SunMC db access
Does anyone know how to get access to the oracle db in sunmc 3.5.1u1a? Looking at /etc/shadow it looks as if the smcorau does not have a pwd and the oracle(assuming running ./es-inst created it) account I have no idea what the pwd is. I've been running /opt/SUNWsymon/oracle/product/8*/bin/sqlplus as smcorau(after sudo su - smcorau) and attempting to log in to no avail. I havent been able to find the solution in these forums and not much on the web either. I do not want to directly edit the db, but was asked to investigate an alternate backup method that doesnt require sunmc to be brought down. (I thought I may be able to obtain some usefull data for custom reports as well :) )
Hi Hurtnn,
Does anyone know how to get access to the oracle db
in sunmc 3.5.1u1a?As part of the license agreement displayed during the Server install, you can't really login to that database directly as a regular user (or else every SunMC Server install would essentially give you a free regular Oracle database license). The only supported ways of getting at alarm listings or PRM data are through the published SDK APIs, web/Java/cli interfaces, and PRM data exports (csv/tsv data).
However, if you're just looking at online backups, that's a supported feature as of SunMC 3.5.1b (and is part of 3.6 as well):
http://docs.sun.com/app/docs/doc/819-3054/6n5a5n0sa?a=view
http://docs.sun.com/app/docs/doc/817-7961/6mn8bt7de?a=view
So, you can upgrade a point release from 351a to 351b and get the hotbackup feature. It's a Server-only upgrade and all your existing Agents can be left at 351a if you want (SunMC Servers retain backward compatibility with almost all previous Agent versions)
Regards,
[email protected]
Similar Messages
-
SunMC Webconsole - not display correctly - accordian-tasks.zul panel blank?
Hi,
I have recently installed Sun MC 4 onto a Solaris 10u4 environment, patched to late '08.
Currently experience problems with the display of the web console environment.
We can launch a browser, login to the web console, click on the app "sun management center 4.0". What normally expect to see, is a frame page, with the the three areas. We do get the header at the top, the main panel to right listing domains, but the left menu panel is blank.
The panel in question, referes to itself as "/sunmcweb/faces/pages/accordian-tasks.zul"
when checking the properties.
Reviewing the debug logs from /var/log/webconsole/console
Login to web consle, and pre-launch of SunMC.
debug April 3, 2009 4:01:47 PM Thread-25: Registering security scheme 'medium' (default)
debug April 3, 2009 4:01:47 PM Thread-25: Registering security scheme 'strong'
debug April 3, 2009 4:01:47 PM Thread-25: Registering security scheme 'weak'
debug April 3, 2009 4:01:47 PM Thread-25: Registering security scheme 'medium' (default)
debug April 3, 2009 4:01:47 PM Thread-25: Registering security scheme 'strong'
debug April 3, 2009 4:01:47 PM Thread-25: Registering security scheme 'weak'
info April 3, 2009 4:01:47 PM Thread-25: Using security scheme 'medium'
Apr 3, 2009 4:01:48 PM com.sun.faces.lifecycle.Phase doPhase
SEVERE: JSF1054: (Phase ID: RENDER_RESPONSE 6, View ID: /jsp/login/UserLogin.jsp) Exception thrown during phase execution: javax.faces.event.PhaseEvent[source=com.sun.faces.lifecycle.LifecycleImpl@15863e4]Launch SunMC...
many iterations of...
com.sun.web.ui.theme.ThemeManager::No theme instance found for locale English (United Kingdom)
com.sun.web.ui.theme.ThemeManager::Trying to use the default locale EnglishOf which an exception follows.
Apr 3, 2009 4:02:21 PM org.apache.catalina.core.ApplicationDispatcher invoke
SEVERE: Servlet.service() for servlet zkLoader threw exception
java.lang.NoClassDefFoundError: org/apache/commons/el/ExpressionEvaluatorImpl
at org.zkoss.el.RequestResolver$PageContextImpl.getExpressionEvaluator(RequestResolver.java:358)
at org.zkoss.web.el.PageELContext.getExpressionEvaluator(PageELContext.java:54)
at org.zkoss.zk.ui.impl.AbstractExecution.evaluate0(AbstractExecution.java:111)
at org.zkoss.zk.ui.impl.AbstractExecution.evaluate(AbstractExecution.java:94)Hopefully, someone can give pointers on what has gone wrong and where should be looking to resolve this.
