and try installing iTunes again. Does the install go through properly now?
(If you do find a clean download site for the correct version of CleanUp, please don't tell me where it is. Without wishing to sound paranoid (although I grant it does sound paranoid), there is a non-zero chance that posting links to download locations for the utility here at Discussions leads to that download location being shut down.)

When I transfer my music from windows media player, itunes places the music all over the place instead of in the album its suppose to be in. Why?????

WhenI transfer my music from Windows Media Player why does Itunes place the music all over the place instead of in the Album its suppose to be in? Why???

Delete and redownload them if doing so is free in your country.
(98014)

Restore MAC OS X after removing its partition from windows?

I created a new bootcamp partition on my macbook air and installed windows 7. Then I realised I had little use for the MAC OS partition and, from windows, formatted that drive to get the extra space,so my MB had 2 particions:
- C drive (Bootcamp)
- D drive (labelled just "new drive").
Now I would like to restore the Mac OS partition on the D drive, but I do not want to erase Bootcamp. However if I restart the computer pressing the C key and with the USB reinstall drive in, the only drive where I can apparently install mac os is bootcamp.
I have not advance after that step since I do not want to erase bootcamp. Any clues as to how to proceed here?
thanks!

You can format "D:" again to HFS from OS X Lion or DVD
You do not want to use WinClone to the same hard drive, terrible.
You can install OS X to external drive - partition the drive for OS X, WinClone perhaps or CampTune (also makes backup restore images) - and for TimeMachine.
CampTune will also 'redistribute' space between HFS and NTFS partitions.
Their "Pro" Suite can convert HFS <=> NTFS without loss of data - of course it would be foolish to not have backups.

HTTP/SPNEGO for "SSO" on MS Windows

HTTP/SPNEGO for "SSO" on MS Windows
Hi all of you !
The scene is simple : I got a software (All in plain java ) and some simple web access to this system. ( it's not a real web server wich will be in need for Apache or some big container it's just a few access to some informations of the software )
The client company is all MS Windows, and it's used to some SSO approach,
they got a AD server on Win2003, all laptops are under winXP Pro and got IE at least version 6
Now The question is this ;
I got
-a guy (properly authentified) who is
- using IE (properly setted)
- on a computer (properly attached to AD)
to access a ressource URL of my app
It's quite simple to send him a http 401 or 407 so IE go back to the AD server and get its token
BUT how can I manage in java to extract the account used by the client
from the SPENEGO token ? this is all I need
I cant find any help on this, So please if someone can help me in this...
I'm lost ... Thanks in adavnce for a simple hint or a url linking me on the good path

I forget :
Ok for the configuration, thanks to some of your posts (thanks all)
I know all the importants steps to be followed
For exemple I quote danielshrem last post on the thread http://forum.java.sun.com/thread.jspa?forumID=545&threadID=760214
<quote>
Hey Seema,
Indeed my server's principal was not the correct one, now everything is cool with rc4 encryption.
for all u dudes out there in need of Java HTTP kerberos auth here's a few simple configuration procedures:
1. on the Domain Controller add an HTTP SPN to the account running the web service (use setspn.exe). the SPN has to be in format HTTP/host@Realm or HTTP/host (this SPN worked for me). if u dont know exactly which SPN u need u can sniff an HTTP session on ethereal look for Kerberos AP Req-->ticket-->Server Name. from what i gather this is the principal the clients use.
2. on the DC add a mapping to the newly created SPN (use ktpass.exe)
3. on the host running the service create a keytab file containing the newly created HTTP principal (use java's ktab.exe)
4. make sure the SPN is set up OK by running kinit and pass the newly created keytab file and the newly created SPN.
once u recieve an ok result you are good to go (login and authenticate users)
hope this helps
Daniel.
</quote>
My problem (I know it must sounds stupid) : how do I extract the login account from this ?

Single-Sign-On (SSO) configuration on JAVA Stack through HTTP Header method

Hello SDN community,
in the context of a Proof of Concept, we are testing the integration of Microsoft Sharepoint Portal with SAP Backend (addin) systems.
As the architecture impose use an external scenario (access from the internet), we couldn't use the Kerberos (SPNego) solution and thus we chosed the http header solution which in short uses an intermediary web server (in this case the IIS of the MOSS solution) which will act as authority.
I miss information on how the workflow works for this http header authentication method. Through the visual administrator of the addin JAVA stack, it is possible to configure each application with a customized authentication (a choice of security modules). But this all that I know.
My task is to configure SSO. From a sharepoint portal, the user should be able to access Web Dynpros and BSPs. I imagine that the very first call to a webdynpro or bsp (or maybe when we log on the sharepoint portal), the request to the WDP or BSP will first be forwareded by the intermediary server to the JAVA stack (or is it the SAP dispatcher that has to be configured).
Is there an application to be built on the java stack to deal with the authentication, modify http header?
What will the Java stack return? a sap long ticket? a token?
How will the redirect work (to by example a BSP which is in the ABAP stack)?
SAP preconise to secure with SSL the link between the intermediary web server and the JAVA stack, is IP restriction also a solution?
A lot of questions about how this SSO http header should work,
I would be very greatful for any help, or info,
Kind regards,
Tanguy Mezzano

