VDC in an SGD array

Guys,
I have an SGD array (2 servers). I have installed VDC on both and made sure to configure it using VDAUser1 and VDAUser2 for authenticating with SGD Data Store.
I have applied the latest patch and follow instructions to create a link to a certificate.
However, on SGD1 vda-service runs fine. But on SGD2 it runs for a bit and stops.
Another odd thing I noticed is that I assigned a VM to a user. I can logon as a user to SGD and get a webtop. But when I try to launch a VM for the user, I get:
"Unable to retrieve a Virtual Desktop - No username found for currently logged in user"
When I look in VDC Admin console, VM is assigned to user. However, DNS name show SGD_VM instead of SGDVM as it is now.
Any ideas on the above? Thank you in advance for your help!!
P.S. If I just publish this VM to user thru SGD (not as My Desktop), I can connect to it fine. So I suspect the issue is on VDC side.

OK. I have resolved the issue with service stopping on a second server.
Now my only issue is that when I try to access a VM, I get:
"No username found for currently logged in user"
If I publish the desktop thru SGD (without VDC), it works fine. So the issue must be on VDC side.
How does VDC lookup and/or compare a username?
Any ideas on what is the issue here?
My environment: SGD 4.41 + VDC 1.0. Patch level 127561-05. I have also installed patched vda-agent and vda-tools on VC and VMs. LDAP Authentication is configured on SGD.
Thank you in advance!

Similar Messages

SGD 4.3 authenticate with AD(Users login n get different set of application

Hi SGD Forum users,
First of all, happy new year and happy holiday to all of you from new SGD user :-).
We are planing to Demo SGD 4.3 to one of our customer by early next week.
So, what the customer would like to see with the demo:
1) From SunRay client, user1 launch Firefox browser and type the sgd web page.
- Enter username and password ( Username and password must authenticate with AD ).
- After successfully authenticate, user1 will get his webtop page.
- In the webtop page, user1 only have two(2) applications to launch. First application is MS Office Word and Second application is Full Virtual XP desktop( 192.168.5.205 ).
2) From SunRay client, user2 launch Firefox browser and type the sgd web page.
- Enter username and password ( Username and password must authenticate with AD ).
- After successfully authenticate, user2 will get his webtop page.
- In the webtop page, user2 only have two(2) applications to launch. First application is MS Office Excel and Second application is Full Virtual XP desktop( 192.168.5.206 ).
3) From SunRay client, user "manager" launch Firefox browser and type the sgd web page.
- Enter username and password ( Username and password must authenticate with AD ).
- After successfully authenticate, user "manager" will get his webtop page.
- In the webtop page, user "manager" only have four(4) applications to launch. First application is MS Office Word, Second application is MS Office Excel, Third application is MS Office Powerpoint and Fourth application is Full Virtual XP desktop( 192.168.5.207 ).
Note: The above mentioned users( user1, user2 and manager ) launch a different MS Office applications and different Virtual XP desktop servers.
Here are my SGD 4.3 demo setup:
- Install Solaris 10 06/06 OS for Sparc.
- Install latest patches.
- Create a local zone.
- Install SRSS 3.1 and patches in Global zone.
- Install SGD 4.3 in the local zone.
- My colleague install 2x MS Server 2003( AD and DNS server )
- My coleague install ESX( VM Server ) and created 3x Virtual XP Desktop( 192.168.5.205, 192.168.5.206 & 192.168.5.207 ).
In my SGD, Array Manager, i had successfully set "Enabling the Active Directory login authority" as mentioned in the SGD Administrator Guide. I also login successfully to SGD server using user1, user2 and manager( Created in AD server ). So, my SGD server successfully communicated with AD server.
When i test login user1 or user2 or manager to SGD server, they get same webtop with same applications. If i am not wrong, these behaviour is due to LDAP Profile under "o=Tarantella System Objects". If i put any application in LDAP Profile's Links tap, all the user whose authenticated with AD will be able to launch it.
The customer requirement is, all the users authenticate with AD and the users should launch different applications and different Virtual XP Desktop as i mentioned earlier.
Is it possible to perform the SGD demo as customer requirement ? If yes, can you guide and help me on how-to create different profile for each AD authenticated users.
Thanks in advance.
# Yours Sincerely,
# Mohamed Ali Bin Abdullah.

Hi Wai,
Sorry not including full details of the person object in my previous posting.
Here are the details of person object:
General
- Name: user1
- Description:
- Surname: esuria
- Username: user1
- Email: [email protected]
- Locale: Automatic
- Keyboard Map: Use XPE setting
- Windows NT Domain: BIA
- Bandwidth: None
- Webtop Theme: Standard
- Inherit parent's webtop content: NO
- Shared between users(quest): NO
- May log in to Secure Global Desktop: YES
- Profile Editing: Use Parent setting
- Clipboard Access: Use Parent Setting
- Serial Port Mapping: Use Parent Setting
Links
o=BIA/cn=MS XP Desktop 192.168..5.205
Thats the setting of user1 person object which i had created in my SGD but when user1 authenticated with AD, the user1 still sees LDAP Profile applications.
What else, do i need to set in SGD and AD server side ?
Thanks in advance.

