Text Spam to VZW Access Manager - @ $.20 a pop

Similar Messages

• VZW Access manager freezing MacBook Pro

  I use VZW Access Manager to connect to the internet via bluetooth through my BlackBerry.  I am using the latest version of the software.  Sometimes VZW Access Mananger will freeze up after I have disconnected my phone.  I've tried to force quit the application but it still displays the pinball when I try to reconnect via VZW Access Manager.  The only way that I can completely force quit the program is to do a hard shut down.  I've tried simply restarting the computer and shutting it down, but it freezes up when it tries to shut down/restart.  Has anyone else experienced this??  Any suggestions??  Please help, it's starting to become really annoying!  I purchased the MacBook Pro in November so it is relatively new....

  Uninstall Virus Barrier don't use it again. ClamXav is free and won't bugger up your machine.
  Uninstall your RIM software, check for updates/compatability with iTunes 11.
  Run through this list of fixes 1-15.
  Step by Step to fix your Mac
  And make sure of your machines performance
  Why is my computer slow?
  Backup backup backup
  Most commonly used backup methods

• MAC: Uml290 & vzw access manager, IPSec VPN connections don't work

  So, my vpn connections work if I use my UML290 on windows using verizon access manager
  I am now using the new verizon access manager on my mac, and my VPN connections do NOT work. It tries to connect then immediately stops the attempt at connecting and fails (i can access other websites etc OK, I have connectivity!)
  This is a huge problem for me

  Hello,
  I have been having the same problems. When not connected to VPN, things work fine. When VPN connects, all traffic stops passing, even though there is a successful connection. When I disconnect VPN, all traffic resumes.
  I have gone through this with technical support even to the point of doing a trace during the problem and they confirm that the traffic drops, but do not feel it is a network issue. This problem does not happen with any other network adapter I use (Wi-Fi, T-mobile 4G laptop stick).
  I've put together links of articles I have found online describing this problem and probable cause - which I think is an IP address conflict in the 10.x.x.x space. No resolution has been offered to me. I hope these articles help others or if they are having the same experience they might post here.
  http://delicious.com/stacks/view/SL8rGb - "Verizon LTE problems with VPN using Pantech UML 290" - Link Stack
  If anyone comes across a resolution or knows if there will be an update of any kind to fix this, I would appreciate it, thank you.

• Text problems on X40 Access Connection​s and Power Manager

  Recently, and possibly in conjunction with a recent Lenovo update, Access Connections and Power Manager (at the least, there may be other programs that have problems too, but I have not checked all) display all text as little boxes.  The functionality is still there, but it is kind of hard to figure out what's what.  I have PM 1.6.3 (just installed the latest), but not sure of version of Access Manager, as I can't see it.
  I can email a screen shot if needed, but could not figure out how to put one in here.  Any help would be most appreciated. 
  Bruce

  Hi Sami,
  I just got stuck on the same problem as you and following is what I found in details fro ThinkVantage Access Connections version 5.30. Hope this helps.
  Jakub
  <Limited User>
    A Limited user can create and apply only modem profiles. However, if
    Administrator sets "Allow Windows users without administrator
    privileges to create and apply location profiles" option in the
    Global settings then the user can create and apply any kinds of
    profiles in the system.
    Also, a limited user cannot:
    1. Edit setting for the Automatic Ethernet and Wireless location
       profiles switching.
    2. Edit Global settings.
    3. Edit profiles created by another user in the system.
    4. Renew or release IP in the Diagnostics panel.
    5. Export profiles.
    The limitations on Power user also apply on Limited user.

