Unable to expand Roles n policies after enabling Active directory security

Similar Messages

• Unable to save Unified Messaging PIN: Access to Active Directory Failed

  I'm trying to enable all of our users for Unified Messaging and I've created a powershell script for each of users I want to enable but I am getting an error message everytime I try and run it.
  Unable to save Unified Messaging PIN for mailbox 'smtp address': Access to Active Directory Failed
  Our setup is forest root domain and 2 child domains.  Most of the users are in the child domains and the Exchange server is in the forest root domain.
  I'm using -domaincontroller but this doesn't make a difference.  Here is the script I am using:
  Enable-UMMailbox -Identity [email protected] -UMMailboxPolicy "DefaultUM Default Policy" -Extensions 303 -PIN 1234 -SIPResourceIdentifier "[email protected]" -PINExpired $false -domaincontroller "rc-curdc-01.curriculum.riddlesdown.local"
  Can someone point out why this isn't working?

  I had the same experience as Gueetar. Couldn't enable a UM mailbox, or change the PIN. Got a generic "Access to Active Directory Failed" message instead of anything useful. Even went so far as enabled a ton of diagnostic logging, which didn't report anything
  useful.
  Of course, all the accounts I was enabling had the HiddenFromAddressListsEnabled property set to $true (these were old deactivated accounts I was using to test with). I found that setting it back to $false corrected the issue.
  Of course I didn't know it was that exact problem at the time. I only found a difference after disabling/re-connecting mailboxes (and of course newly created mailboxes exhibited no issues). Assuming this was going to be the case for all mailboxes this would
  be fine for testing and proof of concept, bad for production/implementation. Instead I ran a bunch of scenarios over two days, culminating in a crap load of LDIFDEs and DSACL dumps to enumerate the object properties and compare the values that were different.
  This property (HideFromALEnabled) and a few others stood out. Luckily it wasn't ACL-related - that would've been a complete head wreck!
  Dear Microsoft: More descriptive errors next time, please :)

• SGD 4.7 - Cannot enable Active Directory authentication

  I've followed the steps in the Admin Guide, and have a service object created.  Running tarantella service list --name service_name produces the following output (obfuscated):
  Name:  service_name
  Enabled: 1
  Url: ad://url_to_dc
  Base-domain: same as above
  Security-mode: kerberos
  Type: ad
  ...all of which looks correct.  I've added the recommended log filters.  Directory services (server/directoryservices/*) returns the following INFO message when attempting a logn:
  No Login authorities are available.
  The configured service objects will not be used.
  When I click the "Test" button in the service object property screen, the above log fills with what look like appropriate log messages and a Success result from the AD server, then the above message is displayed.  Running the tarantella config list | grep login command produced the following output:
  login-ad-base-domain:  same domain as above
  login-ad-default-domain: ""
  login-ldap-thirdparty-ens: 1
  login-lday-thirdparty-profile: 1
  login-thirdparty-ens: 0
  login-thirdparty-nonens: 0
  login-thirdparty-superusers:  sgd_trusted_user
  login-web-tokenvalidity: 180
  server-login: enabled
  Any ideas?

