URGENT: OAM 10g server and webgate certificates query

Similar Messages

• Project server and exhcnage certificate or EWS url problem

  We are having trouble enabling synchronization between our Project 2010 Server and our Exchange 2010 CAS server. 
  When we initially saw this error below,
  “The root of the certificate chain is not a trusted root authority.”, we then downloaded the GoDaddy intermediates certificate that goes with the “mail.sfbcic.com” cert and    imported it as a trusted root authority
  on the project server.  However, we are still getting the error you see below. 
  You can see that we have two certificates that are valid. 
  Our CAS server has 2 certificates: (Both are valid certificates)
                  1 – Self-Signed      HOSEXCHCAS4
                  2 – Third-party (GoDaddy) certificate      mail.sfbcic.com
  Our Questions:
  1. In PWA, do the computer names of the cas servers need to match the third party certificate (is that what's causing the error)?  Currently, we have the CAS server names listed (cas2, cas3, cas 4).  The Go Daddy certificate
  is for mail.ourdomain.com
  2 If the answer is no, do you have any idea what we are missing?
  3. Do we need to get a new third party certificate and not use the self-signed certificate?
  4.  Would one of the CAS servers not being active right now cause this issue?
  -------  Event logs ---------------------
  Log Name:      Application
  Source:        Microsoft-SharePoint Products-SharePoint Foundation
  Date:          4/18/2012 4:11:08 PM
  Event ID:      8311
  Task Category: Topology
  Level:         Error
  Keywords:     
  User:          DOMAIN1\svc_spfarm
  Computer:      HOPROJECTSVR.sfbcic.com
  Description:
  An operation failed because the following certificate has validation errors:\n\nSubject Name: CN=mail.sfbcic.com, OU=Information Technology, O=Southern Farm Bureau Casualty Insurance Company, L=Ridgeland, S=MS, C=US\nIssuer Name:
  SERIALNUMBER=xxxxxx, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US\nThumbprint:
  xxxxxxxxxxxxxxxxxxxxxxxxxxxx\n\nErrors:\n\n The root of the certificate chain is not a trusted root authority..
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Microsoft-SharePoint Products-SharePoint Foundation" Guid="{6FB7E0CD-52E7-47DD-997A-241563931FC2}" />
      <EventID>8311</EventID>
      <Version>14</Version>
      <Level>2</Level>
      <Task>13</Task>
      <Opcode>0</Opcode>
      <Keywords>0x4000000000000000</Keywords>
      <TimeCreated SystemTime="2012-04-18T21:11:08.362997800Z" />
      <EventRecordID>12044</EventRecordID>
      <Correlation ActivityID="{09F06ACB-9929-4F57-A7E8-9786C165ECAE}" />
      <Execution ProcessID="5424" ThreadID="1200" />
      <Channel>Application</Channel>
      <Computer>HOPROJECTSVR.sfbcic.com</Computer>
      <Security UserID="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" />
    </System>
    <EventData>
      <Data Name="string0">CN=mail.sfbcic.com, OU=Information Technology, O=Southern Farm Bureau Casualty Insurance Company, L=Ridgeland, S=MS, C=US</Data>
      <Data Name="string1">SERIALNUMBER=xxxxxxxxx, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository,
  O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US</Data>
      <Data Name="string2">xxxxxxxxxxxxxxxxxxxxxxxxxxx</Data>
      <Data Name="string3">The root of the certificate chain is not a trusted root authority.</Data>
    </EventData>
  </Event>
  Exchange queue errors…..
  ExchangeSync() failed to retrieve specified user_s      (c3d0c753-21b3-4ff1-8312-61fba2defe8e) Exchange Server url. No exception     
  was thrown, but EWS url came back empty.:
  ExchangeSyncEWSUrlFailed (40509). Details: id='40509'      
  name='ExchangeSyncEWSUrlFailed' uid='42585c0c-d4b2-4dfc-9303-af128e5e3a00'       teamMemberUid='c3d0c753-21b3-4ff1-8312-61fba2defe8e'.
  ExchangeSyncEWSUrlFailed (40509). Details: id='40509'      
  name='ExchangeSyncEWSUrlFailed'       uid='5a607457-2eb4-4d53-a80e-13e538fb46ff'       teamMemberUid='c3d0c753-21b3-4ff1-8312-61fba2defe8e'.
  ExchangeSyncEWSUrlFailed (40509). Details: id='40509'      
  name='ExchangeSyncEWSUrlFailed'       uid='490d7241-a2b9-42f5-b81b-a4f3ee67c2a6'       teamMemberUid='c3d0c753-21b3-4ff1-8312-61fba2defe8e'.
  ExchangeSyncEWSUrlFailed (40509). Details: id='40509'      
  name='ExchangeSyncEWSUrlFailed'       uid='eefd753b-a3da-4a17-a278-bf12fc68e58c'       teamMemberUid='c3d0c753-21b3-4ff1-8312-61fba2defe8e'.
  ExchangeSyncEWSUrlFailed (40509). Details: id='40509'      
  name='ExchangeSyncEWSUrlFailed' uid='f525cd5e-2a57-414b-a20d-1dc2528733e9'       teamMemberUid='c3d0c753-21b3-4ff1-8312-61fba2defe8e'.
  ExchangeSyncEWSUrlFailed (40509). Details: id='40509'      
  name='ExchangeSyncEWSUrlFailed'       uid='34f74c12-a812-4a80-85a3-0ece1e426f33'       teamMemberUid='c3d0c753-21b3-4ff1-8312-61fba2defe8e'.
  ExchangeSync() handle ExchangeSyncStatusingMessage for      user c3d0c753-21b3-4ff1-8312-61fba2defe8e queue message caused an     
  exception.:
