User Management: Application Groups

Hi.
Is it ok that an application is under another application group different among others?
Like one is under 'ESSBASE: <Server Name>' and all the others are under 'PLANNING'?
Because only the administrator could access the one under ESSBASE application group...
What are these application groups for anyway?
Thanks.

They are basically just like folders to group different products and applications together.
Under essbase you should have the registered servers and under that the apps registered to that essbase server.
The planning group would of been manually created and planning apps placed under it just to group the apps together.
A new group could easily be created and the planning apps be moved underneath it.
Cheers
John
http://john-goodwin.blogspot.com/

Similar Messages

User managed cache group

Hi,
I have created user managed cache group as follows :
create usermanaged cache group writewherecache
AUTOREFRESH
MODE INCREMENTAL
INTERVAL 30 SECONDS
STATE ON
from interchange.writewhere
(PK NUMBER NOT NULL primary key,
ATTR VARCHAR2(40),PROPAGATE)
where (interchange.writewhere.pk between '105' and '106');
oracle have 5 rows in table but now from TT 'select * from interchange.writewhere ' statement doesnot show any result.
what is the problem?
Edited by: user11969173 on Nov 4, 2009 2:30 AM

ttmesg.log showing as follows:
17:34:00.91 Info: ORA: 3049: ora-3049-1077582144-lMarker01387: Datastore: CACHEGENI Log Table Marker marked 0 rows of log table TT_05_87616_L with logseq 2 through 2
17:34:01.83 Info: ORA: 3049: ora-3049-1107204416-refresh04075: Datastore: CACHEGENI Starting autorefresh number 2092 for interval 5000ms
17:34:01.83 Info: ORA: 3049: ora-3049-1107204416-refresh04097: Datastore: CACHEGENI Autorefresh thread for interval 5000ms is connected to instance geni11g on host isgcent216. Server handle 46918156651896
17:34:01.85 Info: ORA: 3049: ora-3049-1107204416-lMarker01387: Datastore: CACHEGENI Log Table Marker marked 0 rows of log table TT_05_87616_L with logseq 2 through 2
17:34:01.87 Info: ORA: 3049: ora-3049-1107204416-refresh04762: Datastore: CACHEGENI Cache agent refreshed cache group CACHEUSER.READCACHE: Number - 2092, Duration - 0ms, NumRows - 0, NumRootTblRows - 0, NumOracleBytes - 0, queryExecDuration - 0ms, queryFetchDuration - 0ms, ttApplyDuration - 0ms, totalNumRows - 0, totalNumRootTblRows - 0, totalNumOracleBytes - 0, totalDuration - 0ms
17:34:01.87 Info: ORA: 3049: ora-3049-1107204416-refresh04824: Datastore: CACHEGENI Autorefresh number 2092 finished for interval 5000ms successfully
17:34:01.87 Info: ORA: 3049: ora-3049-1107204416-fresher01709: Datastore: CACHEGENI Autorefresh number 2092 succeeded for interval 5000 milliseconds
17:34:05.09 Info: ORA: 3049: ora-3049-1105090880-eporter00385: Datastore: CACHEGENI object_id 89922, bookmark 1
17:34:05.09 Info: ORA: 3049: ora-3049-1105090880-eporter00385: Datastore: CACHEGENI object_id 89832, bookmark 6
17:34:05.10 Info: ORA: 3049: ora-3049-1105090880-eporter00385: Datastore: CACHEGENI object_id 87616, bookmark 1
17:34:05.93 Info: ORA: 3049: ora-3049-1077582144-lMarker01387: Datastore: CACHEGENI Log Table Marker marked 0 rows of log table TT_05_87616_L with logseq 2 through 2
17:34:06.83 Info: ORA: 3049: ora-3049-1107204416-refresh04075: Datastore: CACHEGENI Starting autorefresh number 2093 for interval 5000ms
17:34:06.83 Info: ORA: 3049: ora-3049-1107204416-refresh04097: Datastore: CACHEGENI Autorefresh thread for interval 5000ms is connected to instance geni11g on host isgcent216. Server handle 46918156651896
17:34:06.86 Info: ORA: 3049: ora-3049-1107204416-lMarker01387: Datastore: CACHEGENI Log Table Marker marked 0 rows of log table TT_05_87616_L with logseq 2 through 2
17:34:06.88 Info: ORA: 3049: ora-3049-1107204416-refresh04762: Datastore: CACHEGENI Cache agent refreshed cache group CACHEUSER.READCACHE: Number - 2093, Duration - 0ms, NumRows - 0, NumRootTblRows - 0, NumOracleBytes - 0, queryExecDuration - 0ms, queryFetchDuration - 0ms, ttApplyDuration - 0ms, totalNumRows - 0, totalNumRootTblRows - 0, totalNumOracleBytes - 0, totalDuration - 0ms
17:34:06.88 Info: ORA: 3049: ora-3049-1107204416-refresh04824: Datastore: CACHEGENI Autorefresh number 2093 finished for interval 5000ms successfully
17:34:06.88 Info: ORA: 3049: ora-3049-1107204416-fresher01709: Datastore: CACHEGENI Autorefresh number 2093 succeeded for interval 5000 milliseconds
17:34:10.91 Info: ORA: 3049: ora-3049-1077582144-lMarker01387: Datastore: CACHEGENI Log Table Marker marked 0 rows of log table TT_05_87616_L with logseq 2 through 2
17:34:11.83 Info: ORA: 3049: ora-3049-1107204416-refresh04075: Datastore: CACHEGENI Starting autorefresh number 2094 for interval 5000ms
17:34:11.83 Info: ORA: 3049: ora-3049-1107204416-refresh04097: Datastore: CACHEGENI Autorefresh thread for interval 5000ms is connected to instance geni11g on host isgcent216. Server handle 46918156651896
and tterrors.log didnot show any error msg.
shubha

Flusing user managed cache group - Applying filter

Hi,
I got a user managed cache group having two tables.
Table A
ItemId Number (Primary key)
ItemName varchar2
created_date date
Table B
ItemID Number (primary key)
Sale_date Number (primary key)
Sale_quanity number
created_date date.
primary key(itemid, sale_date) ,
foreign key(itemid) references tablea(itemid)
When I execute 'flush cache group sample where ItemId=100 and created_date>=trunc(sysdate)", the filter is only applied to the TableA for ItemId and created_date and it is not applied to the Table B for both the columns.
I traced the session in oracle and found that all the rows in the TABLE B for Item_ID=100 is flushed to the oracle but the additional condition on created_date is not applied on the Table B.
I was expecting that Timesten would apply the condition "created_date>=trunc(sysdate)" on both Table A and Table B, but it is being applied only on Table A.
Is this expected behaviour? Is there any way I can force the flushing operation to consider columns from both the tables? Any other workaround?
Many thanks,
Regards,
Raj