  Problems can be
  Incorrect domain
  Name resolutions fails: OSGD server must be able to resolve the global catalog server
  Timeserver: OSGD server must have the same time as the AD
  Wrong /etc/krb5.conf
  Global Catalog Server
  Check, if the domain has a global catalog server:
  nslookup -query=any _gc._tcp.DOMAIN_lowercase 
  Example for Domain TBSOL.DE 
  [root@tab-ol5u7-SGD1dev-adm tmp]# nslookup -query=any _gc._tcp.tbsol.de 
  Server:         192.168.99.1
  Address:        192.168.99.1#53
  Non-authoritative answer:
  _gc._tcp.tbsol.de       service = 0 100 3268 office-ad.tbsol.de.
  Authoritative answers can be found from:
  tbsol.de        nameserver = office-ad.tbsol.de.
  office-ad.tbsol.de      internet address = 172.16.1.14
  Kerberos Layer
  Simple Kerberos file
  [libdefaults] 
    default_realm = TBSOL.DE
    default_tkt_enctypes = rc4-hmac
    default_tgs_enctypes = rc4-hmac
  [realms]
     TBSOL.DE = {
       kdc = office-ad.tbsol.de
       admin_server = office-ad.tbsol.de
  [domain_realm]
     .tbsol.de = TBSOL.DE
     tbsol.de = TBSOL.DE
  Icon
  The format (tabs and spaces) of the Kerberos file is not relevant.
  (other experience: after correcting the format of the kerberos file, pwd change works !)
  Use kinit to test the Kerberos file.
  Tarantella needs a restart, if this file is changed.
  Icon
  The OSGD documentation mentions in "2.2.4.2 Active Directory Password Expiry" to set
  kpasswd_protocol = SET_CHANGE
  This was not needed in these tests.
  Login check via kinit
  kinit <userprincibalename>@DOMAIN_uppercase 
  Example of kinit 
  [root@tab-ol5u7-SGD1dev-adm tmp]# kinit [email protected]; echo $? 
  Password for [email protected]:
  kinit(v5): Preauthentication failed while getting initial credentials
  1
  [root@tab-ol5u7-SGD1dev-adm tmp]# kinit [email protected]; echo $?
  Password for [email protected]:
  0
  [root@tab-ol5u7-SGD1dev-adm tmp]#
  Check password change with KPASSWD
  [root@tab-ol5u7-SGD1dev-adm log]# kpasswd [email protected] 
  Password for [email protected]:
  Enter new password:
  Enter it again:
  Password changed.
  Check password change on AD request
  Mark user, that he has to change his password on the next login in the AD.
  [root@tab-ol5u7-SGD2dev-adm tmp]# kinit [email protected] 
  Password for [email protected]:
  Password expired.  You must change it now.
  Enter new password:
  Enter it again:
  [root@tab-ol5u7-SGD2dev-adm tmp]# kinit [email protected]
  C

• Portal password Policies and MS Active directory Group Policies

  Has anybody worked with EP6 and Active directory (as the writeable directory). More specifically I am trying to find experience or good documentation about working with the password policies for each. For example if you have the Portal password expiry at 90 days in portals, does the password expiry need be matched in AD.What if it is not, does this casue problems. If anyone as some expereice with this please reply.
  Thanks
  Stephen

  Has anybody worked with EP6 and Active directory (as the writeable directory). More specifically I am trying to find experience or good documentation about working with the password policies for each. For example if you have the Portal password expiry at 90 days in portals, does the password expiry need be matched in AD.What if it is not, does this casue problems. If anyone as some expereice with this please reply.
  Thanks
  Stephen

• Issue with Exchange 2003 after upgrading Active Directory

  I upgraded AD from 2003 to 2008 R2. Before I could go into AD to create users, click on the email check box and the user would have an account on Exchange. Now this feature is not available. How do I create mailboxes on my Exchange 2003 Server for users
  now?

  You can't, You have to administer Exchange 2003 functionality from Active Directory Users and Computers on the Exchange 2003 server.
  FYI: Companies running Exchange 2003 after April 8, 2014 will be responsible for their own for support. More importantly, because Microsoft will no longer provide security updates, companies that choose to continue running Exchange 2003 accept the risk associated
  with that.
  Enfo Zipper
  Christoffer Andersson – Principal Advisor
  http://blogs.chrisse.se - Directory Services Blog

• User account is removed from a Active directory security group (server 2008 R2) after a day

  Hello !
  i add many times a user in a AD security group, but the user is removed automatically after a day. What i don't understand is that other users have been added to the same group but they are still in the group (there is no problem with their accounts).
  To add this user that is always removed after a day (or a period), i use the member of tab in the account properties.
  Right click on the user account -> properties-> member of -> add -> groupName->ok
  Thank you for your help !!

  Greetings!
  Similar thread here which was answered before:
  Auditing Acitve Directory group
  Regards.
  Mahdi Tehrani   |  
    |  
  www.mahditehrani.ir
  Please click on Propose As Answer or to mark this post as
  and helpful for other people.
  This posting is provided AS-IS with no warranties, and confers no rights.
  How to query members of 'Local Administrators' group in all computers?

• What do I need to do to enable Active Directory users to authenticate to AFP shares in 10.8 server?