Thanks.
-Paul.at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:162)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:283)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:56)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:654)
at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:445)
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:379)
at org.apache.catalina.core.ApplicationDispatcher.access$000(ApplicationDispatcher.java:65)
at org.apache.catalina.core.ApplicationDispatcher$PrivilegedForward.run(ApplicationDispatcher.java:80)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:284)
at com.sun.faces.context.ExternalContextImpl.dispatch(ExternalContextImpl.java:415)
at com.sun.faces.application.ViewHandlerImpl.executePageToBuildView(ViewHandlerImpl.java:475)
at com.sun.faces.application.ViewHandlerImpl.renderView(ViewHandlerImpl.java:143)
at com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:110)
at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:100)
at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:139)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:266)
at sun.reflect.GeneratedMethodAccessor221.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:162)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:283)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:56)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185)
at com.sun.management.services.session.CoreSessionManagerFilter.handleRequest(CoreSessionManagerFilter.java:649)
at com.sun.management.services.session.CoreSessionManagerFilter.doFilter(CoreSessionManagerFilter.java:412)
at sun.reflect.GeneratedMethodAccessor142.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:56)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:263)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:584)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:595)
Apr 3, 2009 4:02:21 PM com.sun.faces.lifecycle.Phase doPhase
SEVERE: JSF1054: (Phase ID: RENDER_RESPONSE 6, View ID: /pages/accordian-tasks.zul) Exception thrown during phase execution: javax.faces.event.PhaseEvent[source=com.sun.faces.lifecycle.LifecycleImpl@130c8e9]
SMTopologyGroup Entering
SMTopologyGroup ExitingThanks in advance, for help offered in solving this problem. -
Problem in launching sunMC 4.0 Web console
Does anybody have problem in launching sunMC 4.0 web console from a browser?
I have installed sunMC 4.0 on a Solaris 10 upgrade server.
When I type the URL of the sunMC 4.0 server with the default port 8080 I gets the welcome page giving me two options:
- Launch Web Console
href='https://172.17.210.96:6789/'>Launch Web Console
- Launch Java Console
None of the options works for me.
Clicking on "Launch Web Console" ends with error page saying "Unable to Connect". Get the same error regardless of browser: Firefox or IE.
Clicking on "Launch Java Console" gives me "Unable to launch Sun Management Center"
When clicking on "Details" button I gets
An error occurred while launching/running the application.
Title: Sun Management Center
Vendor: Sun Microsystems, Inc.
Category: Download Error
Unable to load resource: http://172.17.35.18:8080/smconsole.jnlpA find on the server reveals that smconsole.jnlp is installed on /opt/SUNWsymon/web/console/smconsole.jnlp
I have no problem in launching the console using via script /opt/SUNWsymon/sbin/es-start -cIT WORKED!
External access to Java Web Console was restored.
Ports 6788 and 6789 are no longer restricted to localhost.
I can browse sunMC 4.0 Web console from any workstation and/or host now.
# svccfg
svc:> select system/webconsole
svc:/system/webconsole> listprop
options application
options/stability astring Evolving
options/tcp_listen boolean false
console-multi-user dependency
console-multi-user/entities fmri svc:/milestone/multi-user
console-multi-user/grouping astring require_all
console-multi-user/restart_on astring none
console-multi-user/type astring service
general framework
general/entity_stability astring Unstable
svc:/system/webconsole> setprop options/tcp_listen=true
svc:/system/webconsole> listprop
options application
options/stability astring Evolving
options/tcp_listen boolean true
console-multi-user dependency
console-multi-user/entities fmri svc:/milestone/multi-user
console-multi-user/grouping astring require_all
console-multi-user/restart_on astring none
console-multi-user/type astring service
general framework
general/entity_stability astring Unstable
svc:/system/webconsole> quit
# svcadm disable svc:/system/webconsole
# svcadm enable svc:/system/webconsole
# netstat -an | grep 678
*.6788 *.* 0 0 49152 0 LISTEN
*.6789 *.* 0 0 49152 0 LISTEN
#Is external access to Java Web Console disabled by default?