VDI 3 Final version, SSGD in array??

Hi there
in a production environment, the installation script (vda-config) recommends three Sun Ray servers for FOG and VDI! I got that one, but what about SSGD. Do I create an array of servers? Is that in the license as well?
Great product btw.
Regards
Lars Bækmark

Lars,
There are no limitations in the way how you setup SGD or the SGD array. This is all covered by the VDI 3 license. The limitation is around what you can access through SGD. This is a desktop per concurrent user. Application publishing requires a full SGD license.
-Dirk

Failing to start any Application : Server.ServerDisabled

Hi,
after a network failure I had to re-join my sgd array (cause the array was automatically split). Now I am getting for every of my 1500 Application Objects the following error message on a users the webtop:
Error
Launch failed.
Application: .../_ens/o=TDS/ou=IT Outsourcing/cn=Standard Applications/cn=Testappl
Fault Code: Server.ServerDisabled
Fault String: Server is disabledI added several additional log entries to find some usefull hints solving this problem. But none of them seems to give me an additional hint to come closer to a solution.
tarantella config list --array-logfilter
array-logfilter: */*/*error:jserver_error.log,*/*/*error:jserver_error.jsl,*/*/fatalerror:.../_beans/com.sco.tta.server.log.ConsoleSink,*/*/warningerror:.../_beans/com.sco.tta.server.log.ConsoleSink,server/login/*:login.log,server/login/*:login.jsl,server/ldap/*:ldap.log,server/ldap/*:ldap.jsl,server/server/*:server.log,server/server/*:server.jsl,server/config/*:config.log,server/config/*:config.jsl,server/csh/*:csh.log,server/csh/*:csh.jsl,server/diskds/*:diskds.log,server/diskds/*:diskds.jsl,server/launch/*:launch.log,server/launch/*:launch.jsl,audit/session/*auditinfo:session.log,audit/session/*auditinfo:session.jslSome of the only informations are something like
2006/07/25 15:08:07.594 (pid 10920)     server/csh/error        #1153832887594
Sun Secure Global Desktop Software (4.2) ERROR:
Launch of .../_ens/o=TDS/ou=IT Outsourcing/cn=Standard Applications/cn=Testappl
failed for itosgdapp2p.hn.tds.de:1153830588403:4919276303576744687.
Launch will fail.
Retry the launch.or
2006/07/25 15:23:07.521 (pid 24992)     server/launch/info      #1153833787521
Received request by .../_service/sco/tta/ldapcache/uid=LWeberru,l=Neckarsulm,c=D
E,o=TDS
to launch .../_ens/o=TDS/ou=IT Outsourcing/cn=Standard Applications/cn=Testappl.
Do-not-redirect is false.
2006/07/25 15:23:07.550 (pid 24992)     server/launch/info      #1153833787550
Applying emulator session load balancing policy
[].I tried to make new applications, detaching and rejoining the array, and so on, bit nothing seems to work.
I am using the following configuration:
Sun Secure Global Desktop Software for SPARC Solaris 2.8+ (4.20.909)
Sun Secure Global Desktop Software Mainframe Connectivity Pack for SPARC Solaris 2.8+ (4.20.909)
Sun Secure Global Desktop Software AS/400 Connectivity Pack for SPARC Solaris 2.8+ (4.20.909)
Sun Secure Global Desktop Software Security Pack for SPARC Solaris 2.8+ (4.20.909)
Architecture code: spso0510
This host: SunOS itosgdapp2p 5.10 Generic_118833-02 sun4u sparc SUNW,Ultra-80Someone has an idea what i can do to get the applications to start again?
Regards
Lukas

Hi,
I tried to test the applications using the native client, where i get the message:
No host supports the application type(scottawindowsapplication) you are trying to launch.Regards
Lukas

SGD 4 6 AD intermittent failures

Hello all
I have an issue with SGD 4.6....
The infrastructure:
2 SGD 4.6 in array config
1 AD for authentication
First time I had authentication to the AD and I saw the tree of the AD on the SGD and every thing worked fine, one day I just couldn´t get the tree.
The next day I found that I could autenticate with the AD in both servers, at the afternoon once again I lost auth in one of the array and a few minutes after on both servers, next day at mid morning I got authentication in one serverver, I restarted the second one and gained authentication again.
When i try to set up the authentication in the global conf during those outages I got this message.
*errorLDAP Connection Error
Failed to connect, no servers available[ dcexternal-srv.company.com.gt='javax.naming.AuthenticationException: GSSAPI [Root exception is javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7))]]'; ]*
If I change the user for autentication (I now is not the one to get acces i got this message)
LDAP Connection Error Fail to connect, invalid authentication credentials
I´ll apreciate any help with this issue, is killing me and I have a whole project waiting to solve this.
Regards,