• Can not configure Access Manager

  Hi all,
  1. I istalled Sun java messaging server 6.
  2. I edit amsamplesilent to prepare amsamplesilent.my:
  # cd /opt/SUNWam/bin
  #mv amsamplesilent amsamplesilent.my
  3. I configure Access Manager:
  #./amconfig -s amsamplesilent.my but get the following error:
  # ./amconfig amsamplesilent.my
  Usage: amconfig -s <silentinputfile>
  ./amconfig: Sourcing ./amutils
  ln: cannot create /opt/SUNWam/lib/jaxrpc-spi.jar: File exists
  chown: jaxrpc-spi.jar: No such file or directory
  full install
  ./amdsconfig: Sourcing ./amutils
  LD_LIBRARY_PATH is --- /usr/lib/mps/secv1:/usr/lib/mps/secv1:/usr/lib/mps/secv1:/opt/SUNWam/lib:/opt/SUNWam/ldaplib/ldapsdk
  CLASSPATH is --- /opt/SUNWam/locale:/etc/opt/SUNWam/config:/opt/SUNWam/lib:/opt/SUNWam/lib/am_services.jar:/opt/SUNWam/lib/ldapjdk.jar:/usr/share/lib/mps/secv1/jss3.jar:/opt/SUNWam/lib/am_sdk.jar
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  sleep 3
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  sleep 4
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  sleep 5
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  sleep 6
  ERROR : Loading of Access Manager schema into the Directory failed
  Starting the tag swapping of the install.ldif and installExisting.ldif
  ROOT_SUFFIX is dc=iplanet,dc=com
  People_NM_ROOT_SUFFIX is People_dc=iplanet_dc=com
  SERVER_HOST sample.red.iplanet.com
  DIRECTORY_SERVER sample.red.iplanet.com
  DIRECTORY_PORT 389
  USER_NAMING_ATTR uid
  ORG_NAMING_ATTR o
  CONSOLE_DEPLOY_URI /amconsole
  ORG_OBJECT_CLASS sunismanagedorganization
  RS_RDN iplanet
  USER_OBJECT_CLASS inetorgperson
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  sleep 3
  ERROR : Configuring/Loading of the default DIT in the Directory Server failed
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  sleep 3
  Warning : Plugins and Indexes already exist.
  ./amsvcconfig: Sourcing ./amutils
  LD_LIBRARY_PATH is --- /usr/lib/mps/secv1:/usr/lib/mps/secv1:/usr/lib/mps/secv1:/opt/SUNWam/lib:/opt/SUNWam/ldaplib/ldapsdk
  CLASSPATH is --- /opt/SUNWam/locale:/etc/opt/SUNWam/config:/opt/SUNWam/lib:/opt/SUNWam/lib/am_services.jar:/opt/SUNWam/lib/ldapjdk.jar:/usr/share/lib/mps/secv1/jss3.jar:/opt/SUNWam/lib/am_sdk.jar
  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  Loading service schema XML files ...
  Info 112: Entering ldapAuthenticate method!
  Error 15: Cannot authenticate user.
  LDAP authentication failed.
  Error 9: Operation failed: Error 15: Cannot authenticate user.
  Error occured while loading: /etc/opt/SUNWam/config/ums/ums.xml
  ./amws61config: Sourcing ./amutils
  /opt/SUNWam/console.war: No such file or directory
  current web app is applications
  copying files from sunwamconsdk
  Swapping tag swap in index.html files ...
  Making amconsole.war
  Successfully done making warfile ...
  Deploying from /opt/SUNWam/web-src/applications (/opt/SUNWam/amconsole.war) to /opt/SUNWwbsvr/https-sample.red.iplanet.com/is-web-apps/applications for /amconsole
  wdeploy deploy -u /amconsole -i https-sample.red.iplanet.com -v https-sample.red.iplanet.com -d /opt/SUNWwbsvr/https-sample.red.iplanet.com/is-web-apps/applications /opt/SUNWam/amconsole.war
  [wdeploy] The war file name is /opt/SUNWam/amconsole.war
  [wdeploy] Fatal error in parsing XML file ..Premature end of file.
  [wdeploy] (-1, -1) in file null
  [wdeploy] Error encountered while parsing /opt/SUNWwbsvr/https-sample.red.iplanet.com/config/server.xml
  Failed deploying /amconsole
  /opt/SUNWam/services.war: No such file or directory
  current web app is services
  Swapping tag swap in index.html files ...
  Making amserver.war
  Successfully done making warfile ...
  Deploying from /opt/SUNWam/web-src/services (/opt/SUNWam/amserver.war) to /opt/SUNWwbsvr/https-sample.red.iplanet.com/is-web-apps/services for /amserver
  wdeploy deploy -u /amserver -i https-sample.red.iplanet.com -v https-sample.red.iplanet.com -d /opt/SUNWwbsvr/https-sample.red.iplanet.com/is-web-apps/services /opt/SUNWam/amserver.war
  [wdeploy] The war file name is /opt/SUNWam/amserver.war
  [wdeploy] Fatal error in parsing XML file ..Premature end of file.
  [wdeploy] (-1, -1) in file null
  [wdeploy] Error encountered while parsing /opt/SUNWwbsvr/https-sample.red.iplanet.com/config/server.xml
  Failed deploying /amserver
  /opt/SUNWam/password.war: No such file or directory
  current web app is password
  Swapping tag swap in index.html files ...
  Making ampassword.war
  Successfully done making warfile ...
  Deploying from /opt/SUNWam/web-src/password (/opt/SUNWam/ampassword.war) to /opt/SUNWwbsvr/https-sample.red.iplanet.com/is-web-apps/password for /ampassword
  wdeploy deploy -u /ampassword -i https-sample.red.iplanet.com -v https-sample.red.iplanet.com -d /opt/SUNWwbsvr/https-sample.red.iplanet.com/is-web-apps/password /opt/SUNWam/ampassword.war
  [wdeploy] The war file name is /opt/SUNWam/ampassword.war
  [wdeploy] Fatal error in parsing XML file ..Premature end of file.
  [wdeploy] (-1, -1) in file null
  [wdeploy] Error encountered while parsing /opt/SUNWwbsvr/https-sample.red.iplanet.com/config/server.xml
  Failed deploying /ampassword
  /opt/SUNWam/introduction.war: No such file or directory
  current web app is common
  Swapping tag swap in index.html files ...
  Making amcommon.war
  Successfully done making warfile ...
  Deploying from /opt/SUNWam/web-src/common (/opt/SUNWam/amcommon.war) to /opt/SUNWwbsvr/https-sample.red.iplanet.com/is-web-apps/common for /amcommon
  wdeploy deploy -u /amcommon -i https-sample.red.iplanet.com -v https-sample.red.iplanet.com -d /opt/SUNWwbsvr/https-sample.red.iplanet.com/is-web-apps/common /opt/SUNWam/amcommon.war
  [wdeploy] The war file name is /opt/SUNWam/amcommon.war
  [wdeploy] Fatal error in parsing XML file ..Premature end of file.
  [wdeploy] (-1, -1) in file null
  [wdeploy] Error encountered while parsing /opt/SUNWwbsvr/https-sample.red.iplanet.com/config/server.xml
  Failed deploying /amcommon
  Checking if Web Server is already configed with Access Manager
  Configuring Web Server
  Mime type: 'type=text/vnd.wap.wml' already exists: Skipping ....
  Mime type: 'type=image/vnd.wap.wbmp' already exists: Skipping ....
  I tried again but I still get this error.
  Any Ideas for this problem?
  Thanks.

  ldap_simple_bind: Can't connect to the LDAP server - No route to host
  i would consider this a fatal error.
  The system cannot locate where your Directory Server is. "no route to host" means that it's trying to get to the host, but your networking isn't set up correctly, and it doesn't find any route to get to the specified host.

• UWC/CE 6.3 and Access Manager 7.1 SSO sometimes fails (seems like a bug)