Hi,
I got a user managed cache group having two tables.
Table A
ItemId Number (Primary key)
ItemName varchar2
created_date date
Table B
ItemID Number (primary key)
Sale_date Number (primary key)
Sale_quanity number
created_date date.
primary key(itemid, sale_date) ,
foreign key(itemid) references tablea(itemid)
When I execute 'flush cache group sample where ItemId=100 and created_date>=trunc(sysdate)", the filter is only applied to the TableA for ItemId and created_date and it is not applied to the Table B for both the columns.
I traced the session in oracle and found that all the rows in the TABLE B for Item_ID=100 is flushed to the oracle but the additional condition on created_date is not applied on the Table B.
I was expecting that Timesten would apply the condition "created_date>=trunc(sysdate)" on both Table A and Table B, but it is being applied only on Table A.
Is this expected behaviour? Is there any way I can force the flushing operation to consider columns from both the tables? Any other workaround?
Many thanks,
Regards,
Raj

Can not synchronize the SAP NW UME users and system groups with SSM

We have created a demo enviroment for a client demo.
In SAP NW UME:
1. Create the system group.
2. Asing the goup created to the admin user (pipadmin).
In Administrator's user interface:
3. Acces to Administration > Set System Defaults in order to synchronize user tables. The data informed in the fields are:
SSM Administrator = pipadmin
Cache directory = C:Program FilesSAPSSMInternetPubcache
Global cache setting = Enable
End point = <IP:port>
User name = pipadmin
pasword = ······
cache = Enable
Then we click on syncronize tables (Administration > Set System Defaults). The "Update compled" message is showed but users and application group don't appear in the Administration > Manages Application Groups.
Note: We tried to syncronize yesterday and we recieved the message: restart the SSM Extended listener.

Thank you for your answer Bob.
Yes, I restarted the SSM Extended listener after all the steps.
Do you know if there is another missing step?
Regards,
Santiago

Profitability and Cost management application not available in workspace

Hi All,
I hope somebody in this forum can help me with this.
i have built a profitability and cost management application in workspace . I have validated and deployed it sucessuflly. But when i try to open the application , i am not able to see the profitability section in the open Menu or Navigate menu of workspace.
Can somebody tell what could be the cause for this?
Some Information:
I deployed one application with "Default application group" one with "Profitabilty and Cost Management"
I created the Profitabiilty and Cost Management application Group seperately in Shared Services.
Regards,
Subramaniam Ganesan

Hi Abishek,
The issue got solved after accepting the workspace server settings. Intially it didnt show me the Profitability module on the Edit mode, but when i clicked ok ( i mean accepting) it came though. Not sure how it has happened.
But it is working now.
Thanks for your help.
Regards,
Subramaniam Ganesan

User Management via Web Services

Hi,
We are investigating building a user management application that will control user creation and management across a range of applications, including SAP ECC6 and BW. The idea is to use web services to interact with the systems. I have seen that a range of BAPIs exist for managing users (e.g. BAPI_USER_CREATE, BAPI_USER_CHANGE) - does anyone have any experience in using these BAPIs via web services that they would be willing to share?
Thanks

HI Colin,
We did that successfully. It was webservice/infopath based Interactive . net form which would do user management and also Workflow funtionality. In summary from my experience
- Initial cost would be cheaper, however ongoing maintainance on whole infrastructure should be considered.
- SAP BAPI/FM/webservice development was very easy
- Integration with Infopath was challange
- Fronted development was pain as you would need other people to do that for you
- Once operational, was very easy to managed
- Future enhancement was limitless
- Limitation of integration to other technology
- Should only be justifiable in absence of IDM solution
- Too much custom development
- Change management in SAP was easy (Transport, testing, QA etc) however Infopath and Frontend change Management was not easy
Let me know what other information you need. Finding BAPI's and designing in SAP is the easy part, you should think more about how you are going to deploy Webservice to end users.
However if your IT department has more bucks to spend, think about more longer term solution and towards IDM or product such as GRC etc.

I cant access my application control in user management cosole( shared svcs

Hi all.. A bit confused....... I just migrated users and groups to Shared Services.......from essbase adminstration server and essbase server.....While migrating to shared services I created a password ( lets assume 'yyyyy') for Essbase Administration Server and Essbase Server.. Well I dont have much more users... the only user for EAS server is default one which is username/password ='admin/password'. For Essbase Server username/password=xxxxxx/xxxxxxx. But after migrating users and groups to shared services mode when I tried to login with these passwords Iam unable to login....... Then I tried to login with my old username/password..... it was successfull..
The problem is when Iam trying to assign access control to application in "user management cosole"....... it is showing the error" login failed due to invalid login credentials". And also I cant access Business Rules it is throwing the error"Refer to security guide to configure security permission for this application"...........?
Any Idea....... What should do ?
Thanks and Regards,
Sri-Oracle.
Edited by: Sri-Oracle on May 6, 2009 11:16 AM

Hi John......Thanks for your reply....
I did as you said but still no hope... I think Iam making a mistake at some point.... But I dont know what is it.
The Sequence what I did was
1.Started the Essbase Server (with old username/password....as it shows only one user name while it starts).
2.Started the Essbase Administrative Server.
3.Start the EAS console...... with the old username/password=admin/password.
4.In the enterprise view I right click on the Administrative server>Externalise users> But it says "There are no users available for migration". So it seems my EAS server security has been converted to Shared Services security mode..So where can i use my new password when I created while migrating to shared services? and what is the username is it admin or some other?
5.In the enterprise view I right clicked on the essbase server. I removed the current Essbase Server. Then I tried to add Essbase Server.. Here I can see the checkbox for "Use External Authentication". So it means my essbase server has been externalised.. Well Here is the problem..When the check box is enabled it shows only username that is admin.....and password field is not highlighted.. When I click these it says" Login fails due to invalid credentials"....But I can log in (Add Esbase Server) with uncheck the "use external authentication" check box and entered the details of my old username and NEW PASSWORD which is created while migrating ESSBASE SERVER to Shared Services... then it works..........
After these prolonged process also I cant go with access control option for applications in User Managemnet Console...........
Thanks and Regards,
Sri-Oracle

Uable to see link 'Managing Application Express Users'