  ExchangeSyncGeneralProcessingFailure (40512). Details: id='40512'      
  name='ExchangeSyncGeneralProcessingFailure' uid='7b7ab045-ba46-47cd-8504-23272e09dbcc'       teamMemberUid='c3d0c753-21b3-4ff1-8312-61fba2defe8e'       exception='Microsoft.Office.Project.Server.BusinessLayer.Queue.ExchangeSyncEmailAddressInvalidException:
        Could not find Exchange server for resource       c3d0c753-21b3-4ff1-8312-61fba2defe8e at       Microsoft.Office.Project.Server.BusinessLayer.Queue.ProcessExchangeSyncMessage.ExecuteSync(ExchangeSyncTasks
        exchangeSyncTasks) at       Microsoft.Office.Project.Server.BusinessLayer.Queue.ProcessExchangeSyncMessage.HandleMessage(Message       msg, Group messageGroup, JobTicket jobTicket,
  MessageContext mContext)'.
  ExchangeSyncGeneralProcessingFailure (40512). Details: id='40512'      
  name='ExchangeSyncGeneralProcessingFailure'       uid='a3783e9a-2b39-4878-8099-20681a4715d3'       teamMemberUid='c3d0c753-21b3-4ff1-8312-61fba2defe8e'       exception='Microsoft.Office.Project.Server.BusinessLayer.Queue.ExchangeSyncEmailAddressInvalidException:
        Could not find Exchange server for resource       c3d0c753-21b3-4ff1-8312-61fba2defe8e at       Microsoft.Office.Project.Server.BusinessLayer.Queue.ProcessExchangeSyncMessage.ExecuteSync(ExchangeSyncTasks
        exchangeSyncTasks) at       Microsoft.Office.Project.Server.BusinessLayer.Queue.ProcessExchangeSyncMessage.HandleMessage(Message       msg, Group messageGroup, JobTicket jobTicket,
  MessageContext mContext)'.
  ExchangeSyncGeneralProcessingFailure (40512). Details: id='40512'      
  name='ExchangeSyncGeneralProcessingFailure'       uid='71656d71-38d4-4acf-a26d-9f0d6f84da0b'       teamMemberUid='c3d0c753-21b3-4ff1-8312-61fba2defe8e'       exception='Microsoft.Office.Project.Server.BusinessLayer.Queue.ExchangeSyncEmailAddressInvalidException:
        Could not find Exchange server for resource       c3d0c753-21b3-4ff1-8312-61fba2defe8e at       Microsoft.Office.Project.Server.BusinessLayer.Queue.ProcessExchangeSyncMessage.ExecuteSync(ExchangeSyncTasks
        exchangeSyncTasks) at       Microsoft.Office.Project.Server.BusinessLayer.Queue.ProcessExchangeSyncMessage.HandleMessage(Message       msg, Group messageGroup, JobTicket jobTicket,
  MessageContext mContext)'.
  ExchangeSyncGeneralProcessingFailure (40512). Details: id='40512' name='ExchangeSyncGeneralProcessingFailure'
        uid='2454abb1-6a2b-4716-bd45-03a7edf80347'       teamMemberUid='c3d0c753-21b3-4ff1-8312-61fba2defe8e'       exception='Microsoft.Office.Project.Server.BusinessLayer.Queue.ExchangeSyncEmailAddressInvalidException:
        Could not find Exchange server for resource       c3d0c753-21b3-4ff1-8312-61fba2defe8e at       Microsoft.Office.Project.Server.BusinessLayer.Queue.ProcessExchangeSyncMessage.ExecuteSync(ExchangeSyncTasks
        exchangeSyncTasks) at       Microsoft.Office.Project.Server.BusinessLayer.Queue.ProcessExchangeSyncMessage.HandleMessage(Message       msg, Group messageGroup, JobTicket jobTicket,
  MessageContext mContext)'.
  ExchangeSyncGeneralProcessingFailure (40512). Details: id='40512'      
  name='ExchangeSyncGeneralProcessingFailure'       uid='3dbd4f65-f478-47e7-aeb3-d05575be69fe'       teamMemberUid='c3d0c753-21b3-4ff1-8312-61fba2defe8e'       exception='Microsoft.Office.Project.Server.BusinessLayer.Queue.ExchangeSyncEmailAddressInvalidException:
        Could not find Exchange server for resource       c3d0c753-21b3-4ff1-8312-61fba2defe8e at Microsoft.Office.Project.Server.BusinessLayer.Queue.ProcessExchangeSyncMessage.ExecuteSync(ExchangeSyncTasks      
  exchangeSyncTasks) at       Microsoft.Office.Project.Server.BusinessLayer.Queue.ProcessExchangeSyncMessage.HandleMessage(Message       msg, Group messageGroup, JobTicket jobTicket, MessageContext mContext)'.
  ExchangeSyncGeneralProcessingFailure (40512). Details: id='40512'      
  name='ExchangeSyncGeneralProcessingFailure'       uid='17a05fda-8702-4e20-93d1-068bf9182cf1'       teamMemberUid='c3d0c753-21b3-4ff1-8312-61fba2defe8e' exception='Microsoft.Office.Project.Server.BusinessLayer.Queue.ExchangeSyncEmailAddressInvalidException:
        Could not find Exchange server for resource       c3d0c753-21b3-4ff1-8312-61fba2defe8e at       Microsoft.Office.Project.Server.BusinessLayer.Queue.ProcessExchangeSyncMessage.ExecuteSync(ExchangeSyncTasks
        exchangeSyncTasks) at       Microsoft.Office.Project.Server.BusinessLayer.Queue.ProcessExchangeSyncMessage.HandleMessage(Message       msg, Group messageGroup, JobTicket jobTicket,
  MessageContext mContext)'.
  Queue:     
  GeneralQueueJobFailed (26000) -
  ExchangeSyncTasks.ExchangeSyncTasks. Details: id='26000' name='GeneralQueueJobFailed' uid='cfd94c57-78c0-4c1a-b343-22e36d940276' JobUID='11ff22eb-364b-4ff6-a05f-10e29407e04a' ComputerName='HOPROJECTSVR' GroupType='ExchangeSyncTasks' MessageType='ExchangeSyncTasks'
  MessageId='1' Stage=''. For more details, check the ULS logs on machine
  HOPROJECTSVR for entries with JobUID 11ff22eb-364b-4ff6-a05f-10e29407e04a.
  Cletus51