Hi Tanguy,
to tell you the truth I'm really unsure about what you are trying to achieve. When I started posting to your thread I thought all you wanted was trying to access your J2EE engine via Browser and authenticate against the engine using HTTP Header Variables. Nevermind:
Here are some answers to your question:
in fact I did succeed, the problem was that even after domain-relaxation done by the J2EE, I had to change the domain of th SAP cookie to the bbbb.domain.com to be understood (I would have thought that all hosts in/under domain .domain would have accepted such a cookie but it seems that no...).
The server does not care about the domain because Cookies in an HTTP Request do not contain any domain information. The domain is just important when the Cookie is set by the server so your Client (Browser) will know in which cases the Cookie may be sent or not. So if your domain is xxx.yyy.domain.com and your cookie is issued to .domain.com then your Browser will definitely sent it to all hosts under .domain.com (This includes xxx.yyy.domain.com etc.)
My current scenario is: in a first request get a SAP Logon Ticket from the Java Stack, then change its domain and then directly call the backend with it.
You can do that but there is no Client involved in this scenario. So this is useful if you just want to test the functionality (e.g. authentication to J2EE using Header Variables (This works finally!!!) and then use the fetched Logon Ticket to test SSO against any trusted Backend!!)
So everything's is in a Java Client application without using any redirection.
If I understand you, you're solution is from the Browser call a servlet (which is deployed on the Java Stack and has no authentication schema) by passing to it our http header.
No, you should initially authenticate somewhere! I thought that maybe you had some resource you access before accessing the Java Stack. This could be any application (e.g. deployed on a Tomcat or JBOSS or other server or if you like even SAP J2EE). After authenticating there you are aware of the username and could use it to procceed (e.g. Authenticate against the J2EE using the same user and HTTP Header authentication for that particular user!)
That servlet will transfer the http header (with the HttpClient app) in order to get from the Java Stack a SAP Logon ticket, and then to redirect to the resource and by sending back the cookie in client browser. Am I correct?
This was just a suggestion because I realized that there was no Client ever involved in any of your testing (looked strange to me!). I was just thinking that it would be easier for you to just get the Cookie into your Browser so your Browser would do the rest for you (in your case finally send the Logon Ticket Cookie to your Backend to test SSO using Logon Tickets!).
The AuthenticatorServlet somehow serves as a Proxy to your client because your client is not able to set the Header Variable. That's why I initially suggested to use a Proxy (e.g. Apache) for that purpose. The problem is just that if you use a Proxy you will have to tell it somehow which username it should set in the Header Variable (e.g. using a URL Parameter or using a personalized client certificate and fetch the username (e.g. cn=<username> from the certificate!)
This way of doing would simplify the calls for sso for each new application needing authentication, instead of having all code each time in it...
I'm stuck again! Do you want to authenticate an End User or do you want to authenticate an application that needs to call any resources in your Backend that requires authentication?
So my problem now, is how to call the servlet from the client browser:
I'm trying to call my servlet from the browser but I don't succeed. I am able to understand how to reach a jsp from the Java Stack, but not to reach a servlet. I don't find the path to my servlet:
<FORM method="POST" action="SSORedirect2" >
A JSP is a servlet too. There is just no JAVA Class involved!
You do not need any POST Request to invoke a Servlet.
I see that my servlet is deployed, but I don't how what path to give to my form to invoke the servlet, here follows my web.xml
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE web-app (View Source for full doctype...)>
- <web-app>
<display-name>WEB APP</display-name>
<description>WEB APP description</description>
- <servlet>
<servlet-name>SSOredirect2</servlet-name>
<servlet-class>com.atosorigin.examples.AuthenticatorServlet</servlet-class>
</servlet>
- <servlet>
<servlet-name>SSORedirect2.jsp</servlet-name>
<jsp-file>/SSORedirect2.jsp</jsp-file>
</servlet>
- <security-constraint>
<display-name>SecurityConstraint</display-name>
- <web-resource-collection>
<web-resource-name>WebResource</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
- <auth-constraint>
<role-name>DefaultSecurityRole</role-name>
</auth-constraint>
</security-constraint>
- <security-role>
<role-name>DefaultSecurityRole</role-name>
</security-role>
</web-app>
If you have an AuthenticatorServlet Class all you need is to add the Servlet Mapping in your web.xml file
e.g.
<servlet>
<description>
</description>
<display-name>AuthenticatorServlet</display-name>
<servlet-name>AuthenticatorServlet</servlet-name>
<servlet-class>com.atosorigin.examples.AuthenticatorServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>AuthenticatorServlet</servlet-name>
<url-pattern>/AuthenticatorServlet</url-pattern>
</servlet-mapping>
You can directly call the Servlet in your Browser by calling the URL provided in the url-pattern of your Servlet mapping ( in this case /AuthenticatorServlet). The engine will invoke the Class "com.atosorigin.examples.AuthenticatorServlet" in the background and do whatever you defined there!
I have also to pass my http header and the redirectUrl in the GET request.
If you like! I just suggested this for testing purposes. As I stated before you need a way to tell your proxy (or in your case AuthenticatorServlet) which user should be set when calling the Engine in order to authenticate using HTTP Header. You could use the URL Paramater to define the user you actually want to use when you set the Header Variable.
I just introduced the redirectURL because you were talking about redirects all the time. So if you finally want to call the Backend you could define the Backend URL in the redirectURL Parameter and the Servlet will make sure that you are redirected to this location after the whole process!
Thx for your input very helpful,
But again 0 points
Cheers

Disabling SMB2 and SMB3 Client from Windows Vista, Windows 7 and Windows 8.