When I login to admin page for the workspace, I can only see 'Monitor Activity ' 'Change Password ' and 'About Application Express ' links not other two mentioned below. Am I missing something here. Please help
About Administration
An Administration list appears on the right side of the Workspace home page. Use the following links to administer your application development environment:
Administration links to the Application Administration page. Use this page to perform administrative tasks. See "About the Application Administration Page" in Oracle Application Express Administration Guide.
Manage Services links to the Manage Services page. Use this page to manage session state, log files, preferences, and application models. See "About the Manage Services Page" in Oracle Application Express Administration Guide.
Manage Application Express Users links to the Existing Users page. Use this page to manage existing Application Express users and user groups. See "Managing Application Express Users" and "Using Groups to Manage Application Express Users" in Oracle Application Express Administration Guide.
Monitor Activity links to the Monitor Activity page. Use this page to monitor page views and view application changes. See "Monitoring Activity within a Workspace" in "Oracle Application Express Administration Guide.
Change Password links to the Change Password page. Use this page to change your workspace password. See "Resetting Your Password" in Oracle Application Express Administration Guide.
About Application Express links to the About Application Express page. This page displays version and configuration information for both Application Express and the Oracle database. See "Viewing the Application Express Product Information Page" in Oracle Application Express Administration Guide.
About Migrations

User,
What is your name?
It sounds like you've been configured as a developer, not a workspace administrator. You'll need to talk to the person that created your account.
Regards,
Dan
http://danielmcghan.us
http://sourceforge.net/projects/tapigen

Managing Application Installs and Uninstalls with AD Groups Tied to Applications

Hi everyone,
I'm trying to come up with a way to manage application deployment and removal based on user collections that have corresponding security groups in AD. I'm using SCCM 2012 r2.
Historically, I've done the following to deploy applications: -
Create a new application, setting the user experience to install for system.
Create two device collections, one named install and the other named uninstall.
Create two application deployments, one to install (targeted at the install device collection) and one to uninstall (targeted at the uninstall device collection).
Add device to install collection to install application.
To uninstall the application, remove the device from the install collection and add it to the uninstall collection.
That has all been working great but moving forward, I'd like to manage deployment based on user collections. So I've approached this as follows: -
For installations, create a new application setting the user experience to install for user.
Create a security group in AD that corresponds to the new application.
Once SCCM synchronizes with AD and the new group appears under SCCM users, create a new user collection making the security group a direct member of the collection. Set the collection to update incrementally.
Create a required installation deployment for the new application and target it at user collection for the application.
Add a user object in AD to AD security group for the application.
Once everything syncs, the user logged on to a workstation gets the application. Up to here, everything works well.
For uninstalls, I've created an AD security group called Application Uninstalls and made domain users a member.
Once this synchronizes with SCCM, I've created a new user collection called Application Uninstalls and made the security group a direct member of the collection. Again, the collection is set to incremental update.
Create an uninstallation deployment for the new application and target it at the 'Application Uninstalls' collection.
The idea behind the uninstallation is to take advantage of the 'application installation deployments take priority over uninstallation deployments'. Because every user is a member of domain users, if they are not a member of the relevant security group to
have an application installed, then the application is automatically uninstalled. The trouble is, if I remove a user from the AD security group where they get the application, the uninstall deployment isn't kicking in like I would expect and removing the application.
Any thoughts? Is this a logical approach or is it flawed?
Any input appreciated!
Bazzaroo

if I'm reading what you are saying correctly, then has the user logged out and then back on? Since the deployment is to the collection based on group membership, the client would not know that the user is no longer a member of the targeted collection until
the user token has been updated, which happens at log off/log on time.
It does depend on the collection membership - if the collection membership is to the user group, so that the collection member shows the use group, then the log off/log on would be needed.
If the collection membership list displays the individual users, then obviously that collection needs to be updated, AND new policy retrieval at the client so that it knows that it is no longer targeted.
Then, you need an Application Deployment Evaluation Cycle, which is when the client checks to see if apps that are supposed to be installed are.
Wally Mead

Need to know how to better manage revolving users in a group

I have a new Beehive Online group set up for a external partner collaboration. Members of the group are only from Oracle or that external partner. While the BHO group is new, the collaboration has been in place for a long time (since 2007). Initially at Sun Microsystems, and now Oracle.
In my description here... when I say "collaboration" you can translate that to roughly equivalent to "BHO Group"....
The nature of the collaboration is that both companies move people to/from the collaboration, depending on the work in progress. I'm not saying there are changes daily, but there can be changes every month or so. It also happens that people working on the collaboration may be moved from it for many months or longer, and then get moved back to the collaboration at a later time. Ie, the may revolve in and out of the collaboration. Trouble is, when they are moved from the collaboration there is no guarantee that they ever get moved back to it. When a person is not part of the collaboration, their access to collaboration info is taken away.
So my problem is understanding how to manage this better in BHO.
I need to allow a user to be removed from a group, with the possibility (but not certainty) of adding them again.
-- my understanding that delete user would then require SysAd intervention to add them back.
-- I also am not clear on whether deleting the user affects their other group memberships.
I tried to find out more about locking a user
-- but it seems like that affects more then the group.
Whats the recommended way to deal with this?
Thx!

I tried deleting the "verified" user using the group creation/manage tool.
- click "View members"
- select the checkbox next to the user
- click the button "Delete (non-Verified Users)"
Doing that, the user is not removed AND I get an error message in red at the top of the page that says:
'Only selected non-"Verified" member(s) have been deleted. Go to https://beehiveonline.oracle.com/BOLAdmin.html to delete "Verified" users'
So I went to the Admin tool:
- selected my group,
- selected the user from the list
- clicked the "Delete User" button above the list.
Got the warning pop-up about the user needing to be added back by SysAd, ignored it and clicked "OK".
Got a success pop-up with all kinds of internal response tracking stuff in it. Clicked "OK"
And the user is gone from the group in the Admin tool. HOWEVER, the user still shows up in the group list in the group create/manage tool.
Will the user disappear from that list? If not, the list would be misleading.
Thx!
--Resii

How to find solution for avoiding WARNING J2EE SECUR-00100 ********** user-manager (see application/server descriptors) will no longer be supported in the next release of this product

HI All,
We are using Oc4j version 10g 10.1.3 , and while starting conatiner getting below warning , let me know if anyone have solution for this,.
14/01/10 01:01:29 ********** user-manager (see application/server descriptors) will no longer be supported in the next release of this product!
Please take the appropriate actions to migrate to an alternative strategy! **********
2014-01-10 01:01:29.833 WARNING J2EE SECUR-00100 ********** user-manager (see application/server descriptors) will no longer be supported in the next release
of this product!

I just checked my BIOS and my current setting is set at IDE although it also mentions that the default should be AHCI. Currently I have a dual boot of Windows 7 (need it for Tax software) and Arch
So I guess, when I get the new HDD, I will first set it to AHCI and then install the OSes on it. See if NCQ helps any, and if not I will turn it back and re-install (if I have to). I am planning to have Windows only in virtualbox in the new drive.
Anyhoo, while I was in the BIOS I found two things which I had questions about :
1) Under Onboard Devices --> Integrated NIC , my setting is currently set at "On w/PXE" and it says the default should be just "On". Would it be ok to change it back to On since its a single machine and its not booting an OS on any server. I just don't want to have to re-install anything now since I will be doing that in the new HDD.
2) How would I know whether my BIOS would support a 64 bit OS in Virtualbox? I checked some setting under Virtualization, but they weren't very clear.
I will edit this post and let you know exactly what settings were present under the Virtualization sub-section.