  We found the problem. 
  We downloaded the "Go Daddy Class 2 Certification Authority Root Certificate".  Via Sharepoint 2010 Central Administration, we created a new trust relationship using the certificate we downloaded. 
  Cletus51

• Configuration of oim 10g and oam 10g.. and integrating oam10g with oid

  Hi..
  i am trying to configure OAM10g and OIM10g and integrate OAM10g with OID..
  please send me the documents if any had...
  Thanks & Regards,
  avinash

  For integrating OIM 10g with OAM 10g, refer doc below:
  http://docs.oracle.com/cd/E14899_01/doc.9102/e14761/oamsso.htm#sthref78
  For OAM and OID integration refer:
  http://docs.oracle.com/cd/E15217_01/index.htm
  regards,
  GP

• OAM 10g - obmygroups and nested dynamic groups

  I've run into an issue with the obmygroups header action in OAM 10g, and I'm not sure whether this is by design or not.
  The obmygroups will return static and dynamic group names for which the user is a member, and it will return static groups that contain nested static groups where the user is a member of the nested group. However, it doesn't seem to static groups with nested dynamic groups where the user is a member of the nested dynamic group.
  Is that by design? Is there any way to nest dynamic groups so that obmygroups will return the parent group name? I'd like to have a group that contains both nested static and nested dynamic groups, and have the obmygroups action return the name of the parent group.
  Thanks,
  Matt

  Return Attribute Action in authentication or authorization rules
  obmygroups:<ldap_url> special attribute returns those groups to which the user belongs that also satisfy the criteria <ldap_url> filter specifies.
  EX: "obmygroups:ldap:///cn=Groups,dc=myorg,dc=com??sub(group_type=role) returns all the groups in cn=Groups,dc=myorg,dc=com tree for which the logged-in user is a member and the group_type is role.
  For more information check OAM Access Administration Guide

• MultiThreaded Server and Client connections query.

  I have written a MultiThreaded Server to accept incoming client requests.
  Multiple clients can connnect to this server and have a conversation.
  I invoke the 'MultiServer' from the command line and then invoke 3 clients
  from the command line.('Client').
  c:> java MultiServer
  c:> java Client
  c:> java Client
  c:> java Client
  All the 3 clients now run in their own thread and send messages
  to the server.
  The problem I am facing is this:
  When client1 connects to the server and sends a message to the server (with the server responding)
  it works fine.Both Server and Client can exchange messages.
  When client2 connects to the server and sends a message and when the server
  responds with a message,the message does NOT go to client2,but goes to Client1
  As Clients have their own thread to run,shouldnt the messages also be delivered to
  individual clients
  Am I missing something?
  My Code
  public class MultiServer {
      public static void main(String[] args) throws IOException {
          ServerSocket serverSocket = null;
          boolean listening = true;
          try {
              serverSocket = new ServerSocket(4444);
              System.out.println("MultiServer listening on Port 4444");
          } catch (IOException e) {
              System.err.println("Could not listen on port: 4444.");
              System.exit(-1);
          // Indefinite Loop.
          while (listening)
           new MultiServerThread(serverSocket.accept()).start();
          serverSocket.close();
  public class MultiServerThread extends Thread {
      private Socket socket = null;
      public MultiServerThread(Socket socket) {
       super("MultiServerThread");
       this.socket = socket;
      public void run() {
       try {
           PrintWriter out = new PrintWriter(socket.getOutputStream(), true);
           BufferedReader in = new BufferedReader(
                          new InputStreamReader(
                          socket.getInputStream()));
             BufferedReader stdInFromServer = new BufferedReader(new InputStreamReader(System.in));
          String fromTheClient,fromServer;
             fromServer = "Hi Client,How u doing? ";
          // Send a message from the Server.
             out.println(fromServer);
              while ((fromTheClient = in.readLine()) != null) {
               if (fromTheClient.equals("ByeServer"))
               break;
               // Display message received from Client.
               System.out.print("Client Response : ");
            System.out.println(fromTheClient);
               // Input reply from the Server.
               fromServer = stdInFromServer.readLine();
               out.println(fromServer);
               if (fromServer.equals("Bye."))
                  break;
           out.close();
           in.close();
           socket.close();
       } catch (IOException e) {
           e.printStackTrace();
  Client Code
  ===========
  public class Client {
      public static void main(String[] args) throws IOException {
          Socket kkSocket = null;
          PrintWriter out = null;
          BufferedReader in = null;
          try {
              kkSocket = new Socket("localhost", 4444);
              out = new PrintWriter(kkSocket.getOutputStream(), true);
              in = new BufferedReader(new InputStreamReader(kkSocket.getInputStream()));
          } catch (UnknownHostException e) {
              System.err.println("Don't know about host: localhost.");
              System.exit(1);
          } catch (IOException e) {
              System.err.println("Couldn't get I/O for the connection to: localhost.");
              System.exit(1);
          BufferedReader stdIn = new BufferedReader(new InputStreamReader(System.in));
          String fromServer;
          String fromUser;
          while ((fromServer = in.readLine()) != null) {
              System.out.println("Server: " + fromServer);
              if (fromServer.equals("Bye."))
                  break;
                  fromUser = stdIn.readLine();
           if (fromUser != null) {
                  out.println(fromUser);
          out.close();
          in.close();
          stdIn.close();
          kkSocket.close();
  }