  PREAMBULA: I started writing this post thinking that our AM SSO setup was at fault in some step. As I was gathering data, checking the doc-links and config files and finally sniffed the servers for HTTP dialogs, I grew pretty sure there's a bug in UWC/CE, AM SDK or Web Server Policy Agent, whatever implements the AM SSO session checking.
  In short, as written below, our "sunmail" server can POST a broken cookie to AM server, if the cookie originally contained a "plus" character. The "plus" is replaced by a "space", invalidating the session check. As we know, "+" is often used in URLs to "escape" the space character. Perhaps some URL cleanup routine backfired here. I have double-checked, it is not the reverse proxy on "psam" breaking things. It is "sunmail" (UWC/CE or Policy Agent, don't know for certain) supplying the broken request. On the few occasions when the AM cookie contains no "plus" characters, the SSO works like a charm (also checked by a sniffer). Whenever there is a "plus", it breaks.
  Is there some known bug or workaround that matches this description?
  Nevertheless, for completeness' sake I kept the description of our setup. Maybe it's at fault after all :)
  We have an installation of JCS5 with the latest patches as of early July 2008. And as the subject implies, we have problems with AM SSO in UWC/CE web-interface. I have reported them before, then they seemed fixed (not occuring for several tests in a row), but as time has shown, something wrong is still there.
  So I'll try to go into deeper detail now, as we've may have overlooked some nuance... Then again, as my sniffer research below shows, this may be an engine bug and these setup details are irrelevant.
  Our setup is split into several Solaris 10 full-root zones hosted on several servers, some of the components are enroute to HA (perhaps we made some mistakes on this part of the way?)
  So, we have the following software stack:
  1) two MMR Directory Servers (DSEE 6.3 = DSEE 6.2 from JCS5 + 125278-07__DSEE_6.3__x86x64 + 125277-07__DSEE_6.3__x86_sol9 patches) working in zones on two different servers. Except for one time when a manually forced ZFS rollback corrupted one of the server instances, no problems here.
  2) two zones with Directory Proxy Servers (6.3, exact versions as above) running at port 389 provide the clients with an illusion that they have a stable Directory Server, even if one of the actual servers is currently rebooting ;)
  These DPS zones are hosted on two different servers as well and are primarily used by LDAP clients (JCS components) running in other zones on the same respective servers.
  3) A zone with Sun Web Server 7.0U1 and Access Manager 7.1 (+ 126357-01__AM71_x86 patch) and Delegated Admin 6.4-4.01 (from JCS5 + 121582-18__COMMCLI64__x86 patch).
  At the moment there is one such zone (named "cos-psam-01.domain.ru" in the logs below), but we expect(-ed) it to become two similar zones as per AM HA setup.
  Zones listed in (1-3) use private IP numbers, they belong in our internal DMZ.
  Zones listed in (4-5) below use public (routed) IP numbers, they belong in our external DMZ.
  4) A zone with Sun Web Server 7.0U1 used primarily as a reverse-proxy server (optionally with a load-balancer libpassthrough.so plugin) successfully used for other hosted projects. One of its configurations now passes connections from an externally routed IP address published as "psam.domain.ru" to "cos-psam-01.domain.ru", per AM HA setup, so HTTP clients believe they work with an Access Manager instance. This zone has a backend interface with a private IP address to communicate with the actual AM instance.
  In AM configuration (both LDAP and file-based) we have configured a site ID with the publicly known name and mentioned both names (psam and cos-psam-01) in organization's realm/dns aliases.
  5) A zone with the rest of the Sun Java Communications Suite 5, as in Messaging Server 6.3 (6.3-6.03 64-bit: ci-5.0-1.03_solx86_x64__Messaging_Server_6.3-2 + patch 126480-09__MSG63__x86-64), UWC/CE 6.3 (from JCS5 + 122794-17__UWC63-4.01_core__x86), Instant Messaging 7.2 (from JCS5 + 118790-29__IM72__x86-1 + 118787-28__IM72__x86-2), Calendar Server 6.3 (from JCS5 + 121658-28__iCS63__x86). The web-components (UWC/CE, IM, /httpbind) are deployed in a Sun Web Server 7.0U1 as well.
  This zone is named "sunmail.domain.ru" and has a routed IP address for direct external access to its servicess.
  The AM SDK part is also patched (126357-01__AM71_x86); it points to the load-balancer name ("psam.domain.ru") as an actual AM server.
  # imsimta version
  Sun Java(tm) System Messaging Server 6.3-6.03 (built Mar 14 2008; 64bit)
  libimta.so 6.3-6.03 (built 17:15:08, Mar 14 2008; 64bit)
  SunOS sunmail 5.10 Generic_127112-07 i86pc i386 i86pc
  While setting up this server set we tried to use AM SSO as the user login method, but it works unreliably.
  "Unreliably" means that while most of the time entering a correct uid and password in Access Manager login page ("http://psam.domain.ru/amserver/UI/Login") does redirect a user back to "http://sunmail.domain.ru/uwc/auth" along with a new cookie, and the user is redirected again to his or her mailbox, sometimes the user receives the UWC/CE login page. Entering the same uid and password here does log him in, but it breaks the whole point of SSO and only increases the end-user routine required to log in :\
  We have also seen the "missing mail tab" problem - if the users point the browser to any hostname different from "sunmail.domain.ru" (i.e. www.mail.domain.ru which is equivalent in DNS), they have only the Address book, Calendar and Options tabs; no webmail. So far this is resolved by Policy Agent forcing The One name of the server.
  Here's the configuration we did specifically for AM SSO:
  1) in AMConfig.properties of "sunmail" and "cos-psam-01" we set up
  com.iplanet.am.cookie.encode=false
  am.encryption.pwd=<the same value>
  all hostname-related parameters point to "psam.domain.ru"
  2) in AMConfig.properties of "cos-psam-01" a number of FQDN equivalence entries are added (so it does not redirect to a server hostname unknown to visitors):
  com.sun.identity.server.fqdnMap[publicname-or-ip]=psam.domain.ru
  com.sun.identity.server.fqdnMap[cos-psam-01.domain.ru]=cos-psam-01.domain.ru
  3) in "msg.conf" on "sunmail" (entries added via configutil):
  local.webmail.sso.amcookiename = iPlanetDirectoryPro
  local.webmail.sso.amnamingurl = http://psam.domain.ru:80/amserver/namingservice
  local.webmail.sso.singlesignoff = yes
  local.webmail.sso.uwcenabled = 1
  service.http.ipsecurity = no
  (perhaps some more options are required? Looking for confirmation about: local.webmail.sso.uwclogouturl local.webmail.sso.uwccontexturi local.webmail.sso.uwchome service.http.allowadminproxy )
  4) Configured Web Policy Agent for Sun Web Server, so that users without an AM session are required to get one. Set up per [http://msg.wikidoc.info/index.php/AM_redirection_using_Policy_Agent], except that com.sun.am.policy.agents.config.notenforced_list points to the many names our server can go known by.
  5) Updated the logout URL in /opt/SUNWuwc/webmail/main.js:
  --- main.js.orig        Sat Jan 26 07:52:09 2008
  +++ main.js     Mon Jul 21 01:06:29 2008