Scheduling users from work group manager

I am curious how much control can you have in scheduling users or groups to when they can log on to a machine. I have a biology lab and I wanting to implement group policies that would allow/disallow login based on user ID or Group ID. Is anyone doing this with success. What I am thinking of doing in the future is create user based on a text file and then they will only be allowed to login if there are in a certain sections hours. I think I could group the users into section groups and apply the schedule to the group.
Thanks...

Hi RGrimmes,
Based on your description, I understand that you want to deploy printers via Workgroup Manager. Please refer to following articles and check if
can help you.
Managed Client: How to manage printer options
Managing printers via Workgroup Manager and MCX
Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this
information.
However, for Workgroup Manager software, I suggest that you should contact Apple Support or post the question in
Apple Support Communities.
Hope this helps.
Best regards,
Justin Gu
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

Using User Management Engine API in Portal Application

Hello,
I actually develope a simple Portal Application, which print any User-Infos. Especially I need the date of the last Login. For this purpose I read the Article Using User Management Engine API - Portal - SAP Library where they use the library com.sap.security.api. In the articel they describe also, how to set DC dependencies. But this doesn't function for a Portal Component, because they do not appear in the Component Browser.
So my question is, how get I the User Management Engine API referenced in my Portal Application, so that I can use the package com.sap.security.api. In the filesystem I can not find a JAR-File for the Development Componenten tc/je/usermanagement/api
Greetings,
Thomas

HI,
Getting the last logon date can be a small problem. There is a method called: getLastSuccessfulLogonDate, but that one is deprecated since NW 2004s.
https://help.sap.com/javadocs/NW04S/SPS09/se/com/sap/security/api/IUserAccount.html#getLastSuccessfulLogonDate()
In NW 7.3 the method is still there: Generated Documentation (Untitled), but even so, JavaDoc states that the value is not updated automatically
"get last sucessful logon date NOTE: This attribute is not automatically updated during login."

User management API/get all the users for a group

Hi all,
I'm trying to get all the users and their associated groups with the user management API. The method DirectoryManagerServiceClient.findGroupMembers(GroupMembershipSearchFilter)
returns all the users, great, but not the associated groups.
TO get the users i use the oid of a "super group" and this "super group" contains severals groups. It's the information about these groups i need.
I have read in the documentation of Principal Object that a search could omit
the group informations for efficiency. How can i bypass this limitation?
Thank you in advance for your help,
Philippe Vandenhove

Hi Philippe
Our CreateUser component will allow you to create local users and groups.
http://avoka.dnsalias.com/confluence/display/Public/Create+User+Create+Group
LookupGroup takes a group name or id, and returns a list of all members. I'm pretty sure it recursively evaluates contained groups, but you'll need to check. If it doesn't, log a bug to support-at-avoka.com.
http://avoka.dnsalias.com/confluence/display/Public/Lookup+DSC
Download at:
vhttp://www.avoka.com/apps/checkcookie?qpac=y&qpac_code=avokaESComponents&location=%2Fapps %2Fqpacdownload
Howard

SharePoint Designer workflow gives Claims Authentication error for some users. Problem getting output claims identity. The specified user or domain group was not found.

We have a SharePoint Enterprise 2013 system at RTM level. We've installed Workflow Manager 1.0 by following the steps at
http://technet.microsoft.com/en-us/library/jj658588.aspx. For the final step of Validating the Installation we created a simple list-level workflow and verified that the workflow
is invoked successfully. This is working successfully, but only for a single user. If other users in the same site collection try to invoke the workflow on this same list we get the ULS Log Error:
Claims Authentication          af3zp Unexpected STS Call Claims Saml: Problem getting output claims identity. Exception: 'Microsoft.SharePoint.SPException: The specified user or domain group was not found. --->
System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated.
followed by:
Failed to issue new security token. Exception: Microsoft.SharePoint.SPException: The specified user or domain group was not found. ---> System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated.
(as details below).
All accounts that are attempting to use the Test Workflow (both working and non-working user accounts) are valid AD accounts and are included in the User Profile Sync that runs nightly. All have Contribute or Design permission level (and for testing,
Full Control).
What could cause the Claims Authentication to fail when certain users attempt to launch the workflow?
Thank you for your response.
Jim Mac.
08/29/2013 10:22:51.94 w3wp.exe (0x2020)                       0x26D8 SharePoint Foundation
Claims Authentication         af3zp Unexpected STS Call Claims Saml: Problem getting output claims identity. Exception: 'Microsoft.SharePoint.SPException: The specified user or domain group was
not found. ---> System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated.     at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType,
Boolean forceSuccess)     at System.Security.Principal.NTAccount.Translate(Type targetType)     at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKeyClaim(IClaimsIdentity claimsIdentity,
SPClaim loginClaim)     --- End of inner exception stack trace ---     at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKeyClaim(IClaimsIdentity claimsIdent... 94aa5c2d-fa45-9b83-b203-a92b20102583
08/29/2013 10:22:51.94* w3wp.exe (0x2020)                       0x26D8 SharePoint Foundation
Claims Authentication         af3zp Unexpected ...ity, SPClaim loginClaim)     at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKey(String
encodedIdentityClaimSuffix)     at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.CreateTokenCacheReferenceFromTokenSignature(SPRequestInfo requestInfo, IClaimsIdentity identity)     at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.AugmentTokenCacheReferenceClaim(SPRequestInfo
requestInfo, IClaimsIdentity identity)     at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.AugmentOutputIdentityForRequest(SPRequestInfo requestInfo, IClaimsIdentity outputIdentity)     at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.GetOutputClaimsIdentity(IClaimsPrincipal
principal, RequestSecurityToken request, Scope scope)'. 94aa5c2d-fa45-9b83-b203-a92b20102583
08/29/2013 10:22:51.94 w3wp.exe (0x2020)                       0x26D8 SharePoint Foundation
Claims Authentication         fo1t Monitorable STS Call: Failed to issue new security token. Exception: Microsoft.SharePoint.SPException: The specified user or domain group was not found. --->
System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated.     at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess)
at System.Security.Principal.NTAccount.Translate(Type targetType)     at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKeyClaim(IClaimsIdentity claimsIdentity, SPClaim loginClaim)
--- End of inner exception stack trace ---     at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKeyClaim(IClaimsIdentity claimsIdentity, SPClaim logi... 94aa5c2d-fa45-9b83-b203-a92b20102583
08/29/2013 10:22:51.94* w3wp.exe (0x2020)                       0x26D8 SharePoint Foundation
Claims Authentication         fo1t Monitorable ...nClaim)     at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKey(String encodedIdentityClaimSuffix)
at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.CreateTokenCacheReferenceFromTokenSignature(SPRequestInfo requestInfo, IClaimsIdentity identity)     at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.AugmentTokenCacheReferenceClaim(SPRequestInfo
requestInfo, IClaimsIdentity identity)     at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.AugmentOutputIdentityForRequest(SPRequestInfo requestInfo, IClaimsIdentity outputIdentity)     at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.GetOutputClaimsIdentity(IClaimsPrincipal
principal, RequestSecurityToken request, Scope scope)     at Microsoft.IdentityModel.Securi... 94aa5c2d-fa45-9b83-b203-a92b20102583
08/29/2013 10:22:51.94* w3wp.exe (0x2020)                       0x26D8 SharePoint Foundation
Claims Authentication         fo1t Monitorable ...tyTokenService.SecurityTokenService.Issue(IClaimsPrincipal principal, RequestSecurityToken request)     at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.Issue(IClaimsPrincipal
principal, RequestSecurityToken request) 94aa5c2d-fa45-9b83-b203-a92b20102583