There are many programs that are using a shared file on the server from clients from XP to Windows 10. From time to time it seems like there is a network outage and the handle to the file is broken and the file
cannot be read or updated. It seems more prevalent on a Windows 2012 server but may have happened from time to time on 2008 & 2008 R2. However there are not any network problems so it just leaves the server & Client
I have searched for possible resolutions including:-
Turning off the Cache for the share
Disabling the network adapter power setting to allow windows to put the device to sleep.
Disabling Antivirus/configuring it to ignore folders for on access scanning
Disabling SMB Signing
Configuring the clients DWORD registry value SilentForcedAutoReconnect=1 in HKEY_LOCAL_MACHINE\Software\Microsoft\CurrentVersion\NetCache
Setting the "NET CONFIG SERVER /AUTODISCONNECT:-1" to not drop client
connections
The last bit of trouble shooting that I can think of is to disable SMB2 and SMB3 as that does a lot of caching and batching of packets which could also be the cause of the problem.
I have looked at
http://support.microsoft.com/kb/2696547/en-us
I have disabled SMB2&3 on the server as that is very straight forward.
When I get to the section about disabling SMB2 on the client the command fails.
sc config
lanmanworkstation depend= bowser/mrxsmb10/nsi
  After running the above command, it returns an error:
      [SC] ChangeServiceConfig FAILED 1059:
      Circular Service Dependency was specified.
So it's not worth running the following command:
sc config mrxsmb20 start= disabled
I have tried the command on Windows Vista, Windows 7 and Windows 10 just to confirm that it's nothing to do with any particular PC, machines in Domains and Non-Domain machines.
So, my questions are:-
1, is
http://support.microsoft.com/kb/2696547/en-us actually correct and up to date and for the OSes (Vista, 7, 8, 8.1, 2012 server and Windows 10) with latest updates & service packs?
2, How do I disable SMB2 and SMB3 on clients for troubleshooting purposes the server to resolve problems with shared files (multi user access)
3, If I just disable SMB2 & 3 from the server would that force the clients not to use SMB2 when communicating with the server and therefore not caching the directory structure and file not found etc? I have seen posts that suggest this is not the case.
4. Does sc.exe have a bug in it?
Thanks in advance
Rob

Hi,
I made a test in our testing enviroment, everything works fine to disable SMB2 and 3. For your problem, in my opinion, as I didn't find any specific report about this error, it would be better to use Process Monitor to capture the trace when running the
command.
Start Process Monitor, then set the filter as cmd.exe, after that, open CMD and execute the command.
Process Monitor:
http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
In addition, I found another thread that had similar error with yours, you can take its solution as reference.
https://social.technet.microsoft.com/Forums/windows/en-US/506828c8-e7af-4039-aca7-43321939bb55/offline-files-synchronization-error-the-file-specified-cannot-be-found?forum=w7itpronetworking
Roger Lu
TechNet Community Support
Roger,
Many thanks for the time taken to look into this.
I've downloaded process monitor and loaded it. I filtered for cmd.exe started capture and saved a 1mb file.
However I don't think this is going to help unless you can point me in the direction of what you're expecting to see in the capture file? If you want me to send you it I can but it does contain personal information which I'd rather not place online.
You can recreate the problem yourself by doing the following:
Go to modern.ie
Download any windows 7 virtual machine for your preferred of virtualisation platform
log in, start cmd as administrator and run the command
sc.exe config lanmanworkstation depend= bowser/mrxsmb10/nsi
You will also receive the same error.
[SC] ChangeServiceConfig FAILED 1059:
Circular Service Dependency was specified.
You can also try it on the Windows 8 and 8.1 machine if you have time.
I checked the link to the similar error and that just looks at the file not found problem which is the smb2 cache. They still didn't resolve the slow access to the share which is seen on a machine that has anti-virus on it when you go to right click
on the folder or a file in the folder. It's about a 20 second (spinning circle) pause every time. The problem is bigger than that. If you have shared files on the network share that are used by multiple people at the same time, say a spreadsheet or database
file windows is loosing the connection to that file so the user cannot write to it even if they have the file open. The smb2 caching shouldn't cause that problem.
It appears that I have to disable from SMB2 and SMB3 and ensure that the clients only use SMB1.
If SMB2 & SMB3 are disabled from the lanmanworkstation service the clients will not do any caching even if the server has disabled the share cache (offline files for that share).
The problem with the "Circular reference" error message is standard across all versions of windows that have "smb2" or "smb2 and smb3". Can you recreate that problem? Or is it working on your windows computer and on the machines
downloaded from modern.ie ?
My testing has shown that the command "sc.exe config lanmanworkstation depend= bowser/mrxsmb10/nsi" does not work. Therefore that's the one I want to resolve first. By resolving that I may be able to get the clients accessing the share to behave
themselves and use the shared files correctly as they always did from Windows 95/NT4 through to Windows XP and 2003/2008 server.
I'm unable to recreate the problem with multiple users having access to shared database files on windows 2012 server from Windows 7 clients were the access to the files drops once a day or once every couple of days.
Kindest Regards
Robert

After updating to Windows 8.1 from windows 8 games like pes 2014 and others are not functioning properly

Hi All,
Recently my system got update from MS now its running on Windows 8.1. After updating my games are not working properly
the games were running at very low FPS even key event and mouse event are lately taken. Even i updated drivers still its not working.
In windows 8 all games were running very smoothly. Only after updating i am seeing this issue.VRA
PC configurations :
1) OS : Windows 8.1
2) RAM : 4gb
3) Processor : core i3
4) VRAM : 2gb
5)VCARD : AMD radeom
Please help i am missing my games

Are the display drivers updated, that are compatible with Win 8.1?
Arnav Sharma | Facebook |
Twitter Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members
reading the thread.