Is this procedure documented in any of sunMC manuals?
If not then it should. At minimum, on the release notes.
THANK YOU! -
Zone shutdown error - SNMP request returned error status 6 (no access)
When trying to shutdown a zone though SunMC it get the following error from the web page
SNMP request returned error status 6 (no access) snmp://xx.xx.com:nnnn/mod/scm-container/Zones/ZoneTable/ZoneEntry/zoneState#zonename
the log on the agent has
[0000008f 00a8 ]warning Nov 28 12:20:10 agent preValidateSetPDU: zoneState(zonename) [1.3.6.1.4.1.42.2
.12.2.2.85.6.1.1.10.10.98.111.116.97.110.105.120.45.97.100] - noAccess
I probably am missing a simple undocumented permissions problem.
Any help would be appreciated
Thanksmarcusj99 wrote:
When trying to shutdown a zone though SunMC it get the following error from the web page
SNMP request returned error status 6 (no access) snmp://xx.xx.com:nnnn/mod/scm-container/Zones/ZoneTable/ZoneEntry/zoneState#zonename
the log on the agent has
[0000008f 00a8 ]warning Nov 28 12:20:10 agent preValidateSetPDU: zoneState(zonename) [1.3.6.1.4.1.42.2
.12.2.2.85.6.1.1.10.10.98.111.116.97.110.105.120.45.97.100] - noAccess
I probably am missing a simple undocumented permissions problem.
Any help would be appreciatedSCM security can be tricky to get right the first time you use it. Have you performed these operations in the global zone?:
- run es-config to add your SunMC userID to the scm-container ACL?
- made sure the Project Managment and Pool Management entries are in /etc/security/prof_attr and exec_attr files?
- added your SunMC userID to the Zone/Pool/Project entries in /etc/user_attr (or used the 'usermod' command to add the entries for you)?
If any of those steps were missed then SunMC (or Solaris) may not believe you have permisson to make changes to zones/pools etc. There are a couple of SCM docs listed in with the SunMC doc set:
http://docs.sun.com/app/docs/coll/810.8?l=en
Regards,
[email protected]
http://www.HalcyonInc.com
New !! : http://forums.HalcyonInc.com !! -
SunMC Console on Windows XP not connecting
Hello,
I have just installed SunMC Center on my PC and attempted to login into the SunMC Server but get an error of communication could not be established, the server version may be incompatible.
I am able to connect using another PC, so my SMC server is up and the processes are up and fine. The working PC is on the same segment as my new PC, so I dont know what could be the issue with this PC thats not working.
Has anyone ran into this before? If so, what is not configured?
TIA
LRHi,
I had this problem-it is not a firewall issue (I had the problem with
both the firewall on my PC and the server down) but seems
to be a weird software conflict.I posted a message on this some
time ago (displayed below)..
Glad to see somebody else is also having this problem and it is not
just me.Anybody have the console on Windows XP working?
So far all I have found out is that port 23 of the SMC server is being
accessed by the SMC console on the PC (which is not working) but
on the laptop install of the SMC console it is not (this information is from
firewall logs).
Both the SMC consoles on the Laptop and the PC are installed from
the same packages.Both have the same firewall settings,both report the same java version..
Needless to say if you get it working let us know how you did it.