Hi Aries,
I am facing issue with work flow where Workflow goes to Suspend mode.
I am facing an issue with SP2013 Custom Workflow developed using Visual Studio 2012.
Objective of the Custom workflow: User fills the form and submit, list get updated and workflow will initiate and go for the process.
Issue: After the deployment of WF, for first time when user is filling the form and submit, list is getting updated. But the Workflow Goes to "Suspend" mode. (
This Custom Workflow has a configuration file where we are providing other details including ID of Impersonator (farm is running under Claim Based Authentication).
Work flow works fine once when the Impersonator initiate the workflow (Fill the form and submit for approval) and everything works fine after that.
Following steps are already performed
1.Make sure User profile synchronization is started.
2.Make sure the user is not the SharePoint system user.
3.Make sure the user by whom you are logged is available in User Profile list.
4.Step full synchronization of User Profile Application.
From the ULS logs it seems the user's security token from the STS service and User profile service is not being issued.
Appreciate any thoughts or solution.
Following are the log files.
<-------------------------------Information taken from "http://YYYY.XXXXX.com/sites/xxxx/_layouts/15/wrkstat.aspx" where it is showing workflow status as "Suspend"------->
http://yyyy.XXXX.com/sites/xxxx/_vti_bin/client.svc/sp.utilities.utility.ResolvePrincipalInCurrentcontext(input=@ParamUser,scopes='15',sources='15',inputIsEmailOnly='false',addToUserInfoList='False')?%40ParamUser='i%3A0%23.w%7CXXXXX%5Csps_biscomdev'
Correlation Id: f5bd8793-a53c-2127-bfb1-70bc172425e8 Instance Id: 14a985a0-60c8-42db-a42c-c752190b8106
RequestorId: f5bd8793-a53c-2127-0000-000000000000. Details: RequestorId: f5bd8793-a53c-2127-0000-000000000000. Details: An unhandled exception occurred during the execution of the workflow instance. Exception details: System.ApplicationException: HTTP 401
{"error_description":"The server was unable to process the request due to an internal error. For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug>
configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework SDK documentation and inspect the server trace logs."} {"x-ms-diagnostics":["3001000;reason=\"There
has been an error authenticating the request.\";category=\"invalid_client\""],"SPRequestGuid":["f5bd8793-a53c-2127-8654-672758a68234"],"request-id":["f5bd8793-a53c-2127-8654-672758a68234"],"X-FRAME-OPTIONS":["SAMEORIGIN"],"SPRequestDuration":["34"],"SPIisLatency":["0"],"Server":["Microsoft-IIS\/7.5"],"WWW-Authenticate":["Bearer
realm=\"b14e1e0f-257f-42ec-a92d-377479e0ec8d\",client_id=\"00000003-0000-0ff1-ce00-000000000000\",trusted_issuers=\"00000005-0000-0000-c000-000000000000@*,[email protected]79e0ec8d\"","NTLM"],"X-Powered-By":["ASP.NET"],"MicrosoftSharePointTeamServices":["15.0.0.4420"],"X-Content-Type-Options":["nosniff"],"X-MS-InvokeApp":["1;
RequireReadOnly"],"Date":["Fri, 10 Apr 2015 19:48:07 GMT"]} at Microsoft.Activities.Hosting.Runtime.Subroutine.SubroutineChild.Execute(CodeActivityContext context) at System.Activities.CodeActivity.InternalExecute(ActivityInstance
instance, ActivityExecutor executor, BookmarkManager bookmarkManager) at System.Activities.Runtime.ActivityExecutor.ExecuteActivityWorkItem.ExecuteBody(ActivityExecutor executor, BookmarkManager bookmarkManager, Location resultLocation)
ULS Log
04/16/2015 15:22:03.70 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation Authentication Authorization agb9s Medium OAuth request. IsAuthenticated=False, UserIdentityName=, ClaimsCount=0 f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.70 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation Runtime ajd6k Verbose Value for isAnonymousAllowed is : False f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.70 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation Runtime ajd6l Verbose Value for checkAuthenticationCookie is : True f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.70 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation General 6t8b Verbose Looking up context site
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in the farm SharePoint_Config_QA f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.70 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation General 6t8d Verbose Looking up the additional information about the typical site
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.71 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation General 6t8f Verbose Site lookup is replacing
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly with the alternate access url
http://inetdev. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.71 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation General 6t8g Verbose Looking up typical site
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in web application SPWebApplication Name=SPDEV - 80. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.71 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation General 6t8h Verbose Found typical site /sites/testrpa2 (407ba20c-079b-4b99-9e70-f86e6e13ddde) in web application SPWebApplication Name=SPDEV - 80. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.71 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation General 6t8b Verbose Looking up context site
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in the farm SharePoint_Config_QA f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.71 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation General 6t8d Verbose Looking up the additional information about the typical site
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.71 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation General 6t8f Verbose Site lookup is replacing
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly with the alternate access url
http://inetdev. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.71 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation General 6t8g Verbose Looking up typical site
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in web application SPWebApplication Name=SPDEV - 80. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.71 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation General 6t8h Verbose Found typical site /sites/testrpa2 (407ba20c-079b-4b99-9e70-f86e6e13ddde) in web application SPWebApplication Name=SPDEV - 80. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.71 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation Monitoring b4ly Medium Leaving Monitored Scope (Request (GET:http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly)). Execution Time=18.7574119057031 f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.71 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation General 6t8b Verbose Looking up context site
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in the farm SharePoint_Config_QA f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.71 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation General 6t8d Verbose Looking up the additional information about the typical site
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.71 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation General 6t8f Verbose Site lookup is replacing
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly with the alternate access url
http://inetdev. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.71 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation General 6t8g Verbose Looking up typical site
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in web application SPWebApplication Name=SPDEV - 80. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.71 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation General 6t8h Verbose Found typical site /sites/testrpa2 (407ba20c-079b-4b99-9e70-f86e6e13ddde) in web application SPWebApplication Name=SPDEV - 80. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.73 PowerShell.exe (0x29BC) 0x2B9C SharePoint Foundation General narq Verbose Releasing SPRequest with allocation Id {AF89E1D7-C47F-467B-8FD4-D7DC768820EE}