Tnsping doesnt work. cant connect to oracle on linux from windows client

Installed Oracle 11g on Linux VM. Tried connecting from Tora/SqlDeveloper from Windows machine, but fails. TNSPING fails. PING works fine. Any idea how to resolve below issue?
Below is the info and checks made :
[oracle@oraclelinux6 admin]$ more *.ora
listener.ora
# listener.ora Network Configuration File: /apps/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.ora
# Generated by Oracle configuration tools.
SID_LIST_LISTENER =
(SID_LIST =
    (SID_DESC =
      (GLOBAL_DBNAME = orcl)
      (ORACLE_HOME = /apps/app/oracle/product/11.2.0/dbhome_1)
      (SID_NAME = orcl)
LISTENERLX =
(DESCRIPTION_LIST =
    (DESCRIPTION =
      (ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521))
ADR_BASE_LISTENER = /apps/app/oracle
sqlnet.ora
# sqlnet.ora Network Configuration File: /apps/app/oracle/product/11.2.0/dbhome_1/network/admin/sqlnet.ora
# Generated by Oracle configuration tools.
NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
ADR_BASE = /apps/app/oracle
SQLNET.EXPIRE_TIME=10
SQLNET.INBOUND_CONNECT_TIMEOUT=240
tnsnames.ora
# tnsnames.ora Network Configuration File: /apps/app/oracle/product/11.2.0/dbhome_1/network/admin/tnsnames.ora
# Generated by Oracle configuration tools.
ORCL =
(DESCRIPTION =
    (ADDRESS_LIST =
      (ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521))
    (CONNECT_DATA =
      (SERVICE_NAME = orcl)
[oracle@oraclelinux6 admin]$
[oracle@oraclelinux6 admin]$ ifconfig
eth1      Link encap:Ethernet HWaddr 08:00:27:CA:B7:5D
          inet addr:192.168.1.121 Bcast:192.168.1.255 Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:feca:b75d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:243465 errors:0 dropped:0 overruns:0 frame:0
          TX packets:143708 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:347575845 (331.4 MiB) TX bytes:9778008 (9.3 MiB)
lo        Link encap:Local Loopback
          inet addr:127.0.0.1 Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING MTU:16436 Metric:1
          RX packets:36859 errors:0 dropped:0 overruns:0 frame:0
          TX packets:36859 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:2400424 (2.2 MiB) TX bytes:2400424 (2.2 MiB)
virbr0    Link encap:Ethernet HWaddr 52:54:00:8D:63:05
          inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0
          UP BROADCAST MULTICAST MTU:1500 Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
[oracle@oraclelinux6 admin]$ hostname
oraclelinux6.localdomain
[oracle@oraclelinux6 admin]$ more /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.2.15       oraclelinux6.localdomain
[oracle@oraclelinux6 admin]$
[oracle@oraclelinux6 admin]$ sqlplus system@orcl
SQL*Plus: Release 11.2.0.1.0 Production on Mon Dec 2 08:19:59 2013
Copyright (c) 1982, 2009, Oracle. All rights reserved.
Enter password:
ERROR:
ORA-12514: TNS:listener does not currently know of service requested in connect
descriptor
Enter user-name: system
Enter password:
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> set head off
SQL> select * from v$instance;
              1 orcl
oraclelinux6.localdomain
11.2.0.1.0        01-DEC-13 OPEN         NO           1 STOPPED
ALLOWED    NO ACTIVE            PRIMARY_INSTANCE   NORMAL    NO
SQL> select * from v$database;
1360274593 ORCL      26-NOV-13            945184 26-NOV-13
                      1 15-AUG-09 NOARCHIVELOG            1071075
        1033565 CURRENT 26-NOV-13                  1283             1094699
02-DEC-13 NOT ALLOWED 26-NOV-13 READ WRITE           MAXIMUM PERFORMANCE
UNPROTECTED          ENABLED   1360252065 1360252065 PRIMARY
            945184 DISABLED NOT ALLOWED          DISABLED NONE    NO       NO
NO NO           13
Linux x86 64-bit
                           2                      2     1094771
NO                 NO NO orcl
                         0 DISABLED
                    0
NO                                 NO
LSNRCTL> show inbound_connect_timeout
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
TNS-12535: TNS:operation timed out
TNS-12560: TNS:protocol adapter error
TNS-00505: Operation timed out
LSNRCTL>
[oracle@oraclelinux6 admin]$ tnsping orcl
TNS Ping Utility for Linux: Version 11.2.0.1.0 - Production on 02-DEC-2013 08:11:34
Copyright (c) 1997, 2009, Oracle. All rights reserved.
Used parameter files:
/apps/app/oracle/product/11.2.0/dbhome_1/network/admin/sqlnet.ora
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521))) (CONNECT_DATA = (SERVICE_NAME = orcl)))
OK (0 msec)
<msg time='2013-12-02T08:11:55.728-08:00' org_id='oracle' comp_id='tnslsnr'
type='UNKNOWN' level='16' host_id='oraclelinux6.localdomain'
host_addr='10.0.2.15'>
<txt>TNS-12514: TNS:listener does not currently know of service requested in connect descriptor
</txt>
</msg>