Cheers,
Ian
====================================
I have been trying to get the Java based console
Working from my PC and have found the following
oddments. When I run it from my PC the console fails
with a message saying �Communication could not be
Established with the server. The server version may be
Incompatible� If I then get my laptop, which has the same
Operatating system, same firewall setup, same virus software,
Same java :-
java version "1.4.2_03"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_03-b02)
Java HotSpot(TM) Client VM (build 1.4.2_03-b02, mixed mode),and the same smc software ,
remove my PC from the network and plug in my laptop in which has the
same IP address as my PC,the console software works! Does anybody have any
idea what could be preventing the console on the PC working whilst the
laptop is fine? I have a few ideas in that the console software installed on some
other pcs does not work as well so there appears to be something in common
Installed on the PC�s (but not on the laptop) which is somehow stopping
the console from working. Now ,my pc is one inherited from the ghost of sys admins
Past but there is nothing as far as I can see which could cause some form of
Conflict-I am mainly focusing on Java based software..What I guess I will have to do
Is to uninstall as much software as I can and hope to eventually find the
Culprit.. -
I cannot add SNMP legacy agent to SunMC
Hi there,
I have problems with adding my SNMP legacy agent to SunMC, I would appreciate any suggestions/solutions.
I wrote a SNMP agent using SNMP4j. It works well when stand alone. Then I try to add it to SunMC as a legacy agent. I followed the steps listed in the document "Sun Management Center 3.6.1 Installation and configuration Guide":
1, I modify the file "/var/opt/SUNWsymon/cfg/subagent-registry-d.x"; the main part that I I added is,
type = legacy
persist = false
snmpPort = "4650"
startCommand = "java -cp /profilium/SNMP4j/lib/log4j-1.2.9.jar:/profilium/SNMP4j/target/classes:/profilium/snmp-exercise snmpexercise.SnmpSend"
pollInterval = 60
pollHoldoff = 60
oidTrees = 1.3.6.1.4.1.23460
snmpVersi = SNMPv2c
securityLevel = noauth
securityName = public
I think in the modification, the tricky part is the 'startCommand'. I use the java command to start my agent, as it works at the Unix command line.
2, then I stop and restart Sun MC to make the changes effective.
The SunMC doesn't complain anything when I restart it. ~But~, after I reopen the SunMC console, I don't see anything added there. Everything looks the same as before.
Is there anything wrong with what I did? Or, I have to configure more things in the SunMC?
Thank you for advices.
XinxinIf I want to integrate my application into SunMC, ie
get/set SNMP parameters and receive traps, do I need
to hardcode all OID in the module?
Ideally, I would write a module that would proxy all
SNMP traffic to the manager server which would then
make it available to the console. This only
information I would give the module is the port
number to connect to and the port number to receive
traps. Is this possible?It doesn't quite work like that. Even if you have SunMC proxy snmp requests for your other snmp process... it won't be displayed in the Console. Basically all you're gaining is the ability to send all snmp traffic to a single port (SunMC's) and it passes along those requests on your behalf. I'd say that's not too popular a solution.
A better way to do things is to write a "module" for SunMC, and that module would know the OIDs in your manager that you're interested in. That way your data would show up properly in the Console, and you'd get access to all of SunMC's other features for "free" (i.e. setting alarms on thresholds, sending email, running scripts when bad things happen, a history of alarms in the SunMC database, and the ability to graph/report your values over time from the SunMC PRM addon).
A module is the official way of registering your other snmp process. So it depends on what you want to do... do you want SunMC to just manage the SNMP traffic for you... or do you want all the alarming/trending/graphing GUI features as well?
If you're not too sure about building a module you can have Halcyon build that part for you (we probably only need the MIB for your SNMP program/device). We're very good at it since we've been building SunMC modules for years :)
http://www.halcyoninc.com/products/a-z.php
Regards,
[email protected]
http://www.HalcyonInc.com -
Is it possible to disable authentication in SunMC WebConsole?
Is it possible to configure the webconsole so that no authentication is required to access sunmcweb? I don't need a authentication at this point because the authentication is already done on a proxy server with an self implemented single sign on system. It's very annoying to have to authenticate again to access the SunMC webconsole.
This is a Sun Management Center 4.0 installation in a Solaris 10 full root zone.
Thx for suggestions,
cheersThe SunMC webconsole in SunMC 4.0 is the Sun Java Web console (https://hostname:6789). This is the portal that many management applications at Sun will place their launch point. CAM, SunMC, zfs BUI, cluster, etc. Depending on the user's RBAC roles, he will see different things. I think the better approach is can the Sun java web console consume whatever API your single sign-on application is using rather than no login authentication.