  Taking standard input for multiple threads from one console is quite unpredictable. I think the first client thread is waiting for input when you connect the second. You type something into your server window and since the first thread was waiting for input, it takes the input and sends it to client 1.

• URGENT - BPEL PM server and IE crash after re-installing jre - HELP

  URGENT
  After re-installing jre 1.5 update 3, still BPEL process manager and IE both crash when I click on the deployed process from the dashboard ..
  Please help.
  Thanks

  bpel is NOT certiefied with java 1.5, and if you look at the start script for the server we take the java_home so setting that back to the old one should do it ..
  thx clemens

• ACS Server and Downloading Certificate for LDAP External DB

  Hello,
  We have a Cisco ACS appliance version 3.3 (I know, it is older).
  We have a cert7.db file located on an FTP server ready for the ACS appliance to download so it will use secure ldap.
  No matter how we enter the information to download the certificate, it returns the error: The server name or address could not be resolved.
  We are trying to use the IP address (so name resolution should not be an issue), but just cannot get the darned thing to work. We can FTP from any other machine to the server using a dos prompt - credentials should not be an issue and neither should the starting directory - which is /.
  Anyone know what I might be missing?
  Joel

  Did you ever figure this one out ? I may have the same type issue.
  thanks
  [email protected]

• Need help:Urgent:MS SQL Server and J2EE Server

  Hello,
  i am developing simple bean managed persistence bean. i want to know how could i use microsoft SQL Server as my database with ejb's in J2EE. i don't want to use cloudscape rather i want to connect through jdbc bridge with sql server. can any body help me out ?
  i have developed DSN for my database with the name of DsnProduct and user name for DB is guest and password is guest123.
  so do i have to change configuration is my J2EE server . or put some additional code. so far i have added the following line in my implementation class
  private String dbName= "java:comp/env/jdbc/ProductDB";
  DataSource ds = (DataSource) ic.lookup(dbName);
  con = ds.getConnection("guest","guest123");
  moreover in server configuration i have added driver
  sun.jdbc.odbc.JdbcOdbcDriver
  and also provide the following JNDI Name
  jdbc/ProductDB
  and
  it's url is
  jdbc:odbc:DsnProduct
  i am thankfull for your support.
  [email protected]

  hi llturro,
  Thanks for answering my question. I have tried out what you suggested, but I still can't fix my problem. The following are the messages that display when I try to run my servlet. It seems that the DataSource, Connection and Statement are ok, however when it comes to the ResultSet the error message appear. What's wrong with my ResultSet coding ?
  ResultSet rs = stat.executeQuery("SELECT ISBN FROM BOOKSINFO WHERE ISBN='"+primarykey+"'");
  setEntityContext Method
  Find by primary key
  DataSource OK
  Connection OK
  Primary Key = 013-00-675721-9
  Statement OK
  java.rmi.ServerException: RemoteException occurred in server thread; nested exception is:
  java.rmi.RemoteException: Unknown Exception/Error thrown by EJB method.; nested exception is:
  java.lang.NullPointerException
  java.rmi.RemoteException: Unknown Exception/Error thrown by EJB method.; nested exception is:
  java.lang.NullPointerException
  java.lang.NullPointerException
  <<no stack trace available>>

• URGENT : MS SQL Server and SAP BW 3.5 Connection problem....