04/16/2015 15:22:03.73 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8b Verbose Looking up context site
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in the farm SharePoint_Config_QA
04/16/2015 15:22:03.73 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8d Verbose Looking up the additional information about the typical site
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly.
04/16/2015 15:22:03.73 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8f Verbose Site lookup is replacing
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly with the alternate access url
http://inetdev.
04/16/2015 15:22:03.73 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8g Verbose Looking up typical site
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in web application SPWebApplication Name=SPDEV - 80.
04/16/2015 15:22:03.73 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8h Verbose Found typical site /sites/testrpa2 (407ba20c-079b-4b99-9e70-f86e6e13ddde) in web application SPWebApplication Name=SPDEV - 80.
04/16/2015 15:22:03.73 w3wp.exe (0x1C74) 0x183C SharePoint Foundation Monitoring nasq Medium Entering monitored scope (Request (GET:http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly)). Parent No
04/16/2015 15:22:03.73 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8b Verbose Looking up context site
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in the farm SharePoint_Config_QA
04/16/2015 15:22:03.73 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8d Verbose Looking up the additional information about the typical site
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly.
04/16/2015 15:22:03.73 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8f Verbose Site lookup is replacing
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly with the alternate access url
http://inetdev.
04/16/2015 15:22:03.73 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8g Verbose Looking up typical site
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in web application SPWebApplication Name=SPDEV - 80.
04/16/2015 15:22:03.73 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8h Verbose Found typical site /sites/testrpa2 (407ba20c-079b-4b99-9e70-f86e6e13ddde) in web application SPWebApplication Name=SPDEV - 80.
04/16/2015 15:22:03.73 w3wp.exe (0x1C74) 0x183C SharePoint Foundation Logging Correlation Data xmnv Medium Name=Request (GET:http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly) f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.74 w3wp.exe (0x1C74) 0x183C SharePoint Foundation Monitoring nasq Medium Entering monitored scope (Application Authentication Pipeline). Parent Request (GET:http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly) f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.74 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8b Verbose Looking up context site
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in the farm SharePoint_Config_QA f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.74 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8d Verbose Looking up the additional information about the typical site
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.74 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8f Verbose Site lookup is replacing
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly with the alternate access url
http://inetdev. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.74 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8g Verbose Looking up typical site
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in web application SPWebApplication Name=SPDEV - 80. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.74 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8h Verbose Found typical site /sites/testrpa2 (407ba20c-079b-4b99-9e70-f86e6e13ddde) in web application SPWebApplication Name=SPDEV - 80. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.75 w3wp.exe (0x1C74) 0x183C SharePoint Foundation Claims Authentication ah25l Medium SPJsonWebSecurityBaseTokenHandler: ValidateActorIsSelfIssuer! Issuer '00000005-0000-0000-c000-000000000000' is not self
issuer. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.75 w3wp.exe (0x1C74) 0x183C SharePoint Foundation Monitoring nasq Medium Entering monitored scope (Getting Site Subscription Id). Parent [S2S] Getting token from STS and setting Thread Identity f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.75 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8b Verbose Looking up context site
http://inetdev/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in the farm SharePoint_Config_QA f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.75 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8d Verbose Looking up the additional information about the typical site
http://inetdev/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.75 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8f Verbose Site lookup is replacing
http://inetdev/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly with the alternate access url
http://inetdev. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.75 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8g Verbose Looking up typical site
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in web application SPWebApplication Name=SPDEV - 80. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.75 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8h Verbose Found typical site /sites/testrpa2 (407ba20c-079b-4b99-9e70-f86e6e13ddde) in web application SPWebApplication Name=SPDEV - 80. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.75 w3wp.exe (0x1C74) 0x183C SharePoint Foundation Monitoring b4ly Medium Leaving Monitored Scope (Getting Site Subscription Id). Execution Time=0.341314329055788 f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.75 w3wp.exe (0x1C74) 0x183C SharePoint Foundation Monitoring nasq Medium Entering monitored scope (Reading token from Cache using token signature). Parent [S2S] Getting token from STS and setting Thread
Identity f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.76 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General ajji6 High Unable to write SPDistributedCache call usage entry. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.76 w3wp.exe (0x1C74) 0x183C SharePoint Foundation Monitoring b4ly Medium Leaving Monitored Scope (Reading token from Cache using token signature). Execution Time=7.5931438213516 f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.76 w3wp.exe (0x1C74) 0x183C SharePoint Foundation Application Authentication ajwpx Medium SPApplicationAuthenticationModule: Failed to build cache key for user f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.76 w3wp.exe (0x1C74) 0x183C SharePoint Foundation Topology aeayb Medium SecurityTokenServiceSendRequest: RemoteAddress: 'http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc' Channel:
'Microsoft.IdentityModel.Protocols.WSTrust.IWSTrustChannelContract' Action: 'http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue' MessageId: 'urn:uuid:fd5eba94-c39d-4667-89bd-089411c87f09' f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.77 w3wp.exe (0x0C48) 0x1318 SharePoint Foundation Topology aeax9 Medium SecurityTokenServiceReceiveRequest: LocalAddress: 'http://c1vspwfe01.vitas.com:32843/SecurityTokenServiceApplication/securitytoken.svc'
Channel: 'System.ServiceModel.Channels.ServiceChannel' Action: 'http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue' MessageId: 'urn:uuid:fd5eba94-c39d-4667-89bd-089411c87f09' f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.77 w3wp.exe (0x0C48) 0x1318 SharePoint Foundation Monitoring nasq Medium Entering monitored scope (ExecuteSecurityTokenServiceOperationServer). Parent No f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.78 w3wp.exe (0x0C48) 0x1318 SharePoint Foundation Claims Authentication ah25l Medium SPJsonWebSecurityBaseTokenHandler: ValidateActorIsSelfIssuer! Issuer '00000005-0000-0000-c000-000000000000' is not self