  We recently upgraded from 10.6 server to 10.8 server and are having trouble with AFP shares and Active Directory.  We have shares on each of our OS X servers that should be mountable by any Active Directory user at the site the server resides.  In 10.6, this worked beautifully.  Simply adding the appropriate AD groups with appropriate permissions to the ACL of the folder(s) being shared worked without a hitch.  In 10.8 server, this is not working.  Permissions are defined correctly (as far as I can tell), the server is bound to AD, but yet no AD user who should have access can mount the share.  When attempting to mount the share on a 10.6 client, the user gets the short and simple "You entered an invalid username or password.  Please try again."  On a 10.7 client, the window shakes. 
  What confuses me even more is that no local users can mount the share as well.  I try as our admin account, I receive the following error message on our 10.6 clients:
  Actually, as I was forumulating this post, logging in as the server administrator account is now working...???!!!
  This was the error message we were receiving on 10.7 clients before it magically started working:
  In any case, authenticating as an AD user is still no go.  Any ideas?

  I had something similar to this. In the name field put in DOMAIN\username rather than just the name.

• How can I enable Active Directory network login while maintaining the existing local user account data?

  We have a user base of around 15 Macs that we would like to integrate into Active Directory. However, we need to maintain the existing users local account data but do not wish to have that data moved to the network. Is there an easy way to create the AD login and then move the existing account data to the new login while maintaining correct permissions?
  I've had some success logging in as root and deleting the existing account, while maintaining the home folder. Then renaming it to match the AD login account name and replacing the new and empty AD user home.  I then perform a CHOWN on that folder to give ownership to the AD account name.
  Is it this simple? I don't want to leave any loose ends.
  Thanks for any help you can provide,
  Scott

  JamesSTJ wrote:
  Oh, found it!
  And guess what? Apple wanted to charge me a one time fee of $600 to answer that question.
  It worked! thanks!
  I guess I'm cheap

• FSMO Roles have moved after migration failure

  Hi All
  We tried to migrate our SBS2008 to SBS2011 last night but it failed due to the account we were using not having the 'Logon as Batch' right.
  We managed to recover the server but now we're getting the following error...
  The FSMO Role Check detected a condition in your environment that is out of compliance with the licensing policy. The Management Server must hold the primary domain controller and domain naming master Active Directory roles. Please move the Active Directory
  roles to the Management Server now.
  How do we rectify this?
  Thanks
  ====
  If I run NETDOM QUERY FSMO it all appears fine for all 5 roles but SBS BPA is reporting...
  Title: The FSMO role does not comply with the license policy
  Source: License Compliance service

  Hello ,
  Try the following steps to seize FSMo roles.
  -Click Start, click Run, type ntdsutil in the Open box, and then click OK.
  -Type roles, and then press ENTER.
  -Type connections, and then press ENTER.
  -Type "connect to server servername ", and then press ENTER, where servername is the name of the domain  controller that you want to assign the FSMO role to.
  -At the server connections prompt, type q, and then press ENTER.
  -Type seize "role" ,
  where "role" is the role that you want to seize. For example, to seize the RID master role, type seize rid master. The one exception is for the PDC emulator role, whose syntax is seize pdc, not seize pdc emulator.
  -At the fsmo maintenance prompt, type q, and then press ENTER to gain access to the ntdsutil prompt. Type q, and then press ENTER to quit the Ntdsutil utility.
  -if still facing same issue ,please take dcdiag and paste. and Active Directory events.
  -For dcdiag ,run dcdiag /v >dc.txt
  -paste the output of dc.txt.
  All the best.
  Upanshu Anand

• Migrating ADF Security Policies to Active Directory

  Hi,
  Curently I'm searching whether it is possible to migrate ADF security policies created during development to a weblogic production environment with Active directory as the identity store.
  Whilst I did find documentation relating to standalone WLS, yet no documentation seem to be available for migrating ADF policies to an Active directory. Does anyone has links to documentation that guide throguh this security policy migration.
  Thanks.

  Hi,
  Curently I'm searching whether it is possible to migrate ADF security policies created during development to a weblogic production environment with Active directory as the identity store.
  Whilst I did find documentation relating to standalone WLS, yet no documentation seem to be available for migrating ADF policies to an Active directory. Does anyone has links to documentation that guide throguh this security policy migration.
  Thanks.

• UPnP doesn't work after enabling Hyper-V role on WS2012R2

  Hi,
  We have stream/media player which use File share on WS2012 R2. It uses UPnP protocol to connect on File Share and it works fine. But, after enabling Hyper-V role on that server machine, stream/media player can't connect anymore on network share, cannot see
  any network computer, I would say master browser service is corrupted.
  Do you have advice, how to use UPnP on server with enabled Hyper-V role and virtual network adapter?
  Thank you in advance

  Have you tried doing things in the opposite sequence?  Try first installing and configuring Hyper-V and the virtual switches you will be using.  Then install the media player.  Maybe the media player is losing track of things when its underlying
  network is changed.
  Of course, Microsoft does not recommend this configuration.  It does not recommend running any other service on a host that is running Hyper-V.  That does not immediately imply it will not work; just passing on that what you are doing is a non-recommended
  configuration.
  . : | : . : | : . tim

• Unable to Expand nodes under Migrated Content.