  @@ -667,7 +667,8 @@
  function cleanup() {
     if(laurel)
  -      top.window.location =  getUWCHost() + "/base/UWCMain?op=logout"
  +//      top.window.location =  getUWCHost() + "/base/UWCMain?op=logout"
  +      top.window.location =  "http://sunmail.domain.ru:80/base/UWCMain?op=logout"
     else
         exec('logout', '', 'exit()')
  @@ -1707,7 +1708,8 @@
     if(lg) {
           url = document.location.href
           url = url.substr(0,url.indexOf('webmail'))
  -        uwcurl = url + 'base/UWCMain?op=logout'        
  +//      uwcurl = url + 'base/UWCMain?op=logout'        
  +        uwcurl = "http://sunmail.domain.ru:80/base/UWCMain?op=logout"
     exit()
  }6) Calendar SSO - per docs...
  According to ngrep sniffing,
  1) the browser goes to "http://sunmail.domain.ru/uwc/auth" without any cookies
  2) receives a redirect and goes to "http://psam.domain.ru/amserver/UI/Login?gotoOnFail=http://sunmail.domain.ru:80/uwc&goto=http%3A%2F%2Fsunmail.domain.ru%3A80%2Fuwc%2Fauth"; sends no cookies either.
  3) The first response from the "psam" server (as redirected from "cos-psam-01") sets a few cookies while rendering the login page:
  Set-cookie: JSESSIONID=7EF8F2810D2071CA03CFEAE9972735B2; Path=/
  Set-cookie: AMAuthCookie=AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#; Domain=.domain.ru; Path=/
  Set-cookie: amlbcookie=02; Domain=.domain.ru; Path=/
  4) The browser requests the login page resources (javascripts, images, etc) using these cookies, as in this header line:
  Cookie: JSESSIONID=7EF8F2810D2071CA03CFEAE9972735B2; AMAuthCookie=AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#; amlbcookie=02
  5) The browser POSTs the login request to "/amserver/UI/Login" and receives a redirection to http://sunmail.domain.ru:80/uwc/auth
  Set-cookie: iPlanetDirectoryPro=AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#; Domain=.domain.ru; Path=/
  Set-cookie: AMAuthCookie=LOGOUT; Domain=.domain.ru; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
  6) The browser requests "http://sunmail.domain.ru/uwc/auth" using the newly set cookie (looks like the old one to me though):
  Cookie: amlbcookie=02; iPlanetDirectoryPro=AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#
  7) The "sunmail" web-server checks the AM session validity with the same "psam.domain.ru". It sends a series of POSTs to /amserver/namingservice:
  <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  <RequestSet vers="1.0" svcid="com.iplanet.am.naming" reqid="685">
  <Request><![CDATA[
  <NamingRequest vers="1.0" reqid="324" sessid="AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#">
  <GetNamingProfile>
  </GetNamingProfile>
  </NamingRequest>]]>
  </Request>
  </RequestSet>(receives a large XML list of different Access Manager configuration parameters and URLs)
  ...then a double-request to /amserver/sessionservice:
  <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  <RequestSet vers="1.0" svcid="Session" reqid="686">
  <Request><![CDATA[
  <SessionRequest vers="1.0" reqid="678">
  <GetSession reset="true">
  <SessionID>AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#</SessionID>
  </GetSession>
  </SessionRequest>]]>
  </Request>
  <Request><![CDATA[
  <SessionRequest vers="1.0" reqid="679">
  <AddSessionListener>
  <URL>http://sunmail.domain.ru:80/UpdateAgentCacheServlet?shortcircuit=false</URL>
  <SessionID>AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#</SessionID>
  </AddSessionListener>
  </SessionRequest>]]>
  </Request>
  </RequestSet>As a result it receives an XML with a lot of user-specific information (the username, LDAP DN, preferred locale, auth module used, etc.)
  !!!*** Now, the problem part ***!!!
  8) And then "sunmail" POSTs a broken cookie to "psam" (note the space in mid-text, where the "plus" sign was previously). As we know, "+" is often used in URLs to "escape" the space character. Perhaps some URL cleanup routine backfired here.
  I have double-checked, it is not the reverse proxy on "psam" breaking things. It is "sunmail" (UWC/CE or Policy Agent, don't know for certain) supplying the broken request. I looked over the large XML responses to the two previous requests, whenever they mention the session cookie value, the "plus" is there.
  For the most detail I can provide, I'll even paste the whole HTTP packet:
  POST /amserver/sessionservice HTTP/1.1
  Proxy-agent: Sun-Java-System-Web-Server/7.0
  Cookie: iPlanetDirectoryPro=AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1 xTqH7C3I=@AAJTSQACMDI=#;amlbcookie=null
  Content-type: text/xml;charset=UTF-8
  Content-length: 336
  Cache-control: no-cache
  Pragma: no-cache
  User-agent: Java/1.5.0_09
  Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
  Host: cos-psam-01.domain.ru
  Client-ip: 194.xxx.xxx.xxx
  Via: 1.1 https-weblb.domain.ru
  Connection: keep-alive
  <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  <RequestSet vers="1.0" svcid="session" reqid="258">
  <Request><![CDATA[<SessionRequest vers="1.0" reqid="254">
  <GetSession reset="true">
  <SessionID>AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1 xTqH7C3I=@AAJTSQACMDI=#</SessionID>
  </GetSession>
  </SessionRequest>]]></Request>
  </RequestSet> The server's error response is apparent:
  HTTP/1.1 200 OK
  Server: Sun-Java-System-Web-Server/7.0
  Date: Thu, 31 Jul 2008 05:49:50 GMT
  Content-type: text/html
  Transfer-encoding: chunked
  19b
  <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  <ResponseSet vers="1.0" svcid="session" reqid="258">
  <Response><![CDATA[<SessionResponse vers="1.0" reqid="254">
  <GetSession>
  <Exception>AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1 xTqH7C3I=@AAJTSQACMDI=# Invalid session ID
  AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1 xTqH7C3I=@AAJTSQACMDI=#</Exception>
  </GetSession>
  </SessionResponse>]]></Response>
  </ResponseSet>On the few occasions when the AM cookie contains no "plus" characters, the SSO works like a charm (also checked by a sniffer). Whenever there is a "plus", it breaks.
  For reference, here's a working final request-response (one with a good cookie, as received by the load-balancer web-server). Request looks a bit different:
  POST /amserver/sessionservice HTTP/1.1
  Cookie: iPlanetDirectoryPro=AQIC5wM2LY4Sfcy/5sEzVmuq9z1ggdHOkBDgVFAwfhqvn4U=@AAJTSQACMDI=#;amlbcookie=null
  Content-Type: text/xml;charset=UTF-8
  Content-Length: 379
  Cache-Control: no-cache
  Pragma: no-cache
  User-Agent: Java/1.5.0_09
  Host: psam.domain.ru
  Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
  Connection: keep-alive
  <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  <RequestSet vers="1.0" svcid="session" reqid="281">
  <Request><![CDATA[<SessionRequest vers="1.0" reqid="277">
  <SetProperty>
  <SessionID>AQIC5wM2LY4Sfcy/5sEzVmuq9z1ggdHOkBDgVFAwfhqvn4U=@AAJTSQACMDI=#</SessionID>
  <Property name="uwcstatus" value="active"></Property>
  </SetProperty>
  </SessionRequest>]]></Request>
  </RequestSet> ...and the response is OK:
  <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  <ResponseSet vers="1.0" svcid="session" reqid="281">
  <Response><![CDATA[<SessionResponse vers="1.0" reqid="277">
  <SetProperty>
  <OK></OK>
  </SetProperty>
  </SessionResponse>]]></Response>
  </ResponseSet>