issuer. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.78 w3wp.exe (0x0C48) 0x1318 SharePoint Foundation General narq Verbose Releasing SPRequest with allocation Id {F17590DF-49D9-439D-86BC-5AE6416BB765} f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.78 w3wp.exe (0x0C48) 0x1318 SharePoint Foundation General 6t8b Verbose Looking up site
http://inetdev/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in the farm SharePoint_Config_QA f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.78 w3wp.exe (0x0C48) 0x1318 SharePoint Foundation General 6t8d Verbose Looking up the additional information about the typical site
http://inetdev/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.78 w3wp.exe (0x0C48) 0x1318 SharePoint Foundation General 6t8f Verbose Site lookup is replacing
http://inetdev/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly with the alternate access url
http://inetdev. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.78 w3wp.exe (0x0C48) 0x1318 SharePoint Foundation General 6t8g Verbose Looking up typical site
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in web application SPWebApplication Name=SPDEV - 80. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.78 w3wp.exe (0x0C48) 0x1318 SharePoint Foundation General 6t8h Verbose Found typical site /sites/testrpa2 (407ba20c-079b-4b99-9e70-f86e6e13ddde) in web application SPWebApplication Name=SPDEV - 80. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.78 w3wp.exe (0x0C48) 0x1318 SharePoint Foundation General narq Verbose Releasing SPRequest with allocation Id {3847D5A4-15C6-4AF9-B062-E22BB555DF4F} f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.78 w3wp.exe (0x0C48) 0x1318 SharePoint Portal Server User Profiles ae0s1 High Identity claims mapped to '0' user profiles. Claims: [nameid: '', nii: 'windows', upn: '', smtp: '', sip: ''], User Profiles: f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.78 w3wp.exe (0x0C48) 0x1318 SharePoint Portal Server User Profiles ae0sr Unexpected UserProfileException caught.. Exception Microsoft.Office.Server.Security.UserProfileNoUserFoundException: 3001002;reason=The
incoming identity is not mapped to any user profile account in SharePoint. Possible cause is that no user profiles are created in user profile database. Contact your administrator.     at Microsoft.Office.Server.Security.UserProfileIdentityClaimMapper.GetSingleUserProfileFromClaimsList(UserProfileManager
upManager, IEnumerable`1 identityClaims)     at Microsoft.Office.Server.Security.UserProfileIdentityClaimMapper.<>c__DisplayClass2.<GetMappedIdentityClaim>b__0() is thrown. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.78 w3wp.exe (0x0C48) 0x1318 SharePoint Portal Server User Profiles ae0su High The set of claims could not be mapped to a single user identity. Exception 3001002;reason=The incoming identity is not mapped
to any user profile account in SharePoint. Possible cause is that no user profiles are created in user profile database. Contact your administrator. has occured. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.78 w3wp.exe (0x0C48) 0x1318 SharePoint Foundation Claims Authentication ae0tc High The registered mappered failed to resolve to one identity claim. Exception: Microsoft.Office.Server.Security.UserProfileNoUserFoundException:
3001002;reason=The incoming identity is not mapped to any user profile account in SharePoint. Possible cause is that no user profiles are created in user profile database. Contact your administrator.     at Microsoft.Office.Server.Security.UserProfileIdentityClaimMapper.GetSingleUserProfileFromClaimsList(UserProfileManager
upManager, IEnumerable`1 identityClaims)     at Microsoft.Office.Server.Security.UserProfileIdentityClaimMapper.<>c__DisplayClass2.<GetMappedIdentityClaim>b__0()     at Microsoft.SharePoint.SPSecurity.<>c__DisplayClass5.<RunWithElevatedPrivileges>b__3()
at Microsoft.SharePoint.Utilities.SecurityContext.RunAsProcess(CodeToRunElevated secureCode)     at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(WaitCallback secureCode, Object param)     at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(CodeToRunElevated
secureCode)     at Microsoft.Office.Server.Security.UserProfileIdentityClaimMapper.GetMappedIdentityClaim(Uri context, IEnumerable`1 identityClaims)     at Microsoft.SharePoint.IdentityModel.SPIdentityClaimMapperOperations.GetClaimFromExternalMapper(Uri
contextUri, List`1 claims) f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.78 w3wp.exe (0x0C48) 0x1318 SharePoint Foundation Claims Authentication af3zp Unexpected STS Call Claims Saml: Problem getting output claims identity. Exception: 'Microsoft.Office.Server.Security.UserProfileNoUserFoundException:
3001002;reason=The incoming identity is not mapped to any user profile account in SharePoint. Possible cause is that no user profiles are created in user profile database. Contact your administrator.     at Microsoft.Office.Server.Security.UserProfileIdentityClaimMapper.GetSingleUserProfileFromClaimsList(UserProfileManager
upManager, IEnumerable`1 identityClaims)     at Microsoft.Office.Server.Security.UserProfileIdentityClaimMapper.<>c__DisplayClass2.<GetMappedIdentityClaim>b__0()     at Microsoft.SharePoint.SPSecurity.<>c__DisplayClass5.<RunWithElevatedPrivileges>b__3()
at Microsoft.SharePoint.Utilities.SecurityContext.RunAsProcess(CodeToRunElevated secureCode)     at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(WaitCallback secureCode, Object param)     at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(CodeToRunElevated
secureCode)     at Microsoft.Office.Server.Security.UserProfileIdentityClaimMapper.GetMappedIdentityClaim(Uri context, IEnumerable`1 identityClaims)     at Microsoft.SharePoint.IdentityModel.SPIdentityClaimMapperOperations.GetClaimFromExternalMapper(Uri
contextUri, List`1 claims)     at Microsoft.SharePoint.IdentityModel.SPIdentityClaimMapperOperations.ResolveUserIdentityClaim(Uri contextUri, ClaimCollection inputClaims)     at Microsoft.SharePoint.IdentityModel.SPIdentityClaimMapperOperations.GetIdentityClaim(Uri
contextUri, ClaimCollection inputClaims, SPCallingIdentityType callerType)     at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.GetLogonIdentityClaim(SPRequestInfo requestInfo, IClaimsIdentity inputIdentity, IClaimsIdentity
outputIdentity, SPCallingIdentityType callerType)     at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.EnsureSharePointClaims(SPRequestInfo requestInfo, IClaimsIdentity outputIdentity, SPCallingIdentityType callerType)
at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.AugmentOutputIdentityForRequest(SPRequestInfo requestInfo, IClaimsIdentity outputIdentity)     at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.GetOutputClaimsIdentity(IClaimsPrincipal
principal, RequestSecurityToken request, Scope scope)'. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.78 w3wp.exe (0x0C48) 0x1318 SharePoint Foundation Claims Authentication fo1t Monitorable STS Call: Failed to issue new security token. Exception: Microsoft.Office.Server.Security.UserProfileNoUserFoundException:
3001002;reason=The incoming identity is not mapped to any user profile account in SharePoint. Possible cause is that no user profiles are created in user profile database. Contact your administrator.     at Microsoft.Office.Server.Security.UserProfileIdentityClaimMapper.GetSingleUserProfileFromClaimsList(UserProfileManager
upManager, IEnumerable`1 identityClaims)     at Microsoft.Office.Server.Security.UserProfileIdentityClaimMapper.<>c__DisplayClass2.<GetMappedIdentityClaim>b__0()     at Microsoft.SharePoint.SPSecurity.<>c__DisplayClass5.<RunWithElevatedPrivileges>b__3()
at Microsoft.SharePoint.Utilities.SecurityContext.RunAsProcess(CodeToRunElevated secureCode)     at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(WaitCallback secureCode, Object param)     at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(CodeToRunElevated