  Hello All,
  How ya all doin ?
  I got job as a fresher, and now we are facing some problem here with
  the datasource creation / generation. We have already generated views
  & DSs for some tables, for some views we can see the data in the
  datasource in the BW datasources but for some views it is giving
  information NO DATA IN THE TABLE for that we can see the data in the
  DB Table in MS SQL Server using select ......
  Kindly help with this issue as soon as possible.
  Thanks in advance....
  Best Regards....
  Sankar Kumar

  Hello Sankar,
  Thanks...
  For Varchar(500) you can try this way.
  When you are getting data from DBConnect, include that VARCHAR(500) field in view (so this includes this field to be in transfer structure). But don't map any transfer rules for this field (This avoids the problems to be raised by DB Connect).
  Create a Start Routine in the Transfer Rules. In this routine, you can access your VARCHAR(500) field. (I don't know what is your requirement for VARCHAR(500) field with respect to reporting perspective.)
  One way is create 9 InfoObjects with char(60). Then parse the varchar(500) field and assign to InfoObject1, InfoObject2 so on....
  Another way is, create a table using se11. With key fields to identify individual comments, comment Line number and actual comment. Parse varchar field and insert into this table. Based on your requirement either create a generic extractor using this table and load the data into ODS. Then you can join this ODS and rest of the data ODS and display. or write an ABAP program to show as report using this table...
  Hope this helps,
  GSM.

• OAM 10g attribute is not visible in object class in Identity System console

  Hi All,
  This is about OAM 10g environment with OID used as user/config/policy store. There are one custom user object class and custom attributes defined in Identity System console already. Now there is a requirement to add another custom attribute to that already existing custom user object class.
  I have created the attribute in schema through ldap command and I am able to see it in LDAP browser as well. However even after restarting OAM identity server and webpass services, the attribute is not visible in Identity System console -> Common Configuration -> Objectclasses -> Custom object class.
  Appreciate any help. Please treat this as urgent.
  Thanks
  Mahendra.

  The solution is to add the attributes in OVD schema as OVD is the user store.

• OAM Access Server - Cannot load cert chain file aaa_chain.pem

  Hi experts,
  I am in the midst of changing the Transport Layer Security (TLS) of OAM Access Server from Open mode to Cert mode, and encountering the error not able to load aaa_chain.pem.
  Below are the steps which I have did:-
  1. Change the TLS mode for both Access Server and Webgate from Open >> Cert mode in the Access System console
  2. Stop the Access Server from Services
  3. From the <access server install dir> run ConfigureAAAServer.exe to generate aaa_req.pem and aaa_key.pem.
  4. Copy the certificate request from the aaa_req.pem and submit to Internal CA (Ms CA).
  5. Download the Certificate and Certificate Chain in Base 64 encoding, and rename into *.pem. E.g. certnew.cer >> aaa_cert.pem certnew.p7b >> aaa_chain.pem.
  6. Copy *.pem files in to <access server install dir>/oblix/config
  7. Rerun ConfigureAAAServer.exe to install the cert, all went smoothly without issue.
  8. Start Access Server from Services. <<< Service failed to start.
  NOTE: I did the same thing for Policy Manager, used genCert.exe to generate certificate request, submit the CA to sign and installed.
  Check on the event viewer, the following error was found.
  **===========================================================================**
  Log Name: Application
  Source: ObAAAServer-AccSvr01
  Date: 16/8/2010 1:06:39 AM
  Event ID: 1
  Task Category: None
  Level: Error
  Keywords: Classic
  User: N/A
  Computer: IDMsvr.SSO.com
  Description:
  The description for Event ID 1 from source ObAAAServer-AccSvr01 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
  If the event originated on another computer, the display information had to be saved with the event.
  The following information was included with the event:
  Access Server Exception: Error: Cannot load cert chain file C:\Program Files (x86)\NetPoint\access/oblix/config/aaa_chain.pem
  the message resource is present but the message is not found in the string/message table
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
  <Provider Name="ObAAAServer-AccSvr01" />
  <EventID Qualifiers="49152">1</EventID>
  <Level>2</Level>
  <Task>0</Task>
  <Keywords>0x80000000000000</Keywords>
  <TimeCreated SystemTime="2010-08-15T17:06:39.000Z" />
  <EventRecordID>1072</EventRecordID>
  <Channel>Application</Channel>
  <Computer>IDMsvr.SSO.com</Computer>
  <Security />
  </System>
  <EventData>
  <Data>Access Server Exception: Error: Cannot load cert chain file C:\Program Files (x86)\NetPoint\access/oblix/config/aaa_chain.pem</Data>
  </EventData>
  </Event>
  **===========================================================================**
  The ConfigureAAAServer.exe_
  C:\Program Files (x86)\NetPoint\access\oblix\tools\configureAAAServer>configureA
  AAServer.exe reconfig "C:\Program Files (x86)\NetPoint\access"
  Please enter the Mode in which you want the Access Server to run : 1(Open) 2(Si
  mple) 3(Cert) : 3
  Do you want to request a certificate (1) or install a certificate (2) ? : 1
  Please enter the Pass phrase for this Access Server :
  Do you want to store the password in the file ? : 1(Y) 2(N) : 1
  Preparing to generate certificate. This may take up to 60 seconds. Please wai
  t.
  Loading 'screen' into random state - done
  Generating a 1024 bit RSA private key
  .............++++++
  ..++++++
  writing new private key to 'C:\Program Files (x86)\NetPoint\access\oblix\config\
  aaa_key.pem'
  You are about to be asked to enter information that will be incorporated
  into your certificate request.
  What you are about to enter is what is called a Distinguished Name or a DN.
  There are quite a few fields but you can leave some blank
  For some fields there will be a default value,
  If you enter '.', the field will be left blank.
  Country Name (2 letter code) [US]:.
  State or Province Name (full name) [Some-State]:.
  Locality Name (eg, city) []:.
  Organization Name (eg, company) [Some-Organization Pty Ltd]:.
  Organizational Unit Name (eg, section) []:.
  Common Name (eg, hostName.domainName.com) []:IDMsvr.sso.com
  Email Address []:.
  writing RSA key
  Your certificate request is in file : C:\Program Files (x86)\NetPoint\access/ob
  lix/config/aaa_req.pem
  Please get your certificate request signed by the Certificate Authority.
  On obtaining your certificate, please place your certificate in 'C:\Program Fil
  es (x86)\NetPoint\access/oblix/config/aaa_cert.pem' file and the certificate aut
  hority's certificate for the corresponding component (for example: WebGate, AXML
  Server) in 'C:\Program Files (x86)\NetPoint\access/oblix/config/aaa_chain.pem'
  file.
  Once you have your certificate placed at the above mentioned location, please f
  ollow the instructions on how to start the Access Server.
  More Information on setting up Access Server in Certificate mode can be obtaine
  d from the Setup Installation Guide.
  Access Server mode has been re-configured successfully.
  Please note that new security mode will take effect only after the security mod
  e for this Access Server is changed to 'cert' from the Access Manager System Con
  sole.
  Do you want to specify or update the failover information ? : 1(Y) 2(N) :2
  Please restart the Access Server from the Control Panel Services once you have
  placed your certificates at the above mentioned location.
  Press enter key to continue ...
  C:\Program Files (x86)\NetPoint\access\oblix\tools\configureAAAServer>configureA
  AAServer.exe reconfig "C:\Program Files (x86)\NetPoint\access"
  Please enter the Mode in which you want the Access Server to run : 1(Open) 2(Si
  mple) 3(Cert) : 3
  Do you want to request a certificate (1) or install a certificate (2) ? : 2
  Please enter the Pass phrase for this Access Server :
  Do you want to store the password in the file ? : 1(Y) 2(N) : 1
  Please provide the full path to the Certificate key file [C:\Program Files (x86)
  \NetPoint\access/oblix/config/aaa_key.pem] : C:\Program Files (x86)\NetPoint\acc
  ess\oblix\config\aaa_key.pem
  Please provide the full path to the Certificate file [C:\Program Files (x86)\Net
  Point\access/oblix/config/aaa_cert.pem] : C:\Program Files (x86)\NetPoint\access
  \oblix\config\aaa_cert.pem
  Please provide the full path to the Certificate authority's certificate chain fi
  le [C:\Program Files (x86)\NetPoint\access/oblix/config/aaa_chain.pem] : C:\Prog
  ram Files (x86)\NetPoint\access\oblix\config\aaa_chain.pem
  Access Server mode has been re-configured successfully.
  Please note that new security mode will take effect only after the security mod
  e for this Access Server is changed to 'cert' from the Access Manager System Con
  sole.
  Do you want to specify or update the failover information ? : 1(Y) 2(N) :2
  Please restart the Access Server from the Control Panel Services.
  Press enter key to continue ...
  **===========================================================================**
  I followed through the documentation on OAM Identity & Common Admin - Chapter 8 guide.
  Is there anything which I have missed or something to do with the certificate.
  Thanks in advance.
  Regards,
  Wing
  Edited by: user13340813 on Aug 19, 2010 8:56 PM