  There have been a few reports of the same behaviour with other customers - specifically with the handling of the encoding of "+" characters to " ". It relates to how cookie encoding/decoding is performed (as you have already observed).
  The solution for these customers was the following:
  => AM server/client side:
  Ensure that com.iplanet.am.cookie.encode=false in AMConfig.properties and AMAgent.properties on all systems.
  => AM client (UWC) side:
  - Set <property name="encodeCookies" value="false"/> in /var/opt/SUNWuwc/WEB-INF/sun-web.xml. This will prevent UWC from trying to urldecode the cookie it receives and therefore stops it turning the + into a space e.g.
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE sun-web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 7.0 Servlet 2.3//EN' 'file:///net/wajra.india.sun.com/export/share/dtd/sun-web-app_2_3-1.dtd'>
  <sun-web-app>
     <property name="encodeCookies" value="false"/>
     <session-config>
        <session-manager/>
     </session-config>
     <jsp-config/>
  <property name="allowLinking" value="true" />
  </sun-web-app>Regards,
  Shane.

• Do I have to configure realm policy in Access Manager for IDM SPML Request

  Hi all,
  I wanted to run a SPML request from my application to the IDM which is presently protected by an AM server. Somehow, I get the following error, while I run a search using SpmlClient:
  org.openspml.util.SpmlException: Unsupported response content type "text/html", must be: "text/xml".
  Do I have to set a policy in Sun Access manager for the realm? Guys, pls help.
  Thanks,
  Aneesh.

  > I believe as long as you have access to the above two you can turn the CA off if you want.
  Enterprise CAs are not intended to be offline. Therefore, you should not turn off them. If these root CAs issue certificates only to subordinate CAs, then you should consider to implement offline Standalone (not Enterprise) Root CAs.
  > I believe the location of the CRL is detailed in the CDP which is detailed on the Certs issued but a given CA, so the client can look in the Cert and see what it states about the CDP and thereby get the list of revoked certs.
  this is correct.
  > to place its CDP at a location other than the  default location in case it overwrites the existing CRL at the default location
  no, CDP locations should be defined in the post-installation script.
  > does the fully qualified X500 name of the CDP include the CA Name (and therefore be unique) and it will not over write the original
  yes, LDAP URL includes CA server's NetBIOS name to differentiate between CAs.
  My weblog: en-us.sysadmins.lv
  PowerShell PKI Module: pspki.codeplex.com
  PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
  Check out new: SSL Certificate Verifier
  Check out new:
  PowerShell FCIV tool.

• Oracle Access Manager and Passing Cert Info to HTML or JSP

  Friends,
  We are trying to pass the CN information from our smartcard (CAC) that looks i.e. john.doe.123456789 as a parameters to an Oracle Forms using the staticHTML implementation utilizing the OBLIX SSO OR utilizing a JSP or HTML file to read these parameters and update OID. We can pass the UID but since we will have First-time Registration of the Smartcards, the UID doesn't count since the CN information from the Smartcard has not been populated at this point to the OID, we are trying to get the functionality going to get the user first to put in their login and password but at submit time, to update the OID with the CN information to a separate column of OID and not the UID.
  Utilizing the OAM, we have been able to proof concept the authentication using the UID by using the Policy Manager and the Access System Console --> Access System Configuration. It's works well with the plugin that comes with the OAM (SSOOblixAuth.java) and thx to Oracle Support, but we need to be able to pass other parameters that are specified as a part of the Resource - Action as headervars such as
  HeaderVar OBLIX_SN or
  hearderVar OBLIX_MAIL
  Our Oracle Access Implementation is in halt until we find a way to pass these return Attributes to our Oracle Forms. The Oracle Forms running SSO is working greatly with just the userlogin and password (UID is passed as a header) without the Oracle Access Manager (OBLIX) but now we have shifted to this product for reading and processing Smartcard information.
  Any help we can get, we very much appreciate it.
  KA

  O.K.
  I am getting closer but still not getting the ssooblixuser or ssooblixcn. I have
  the following jsp to fire after a successful authentication.
  The following code is utilized in our SSO environment for changing passwords.
  The bolded line should get the ssooblixuser but it is not..
  <%
  response.setHeader("Cache-Control", "no-cache");
  response.setHeader("Pragma", "no-cache");
  response.setHeader("Expires", "Thu, 29 Oct 1969 17:04:19 GMT");
  request.setCharacterEncoding("UTF-8");
  response.setContentType("text/html; charset=UTF-8");
  String remoteUser = null;
  String userDn = null;
  String referer = null;
  String oblixheader = null;
  remoteUser = request.getRemoteUser();
  userDn=request.getHeader("OSSO-USER-DN");
  referer=request.getHeader("referer");
  oblixuser = request.getHeader("ssooblixuser");
  %>
  <HTML>
  <HEAD>
  <SCRIPT language="JavaScript">
  function validatePasswordsMatch()
  var frm = document.forms["changePassword"];
  if(frm.newpwd.value != frm.confirm_newpwd.value)
  alert('The Password and verified password do not match!');
  return false;
  else
  document.changePassword.submit();
  return false;
  function cancelButton()
  document.close();
  </SCRIPT>
  </HEAD>
  <BODY bgcolor="#cae3ff" >
  <table width="750" height="10" border="0" cellspacing="0" cellpadding="0">
  </table>
  <TABLE ALIGN="Center">
  <TR><TD>User Name</TD><TD> <%=remoteUser%> </TD></TR>
  <TR><TD>OBLIX USER</TD><TD> <%=oblixuser%> </TD></TR>
  Edited by: user10130371 on Sep 17, 2009 8:09 AM
  Edited by: user10130371 on Sep 17, 2009 8:10 AM

• Integrate IdM roles with Sun Access Manager roles

  Hi all,
  I am currently working on a solution involving Sun Identity Manager 7.1 and Sun Access Manager 7.1 as well. We use AM for overall authentication and SSO across the application, and IdM for user provisioning.
  I need to create roles in Identity Manager, and I would like that when I assign a role to a user in Identity Manager, he gets the same role in my Access Manager repository (Sun LDAP). Identity Manager does provide a way to set attribute values in resources when a role is set. Access Manager on the other hand has both dynamic roles, based on an LDAP search, and static roles.
  What are the important differences between static and dynamic roles in AM?
  Does anybody know a good way to propagate roles from Identity Manager to Access Manager?
  Thanks.