  Hi all,
  We have recently installed EP 7.0 and we have uploaded the Business Packages Specific to CRM 5.0.But under Migrated Content--> EP 5.0 I'm not able to drill down further.I'm able to see the Folders like Iviews, Pages,Roles etc..But I'm unable to expand these folders further.Like if I want to see all the roles present in the roles Folder i'm not able to do so.But the roles are present and I can see them if I search them in Identity management.
  Can someone help me on this.
  thanks and regards,
  Vijaya Sai.V

  Hi,
  This folder would be empty in case of fresh install, i also have it empty.
  The business package deployed sits under
  Content Administration -- Portal Content -- Content delivered by SAP --
  Hope this helps,
  Chetan

• Unable to expand drop down by index UI element

  Hi,
  I have got one Drop down by index in my webdynpro form and I want to bind this to backend data. For this purpose, I created one adaptive rfc model  and also did all this model binding, context mapping etc.
  Now my context in view  looks like this :- GetDropDown_Mn (parent node) , this has got child Output_DropDown which again has two value attributes Name and Text.
  This is component controller code where you bind and invalidate
  __Shell__Ca_Read_Cr_Drbox_Val_Input dropdown = new __Shell__Ca_Read_Cr_Drbox_Val_Input();
          wdContext.nodeGetDropDown_Mn().bind(dropdown);
          wdContext.currentGetDropDown_MnElement().modelObject().execute();
          wdContext.nodeOutput_DropDown().invalidate();
  I then tried to bind my UI element in view with Name attribute , but when I try to run my application , the field appears as read only, kind of non editable (blocked) and I am unable to expand my dropdown.
  The readonly property of UI element is false. I have hard coded one value like " Please select from drop down list " and I want the backend values to come below this. For this, I have written code to append the backend values with the hardcoded value. Now the problem is my dropdown is blocked  and not able to expand ( unable to click the arrow button), and I cannot see the other values in dropdown except the hard coded value.
  Can someone please help me on this. 
  The cardinality of context node is 1..n, selection = 0..1 and I have set Leadselection = -1.
  Thanks and regards,
  Sai

  Hi Sai,
  You can use the below code to add the please select in ur drop down in wdInit() method
  wdContext.nodeVn_Node().currentVn_NodeElement().setVa_Attribute("-Please Select-");
  please use the name of node as u have created in the context.
  and after that please check if yoy are getting values from RFC call or not.
  if you are getting the values then try to change the selection property of that node to 1..n and comment the lead selection line that you have written.
  hope this will help.
  Regards
  Narendra

• Unable to expand table (or 'any' object) node - permissions issue?

  I am the dba for a database and hence have access to the system user. When I connect to the db through SQL Developer, I can expand the table node under any user and list tables. As I can with any object node.
  I now want to create an admin user that has restricted capabilities, one of which will be to view objects, such as tables etc..
  (I will ultimately do this via a role to allow multiple users to have the admin capabilities, but for now have just created an admin_user userid).
  However, when I connect to the database using this admin_user userid, I am unable to expand any object node.
  I have played with different permissions, granting 'select any dictionary', 'select_catalog_role', 'select on dba_tables' but the user still can not view any objects via the appropriate node. eg. attempting to go to Other Users - username - Tables just shows nothing. (There are no filters).
  However the admin_user can run a SQL command to view the tables. eg. Select * from dba_tables, will list all tables for all users within the database. So they DO appear to have the appropriate access.
  So why can't they see the tables in the tables node?
  Is there some piece of configuration within SQL Developer itself that I have overlooked?
  Cheers

  I am the dba for a database and hence have access to the system user. When I connect to the db through SQL Developer, I can expand the table node under any user and list tables. As I can with any object node.
  I now want to create an admin user that has restricted capabilities, one of which will be to view objects, such as tables etc..
  (I will ultimately do this via a role to allow multiple users to have the admin capabilities, but for now have just created an admin_user userid).
  However, when I connect to the database using this admin_user userid, I am unable to expand any object node.
  I have played with different permissions, granting 'select any dictionary', 'select_catalog_role', 'select on dba_tables' but the user still can not view any objects via the appropriate node. eg. attempting to go to Other Users - username - Tables just shows nothing. (There are no filters).
  However the admin_user can run a SQL command to view the tables. eg. Select * from dba_tables, will list all tables for all users within the database. So they DO appear to have the appropriate access.
  So why can't they see the tables in the tables node?
  Is there some piece of configuration within SQL Developer itself that I have overlooked?
  Cheers