<msg time='2013-12-02T08:13:23.444-08:00' org_id='oracle' comp_id='tnslsnr'
type='UNKNOWN' level='16' host_id='oraclelinux6.localdomain'
host_addr='10.0.2.15'>
<txt>02-DEC-2013 08:13:23 * (CONNECT_DATA=(SERVICE_NAME=orcl)(CID=(PROGRAM=sqlplus)(HOST=oraclelinux6.localdomain)(USER=oracle))) * (ADDRESS=(PROTOCOL=tcp)(HOST=127.0.0.1)(PORT=60806)) * establish * orcl * 12514
</txt>
</msg>
<msg time='2013-12-02T08:13:23.444-08:00' org_id='oracle' comp_id='tnslsnr'
type='UNKNOWN' level='16' host_id='oraclelinux6.localdomain'
host_addr='10.0.2.15'>
<txt>TNS-12514: TNS:listener does not currently know of service requested in connect descriptor
</txt>
</msg>
<msg time='2013-12-02T08:19:54.141-08:00' org_id='oracle' comp_id='tnslsnr'
type='UNKNOWN' level='16' host_id='oraclelinux6.localdomain'
host_addr='10.0.2.15'>
<txt>02-DEC-2013 08:19:54 * service_update * orcl * 0
</txt>
</msg>
<msg time='2013-12-02T08:20:00.146-08:00' org_id='oracle' comp_id='tnslsnr'
type='UNKNOWN' level='16' host_id='oraclelinux6.localdomain'
host_addr='10.0.2.15'>
<txt>02-DEC-2013 08:20:00 * service_update * orcl * 0
</txt>
</msg>
<msg time='2013-12-02T08:20:03.639-08:00' org_id='oracle' comp_id='tnslsnr'
type='UNKNOWN' level='16' host_id='oraclelinux6.localdomain'
host_addr='10.0.2.15'>
<txt>02-DEC-2013 08:20:03 * (CONNECT_DATA=(SERVICE_NAME=orcl)(CID=(PROGRAM=sqlplus)(HOST=oraclelinux6.localdomain)(USER=oracle))) * (ADDRESS=(PROTOCOL=tcp)(HOST=127.0.0.1)(PORT=60970)) * establish * orcl * 12514
</txt>
</msg>
<msg time='2013-12-02T08:20:03.639-08:00' org_id='oracle' comp_id='tnslsnr'
type='UNKNOWN' level='16' host_id='oraclelinux6.localdomain'
host_addr='10.0.2.15'>
<txt>TNS-12514: TNS:listener does not currently know of service requested in connect descriptor
</txt>
</msg>
[oracle@oraclelinux6 admin]$ lsnrctl status
LSNRCTL for Linux: Version 11.2.0.1.0 - Production on 02-DEC-2013 08:25:38
Copyright (c) 1991, 2009, Oracle. All rights reserved.
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
TNS-12535: TNS:operation timed out
TNS-12560: TNS:protocol adapter error
TNS-00505: Operation timed out
[oracle@oraclelinux6 admin]$
[oracle@oraclelinux6 admin]$ lsnrctl status LISTENERLX
LSNRCTL for Linux: Version 11.2.0.1.0 - Production on 02-DEC-2013 08:29:23
Copyright (c) 1991, 2009, Oracle. All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=localhost)(PORT=1521)))
STATUS of the LISTENER
Alias                     LISTENERLX
Version                   TNSLSNR for Linux: Version 11.2.0.1.0 - Production
Start Date                02-DEC-2013 07:55:29
Uptime                    0 days 0 hr. 33 min. 54 sec
Trace Level               off
Security                  ON: Local OS Authentication
SNMP                      OFF
Listener Parameter File   /apps/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.ora
Listener Log File         /apps/app/oracle/product/11.2.0/dbhome_1/log/diag/tnslsnr/oraclelinux6/listenerlx/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=127.0.0.1)(PORT=1521)))
Services Summary...
Service "orcl.localdomain" has 1 instance(s).
Instance "orcl", status READY, has 1 handler(s) for this service...
Service "orclXDB.localdomain" has 1 instance(s).
Instance "orcl", status READY, has 1 handler(s) for this service...
The command completed successfully
[oracle@oraclelinux6 admin]$
CLIENT SIDE :
C:\Windows\system32>ping 192.168.1.121
Pinging 192.168.1.121 with 32 bytes of data:
Reply from 192.168.1.121: bytes=32 time<1ms TTL=64
Reply from 192.168.1.121: bytes=32 time<1ms TTL=64
Reply from 192.168.1.121: bytes=32 time<1ms TTL=64
Reply from 192.168.1.121: bytes=32 time<1ms TTL=64
Ping statistics for 192.168.1.121:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:\Windows\system32>tnsping ORACLELINUX6
TNS Ping Utility for 64-bit Windows: Version 11.2.0.1.0 - Production on 03-DEC-2013 01:30:13
Copyright (c) 1997, 2010, Oracle. All rights reserved.
Used parameter files:
D:\app\Laasya\product\11.2.0\dbhome_1\network\admin\sqlnet.ora
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.1.121)(PORT = 1521)) (C
ONNECT_DATA = (SERVICE_NAME = orcl)))
TNS-12535: TNS:operation timed out
# tnsnames.ora Network Configuration File: D:\app\Laasya\product\11.2.0\dbhome_1\network\admin\tnsnames.ora
# Generated by Oracle configuration tools.
ORACLR_CONNECTION_DATA =
(DESCRIPTION =
    (ADDRESS_LIST =
      (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1522))
    (CONNECT_DATA =
      (SID = CLRExtProc)
      (PRESENTATION = RO)
LISTENER_ORCL =
(ADDRESS = (PROTOCOL = TCP)(HOST = Laasya-PC)(PORT = 1522))
ORCL =
(DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCP)(HOST = Laasya-PC)(PORT = 1522))
    (CONNECT_DATA =
      (SERVER = DEDICATED)
      (SERVICE_NAME = orcl)
ORACLELINUX6 =
(DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.1.121)(PORT = 1521))
    (CONNECT_DATA =
      (SERVICE_NAME = orcl)