Hi there,
The error:
GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7))
means that SGD cannot find an authentication realm for the AD server being connected to and therefore cannot connect.
If your AD environment has more than one AD server check you have a domain_realm mapping in your krb5.conf file for the network domain company.com.gt. If the mapping is missing, assign an authentication realm to the company.com.gt domain.
If your AD environment has only a single AD server, were there any DNS outages around the time of the AD failures? DNS outages can mean that SGD cannot resolve the hostname of the server and therefore cannot work out a domain and/or an authentication realm to use when connecting to the server.
For the LDAP issue, you may need to reconfigure the search filter used to find users in LDAP as the default values are sometimes not adequate for AD. The following blog entry should provided more information on reconfiguring this value:
http://blogs.sun.com/danielc/entry/using_ad_as_an_ldap
Hope this helps,
-- DD

SGD 4.31 - User application mapping( AD enable )

Dear Forum users,
Objective: Assign AD authenticated users with specific applications.....
I have installed SGD 4.31 in my SFV240 server. Have configured and enable AD for users to authenticate.
These are my DNS SGD servers lookup:
portal-01.esuria.com.bn ---> 172.16.2.82
172.16.2.82 ---> portal-01.esuria.com.bn
portal-02.esuria.com.bn ---> 172.16.2.83
172.16.2.83 ---> portal-02.esuria.com.bn
Note: In our existing DNS server, our admin configured the Domain as "ESURIA.COM.BN"
These are my Array Manager AD Settings:
URL: ad://esuria.com
Base Domain: esuria.com
Default Domain: esuria.com
Note: Our existing AD server, admin has configured the Domain as "ESURIA.COM"
Object Manager Settings:
Note: These are created by default( dc=bn, dc=com, dc=esuria )
I created Active Directory Container( cn=Users )
I created Person object ( cn=ali ) and assign some applications to ali.
Note:
1) User Ali is created in AD server only.
2) The reason i created the above AD Container and Person object is to assigned specific applications to user Ali.
Open a firefox browser and type the sgd url and click login. Enter username ali and password and i am successfully login to SGD webtop. Unfortunately, every time i login to webtop, i saw the LDAP Applications NOT the applications i specified in the Object Manager( Person Object ).
Here are the logs output:
root@portal-02 # tail -f server-login.log
2007/11/12 18:43:25.152 (pid 11467) server/login/moreinfo #1194864205152
Attempted login for ali
using disambiguation attributes {}.
2007/11/12 18:43:25.165 (pid 11467) server/login/moreinfo #1194864205165
The login authority com.sco.tta.server.login.ens.SearchENSLoginAuthority
has found a potential login candidate
.../_ens/dc=bn/dc=com/dc=esuria/cn=Users/cn=ali.
2007/11/12 18:43:25.177 (pid 11467) server/login/moreinfo #1194864205177
The login authority com.sco.tta.server.login.ens.SearchENSLoginAuthority
has found a potential login candidate
.../_ens/dc=bn/dc=com/dc=esuria/cn=Users/cn=ali.
2007/11/12 18:43:26.568 (pid 11467) server/login/info #1194864206568
Login attempt for ali.
Login successful.
2007/11/12 18:43:26.571 (pid 11467) server/login/info #1194864206571
User .../_service/sco/tta/ldapcache/CN=Ali,CN=Users,DC=ESURIA,DC=COM
logged in using profile
.../_ens/o=Tarantella System Objects/cn=LDAP Profile
from 172.16.2.109.
I believe i had missed some steps. Can the forum experts, help me to archive my objective..
Thanks.

This docs page describes the steps that are required:
http://docs.sun.com/source/820-1088/ldap_mirroring.html
It's worth noting that the location of the users in ENS must map directly to the location of the users in LDAP/AD.
So a user located in active directory under domain "esuria.com" must be positioned in ENS under "dc=com,dc=esuria". I can see from the example you gave you are using "dc=bn,dc=com,dc=esuria". These will not match.
So instead of of creating a user in ENS under "dc=bn,dc=com,dc=esuria,cn=Users" you would create them under "dc=com,dc=esuria,cn=Users".
HTH
Deany Dean
Edited by: deanydean_sgd on Nov 13, 2007 5:10 AM

SGD with Third Party Authentication issue

Hi
I am trying to setup SGD with Third Party Authentication and have done all the requisites for this.
I input the SGD URL and get the Third Party Login page but after I input my credentials, I get redirected to the SGD default login page which should not be the case. I had already set "Tomcat Authentication" as false in server.xml and enabled the Third Party authentication scheme in Array Manger
What else am I missing ?
Kindly advise
SGD ver4.31
Thanks

Every now and then I have found the same. One thing that almost always solved the problem was recreating a new trusted user, you can follow the steps from:
[http://docs.sun.com/source/820-1088/trusted_users.html|http://docs.sun.com/source/820-1088/trusted_users.html]
Especially the step to test the trusted_user is a very good test to see if the trusted user is ok: http://server/axis/services/rpc/externalauth
When prompted, log in as the trusted user.
An other way to test it is via the api-test functionality: http://server/sgd/admin/apitest/
First setup a session: webtopsession->startSession(0)
Then authenticate via externalauth->setSessionIdentity
These steps are the minimal steps to perform 3rdParty Authentication
(There is also an example jsp for 3rd Party Authentication on the wikis.sun: [http://wikis.sun.com/display/SecureGlobalDesktop/Single+sign-on+(before+4.40)|http://wikis.sun.com/display/SecureGlobalDesktop/Single+sign-on+(before+4.40)] )
- Remold