  No, you didn't do anything wrong, JeanPhilippe. I'm right there with you. There's even another thread on this issue:
  <http://discussions.apple.com/thread.jspa?messageID=10808126>
  I had the same problem: IMAP & POP services would not launch using SSL. Finally got it resolved today. It had nothing to do with certificates and their names, or creating them in openssl, and everything to do with a botched dovecot.conf file, courtesy of Server Admin.
  It appears that every time I changed the certificate for IMAP & POP SSL in Server Admin, it appended the new selection to the dovecot.conf file on 3 separate lines. The result was an unhealthy list of every certificate file Server Admin had ever been pointed to for this service.
  After making a backup, I edited the file (/etc/dovecot/dovecot.conf) down to the single cert file I wanted it to use. It happened to be first in the list, FWIW.
  If you want to duplicate this, look for the lines beginning with:
  "sslcertfile"
  "sslkeyfile"
  "sslcafile"
  Obviously you need to be careful in there. But I did not even have to bounce the service before it took my changes. Thankfully, Server Admin did not overwrite my edits (which I've seen happen with manual config of other services, such as the iChat service.)
  Good luck, and let me know if I can provide more detail.

• Monitoring Tool for OAM 10g

  Hi all,
  I am trying to find all possible ways to monitor a OAM 10g server.. From the documentations I read about SNMP Monitoring.. So I installed the SNMP Agent in the machine where OAM is installed.. And I came to know how to enable SNMP Monitoring in OAM 10g..
  I am drafting my understandings.. please correct me if I am worng;
  - The SNMP Agent that is installed in the OAM machine will gather the monitoring information
  - The Agent will send the information via SNMP to a master application
  If my understanding is correct, these are my questions for which I need your answers; :)
  1. Do I need to install any third party tools like Tivoli or Sun SunNet Manager to which the SNMP Agent will send the information??
  2. My task is to create a custom monitoring application for OAM 10g. Can u please suggest me a best way to do this..
  3. Is there any other way to monitor the Identity and Access Server..
  Thank you :)
  A * R