• Unable to expand Tree in EP   (e.g. Portal Content)

  Dear Portal Gurus,
  We are on EP 6.0,SP12.
  We are unable to expand any tree structure (including stanadard Tree Structure) inside EP.
  I get the following message :
  Could not load or refresh node Tree creation failed on node: pcd:portal_content .
  Pls let me know what needs to be done.
  Thx.

  when I exported a transport package I saved it on Portal conect and after doing all the transporting, when I opened the content administration and try to expand the portal content, I get the following error:
  Could not load or refresh node Tree creation failed on node: pcdportal_content
  <a href="http://ing.perez.googlepages.com/portal.jpg" target="_blank"><img src="http://ing.perez.googlepages.com/portal.jpg" border="0" /></a>
  I get this error from the log
  1.5#0011856BDDE1006D00000086000011B000042238FAC1E7DA#1163528027322#com.sap.portal.pcd.Gl.Notification.Engine#sap.com/irj#com.sap.portal.pcd.Gl.Notification.Engine#IENAFS02#197##091402wb79_EPD_2059550#IENAFS02#0a01e440740b11dba4e00011856bdde1#Thread[T-IMPORT-1114_121327_931_71801fdd2c1d2d9b,5,SAPEngine_Application_Thread[impl:3]_Group]##0#0#Error#1#/System/Server#Java###[XfsNotificationEngine.register] Exception occured: 
  [EXCEPTION]
  {0}#1#PcdRuntimeException: SQLException is not transient, error code = 0, sql state = HY000
  [SAP_NWMss][SQLServer JDBC Driver]IO Error creating temp file: null
  com.sapportals.portal.pcd.pl.PlRuntimeException: SQLException is not transient, error code = 0, sql state = HY000
  [SAP_NWMss][SQLServer JDBC Driver]IO Error creating temp file: null
       at com.sapportals.portal.pcd.pl.PlFactory.handleUnexpectedSQLError(PlFactory.java:2428)
       at com.sapportals.portal.pcd.pl.PlFactory.checkDeadlockResolution(PlFactory.java:2436)
       at com.sapportals.portal.pcd.pl.PlContext.lookupSubtree(PlContext.java:280)
       at com.sapportals.portal.pcd.gl.xfs.XfsContext.<init>(XfsContext.java:128)
       at com.sapportals.portal.pcd.gl.xfs.XfsContext.<init>(XfsContext.java:85)
       at com.sapportals.portal.pcd.gl.xfs.XfsContext.getXfsChildFromPlChild(XfsContext.java:590)
       at com.sapportals.portal.pcd.gl.xfs.XfsContext.readXfsObjectFromPersistence(XfsContext.java:535)
       at com.sapportals.portal.pcd.gl.xfs.XfsContext.getChildAtomicName(XfsContext.java:433)
       at com.sapportals.portal.pcd.gl.xfs.XfsContext.getChild(XfsContext.java:277)
       at com.sapportals.portal.pcd.gl.xfs.XfsContext.getChild(XfsContext.java:280)
       at com.sapportals.portal.pcd.gl.xfs.XfsContext.getChild(XfsContext.java:280)
       at com.sapportals.portal.pcd.gl.xfs.XfsContext.lookup(XfsContext.java:228)
       at com.sapportals.portal.pcd.gl.xfs.notif.XfsNotificationEngine.triggerInformDanglingDeltalinks(XfsNotificationEngine.java:463)
       at com.sapportals.portal.pcd.gl.xfs.notif.XfsNotificationEngine.register(XfsNotificationEngine.java:302)
       at com.sapportals.portal.pcd.gl.transport.PcdGlTransportAdapter.endElement(PcdGlTransportAdapter.java:346)
       at com.sapportals.portal.pcd.gl.xml.ContentHandlerManager.endElement(ContentHandlerManager.java:204)
       at com.sapportals.portal.pcd.gl.xml.PcdXMLContentHandler.endElement(PcdXMLContentHandler.java:107)
       at com.sap.engine.lib.xml.parser.handlers.SAXDocHandler.endElement(SAXDocHandler.java:154)
       at com.sap.engine.lib.xml.parser.XMLParser.scanEndTag(XMLParser.java:1913)