SGD 4.5 upgrade to SGD 4.6, corrupt ENS database, No applications on webtop

Upgrade procedure went as follows:
-Added new server to exsisting 4.5.933 array.
-Verified ENS sync - Users could login, webtops and applications all worked
-Detached server from 4.5.933 array
-Performed upgrade to SGD 4.6 , no errors
We are using LDAP authentication against Active Directory, users can login but they do not have any applications on their webtop.
Logging into the administrator console there are no application servers listed in the application server tab. However if you go to the application and select "Hosting Application Servers" the correct server is listed and you can click on the server object and view address. Test Connectivity also works.
You can not search for users even with Local + LDAP repository selected. If you manual drill down LDAP hierarchy you can get to the user however when you click on user it pops back to the "Secure Global Desktop Servers" tab.
There are several errors in the jserver logs, here are just a few:
2011/04/22 09:43:39.295     (pid 6290)     server/diskds/error     #1303487019295
Oracle Secure Global Desktop (4.6) ERROR:
The database rooted at:
/opt/tarantella/var/ens
has become corrupt or inconsistent and will be scavenged.
Inconsistencies will be removed.
2011/04/22 09:43:39.476     (pid 6290)     server/login/error     #1303487019476
Oracle Secure Global Desktop (4.6) ERROR:
The Global Administrators role object has no members.
Until the problem is fixed, the following users have temporary
global administration privileges:
Add some Global Administrators.
2011/04/22 09:46:03.363     (pid 6290)     server/soapcommands/error     #1303487163363
Oracle Secure Global Desktop (4.6) ERROR:
No SKID authentication available on the connection.
SOAP service is unavailable
Reconnect using a SKID authenticated connection.
2011/04/22 09:46:13.683     (pid 6290)     server/csh/error     #1303487173683
Oracle Secure Global Desktop (4.6) ERROR:
Failed to configure CDM for secure5.ws-sugar.com:1303487169020:5746580508790271371.
Exception was : com.sco.tta.common.asadutils.ExtendedErrorException [Root exception is javax.naming.NoPermissionException: The CDM client was not launched as no
drives are available for this user.]
     at com.sco.tta.common.jndi.provider.applaunch.AppLaunchContext.f_createSubcontext(AppLaunchContext.java:2161)
     at com.sco.jndi.toolkit.provider.SimplePartialCompositeContext.pc_createSubcontext(SimplePartialCompositeContext.java:865)
     at com.sco.jndi.toolkit.provider.PartialCompositeContext.createSubcontext(PartialCompositeContext.java:342)
     at javax.naming.spi.ContinuationDirContext.createSubcontext(ContinuationDirContext.java:180)
     at com.sco.jndi.toolkit.provider.ToolkitContext.nns_createSubcontext(ToolkitContext.java:2142)
     at com.sco.jndi.toolkit.provider.PartialCompositeContext.createSubcontext(PartialCompositeContext.java:344)
     at javax.naming.spi.ContinuationDirContext.createSubcontext(ContinuationDirContext.java:180)
     at com.sco.jndi.toolkit.provider.ToolkitContext.nns_createSubcontext(ToolkitContext.java:2142)
     at com.sco.jndi.toolkit.provider.PartialCompositeContext.createSubcontext(PartialCompositeContext.java:344)
     at javax.naming.spi.ContinuationDirContext.createSubcontext(ContinuationDirContext.java:180)
     at com.sco.jndi.toolkit.provider.ToolkitContext.nns_createSubcontext(ToolkitContext.java:2142)
     at com.sco.jndi.toolkit.provider.PartialCompositeContext.createSubcontext(PartialCompositeContext.java:344)
     at javax.naming.spi.ContinuationDirContext.createSubcontext(ContinuationDirContext.java:180)
     at com.sco.jndi.toolkit.provider.ToolkitContext.nns_createSubcontext(ToolkitContext.java:2142)
     at com.sco.jndi.toolkit.provider.PartialCompositeContext.createSubcontext(PartialCompositeContext.java:344)
     at com.sco.jndi.toolkit.provider.BaseContext.createSubcontext(BaseContext.java:1433)
     at com.sco.tta.server.csh.ClientConnection.startCPE(ClientConnection.java:1323)
     at com.sco.tta.server.csh.ClientConnection.startCdmAndRdpPrinting(ClientConnection.java:1206)
     at com.sco.tta.server.csh.ClientSessionObject.startCdmAndRdpPrinting(ClientSessionObject.java:3051)
     at com.sco.tta.server.soapcommands.ServerOutpost.clientCapabilitiesResponse(ServerOutpost.java:832)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at com.sco.tta.server.server.soap.SOAPControlledElement.invoke(SOAPControlledElement.java:127)
     at com.sco.tta.server.server.soap.SOAPController.invoke(SOAPController.java:252)
     at com.sco.tta.server.server.soap.SOAPCalcTask.processEnvelope(SOAPCalcTask.java:249)
     at com.sco.tta.server.server.CalcTask.runTask(CalcTask.java:127)
     at com.sco.tta.server.server.mupp.MuppCalcTask.processData(MuppCalcTask.java:393)
     at com.sco.tta.server.server.mupp.MuppCalcTask.processEnvelope(MuppCalcTask.java:112)
     at com.sco.tta.server.server.CalcTask.runTask(CalcTask.java:127)
     at com.sco.tta.server.server.Task.run(Task.java:125)
     at com.sco.cid.common.WorkerPool$Worker.run(WorkerPool.java:469)
     at java.lang.Thread.run(Thread.java:619)
Caused by: javax.naming.NoPermissionException: The CDM client was not launched as no drives are available for this user.
     at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
     at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
     at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
     at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
     at com.sco.jndi.toolkit.provider.SimpleContinuation.getSimpleException(SimpleContinuation.java:59)
     at com.sco.jndi.toolkit.provider.SimpleContinuation.getSimpleException(SimpleContinuation.java:79)
     at com.sco.jndi.toolkit.provider.ToolkitContext.namingException(ToolkitContext.java:483)
     at com.sco.tta.common.jndi.provider.applaunch.AppLaunchContext.buildServiceLaunchPolicy(AppLaunchContext.java:2313)
     at com.sco.tta.common.jndi.provider.applaunch.AppLaunchContext.doLocalLaunch(AppLaunchContext.java:1739)
     at com.sco.tta.common.jndi.provider.applaunch.AppLaunchContext.f_createSubcontext(AppLaunchContext.java:2074)
     ... 33 more
Details: Error Details = The CDM client was not launched as no drives are available for this user.
objectclass = x-mime-x-tfn/unknown
          top
CDM will not function.
Restart the Server.
Suggestions Please?