  I found answers to my question. I succeeded in setting the Access Manager role from Identity Manager using the nsRoleDN attribute. Here are some references to begin with:
  About directory server roles:
  http://docs.sun.com/app/docs/doc/820-2493/fvbrn?a=view
  Forum thread reference:
  http://forums.sun.com/thread.jspa?threadID=5208694
  Here are roughly the steps I followed to get this working.
  Access Manager roles setup:
  1. In Access Manager, create a new static role named test_role under the identities realm (in Subjects > Role).
  Identity Manager roles setup:
  1. Create a new role in Identity Manager: tab Roles, click New....
  2. Assign the LDAP resource to synchronize the role with.
  3. On the Assigned Resources line, click the Set Attributes Values button. This shows up the attributes listing allowing you to bind your IdM role to your LDAP repository.
  4. Set the attribute nsRoleDN to the LDAP DN of the role that was created in AM (nsRoleDN must be added in the resource attributes mapping before).
  * In the column Value override, select Text.
  * In the column How to set, select Authoritative merge with value, clear existing. (* See IDM Admin guide about this setting, I am still not sure how it reacts with multi-value attributes)
  * In the text box, enter the role DN text (ex: cn=test_role,dc=com).
  5. Save the role. You can now add the role to a user.

• Sun Access Manager Sample

  I have been trying to run one of the samples supplied with Access manager 2005q, namely the authentication samlpe in /SUNWam/samples/authentication/spi/providers.
  The sample seems to compile fine (after changing the encoding used). The question I have is what to do next? Following the text in the developers guide and readme, it says to move the .jar file to SUNWam/web-src/services/WEB-INF/lib and the .xml file to SUNWam/web-src/services/WEB-INF/lib.
  Im running access manager on a web-server, so i then rload amserver.war on the server, change the servers classpath so that the new .jar (LoginModuleSample.jar) file is there and restart the server.
  Am I missing something in this process? The auth module never seems to work, either giving me an authentication failed message, or an internal authentication error.
  Thanks for any help
  Keano

  Hi Keano,
  I don't know what steps you are missing but you can try the below example:
  http://developers.sun.com/prodtech/identserver/reference/techart/authentication.html
  Thanks,
  Raj

• Verizon Access Manager Download link not working

  Hi,
            Verizon Access Manager Download link not working, Following Links
  http://www.vzam.net/download/download.aspx?productid=872
  http://pcdn2-download.vzw.com/win/7.7/VZAM_7.7.1_2727b-AC30-Web.exe
  plz help to download verizon five spot access manager.
  thanks
  karthirocks

      Hi karthirocks! I'm sorry to see you're having any difficulties using these links. I've clicked on both, but had no problems getting pages to launch or in getting the application to download. If this is still a problem for you, please describe the issue you're experiencing. Also, please share the browser version you're using, and if you've enabled any security feature that prevents access to certain secure sites or services. Thanks!
  DionM_VZW
  Follow us on Twitter www.twitter.com/vzwsupport

• How to check amsilent file in Sun Access manager patch or redeploying WAR's

  h1. How to check amsilent file in Sun Access manager patch or redeploying WAR's
  I had a hard time getting all the passwords correct, so I wrote a shell (bash) script that uses most passwords and other parameters in searches and queries. It let's you know before you start if a value is wrong. It does not change anything, only queries.
  h2. One pitfall I found ...
  during the postinstall of patch 05. I told Sun about it, but I suspect it was too late and is also an issue with patch 06:
  Look at the documentation regarding amconfig and the amsilent file:
  http://docs.sun.com/app/docs/doc/819-2137/adsav?l=en&q=amconfig&a=view
  Two problems that are clear to me now:
  1. ADMINPASSWD in practice, this password is used for cn=puser, not amadmin as it says. Perhaps there is something that makes them the same. It was the same for me, so it probably does not matter.
  2. AS81_ADMINPASSWD is not the same as ADMINPASSWD using either my definition or the document's definition. However, in the amsilent template, it is set like this, which I found is incorrect and the cause of my recent hair loss:
  <blockquote>AS81_ADMINPASSWD="$ADMINPASSWD"</blockquote>
  Also, this one if you use the web server:
  <blockquote>WL8_PASSWORD="$ADMINPASSWD"</blockquote>
  Delete the $ADMINPASSWD and replace it with the password for the app/web server.
  h2. The Script.
  It tests for the above problem, but I just realized it does not check $ADMINPASSWD. If that is set incorrectly in your amsilent, you'll get errors immediately from amconfig, so no big deal. If you make improvements, please post a reply!
  Paste this into a file named checkamsilent. LDAP and appserver must be running. It reads /opt/SUNWam/amsilent. Run it as root or use sudo:
  sudo ./checkamsilent
  #!/usr/bin/bash
          echo "This will test several important parameters of the amsilent file "
          echo "run this as root."
          echo "### read in the amsilent parameters"
          echo "source /opt/SUNWam/amsilent  "
  source /opt/SUNWam/amsilent
          echo "### look for the *server port* with LISTNER, otherwise it's not listening. "
          echo "netstat -a | grep $SERVER_PORT    "
          echo "--------------"
  netstat -a | grep $SERVER_PORT  
          echo "--------------"
          echo "."
          echo "### *admin port* with LISTNER, otherwise it's not listening. "
          echo "netstat -a | grep $ADMIN_PORT   "
          echo "--------------"
  netstat -a | grep $ADMIN_PORT 
          echo "--------------"
          echo "."
          echo "### Expect to see a line of XML, otherwise the SERVER_PORT is incorrect in the amsilent file."
          echo "grep $SERVER_PORT  ${AS81_INSTANCE_DIR}/config/domain.xml  "
          echo "--------------"
  grep $SERVER_PORT  ${AS81_INSTANCE_DIR}/config/domain.xml
          echo "--------------"
          echo "."
          echo "### Expect to see a line of XML, otherwise the ADMIN_PORT is incorrect in the amsilent file."
          echo "grep $ADMIN_PORT  ${AS81_INSTANCE_DIR}/config/domain.xml "
          echo "--------------"
  grep $ADMIN_PORT  ${AS81_INSTANCE_DIR}/config/domain.xml
          echo "--------------"
          echo "."
          echo "### bind as the directory manager "
          echo "ldapsearch -v -h $DS_HOST -p 3892  -L -s sub -D \"$DS_DIRMGRDN\" -w \"$DS_DIRMGRPASSWD\" -b 'dc=nsf, dc=gov' \"cn=amldapuser\"" 
  ldapsearch -v -h $DS_HOST -p 3892  -L -s sub -D "$DS_DIRMGRDN" -w "$DS_DIRMGRPASSWD" -b 'dc=nsf, dc=gov' "cn=amldapuser" 
          echo "."
          echo "### check the amldapuser password. "
          echo "ldapsearch -w $AMLDAPUSERPASSWD -v -h $DS_HOST -p 3892  -L -s sub -D cn=amldapuser,ou=DSAME Users,dc=nsf,dc=gov -b ou=DSAME Users,dc=nsf,dc=gov cn=* cn  "
  ldapsearch -w "$AMLDAPUSERPASSWD" -v -h $DS_HOST -p 3892  -L -s sub -D "cn=amldapuser,ou=DSAME Users,dc=nsf,dc=gov" -b "ou=DSAME Users,dc=nsf,dc=gov" cn=* cn
          echo "."
          echo "### check the app server admin: AS81_ADMIN password: AS81_ADMINPASSWD  and port: ADMIN_PORT "
       echo "### That's actually a bug in the template.  "
       echo "### Do not use AS81_ADMINPASSWD=\$ADMINPASSWD  Make sure they are  different passwords! Don\'t use the default!"
       echo "Expect to see a WARNING about --password option. "
          echo "/opt/SUNWappserver/appserver/bin/asadmin  list-http-listeners --user $AS81_ADMIN --port $ADMIN_PORT  -w $AS81_ADMINPASSWD  "
  /opt/SUNWappserver/appserver/bin/asadmin  list-http-listeners --user $AS81_ADMIN --port $ADMIN_PORT  -w "$AS81_ADMINPASSWD"
          echo "done!"