       at com.sap.engine.lib.xml.parser.XMLParser.scanElement(XMLParser.java:1809)
       at com.sap.engine.lib.xml.parser.XMLParser.scanDocument(XMLParser.java:2792)
       at com.sap.engine.lib.xml.parser.XMLParser.parse0(XMLParser.java:227)
       at com.sap.engine.lib.xml.parser.AbstractXMLParser.parseAndCatchException(AbstractXMLParser.java:141)
       at com.sap.engine.lib.xml.parser.AbstractXMLParser.parse(AbstractXMLParser.java:156)
       at com.sap.engine.lib.xml.parser.AbstractXMLParser.parse(AbstractXMLParser.java:259)
       at com.sap.engine.lib.xml.parser.Parser.parseWithoutSchemaValidationProcessing(Parser.java:278)
       at com.sap.engine.lib.xml.parser.Parser.parse(Parser.java:340)
       at com.sap.engine.lib.xml.parser.SAXParser.parse(SAXParser.java:125)
       at javax.xml.parsers.SAXParser.parse(SAXParser.java:345)
       at com.sapportals.portal.pcd.gl.xml.PcdXMLParser.parse(PcdXMLParser.java:85)
       at com.sapportals.portal.pcd.gl.xml.PcdXMLParser.parse(PcdXMLParser.java:54)
       at com.sapportals.portal.pcd.gl.transport.PcdGlTransportManager.importObject(PcdGlTransportManager.java:612)
       at com.sapportals.portal.transport.Transport.importObject(Transport.java:110)
       at com.sapportals.portal.transport.app.ImportRunner.importObject(ImportRunner.java:322)
       at com.sapportals.portal.transport.app.ImportRunner.run(ImportRunner.java:164)
       at java.lang.Thread.run(Thread.java:534)
  Caused by: java.sql.SQLException: [SAP_NWMss][SQLServer JDBC Driver]IO Error creating temp file: null
       at com.sap.nwmss.jdbc.base.BaseExceptions.createException(Unknown Source)
       at com.sap.nwmss.jdbc.base.BaseExceptions.getException(Unknown Source)
       at com.sap.nwmss.jdbc.base.BaseImplClobEmulated.<init>(Unknown Source)
       at com.sap.nwmss.jdbc.sqlserver.SQLServerImplResultSet.getData(Unknown Source)
       at com.sap.nwmss.jdbc.base.BaseResultSet.getClob(Unknown Source)
       at com.sap.sql.jdbc.basic.BasicResultSet.getClob(BasicResultSet.java:432)
       at com.sap.sql.jdbc.direct.DirectResultSet.getClob(DirectResultSet.java:1060)
       at com.sap.sql.jdbc.common.dispatch.ClobResultColumn.getClob(ClobResultColumn.java:138)
       at com.sap.sql.jdbc.common.CommonResultSet.createClob(CommonResultSet.java:1035)
       at com.sap.sql.jdbc.common.CommonResultSet.getClob(CommonResultSet.java:302)
       at com.sap.sql.jdbc.common.dispatch.ClobResultColumn.dispatchGetString(ClobResultColumn.java:114)
       at com.sap.sql.jdbc.common.CommonResultSet.getString(CommonResultSet.java:448)
       at com.sapportals.portal.pcd.pl.AttributeHeadersTable.readStringValue(AttributeHeadersTable.java:934)
       at com.sapportals.portal.pcd.pl.AttributeHeadersTable.readFirstValue(AttributeHeadersTable.java:657)
       at com.sapportals.portal.pcd.pl.AttributeHeadersTable.readAttributeHeader(AttributeHeadersTable.java:639)
       at com.sapportals.portal.pcd.pl.AttributeHeadersTable.selectSubtreeObjectsAttributeHeaders(AttributeHeadersTable.java:762)
       at com.sapportals.portal.pcd.pl.PlFactory.getSubtreeSegment(PlFactory.java:878)
       at com.sapportals.portal.pcd.pl.PlFactory.getSubtree(PlFactory.java:804)
       at com.sapportals.portal.pcd.pl.PlContext.lookupSubtree(PlContext.java:253)
       at com.sapportals.portal.pcd.pl.PlContext.lookupSubtree(PlContext.java:274)
       ... 33 more