Thomas, any chance you still have the shell script and would be will to email it to me?
I am onsite at the customers and will be leaving in a hour or so. Email address is [email protected]

Can�t open array and object manager

Hello,
i�ve done a fresh install of SGD 4 on Fedora Core 3.
Here I am not able to open array and object manager. I see them running in
the webtop but get no display.
I get the following logs:
in wm_errors: X connection to unix:10.0 broken (explicit kill or server
shutdown).
X connection to unix:10.0 broken (explicit kill or server shutdown).
X connection to unix:10.0 broken (explicit kill or server shutdown).
X connection to unix:10.0 broken (explicit kill or server shutdown).
X connection to unix:10.0 broken (explicit kill or server shutdown).
X connection to unix:10.0 broken (explicit kill or server shutdown).
X connection to unix:12.0 broken (explicit kill or server shutdown).
X connection to unix:10.0 broken (explicit kill or server shutdown).
..skipping...
X connection to unix:10.0 broken (explicit kill or server shutdown).
X connection to unix:10.0 broken (explicit kill or server shutdown).
X connection to unix:10.0 broken (explicit kill or server shutdown).
X connection to unix:10.0 broken (explicit kill or server shutdown).
X connection to unix:10.0 broken (explicit kill or server shutdown).
X connection to unix:10.0 broken (explicit kill or server shutdown).
X connection to unix:12.0 broken (explicit kill or server shutdown).
X connection to unix:10.0 broken (explicit kill or server shutdown).
~
and in error.log
2005/03/01 18:31:54.951 (pid 20049) pem/circuit #0
Tarantella Secure Global Desktop Enterprise Edition(4.0) ERROR:
An error occurred reading on circuit fdcircuit. Reason: (9) Bad file
descriptor.
The current operation has failed.
If persistent, restart the server.
Restarting the server doesn�t help.
I�ve also set the xscecurity flag to 0.
This all works fine with Fedora Core 2
Anyone any Idea?
Thanks a lot