f0c7e0f7-dab5-4b63-a36c-04b7e8eb552d wrote:
Installed Oracle 11g on Linux VM. Tried connecting from Tora/SqlDeveloper from Windows machine, but fails. TNSPING fails. PING works fine. Any idea how to resolve below issue?
Below is the info and checks made :
[oracle@oraclelinux6 admin]$ more *.ora
listener.ora
# listener.ora Network Configuration File: /apps/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.ora
# Generated by Oracle configuration tools.
SID_LIST_LISTENER =
(SID_LIST =
    (SID_DESC =
      (GLOBAL_DBNAME = orcl)
      (ORACLE_HOME = /apps/app/oracle/product/11.2.0/dbhome_1)
      (SID_NAME = orcl)
LISTENERLX =
It is pointless, and just adds to the confusion, to name your listener anything other than the default name of LISTENER
(DESCRIPTION_LIST =
    (DESCRIPTION =
      (ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521))
Client requests to 'localhost' (or its ip address of 127.0.0.1) never leave the client machine. Hence, any listener configured for that address will never receive a request from any other machine.
ADR_BASE_LISTENER = /apps/app/oracle
sqlnet.ora
# sqlnet.ora Network Configuration File: /apps/app/oracle/product/11.2.0/dbhome_1/network/admin/sqlnet.ora
# Generated by Oracle configuration tools.
NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
ADR_BASE = /apps/app/oracle
SQLNET.EXPIRE_TIME=10
SQLNET.INBOUND_CONNECT_TIMEOUT=240
tnsnames.ora
# tnsnames.ora Network Configuration File: /apps/app/oracle/product/11.2.0/dbhome_1/network/admin/tnsnames.ora
# Generated by Oracle configuration tools.
ORCL =
(DESCRIPTION =
    (ADDRESS_LIST =
      (ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521))
See comment above regarding 'localhost'.
    (CONNECT_DATA =
      (SERVICE_NAME = orcl)
[oracle@oraclelinux6 admin]$
[oracle@oraclelinux6 admin]$ ifconfig
eth1      Link encap:Ethernet HWaddr 08:00:27:CA:B7:5D
          inet addr:192.168.1.121 Bcast:192.168.1.255 Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:feca:b75d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:243465 errors:0 dropped:0 overruns:0 frame:0
          TX packets:143708 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:347575845 (331.4 MiB) TX bytes:9778008 (9.3 MiB)
lo        Link encap:Local Loopback
          inet addr:127.0.0.1 Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING MTU:16436 Metric:1
          RX packets:36859 errors:0 dropped:0 overruns:0 frame:0
          TX packets:36859 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:2400424 (2.2 MiB) TX bytes:2400424 (2.2 MiB)
virbr0    Link encap:Ethernet HWaddr 52:54:00:8D:63:05
          inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0
          UP BROADCAST MULTICAST MTU:1500 Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
[oracle@oraclelinux6 admin]$ hostname
oraclelinux6.localdomain
[oracle@oraclelinux6 admin]$ more /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.2.15       oraclelinux6.localdomain
where did that 10.0.2.15 address come from? You don't have any network adapters configured for that address
[oracle@oraclelinux6 admin]$
[oracle@oraclelinux6 admin]$ sqlplus system@orcl
SQL*Plus: Release 11.2.0.1.0 Production on Mon Dec 2 08:19:59 2013
Copyright (c) 1982, 2009, Oracle. All rights reserved.
Enter password:
ERROR:
ORA-12514: TNS:listener does not currently know of service requested in connect
descriptor
A well-documented error.
see: http://edstevensdba.wordpress.com/2011/03/19/ora-12514/ (ora-12514 Listener does not know of requested service )
Enter user-name: system
Enter password:
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
Since you did not use a tns service name ('@orcl') this was a bequeth connection to a local database.
SQL> set head off
SQL> select * from v$instance;
              1 orcl
oraclelinux6.localdomain
11.2.0.1.0        01-DEC-13 OPEN         NO           1 STOPPED
ALLOWED    NO ACTIVE            PRIMARY_INSTANCE   NORMAL    NO
SQL> select * from v$database;
1360274593 ORCL      26-NOV-13            945184 26-NOV-13
                      1 15-AUG-09 NOARCHIVELOG            1071075
        1033565 CURRENT 26-NOV-13                  1283             1094699
02-DEC-13 NOT ALLOWED 26-NOV-13 READ WRITE           MAXIMUM PERFORMANCE
UNPROTECTED          ENABLED   1360252065 1360252065 PRIMARY
            945184 DISABLED NOT ALLOWED          DISABLED NONE    NO       NO
NO NO           13
Linux x86 64-bit
                           2                      2     1094771
NO                 NO NO orcl
                         0 DISABLED
                    0
NO                                 NO
LSNRCTL> show inbound_connect_timeout
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
TNS-12535: TNS:operation timed out
TNS-12560: TNS:protocol adapter error
TNS-00505: Operation timed out
LSNRCTL>
[oracle@oraclelinux6 admin]$ tnsping orcl
TNS Ping Utility for Linux: Version 11.2.0.1.0 - Production on 02-DEC-2013 08:11:34
Copyright (c) 1997, 2009, Oracle. All rights reserved.
Used parameter files:
/apps/app/oracle/product/11.2.0/dbhome_1/network/admin/sqlnet.ora
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521))) (CONNECT_DATA = (SERVICE_NAME = orcl)))
OK (0 msec)
<msg time='2013-12-02T08:11:55.728-08:00' org_id='oracle' comp_id='tnslsnr'
type='UNKNOWN' level='16' host_id='oraclelinux6.localdomain'
host_addr='10.0.2.15'>
<txt>TNS-12514: TNS:listener does not currently know of service requested in connect descriptor