  I change the product machine from LG optimus to Samsung Galaxy but the file writing is not working, too.
  I copied the source code from Adobe website about FileStream  but it is needless too.
  -----------------program code------------------------
  import flash.filesystem.*;
  import flash.filesystem.FileStream;
  import flash.events.Event;
  //txtFld is a standard textField component
  txtFld.text = "Start";var file:File = new File();
  //btnSaveFile is a standard button component
  btnSaveFile.addEventListener(MouseEvent.CLICK,handlerBtnSaveFile);
  function handlerBtnSaveFile(e:Event){
  txtFld.text = "Pressed";
  file = File.documentsDirectory;
  file = file.resolvePath("test.txt");
  var fileStream:FileStream = new FileStream();
  fileStream.openAsync(file, FileMode.WRITE);
  fileStream.writeUTFBytes("Hello");
  txtFld.text = file.nativePath.toString();
  //fileStream.addEventListener(Event.CLOSE, fileClosed);
  fileStream.close();
  fcnFileName();
  function fcnFileName(){
  txtFld.text = file.name.toString();
  function fileClosed(event:Event):void {
      trace("closed");
  txtFld.text = "FileClosed";

• Can not login access manager

  mail server version is JES messaging Server 6 2005Q4 :
  My Access Manager:http://hostname:8080/amserver
  last week, i login access manager, under the web label or configuration label�F
  in "ldap" item�Ci add new dc=xx,dc=xx,dc=xx�C
  then save configuration.
  but after that i can not login access manager.
  when i user admin login,it print:"
  Authentication failed".
  what should i do to restore access manage?
  thanks!

  javatoall wrote:
  Hi,
  I login Access Manager, access sample "realm" -> Authentication->
  Advance Properties -> User profiles and then I choiced "Dynamic with user Alias".
  Then I only configure JDBC authentication with mysql database that I don't used ldapservice.
  When I created a one new user in MySQL, I can login into web application that i security as "sample.war" successfull but new user don't right access resource that i protected before.
  When i login access manager with amdmin user, I can not find user that i has been created it in MySQL database. t
  When the users are created through the dynamic profile, the default cn/sn are set to "default" , after creation you need to login to amconsole as amadmin and change/add proper values for these attributes.
  Alternatively you can set the protected resource's policy subject to Authenticated users. This will work but not sure will meet your requirement
  >
  When i login access manager console with new user, it login successful, and view Profile of new user that I has been created.
  Can you tell me How to manage new user that I has been new in MySQL by Access manager console ?
  I want to configure access proteced resourse for that user. How to configure that ?
  read above use the authenticated users subject
  Thank for every help.
  VinhND.

• How do I connect to internet with vz access manager for iphone 4S?

  I have VZ Access Manager on my laptop and want to use it to connect to internet on my new iphone 4S.  How do I do this?

  If you can set up an Ad Hoc wireless network from your laptop, you could use it that way. Once again VZ Access Manager will not enter into the sharing part.
  Plug these search terms into Google:
  set up an ad hoc network
  You'll find lots of instructions.
  Best of luck.

• Problem with second instance of access manager

  Well, after sorting out things with the first install of access manager, I went on to install a second instance on a different host (it's required for delegated admin..)
  Here are the options I used on install:
  Access Manager: Administration (1 of 6)
  Administrator User ID: amAdmin
  Administrator Password [] {"<" goes back, "!" exits}:
  Retype Password [] {"<" goes back, "!" exits}:
  LDAP User ID: amldapuser
  LDAP Password [] {"<" goes back, "!" exits}:
  Retype Password [] {"<" goes back, "!" exits}:
  Password Encryption Key [gFoe4t8UlUW3wEApngAY3S8bCQFVMlGk] {"<" goes back,
  "!" exits}: weW5jtopMLQsODiBZDp+hlEp1/CtbiXX
  Install type (Realm/Legacy) Mode [Legacy] {"<" goes back, "!" exits}:
  Access Manager: Web Container (2 of 6)
  1. Sun Java System Application Server
  2. Sun Java System Web Server
  Select the container to deploy the component and hit enter key [2] {"<" goes
  back, "!" exits}
  Access Manager: Sun Java System Web Server (3 of 6)
  Host Name [zone2.corenode.com] {"<" goes back, "!" exits}:
  Web Server Instance Directory [opt/SUNWwbsvr/https-zone2.corenode.com] {"<"
  goes back, "!" exits}:
  Web Server Port [80] {"<" goes back, "!" exits}:
  Document Root Directory [opt/SUNWwbsvr/docs] {"<" goes back, "!" exits}:
  Secure Server Instance Port [No] {"<" goes back, "!" exits}:
  Access Manager: Web Container for running Access Manager Services(4 of 6)
  Host Name [zone2.corenode.com] {"<" goes back, "!" exits}:
  Services Deployment URI [amserver] {"<" goes back, "!" exits}:
  Common Domain Deployment URI [amcommon] {"<" goes back, "!" exits}:
  Cookie Domain(Assure it is not a top level domain) [.corenode.com] {"<" goes
  back, "!" exits}:
  Administration Console [Yes] {"<" goes back, "!" exits}:
  Console Deployment URI [amconsole] {"<" goes back, "!" exits}:
  Password Deployment URI [ampassword] {"<" goes back, "!" exits}:
  Access Manager: Directory Server Information (5 of 6)
  Directory Server Host [] {"<" goes back, "!" exits}: zone1.corenode.com
  Directory Server Port [] {"<" goes back, "!" exits}: 389
  Directory Root Suffix [dc=corenode,dc=com] {"<" goes back, "!" exits}:
  Directory Manager DN [cn=Directory Manager] {"<" goes back, "!" exits}:
  Directory Manager Password [] {"<" goes back, "!" exits}:
  Access Manager: Directory Server Information (6 of 6)
  Is Directory Server provisioned with user data [No] {"<" goes back, "!"
  exits}? Yes
  Organization Marker Object Class [sunISManagedOrganization] {"<" goes back,
  "!" exits}:
  Organization Naming Attribute [o] {"<" goes back, "!" exits}:
  User Marker Object Class [inetorgperson] {"<" goes back, "!" exits}:
  User Naming Attribute [uid] {"<" goes back, "!" exits}:
  Yes, I am using the same key as was used on host1 for access manager. Yes, access manager on host 1 is quite functional right now. Yes, that directory server works. Now I'm really stumped on what to do! Everything in JES seems to work great except access manager, the exceptions it throws really don't help any at all in troubleshooting.
  Any ideas?