Hi Matthias,
I had similar problems with (local) X apps.
via ssh, and I mean they arose with tta vers.
3.42. The problem seems to appear, because
both tta and ssh (with X forwarding) are
using a X-display range from :10 upward.
So, one simply can resolve this by using a different X-display offset for
ssh, by setting:
X11DisplayOffset 100
(for exsample) in sshd_config.
Then tta still uses displays :10, :11, ...
but ssh is using :100, :101, ...,
(assuming that 90 X/RDP emulator-session are enough in this installation!)
Don't forget to send a SIGHUP to the master
sshd after changing sshd_config, telling
'him' to re-read it's config-file.
One can verify the effect, by calling
'ssh localhost' and executing: echo $DISPLAY
this should give something like:
localhost:100.0
Kind regards,
Tankred
Matthias wrote:
Hello,
not all login authorities are disabled. I have only NT auth. enabled. This
works fine in EE 3.40 on RH 9 and on SGD4.0 on Fedora Core 2. But seems
not to run on Fedora Core 3.
Matthias
Carmelo wrote:
Mattias,>>
>
http://www.tarantella.com/support/documentation/sgd/ee/4.0/help/en-us/base/indepth/disabled_all_login_authorities.html
Regards,
Matthias wrote:
I think I�ve fixed it.
I just edited ssh_conf and enabled X11forwarding and it works for me.
But now I have changed the login authority only to NT auth. and I am no
longer able to log in to tarantella....
Matthias wrote:
Hello,
i�ve done a fresh install of SGD 4 on Fedora Core 3.
Here I am not able to open array and object manager. I see them running
in
the webtop but get no display.
I get the following logs:
in wm_errors: X connection to unix:10.0 broken (explicit kill or server
shutdown).
X connection to unix:10.0 broken (explicit kill or server shutdown).
X connection to unix:10.0 broken (explicit kill or server shutdown).
X connection to unix:10.0 broken (explicit kill or server shutdown).
X connection to unix:10.0 broken (explicit kill or server shutdown).
X connection to unix:10.0 broken (explicit kill or server shutdown).
X connection to unix:12.0 broken (explicit kill or server shutdown).
X connection to unix:10.0 broken (explicit kill or server shutdown).
...skipping...
X connection to unix:10.0 broken (explicit kill or server shutdown).
X connection to unix:10.0 broken (explicit kill or server shutdown).
X connection to unix:10.0 broken (explicit kill or server shutdown).
X connection to unix:10.0 broken (explicit kill or server shutdown).
X connection to unix:10.0 broken (explicit kill or server shutdown).
X connection to unix:10.0 broken (explicit kill or server shutdown).
X connection to unix:12.0 broken (explicit kill or server shutdown).
X connection to unix:10.0 broken (explicit kill or server shutdown).
~
and in error.log
2005/03/01 18:31:54.951 (pid 20049) pem/circuit #0
Tarantella Secure Global Desktop Enterprise Edition(4.0) ERROR:
An error occurred reading on circuit fdcircuit. Reason: (9) Bad file
descriptor.
The current operation has failed.
If persistent, restart the server.
Restarting the server doesn�t help.
I�ve also set the xscecurity flag to 0.
This all works fine with Fedora Core 2
Anyone any Idea?
Thanks a lot

Upgrading To SGD 4.60 From 4.50

At the moment our SGD Server is a VM running Solaris 10 8/07 (x86). I'm wanting to upgrade the SGD software from 4.50 to 4.60. Firstly will my activation key for 4.50 work with 4.60? Secondly, can I upgrade without upgrading Solaris? If I do have to upgrade Solaris, can it be done online or will it be a re-install job?
TIA.

For the moment, I've just decided to start again from scratch in a separate VM for the 4.60 installation. I've installed Solaris 10 9/10 (x86) and have installed SGD 4.60. However I cannot login as Administrator from the SGD login page. I can login as 'root' just fine from Solaris itself. Also when I do '/opt/tarantella/bin/tarantella status', I get my single array host is 'NOT ACCEPTING CONNECTIONS'. Anyone any ideas?

SGD with RSA Token Authentication - Is it all or nothing?

We are investigating having RSA authentication in SGD, but we only want to force its usage for a subset of users. Based on what I can see in the docs and the screen its not clear if its all or nothing.

We have the same question from a customer.
Here is my suggestion:
Have two sgd servers. Both are in one array. Because LDAP and RSA are global configurations, both sgd server cann handle loggins via these authorities.
To prevent login via RSA in sgd1, disable the route to the RSA server.
To prevent login via ldap in sgd2, disable the route to the LDAP server.
The sgd2 should be the primary and the login of the admin Console, so DSI will work.
Another thought with a dead end is: RSA via 3Party and http.conf preventing access from a network. This can work, but not with firewall traversal, because the apache sees only the localhost.
Would be happy to have more suggestion about this.

Server Exception appears after installing sgd 4

Hello,
i have installed a fresh sgd server 4 on fedora core 3.
When I want to log in to tarantella the following errors appear:
Web Service Request Failed
The following fault was returned from the web service call:
Code Server.Exception
String com.sco.cid.net.services.NoAddressesException: Caught exception
from SOAP method: webtopsession->startsession()
Does anyone have an Idea??
Every help is welcome!
Thank you very much!

Hello,
I�ve figured this out on the tarantella homepage already - but thanks for
your comment. Now it seems to run and I can start applications - except
Array and Objectmanager from my client Here I get the message
ErrTransportNotAvailable
ErrTransportNotAvailable
Standard error of script process:
Third tier output log:
Mario Alberto Gamboa Pang wrote:
Matthias Michl wrote:
Hello,
i have installed a fresh sgd server 4 on fedora core 3.
When I want to log in to tarantella the following errors appear:
Web Service Request Failed
The following fault was returned from the web service call:
Code Server.Exception
String com.sco.cid.net.services.NoAddressesException: Caught exception
from SOAP method: webtopsession->startsession()
Does anyone have an Idea??
Every help is welcome!
Thank you very much!
do you install the pre-requisites rpm package to work tta 4 in fc3 for
fedora 3 you need this
The virtual machine for the Java� platform ('Java Virtual Machine' or
'JVM') used by the Secure Global Desktop server requires the libXp.so.6
file in order to run. This file is deprecated in Fedora Core 3. However
the file is still available in
xorg-x11-deprecated-libs-6.8.1-12.i386.rpm on disk 2 of the installation
CDs. You must install this package before installing Secure Global
Desktop. If you do not, Secure Global Desktop will not start.

SGD database corruption?