</txt>
</msg>
<msg time='2013-12-02T08:13:23.444-08:00' org_id='oracle' comp_id='tnslsnr'
type='UNKNOWN' level='16' host_id='oraclelinux6.localdomain'
host_addr='10.0.2.15'>
<txt>02-DEC-2013 08:13:23 * (CONNECT_DATA=(SERVICE_NAME=orcl)(CID=(PROGRAM=sqlplus)(HOST=oraclelinux6.localdomain)(USER=oracle))) * (ADDRESS=(PROTOCOL=tcp)(HOST=127.0.0.1)(PORT=60806)) * establish * orcl * 12514
</txt>
</msg>
<msg time='2013-12-02T08:13:23.444-08:00' org_id='oracle' comp_id='tnslsnr'
type='UNKNOWN' level='16' host_id='oraclelinux6.localdomain'
host_addr='10.0.2.15'>
<txt>TNS-12514: TNS:listener does not currently know of service requested in connect descriptor
</txt>
</msg>
<msg time='2013-12-02T08:19:54.141-08:00' org_id='oracle' comp_id='tnslsnr'
type='UNKNOWN' level='16' host_id='oraclelinux6.localdomain'
host_addr='10.0.2.15'>
<txt>02-DEC-2013 08:19:54 * service_update * orcl * 0
</txt>
</msg>
<msg time='2013-12-02T08:20:00.146-08:00' org_id='oracle' comp_id='tnslsnr'
type='UNKNOWN' level='16' host_id='oraclelinux6.localdomain'
host_addr='10.0.2.15'>
<txt>02-DEC-2013 08:20:00 * service_update * orcl * 0
</txt>
</msg>
<msg time='2013-12-02T08:20:03.639-08:00' org_id='oracle' comp_id='tnslsnr'
type='UNKNOWN' level='16' host_id='oraclelinux6.localdomain'
host_addr='10.0.2.15'>
<txt>02-DEC-2013 08:20:03 * (CONNECT_DATA=(SERVICE_NAME=orcl)(CID=(PROGRAM=sqlplus)(HOST=oraclelinux6.localdomain)(USER=oracle))) * (ADDRESS=(PROTOCOL=tcp)(HOST=127.0.0.1)(PORT=60970)) * establish * orcl * 12514
</txt>
</msg>
<msg time='2013-12-02T08:20:03.639-08:00' org_id='oracle' comp_id='tnslsnr'
type='UNKNOWN' level='16' host_id='oraclelinux6.localdomain'
host_addr='10.0.2.15'>
<txt>TNS-12514: TNS:listener does not currently know of service requested in connect descriptor
</txt>
</msg>
[oracle@oraclelinux6 admin]$ lsnrctl status
LSNRCTL for Linux: Version 11.2.0.1.0 - Production on 02-DEC-2013 08:25:38
Copyright (c) 1991, 2009, Oracle. All rights reserved.
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
TNS-12535: TNS:operation timed out
TNS-12560: TNS:protocol adapter error
TNS-00505: Operation timed out
[oracle@oraclelinux6 admin]$
[oracle@oraclelinux6 admin]$ lsnrctl status LISTENERLX
LSNRCTL for Linux: Version 11.2.0.1.0 - Production on 02-DEC-2013 08:29:23
Copyright (c) 1991, 2009, Oracle. All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=localhost)(PORT=1521)))
STATUS of the LISTENER
Alias                     LISTENERLX
Version                   TNSLSNR for Linux: Version 11.2.0.1.0 - Production
Start Date                02-DEC-2013 07:55:29
Uptime                    0 days 0 hr. 33 min. 54 sec
Trace Level               off
Security                  ON: Local OS Authentication
SNMP                      OFF
Listener Parameter File   /apps/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.ora
Listener Log File         /apps/app/oracle/product/11.2.0/dbhome_1/log/diag/tnslsnr/oraclelinux6/listenerlx/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=127.0.0.1)(PORT=1521)))
See previous comments regarding localhost and 127.0.0.1
Services Summary...
Service "orcl.localdomain" has 1 instance(s).
Instance "orcl", status READY, has 1 handler(s) for this service...
Service "orclXDB.localdomain" has 1 instance(s).
Instance "orcl", status READY, has 1 handler(s) for this service...
The command completed successfully
[oracle@oraclelinux6 admin]$
CLIENT SIDE :
C:\Windows\system32>ping 192.168.1.121
Pinging 192.168.1.121 with 32 bytes of data:
Reply from 192.168.1.121: bytes=32 time<1ms TTL=64
Reply from 192.168.1.121: bytes=32 time<1ms TTL=64
Reply from 192.168.1.121: bytes=32 time<1ms TTL=64
Reply from 192.168.1.121: bytes=32 time<1ms TTL=64
Ping statistics for 192.168.1.121:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:\Windows\system32>tnsping ORACLELINUX6
TNS Ping Utility for 64-bit Windows: Version 11.2.0.1.0 - Production on 03-DEC-2013 01:30:13
Copyright (c) 1997, 2010, Oracle. All rights reserved.
Used parameter files:
D:\app\Laasya\product\11.2.0\dbhome_1\network\admin\sqlnet.ora
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.1.121)(PORT = 1521)) (C
ONNECT_DATA = (SERVICE_NAME = orcl)))
TNS-12535: TNS:operation timed out
# tnsnames.ora Network Configuration File: D:\app\Laasya\product\11.2.0\dbhome_1\network\admin\tnsnames.ora
# Generated by Oracle configuration tools.
ORACLR_CONNECTION_DATA =
(DESCRIPTION =
    (ADDRESS_LIST =
      (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1522))
    (CONNECT_DATA =
      (SID = CLRExtProc)
      (PRESENTATION = RO)
LISTENER_ORCL =
(ADDRESS = (PROTOCOL = TCP)(HOST = Laasya-PC)(PORT = 1522))
ORCL =
(DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCP)(HOST = Laasya-PC)(PORT = 1522))
    (CONNECT_DATA =
      (SERVER = DEDICATED)
      (SERVICE_NAME = orcl)
ORACLELINUX6 =
(DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.1.121)(PORT = 1521))
    (CONNECT_DATA =
      (SERVICE_NAME = orcl)
You've thrown out a huge amount of detailed data, but showing a variety of errors, and combinations. Overall, I get the impression you are confusing remote vs. local connections. Please read the following, then come back and let's focus on one error at a time.
see: http://edstevensdba.wordpress.com/2011/02/09/sqlnet_overview/ (Help! I can’t connect to my database )
see: http://edstevensdba.wordpress.com/2011/02/16/sqlnet_client_cfg/ ( Help! I can’t connect to my database (part duex) )