  The Identity Management Pack for Enterprise Manager provide central Monitoring of most of the IAM component (included OAM) and should provide soon monitoring of all IAM component in version 11g. So if you are looking at a complete solution this is a good way to go.
  http://www.oracle.com/products/middleware/identity-management/management-monitoring.html
  http://www.oracle.com/technology/products/oem/pdf/twp_idm_mgmt.pdf
  hth
  Chris
  Edited by: chris W on Dec 10, 2009 1:38 PM

• Adding a management server and a gateway server in existing management group

  we have a scom2012R2 management group in which a management server sits in forest/domain A and a gateway server in forest/domain B, C, D, etc.
  Now we want to add a second management server in forest/domain A and a second gateway server in forest/domain B.
  My understanding is to add a second management server in domain A, I just need to run the setup wizard and join it in to the existing management group. I also need to import the certificate in the new MS. Is this right?
  When adding the second gateway server, do I have to run the gateway approve tool on the first management server?
  Thanks in advance

  Yes, you are right, But to add a second management server in domain A, this server must join domain A.
  To configure additional management server, you can refer below link
  http://technet.microsoft.com/en-us/library/hh284673.aspx
  And Also for adding second gateway, you will need to run gateway approve tool on the first management server and implement certificate.
  http://technet.microsoft.com/en-us/library/hh456445.aspx
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"

• Query regarding the Node manager configuration(WLS and OAM Managed server)

  Query regarding the Node manager configuration(WLS and OAM Managed server):
  1) In the nodemanager.properties I have added the ListenAddress:myMachineName and ListenPort: 5556
  My setup : One physical Linux machine(myMachineName) has : WLS admin server, managed server(OAM 11G) and nodemanager.No clustered environment.
  2) nodemanager.log has the following exception when I start the oam_server1 using EM(Enterprise Manager11g):
  Mar 23 2012 1:39:55 AM> <SEVERE> <Fatal error in node manager server>
  java.net.BindException: Address already in use
  at java.net.PlainSocketImpl.socketBind(Native Method)
  at java.net.AbstractPlainSocketImpl.bind(AbstractPlainSocketImpl.java:336)
  at java.net.ServerSocket.bind(ServerSocket.java:336)
  at javax.net.ssl.impl.SSLServerSocketImpl.bind(Unknown Source)
  at java.net.ServerSocket.<init>(ServerSocket.java:202)
  at javax.net.ssl.SSLServerSocket.<init>(SSLServerSocket.java:125)
  at javax.net.ssl.impl.SSLServerSocketImpl.<init>(Unknown Source)
  at javax.net.ssl.impl.SSLServerSocketFactoryImpl.createServerSocket(Unknown Source)
  Default port on which node manager listen for requests is localhost:5556.I have changed it to point to my machine. The port should be of WLS admin server or it should be the managed server port?
  3) I have started the NodeManager using the startNodeManager.sh script.
  4) The admin server port is 7001 and the oam managed server port is 14100.
  Any inputs on what might be wrong in the setup will be helpful.Thanks !

  By using netstat -anp|grep 5556 you can check which process on your machine is using the 5556 port.

• Exchange 2010 Migration - Decommissioning Multi Role Server and Splitting Roles to 2 new servers - Certificate Query

  Hi,
  I have been tasked with decommissioning our single Multi Role Server (CAS/HT/MB) and assigning the roles to 2 new servers. 1 server will be dedicated to CAS and the other new server will be dedicated to HT & MB roles.
  I think I'm OK with the moving of HT and MB roles from our current server to the new HT/MB server by following "Ed Crowley's Method for Moving Exchange Servers", my focus is on the migration of the CAS role from the current to the new server as
  this one has the potential to kill our mail flow if I don't move the role correctly.
  The actual introduction of the new CAS server is fairly straight forward but the moving of the certificate is where I need some clarification.
  Our current multi role server has a 3rd Party Certificate with the following information:
  Subject: OWA.DOMAIN.COM.AU
  SANs: internalservername.domain.local
            autodiscover.domain.com.au
  The issue here is the SAN entry "internalservername.domain.local" which will need to be removed in order for the certificate to be used on the new CAS server, firstly because the CAS server has a different name and secondly the internal FQDN will
  no longer be allowed to be used from 2015 onwards. So I will need to revoke this certificate and issue a new certificate with our vendor who is Thawte.
  This presents me with an opportunity to simplify our certificate and make changes to the URLs using a new certificate name, so I have proposed the following:
  New Certificate:
  Subject: mail.domain.com.au
  SANs: autodiscover.domain.com.au
            OWA.DOMAIN.COM.AU
  I would then configure the URLs using PowerShell:
  Set-ClientAccessServer -Identity NEWCASNAME-AutodiscoverServiceInternalUrl https://mail.domain.com.au/autodiscover/autodiscover.xml
  Set-WebServicesVirtualDirectory -Identity " NEWCASNAME\EWS (Default Web Site)" -InternalUrl https://mail.domain.com.au/ews/exchange.asmx
  Set-OABVirtualDirectory -Identity " NEWCASNAME\oab (Default Web Site)" -InternalUrl https://mail.domain.com.au/oab
  Set-OWAVirtualDirectory -Identity " NEWCASNAME\owa (Default Web Site)" -InternalUrl https://mail.domain.com.au/owa
  I would also then set up split DNS on our internal DNS server creating a new zone called "mail.domain.com.au" and add an host A record with the internal IP address of the new CAS server.
  Now I know I haven't asked a question yet and the only real question I have is to ask if this line of thinking and my theory is correct.
  Have I missed anything or is there anything I should be wary of that has the potential to blow up in my face?
  Thanks guys, I really appreciate any insights and input you have on this.