I suspect that I may have some corruption in my SGD object database. Last weekend I upgraded our two-server array from version 4.62 to 5.0. The procedures for upgrading an array were followed properly. After the upgrades, we are experiencing strange things.
We also upgraded two other standalone servers (no array) and they do not have any issues.
This a a Solaris array.
Here are a few examples:
1. Application launches are timing out trying to connect from the SGD servers to the application servers.
2. Unexplained increased network load.
3. Problems with the password caches:
     #tarantella passcache list
     Person: .../_ens/o=organization/cn=bowb07
     Resource: .../_array
     User: ??(?Y?F~?J?
     The passcache list command failed for an unknown reason.
4. Sometimes an application launch will display a log in prompt from the application server, with garbage in the username field.
Is there any way to verify/troubleshoot/repair the integrity of the SGD object database?
Message was edited by: Jeffro
Oracle support acknowledged corruption with the password cache. This was resolved with the following process:
Stop SGD on both SGD servers:
# tarantella stop
Backup current passcache:
# cd /opt/tarantella/var/info/
# cp -pr tier3cache tier3cache.bak
Remove all passcache entries
# cd tier3cache
# rm *
Start SGD:
# tarantella start

I am also getting this exception:
java.io.IOException: com.sleepycat.je.DatabaseException: (JE 3.2.68) fetchTarget of 0x2f3/0x55ce61 parent IN=32767757 lastFullVersion=0x383/0x52a721 parent.getDirty()=false state=0 com.sleepycat.je.log.DbChecksumException: (JE 3.2.68) Location 0x2f3/0x55ce61 expected 3310413957 got 3420186758
Have you found what caused it? Do I need to update to a newer version of JE?
Thanks,
Hani

Upgrading from sgd and sgdgw 4.5.907 to 4.6

I have gone through the docu, but found no exact explanation how to upgrade an exisiting
1.) sgd 4.5.907 to sgd 4.6 preserve the existing setup
2.) sgdgw 4.5.907 to sgd 4.6 preserve the exisiting setup like verisign certficate. The last time I tried to change the versign certificate, this took me ages.
any help I appreciate, thomas
Edited by: turbotiga on 30.10.2010 02:53

Hi Thomas,
Please install an extra machine with version 4.5_907.
- Then join your existing array and have all your array and ens settings synchronized.
- Detach the new server
- Upgrade your new server to version 4.5_933
- Upgrade your new server to version 4.6_911
You now know or the upgrade is successful and you can either upgrade the old or use your "clean" new server and take the "old" one out.
Moving a certificate should not be difficult. Take your time testing the procedure. You could use a temp server and test the certificate installation by overwriting your local DNS lookup by editing your local hosts file.
Regards,
Arno Staal
Divider B.V.

Ssl issues with sgd 4.4

Hi there,
I cannot start my sgd server with --ssl, i get the following error in the logs...
2012/08/13 13:04:33.169 ssl1112 ssldaemon/clientconnection/badforwardporterror
Sun Secure Global Desktop Software (4.4) ERROR:
The Security Daemon has received a connection to be forwarded onwards,
but it could not get the port to forward to from the
tarantella.config.server.proxiedhttpsurl attribute.
Please ensure this attribute is correctly correctly by using the Security
properties in the per-server section of the array manager. ssldaemon/clientconnection/badforwardporterror
2012/07/30 13:04:33.169 ssl1112 ssldaemon/clientconnection/badforwardporterror
Sun Secure Global Desktop Software (4.4) ERROR:
The Security Daemon has received a connection to be forwarded onwards,
but it could not get the port to forward to from the
tarantella.config.server.proxiedhttpsurl attribute.
Please ensure this attribute is correctly correctly by using the Security
properties in the per-server section of the array manager. ssldaemon/clientconnection/badforwardporterror
2012/07/30 13:04:33.170 ssl1112 ssldaemon/TTAservererror/badresponseinfo
Sun Secure Global Desktop Software (4.4) ERROR:
Secure Global Desktop server not responding on port 0, closing the connection.
TSP=SERVER IP:443 Client=CLIENT IP:35987 ssldaemon/TTAservererror/badresponseinfo
2012/07/30 13:04:33.170 ssl1112 ssldaemon/TTAservererror/badresponseinfo
Sun Secure Global Desktop Software (4.4) ERROR:
I cannot start array manager as its not used any more, and i cannot see any options on the gui config for this.
Any help is appreciated.
regards