secureCode)     at Microsoft.Office.Server.Security.UserProfileIdentityClaimMapper.GetMappedIdentityClaim(Uri context, IEnumerable`1 identityClaims)     at Microsoft.SharePoint.IdentityModel.SPIdentityClaimMapperOperations.GetClaimFromExternalMapper(Uri
contextUri, List`1 claims)     at Microsoft.SharePoint.IdentityModel.SPIdentityClaimMapperOperations.ResolveUserIdentityClaim(Uri contextUri, ClaimCollection inputClaims)     at Microsoft.SharePoint.IdentityModel.SPIdentityClaimMapperOperations.GetIdentityClaim(Uri
contextUri, ClaimCollection inputClaims, SPCallingIdentityType callerType)     at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.GetLogonIdentityClaim(SPRequestInfo requestInfo, IClaimsIdentity inputIdentity, IClaimsIdentity
outputIdentity, SPCallingIdentityType callerType)     at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.EnsureSharePointClaims(SPRequestInfo requestInfo, IClaimsIdentity outputIdentity, SPCallingIdentityType callerType)
at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.AugmentOutputIdentityForRequest(SPRequestInfo requestInfo, IClaimsIdentity outputIdentity)     at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.GetOutputClaimsIdentity(IClaimsPrincipal
principal, RequestSecurityToken request, Scope scope)     at Microsoft.IdentityModel.SecurityTokenService.SecurityTokenService.Issue(IClaimsPrincipal principal, RequestSecurityToken request)     at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.Issue(IClaimsPrincipal
principal, RequestSecurityToken request) f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.79 w3wp.exe (0x0C48) 0x1318 SharePoint Foundation Monitoring b4ly Medium Leaving Monitored Scope (ExecuteSecurityTokenServiceOperationServer). Execution Time=17.1551132895382 f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.79 w3wp.exe (0x1C74) 0x183C SharePoint Foundation Claims Authentication fsq7 High SPSecurityContext: Request for security token failed with exception: System.ServiceModel.FaultException: The server was
unable to process the request due to an internal error. For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in
order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework SDK documentation and inspect the server trace logs.     at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message
response)     at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)     at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken
rst)     at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo, SPRequestSecurityTokenProperties properties) f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.79 w3wp.exe (0x1C74) 0x183C SharePoint Foundation Claims Authentication 8306 Critical An exception occurred when trying to issue security token: The server was unable to process the request due to an internal
error. For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to
the client, or turn on tracing as per the Microsoft .NET Framework SDK documentation and inspect the server trace logs.. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.79 w3wp.exe (0x1C74) 0x183C SharePoint Foundation Monitoring b4ly Medium Leaving Monitored Scope (Application Authentication Pipeline). Execution Time=52.3525336320678 f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.79 w3wp.exe (0x1C74) 0x183C SharePoint Foundation Application Authentication ajezs High SPApplicationAuthenticationModule: Error authenticating request, Error details { Header: {0}, Body: {1} }. Available
parameters: 3001000;reason="There has been an error authenticating the request.";category="invalid_client" {"error_description":"The server was unable to process the request due to an internal error. For more information
about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as
per the Microsoft .NET Framework SDK documentation and inspect the server trace logs."} . f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.79 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 8nca Medium Application error when access /sites/testrpa2/_vti_bin/client.svc, Error=The server was unable to process the request due to an internal
error. For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to
the client, or turn on tracing as per the Microsoft .NET Framework SDK documentation and inspect the server trace logs.   at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message response)     at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken
rst, RequestSecurityTokenResponse& rstr)     at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst)     at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context,
Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo, SPRequestSecurityTokenProperties properties)     at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForApplicationAuthentication(Uri context,
SecurityToken onBehalfOf)     at Microsoft.SharePoint.IdentityModel.SPApplicationAuthenticationModule.<>c__DisplayClass4.<GetLocallyIssuedToken>b__3()     at Microsoft.SharePoint.Utilities.SecurityContext.RunAsProcess(CodeToRunElevated
secureCode)     at Microsoft.SharePoint.IdentityModel.SPApplicationAuthenticationModule.ConstructIClaimsPrincipalAndSetThreadIdentity(HttpApplication httpApplication, HttpContext httpContext, SPFederationAuthenticationModule fam)
at Microsoft.SharePoint.IdentityModel.SPApplicationAuthenticationModule.AuthenticateRequest(Object sender, EventArgs e)     at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.79 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8b Verbose Looking up context site
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in the farm SharePoint_Config_QA f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.79 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8d Verbose Looking up the additional information about the typical site
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.80 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8f Verbose Site lookup is replacing
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly with the alternate access url
http://inetdev. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.80 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8g Verbose Looking up typical site
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in web application SPWebApplication Name=SPDEV - 80. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.80 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8h Verbose Found typical site /sites/testrpa2 (407ba20c-079b-4b99-9e70-f86e6e13ddde) in web application SPWebApplication Name=SPDEV - 80. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.80 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8b Verbose Looking up context site
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in the farm SharePoint_Config_QA f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.80 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8d Verbose Looking up the additional information about the typical site
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.80 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8f Verbose Site lookup is replacing
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly with the alternate access url
http://inetdev. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.80 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8g Verbose Looking up typical site
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in web application SPWebApplication Name=SPDEV - 80. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.80 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8h Verbose Found typical site /sites/testrpa2 (407ba20c-079b-4b99-9e70-f86e6e13ddde) in web application SPWebApplication Name=SPDEV - 80. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.80 w3wp.exe (0x1C74) 0x183C SharePoint Foundation Monitoring b4ly Medium Leaving Monitored Scope (Request (GET:http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly)). Execution Time=62.2890618779761 f5bd8793-a53c-2127-8485-418c67f110f6
Regards
Sakti

User Management: Application Groups

Similar Messages

Maybe you are looking for