-
Cannot access fsFileScanTable MIB using my mib browser
I am using sunmc 3.6 installed on a Netra-T4 station using Solaris 8. The sunmc server and agent are running on the same station. My MIB browser is MG-soft version 9. The MIBII proxy monitoring module is loaded and configured to SNMPv2c, port 161 and the IP of the station.
I am trying to access the sunMC proprietary MIBs that I found in util/cfg/, namely file-scan.mib.
I have compiled and loaded these MIBs unto the MG-soft mib browser and the leaves are visible. But when I try to walk on fsFileScanTable I keep getting an empty response, i.e. no rows in the table, although through the sunmc console i can clearly see 7 rows in the file scan table .
The mib browser does communicate with the agent regarding MIBII elements such as sysUpTime, so it seems that the problem isnt the communication setup (ip,port,community string).
Does anyone know this problem?Can you expand on what you mean there? Our Sun Rep
is only intent on trying to sell us expensive items
and services and never informs me of anything else.This isn't a SunMC-specific thing: it covers pretty much all Sun software under Solaris Enterprise System (which includes the "N1" stack, which is where SunMC lives):
http://www.sun.com/software/solaris/faqs/general.jsp
For SunMC this means some of the advanced features (ASM, PRM, SAM, SRM etc) that used to only come with a 60-day eval out-of-the-box now effectively have an unlimited eval period. But, if you want support, you have to buy the product license and support contract. It's been that way since late 2005.
I would love to use extra parts of SunMC but between
the cost and the never ending battle with our execs
on which Enterprise Systems Management tool to use, I
am going nowhere.So, as long as you understand if those parts of SunMC break, that you're on your own to fix them, you can use them at no cost (similar to most open-source products you're seeing companies adopt these days).
As for what Enterprise Framework to use, I think choosing just one product would be a mistake. What SunMC does well (i.e. Sun hardware monitoring) no other framework does. In my opinion you're better off using the vendor-supplied tools where possible, and integrate their data/alarms into your higher frameworks (i.e. Tivoli, HPOV, Netcool, Unicenter etc).
From what I've seen, and I'm not speaking for my company, big products like Tivoli may be able to do a lot, but their licensing costs are punishing, and some places spend years trying to roll it out enterprise-wide and it never quite works right. I'm seeing lots of datacenter managers say: "Yes, our corporate framework is product X, but I'm going to install this other tool (like SunMC) in a more tactical fashion, and have it feed data to X, and just 'get it done' quickly/cheaply/effectively".
Now I'm really getting off-topic: this has nothing to do with MIBs :)
Regards,
[email protected]
http://www.HalcyonInc.com -
Why self-defined access sequences of free goods can not work?
Hi gurus,
I have maintained access sequences of free goods self-defined.but when i creat the SO it does not work!
when i used the standard access sequences ,it is OK .
Can anybody tell me why?
thanks in advanceDear Sandy,
Go to V/N1 transaction select your self defined access sequence then go in to the accesses and fields and check all fields are activated.
Make sure that these fields are flowing in your sales order.
I hope this will help you,
Regards,
Murali. -
Partner application access to portal login info
How can an SSO partner application (Java) tell whether or not a user has logged in to Portal?
I need to log activity in a public application servlet, so I'd like to log the user as PUBLIC if not logged in or as their actual userid.
I don't seem to have access to this info until the user has visited a secure part of the app.
Any pointers would be appreciated.
Thanks
RobDIY answer ...
The cludge I used to get round this was ...
Make a PL/SQL item which displays a Login or Logout link as appropriate, based on the current userid from portal.wwctx_api.get_user.
The login link goes to a secure portal page called FORCE_LOGIN, passing a URL parameter called nextPageURL which contains the URL of the next page to show after the login is complete. You can use portal.wwpro_api_parameters.get_value( '_pageid', 'a'); to help build the current page URL if you want to retun to the current page.