hi there,
thanks for the quick reply. please see below the output for config list...
array-audio-quality: medium
array-audio: 0
array-billingservices: 0
array-cdm-fallbackdrive: t+
array-cdm-wins: 0
array-cdm: 1
array-clipboard-clientlevel: 3
array-clipboard-enabled: 1
array-editprofile: 1
array-externallaservice: 0
array-logfilter: */*/fatalerror:.../_beans/com.sco.tta.server.log.ConsoleSink,server/login/*info:login%%PID%%_moreinfo.log,audit/session/*info:login%%PID%%_moreinfo.log,cdm/*/*:cdm%%PID%%.log,cdm/*/*:cdm%%PID%%.jsl,server/deviceservice/*:cdm%%PID%%.log,server/deviceservice/*:cdm%%PID%%.jsl,server/security/*:ssl%%PID%%.log,server/printing/*:print%%PID%%.log,server/printing/*:print%%PID%%.jsl
array-port-encrypted: 443
array-port-peer: 5427
array-port-unencrypted: 3144
array-resourcesync: 1
array-scard: 1
array-serialport: 1
array-unixaudio-quality: medium
array-unixaudio: 0
audiope-compression: never
chpe-compression: auto
chpe-compressionthreshold: 256
chpe-exitafter: 60
cpe-args: ""
cpe-exitafter: 60
cpe-maxsessions: 20
cpe-maxusers: 1
execpe-args: ""
execpe-exitafter: 60
execpe-maxsessions: 10
execpe-maxusers: 1
execpe-scriptdir: %%INSTALLDIR%%/var/serverresources/expect
iope-compression: never
launch-allowsmartcard: 0
launch-alwayssmartcard-initial: checked
launch-alwayssmartcard-state: enabled
launch-details-initial: shown
launch-details-showonerror: true
launch-details-state: enabled
launch-expiredpassword: manual
launch-loadbalancing-algorithm: sessions
launch-savepassword-initial: checked
launch-savepassword-state: enabled
launch-savettapassword: 1
launch-showauthdialog: user
launch-showdialogafter: 2
launch-trycachedpassword: 1
login-ad-base-domain: ""
login-ad-default-domain: ""
login-ad: 0
login-anon: 0
login-atla: 0
login-autotoken: 0
login-ens: 1
login-ldap-pki-enabled: 0
login-ldap-thirdparty-ens: 0
login-ldap-thirdparty-profile: 0
login-ldap-url: ldap://dc.domain.com
login-ldap: 0
login-mapped: 0
login-nt-domain: dc.domain.com
login-nt: 1
login-securid: 0
login-theme: sco/tta/standard
login-thirdparty-ens: 0
login-thirdparty-nonens: 1
login-thirdparty-superusers: sgd_trusted_user
login-thirdparty: 0
login-unix-group: 0
login-unix-user: 1
login-web-ens: 0
login-web-ldap-ens: 0
login-web-ldap-profile: 1
login-web-profile: 0
login-web-tokenvalidity: 180
ppe-compression: auto
ppe-compressionthreshold: 4096
ppe-exitafter: 240
printing-mapprinters: 1
printing-pdfdriver: ""
printing-pdfenabled: 0
printing-pdfisdefault: 0
printing-pdfprinter: "Universal PDF Printer"
printing-pdfprompt: 0
printing-pdfviewer: "Universal PDF Viewer"
printing-pdfviewerenabled: 0
printing-pdfviewerisdefault: 0
scardpe-compression: never
security-acceptplaintext: 0
security-applyconnections: 1
security-connectiontypes: "std,ssl"
security-firewallurl: ""
security-newkeyonrestart: 0security-printmappings-timeout: 1800
security-ssldaemon-failmode: reducesecurity
security-xsecurity: 1
server-dns-external: *:sgd1.domain.com
server-location: ""
server-logdir: /opt/tarantella/var/log
server-login: enabled
server-redirectionurl: ""
sessions-aipkeepalive: 100
sessions-loadbalancing-algorithm: .../_beans/com.sco.tta.server.loadbalancing.tier2.SessionLoadBalancingPolicy
sessions-timeout-always: 11500
sessions-timeout-session: 720
tuning-jvm-initial: 120
tuning-jvm-max: 2048
tuning-jvm-scale: 150
tuning-maxconnections: 1000
tuning-maxfiledescriptors: 4096
tuning-maxrequests: 7
tuning-resourcesync-time: 4:00
xpe-args: ""
xpe-cwm-maxheight: 1280
xpe-cwm-maxwidth: 3200
xpe-exitafter: 60
xpe-fontpath: "%%INSTALLDIR%%/etc/fonts/misc,%%INSTALLDIR%%/etc/fonts/TTF,%%INSTALLDIR%%/etc/fonts/Type1,%%INSTALLDIR%%/etc/fonts/CID,%%INSTALLDIR%%/etc/fonts/local,%%INSTALLDIR%%/etc/fonts/75dpi,%%INSTALLDIR%%/etc/fonts/100dpi,%%INSTALLDIR%%/etc/fonts/ibm,%%INSTALLDIR%%/etc/fonts/hp,%%INSTALLDIR%%/etc/fonts/andrew,%%INSTALLDIR%%/etc/fonts/icl,%%INSTALLDIR%%/etc/fonts/scoterm,%%INSTALLDIR%%/etc/fonts/cyrillic,%%INSTALLDIR%%/etc/fonts/hangul,%%INSTALLDIR%%/etc/fonts/oriental"
xpe-keymap: xuk.txt
xpe-maxsessions: 20
xpe-maxusers: 1
xpe-monitorresolution: 0
xpe-rgbdatabase: %%INSTALLDIR%%/etc/data/rgb.txt
xpe-sessionstarttimeout: 60
xpe-tzmapfile: %%INSTALLDIR%%/etc/data/timezonemap.txt
Edited by: 952573 on Aug 13, 2012 4:41 PM

VDC in an SGD array

Similar Messages

Maybe you are looking for