  More info from error logs:
  # pwd
  /var/opt/SUNWam/debug
  # tail -200 amAuth
  04/12/2006 09:56:47:127 AM HST: Thread[main,5,main]
  ERROR: AuthD failed to get auth session
  04/12/2006 09:56:47:165 AM HST: Thread[main,5,main]
  ERROR: AuthD init()
  com.iplanet.dpro.session.SessionException: AuthD failed to get auth session
  at com.sun.identity.authentication.service.AuthD.initAuthSessions(AuthD.java:709)
  at com.sun.identity.authentication.service.AuthD.<init>(AuthD.java:229)
  at com.sun.identity.authentication.service.AuthD.getAuth(AuthD.java:494)
  at com.sun.identity.authentication.UI.LoginLogoutMapping.init(LoginLogoutMapping.java:71)
  at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:921)
  at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:813)
  at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3478)
  at org.apache.catalina.core.StandardContext.start(StandardContext.java:3760)
  at com.iplanet.ias.web.WebModule.start(WebModule.java:251)
  at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
  at org.apache.catalina.core.StandardHost.start(StandardHost.java:652)
  at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
  at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:355)
  at org.apache.catalina.startup.Embedded.start(Embedded.java:995)
  at com.iplanet.ias.web.WebContainer.start(WebContainer.java:431)
  at com.iplanet.ias.web.WebContainer.startInstance(WebContainer.java:500)
  at com.iplanet.ias.server.J2EERunner.confPostInit(J2EERunner.java:161)
  # tail -200 amSession
  04/12/2006 09:56:47:098 AM HST: Thread[main,5,main]
  ERROR: SessionService.SessionService(): Initialization Failed
  com.iplanet.services.naming.ServerEntryNotFoundException: Cannot find server ID.
  at com.iplanet.services.naming.WebtopNaming.getServerID(WebtopNaming.java:350)
  at com.iplanet.dpro.session.service.SessionService.<init>(SessionService.java:1540)
  at com.iplanet.dpro.session.service.SessionService.getSessionService(SessionService.java:382)
  at com.sun.identity.authentication.service.AuthD.getSS(AuthD.java:685)
  at com.sun.identity.authentication.service.AuthD.initAuthSessions(AuthD.java:706)
  at com.sun.identity.authentication.service.AuthD.<init>(AuthD.java:229)
  at com.sun.identity.authentication.service.AuthD.getAuth(AuthD.java:494)
  at com.sun.identity.authentication.UI.LoginLogoutMapping.init(LoginLogoutMapping.java:71)
  at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:921)
  at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:813)
  at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3478)
  at org.apache.catalina.core.StandardContext.start(StandardContext.java:3760)
  at com.iplanet.ias.web.WebModule.start(WebModule.java:251)
  at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
  at org.apache.catalina.core.StandardHost.start(StandardHost.java:652)
  at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
  at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:355)
  at org.apache.catalina.startup.Embedded.start(Embedded.java:995)
  at com.iplanet.ias.web.WebContainer.start(WebContainer.java:431)
  at com.iplanet.ias.web.WebContainer.startInstance(WebContainer.java:500)
  at com.iplanet.ias.server.J2EERunner.confPostInit(J2EERunner.java:161)
  04/12/2006 09:56:47:126 AM HST: Thread[main,5,main]
  ERROR: Error creating service session
  java.lang.NullPointerException
  at com.iplanet.dpro.session.service.SessionService.generateEncryptedID(SessionService.java:588)
  at com.iplanet.dpro.session.service.SessionService.generateSessionId(SessionService.java:612)
  at com.iplanet.dpro.session.service.SessionService.newInternalSession(SessionService.java:557)
  at com.iplanet.dpro.session.service.SessionService.getServiceSession(SessionService.java:501)
  at com.iplanet.dpro.session.service.SessionService.getAuthenticationSession(SessionService.java:408)
  at com.sun.identity.authentication.service.AuthD.initAuthSessions(AuthD.java:706)
  at com.sun.identity.authentication.service.AuthD.<init>(AuthD.java:229)
  at com.sun.identity.authentication.service.AuthD.getAuth(AuthD.java:494)
  at com.sun.identity.authentication.UI.LoginLogoutMapping.init(LoginLogoutMapping.java:71)
  at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:921)
  at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:813)
  at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3478)
  at org.apache.catalina.core.StandardContext.start(StandardContext.java:3760)
  at com.iplanet.ias.web.WebModule.start(WebModule.java:251)
  at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
  at org.apache.catalina.core.StandardHost.start(StandardHost.java:652)
  at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
  at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:355)
  at org.apache.catalina.startup.Embedded.start(Embedded.java:995)
  at com.iplanet.ias.web.WebContainer.start(WebContainer.java:431)
  at com.iplanet.ias.web.WebContainer.startInstance(WebContainer.java:500)
  at com.iplanet.ias.server.J2EERunner.confPostInit(J2EERunner.java:161)
  #