The FOIRCE_LOGIN page contains a PL/SQL item which builds an IFRAME whos src is a URL to my app servlet ForceLoginServlet, passing on the nextPageURL parameter. Use portal.wwpro_api_parameters.get_value( 'nextPageURL', 'a'); to help with that.
The ForceLoginServlet is a secure servlet (set up in web.xml) so that forces a silent authentication to my app. All the servlet does is display HTML to redirect back to the URL in nextPageURL.
Horrible! But it does the job.
Anyone who know a better way of doing this, please tell me.
Rob -
How to allow access to web service running under ApplicationPoolIdentity
Hi All,
I have a WCF web service hosted in IIS 7 (or maybe 7.5, whichever comes with Windows server 2008 R2) using DefaultAppPool running under ApplicationPoolIdentity per Microsoft's recommendation. The web service needs to call a stored procedure to insert data
to a db. The web server is on a different VM than the database server. The db server is running SQL 2008 R2. Both VMs run Windows server 2008 R2.
When the web service tries to connect to db, it encounters this exception:
Exception in InsertToDb()System.Data.SqlClient.SqlException (0x80131904): Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection)
Here's the connection string in web.config:
Application Name=somewebservice;Server=somewebserver;Integrated Security=SSPI;Database=somedatabase;Connection Timeout=60"
How should I configure SQL security to make this work?
Thanks in advanced.Thanks for the link Dan. Maybe I'm the one who cause the confusion :)
If I understand you(and Erland) correctly, you suggest using a custom, domain account for application pool identity. However, if we do that, our IT will need to maintain those accounts, and they don't want that. So I'm choosing a built-in account called
ApplicationPoolIdentity as the application pool identity, but it's not working. Network Service, on the other hand, works, but my boss wants us to follow MS's best practice.
What's puzzling is that according to this: http://learn.iis.net/page.aspx/624/application-pool-identities/, both Network Service and ApplicationPoolIdentity uses machine account to access network resource (like db in this case), but in my case, Network Service
works, but not ApplicationPoolIdentity.
Hallo Stephen,
with respect - it seems to me that only idiots are working at your IT ;)... It is absolutely useful to work with "service accounts" created within the domain. That's the only way to manage and control accounts!
If you want to "pass through" the identity of the web user (SSO) you have to check whether the app pool is set to "allow impersonate". As far as I understand the ApplicationPoolIdentity-function the app pool will create a unique user named as the service.
I assume that will not work with the connection to the sql server because this user is unknown.
Local Service will not work because it's restriction is located to the local machine.
Network Service will work because access to network resources will be available.
So my recommendation is to use a dedicated service account or impersonation:
http://msdn.microsoft.com/en-us/library/xh507fc5.aspx
Uwe Ricken
MCITP Database Administrator 2005
MCITP Database Administrator 2008
MCITS Microsoft SQL Server 2008, Database Development
db Berater GmbH
http://www-db-berater.de -
How to let SAP user use SSO to access Application in DMZ?
Hi All,
Our J2EE application is running on a system in DMZ which can not be connected with LDAP. So I am wondering if it's possible to let SAP user use SSO to access our application.
After talking with my colleague I think the only way is to import SSO public key to our WebAS and create user in UME and then assign user to the corresponding public key, but anybody know where to download SSP verification file or is it allowed to download and import into another system at all?
Regards,
BinHi,
Take a look at this example, it uses property nodes to select tha
active plot and then changes the color of that plot.
If you want to make the number of plots dynamic you could use a for
loop and an array of color boxes.
I hope this helps.
Regards,
Juan Carlos
N.I.
Attachments:
Changing_plot_color.vi 38 KB -
How do I access the web utility with model cisco sf302-08p ?