  Hi Ed,
  Thanks for your reply, it all makes perfect sense I guess I was being optimistic by shutting down the old server and then resubscribing the edge and testing with mailboxes on the new mailbox server.
  I will make sure to move all of the mailboxes over before removing the old server via "Add/Remove Programs". Will I have to move the arbitration mailboxes on the old server across to the new mailbox server? Will having the arbitration mailboxes
  on the old server stop me from completely removing exchange?
  Also, the InternalURL & ExternalURL properties are as follows:
  Autodiscover:
  New CAS - InternalURL: https://svwwmxcas01.pharmacare.local/Autodiscover/Autodiscover.xml
  Old CAS - InternalURL: https://svwwmx001.pharmacare.local/autodiscover/autodiscover.xml
  WebServices:
  New CAS - InternalURL: https://svwwmxcas01.pharmacare.local/EWS/Exchange.asmx
  New CAS - ExternalURL: https://owa.pharmacare.com.au/EWS/Exchange.asmx
  Old CAS - InternalURL: https://svwwmx001.pharmacare.local/ews/exchange.asmx
  Old CAS - ExternalURL: https://owa.pharmacare.com.au/EWS/Exchange.asmx
  OAB:
  New CAS - InternalURL: http://svwwmxcas01.pharmacare.local/OAB
  New CAS - ExternalURL: https://owa.pharmacare.com.au/OAB
  Old CAS - InternalURL: https://svwwmx001.pharmacare.local/oab
  Old CAS - ExternalURL: https://owa.pharmacare.com.au/OAB
  OWA:
  New CAS - InternalURL: https://svwwmxcas01.pharmacare.local/owa
  New CAS - ExternalURL: https://owa.pharmacare.com.au/
  Old CAS - InternalURL: https://svwwmx001.pharmacare.local/owa
  Old CAS - ExternalURL: https://owa.pharmacare.com.au/
  ECP:
  New CAS - InternalURL: https://svwwmxcas01.pharmacare.local/ecp
  New CAS - ExternalURL: https://owa.pharmacare.com.au/ecp
  Old CAS - InternalURL: https://svwwmx001.pharmacare.local/ecp
  Old CAS - ExternalURL: https://owa.pharmacare.com.au/ecp
  Our Public Certificate has the following details:
  Name: OWA.PHARMACARE.COM.AU
  SAN/s: autodiscover.pharmacare.com.au, svwwmx001.pharmacare.local
  From your previous communications you mentioned that this certificate would not need to change, it could be exported from the old server and imported to the new which I have done. With the InternalURL & ExternalURL information that you see here can you
  please confirm that your original recommendation of keeping our public certificate and importing it into the new CAS is correct? Will we forever get the certificate warning on all of our Outlook clients when we cut over from the old to the new until we get
  a new certificate with the SAN of "svwwmx001.pharmacare.local" removed?
  Also, I am toying with the idea of implementing a CAS Array as I thought that implementing the CAS Array would resolve some of the issues I was having on Saturday. I have followed the steps from this website, http://exchangeserverpro.com/how-to-install-an-exchange-server-2010-client-access-server-array/,
  and I have got all the way to the step of creating the CAS array in the Exchange Powershell but I have not completed this step for fear of breaking connectivity to all of my Outlook Clients. By following all of the preceeding steps I have created a Windows
  NLB with dedicated NICs on both the old CAS and the new CAS servers (with separate IP addresses on each NIC and a new internal IP address for the dedicated CAS array) and given it the name of "casarray.pharmacare.local" as per the instructions on
  the website, the questions I have on adding the CAS array are:
  1. Do you recommend adding the CAS array using this configuration?
  2. Will this break Outlook connectivity alltogether?
  3. Will I have to generate a new Public Certificate with an external FQDN of "casarray.pharmacare.com.au" pointing back to a public IP or is it not required?
  4. If this configuration is correct, and I add the CAS Array as configured, when the time comes to remove the old server is it just as simple as removing the NLB member in the array and everything works smoothly?
  So, with all of the information at hand my steps for complete and successful migration would be as follows:
  1. Move all mailboxes from old server to new server;
  2. Move arbitration mailboxes if required;
  3. Implement CAS Array and ensure that all Outlook clients connect successfully;
  4. Remove old server;
  5. Shut down old server;
  6. Re-subscribe Edge from new Hub Transport server;
  7. Test internal & external comms;
  We also have internal DNS entries that would need changing:
  1. We have split DNS with a FLZ of "owa.pharmacare.com.au" that has a Host A record going to the old server, this would need changing from "svwwmx001.pharmacare.local" to "svwwmxcas01.pharmacare.local";
  2. The _autodiscover entry that sits under _TCP currently has the IP address of the old server, this would need to be changed to the IP address of the new CAS;
  3. The CNAME that sits in our FLZ for "pharmacare.local" would need to be changed from "svwwmx001.pharmacare.local" to "svwwmxcas01.pharmacare.local".
  4. Or rather than using the FQDN of the server where applicable in the DNS changes would I be using the FQDN of the CAS Array instead? Please confirm.
  Would you agree that the migration path and DNS change plan is correct?
  Sorry for the long post, I just need to make sure that everything goes right and I don't have egg on my face. I appreciate your help and input.
  Thanks again.
  Regards,
  Jamie