TMG SSO issue with Windows 7 clients

I have very strange problem with Forefront TMG 2010 Single Sign On feature.
SSO settings:
I'm publishing two websites (https://site1.domain.com and https://site2.domain.com) by using the same web listener with SSO enabled for *.domain.com
SSO is working as charm for Windows 8.1 clients
The issue when accessing sites from Windows 7 clients:
On the first access to any of the sites (i.e. site1), I'm getting TMG forms login form - as expected.
I login, then visit few pages of the same site (i.e. site1), and everything works as expected. I'm logged in, and I can surf.
The problem arises when I try to open the other site (i.e. site2). I'm getting TMG forms login form again! And even worse - as soon as new TMG login form opens -
I'm logged off from the first site also. So not just I must login separately for both sites - I can't be logged to both sites in the same time because as soon as I login to one site, the session with other site is terminated!
Interesting thing is that behavior is the same in any browser. I've tried with IE, Chrome and Mozilla - the problem is the same.
When external client tries to open the second site, TMG logs one interesting message:
Req ID: 0ae9f57b; Compression: client=Yes, server=No, compress rate=0% decompress rate=0% ;
FBA cookie: exists=yes, valid=no, updated=no, logged off=no, client type=private, user activity=yes
It looks that TMG finds that cookie is not valid and deletes it, terminating this way existing session with all sites.
My setup:
Array of two TMG's 2010 SP2 RU4, on Windows Server 2008 R2, all updates installed.
Published websites (site1.domain.com and site2.domain.com) are residing on two different servers (srv1 and srv2)
Websites are published over https by using SSL certificate gotten from local PKI. All clients and servers do have PKI CA in their "Trusted Root Certificates" storage. No client or server reports any certificate issue. Websites are "green"
in address bar.
I'm really confused with this behavior. Especially due to the fact that the same third-party browser (Chrome), can be used with SSO without any problem when installed on Windows 8.1, but not when installed on Windows 7!?!?
Any help would be appreciated...
Thanks!
Fat Dragon

Hahah! Shame on me! The problem is not related to Windows 8.1 / Windows 7. Client OS coincides with DNS server settings... To explain:
My two-server TMG array has two public IPs (each server having one) - 1.1.1.1 and 1.1.1.2.
In order to avoid setting the same IPs for all my websites, I've decided to create one common A record, and to define all websites as CNAME records pointing to this common A record. (This way I have just one place where I should change IP if it changes.)
My common A record is defined as follows:
a.domain.com -> 1.1.1.1, 1.1.1.2
And websites as follows:
site1.domain.com -> a.domain.com
site2.domain.com -> a.domain.com
When multiple IPs are bound to the same host some DNS servers will round robin them, and some will not. For example, when I do nslookup on the PC with google's public DNS server (8.8.8.8) I'm getting the following result:
C:\Windows\System32>nslookup site1.domain.com
Server: google-public-dns-a.google.com
Address: 8.8.8.8
Non-authoritative answer:
Name: a.domain.com
Addresses: 1.1.1.1
1.1.1.2
Aliases: site1.domain.com
No matter how many times I execute nslookup, I'm getting the same answer, with IP addresses in the same sequence. But when I do nslookup on the PC that uses local DNS service on the router, sequence of IP addresses changes with each subsequent call:
C:\Windows\System32>nslookup site1.domain.com
Server: UnKnown
Address: 192.168.1.1
Non-authoritative answer:
Name: a.domain.com
Addresses: 1.1.1.1
1.1.1.2
Aliases: site1.domain.com
C:\Windows\System32>nslookup site1.domain.com
Server: UnKnown
Address: 192.168.1.1
Non-authoritative answer:
Name: a.domain.com
Addresses: 1.1.1.2
1.1.1.1
Aliases: site1.domain.com
In my case Windows 8.1 machines were using Google's public DNS server, so all of them were resolving both websites in the same way, always using the first IP gotten - 1.1.1.1. In the other words, both websites were pointing to the same TMG array member 1.1.1.1.
And SSO was working as expected.
On the other side, my Windows 7 machines were setup to dynamically get network settings from the DHCP service (the router), and they were using its DNS service (second example). So when the browser opens site1.domain.com it queries DNS for site1.domain.com,
gets two IPs, as always selects the first one (1.1.1.1), makes request to the first member of my TMG array and successfully creates session. Browser caches site1.domain.com -> 1.1.1.1, so each subsequent call goes to the same address without querying DNS
server. But when the browser opens site2.domain.com it queries DNS server again, this time getting the same IP addresses, but reordered. As always it selects the first one (1.1.1.2), and sends the request (with authentication cookie) to
the second TMG array member. The second TMG validates the cookie and doesn't recognize it, so
rejects it and deletes it, and redirects the browser to login form. Since the cookie is deleted, browser cannot access site1.domain.com (through 1.1.1.1) anymore.
Huuuhhh.
The new question: can SSO be setup with TMG arrays and DNS round robin? Is there any way to "force" array members to accept cookies distributed by other members?
I guess that I must open new question...
Sorry for my stupidity!
Fat Dragon

SSO Configuration in biztalk

Hi
I referred the below url to store config info to SSO DB , from biztalk i am reading those values.
http://www.codeproject.com/Tips/559597/How-to-store-BizTalk-configuration-in-the-SSO-data
its working fine. i have used the MMC snap in tool to create configurable values.
but now i have a situation to store one more key/value in the same application via programatically.
i tried to use the below code snippet for storing values
SSOConfigStore ssoStore = new SSOConfigStore();
ConfigurationPropertyBag appMgmtBag = new ConfigurationPropertyBag();
object value = "Sample";
appMgmtBag.Write(propName, ref value);
((ISSOConfigStore)ssoStore).SetConfigInfo(appName, idenifierGUID, appMgmtBag);
but when i try to update , it is not updating the new key/value pair in the same application store. also, when i open the MMC snap in tool, i am not able to see the existing key/value pairs.
can any one please help me how to store the sso configurable values dynamically?
Thanks
Vinoth

Hi Vinoth,
Please have a look at this thread
http://social.msdn.microsoft.com/Forums/en-US/5b914e0c-50ea-4226-8f0e-7e15e2f482ae/biztalk-2013-sso-mmc-snapin-does-not-show-key-pairs?forum=biztalkgeneral
Probably, this will solve the issue of existing key/value pairs missing in MMC
Thanks,
Deepthi
DeepthiAdith

SSO Configuration from Windows to ITS

Similar Messages

Maybe you are looking for