Hi,i have a problem with the model Cisco SB SF302-08PP Switch , i connect a cable rj45 to my pc and configure the adapter local area connection (ip address:192.168.1.252), the LEDs blink green, and go to the address bar and get the IP by default, which according to the manual is 192.168.1.254 and the result is: page not found. Is there any way to change the web utility? How do I access the web utility?
restore the switch by holding more than 30 seconds and try accessing with ip 192.168.1.254. username and password is "cisco". before change your base ip to 192.168.1.2-253.try to ping and check the connectivity
-
MS ACCESS, NULL, and '%'
I am using a prepared statement to query my access database which contains personal data first name, last name, address, city, state, etc.... I allow the user to search the database by any of these fields (or any combination of them) by making the default values for any empty fields '%'. Here's my select statement.
stmt =conn.prepareStatement("SELECT * FROM Data1 WHERE first_name LIKE ? AND last_name LIKE ? AND city LIKE ? ....");
stmt.setString(1, firstNameField.getText()+"%");
stmt.setString(2, lastNameField.getText()+"%");
stmt.setString(3, cityField.getText()+"%");
This worked but didn't return a record if ANY of their values are NULL. So I changed my select statement to allow for NULL values.
stmt =conn.prepareStatement("SELECT * FROM Data1 WHERE (first_name LIKE ? OR first_name IS NULL) AND (last_name LIKE ? OR last_name IS NULL) AND (city LIKE ? OR city IS NULL) ....");
stmt.setString(1, firstNameField.getText()+"%");
stmt.setString(2, lastNameField.getText()+"%");
stmt.setString(3, cityField.getText()+"%");
This fixed that problem, but now it ALWAYS returns the records with NULL fields. I want it to only match NULL fields if the coressponding JTextField is left blank. Can anyone tell me a good way to do this?How can I create it dynamically and still keep the
speed of a prepared statement??Unless you are doing block inserts in a loop you are probably not going to see any speed improvement anyways.
But as I said you can simply create all the combinations and then use an array to keep track of them. -
Sharepoint foundation 2010 externel https access problems
I have a very strange problem with my sharepoint foundation 2010 site.
I have a site which is accessible from outside on https (we have a valid certificate). I configured IIS for http and https.
Also I configured internal and externel access for this site on sharepoint.
But sometimes, the site is not accessible from outside on https with (externe.site.fr), BUT it will be accessible with public ip !!!
And also accessible from inside. (with interne.intranet.site.fr)
Any Idea ?
thanksHi,
According to your post, my understanding is that your site is not accessible from outside using external host name with https sometimes.
As your site can be accessible with public IP, however it can’t be accessible from outside using external host name with https sometimes, the issue could be caused by the gateway server in your environment.
I suggest that you need to check the gateway server configuration.
For more information, you can refer to:
http://community.bamboosolutions.com/blogs/sharepoint-2013/archive/2012/12/05/how-to-set-up-microsoft-forefront-unified-access-gateway-environment-for-sharepoint-2013.aspx
http://nhutcmos.wordpress.com/2013/07/26/configure-ssl-certificate-for-sharepoint-external-https-access/
http://sharepointdotnetwiki.iblogger.org/2009/12/dns-setup-in-sharepoint/
http://underthehood.ironworks.com/2010/06/making-a-sharepoint-2010-site-externally-available-alternate-access-mappings-host-header-bindings.html
Best Regards,
Yumi Fu
Maybe you are looking for
-
How to create and configure a user for MaxDB monitoring
Good Morning, Is it possible to create a user in MaxDB which can only, check DB State, Data Space (Used, Available, Etc) and Log Space? If possible, how to create it and the respective authorizations? The reason i'm asking you that is because i need
-
Round trip to CS4 has me trippin'
This issue only seems to effect images from my old D60 (which I no longer use) and from my G7 (which I mainly use under water). Also, it only occurs when using CS4: If I switch my external editor back to CS3, it doesn't happen. When I do the round tr
-
My entire library is on iTunes Match however after a recent fubar with my external hard drive, whilst I can play all my music through Apple TV I can't access it all on my Air. This was the original device used to download. Any thoughts? There doesn't
-
My short films have disappeared! How can I get them back?
After syncing my ipad, all of my short films disappeared! I looked through my purchases and everything i could think of...... Please help?
-
How do I suppress an object in Indesign CS2?
I can use the attribute palette to set to non printing though this makes the item disappear? I want to leave the object on screen for another operator too see but cant print?? thanks lister Mac OSX CS2