Veizon Fivespot VZ Access Manager HELP

So. I had a Windows XP Home with SP3, Sony Vaio Desktop. My Fivespot worked excellent. My computer crashed a couple days ago. I cleaned out the inside, and did a full System Recovery. Started it up and the computer would download the VZ Access Manager, but wouldn't download the ZTE Driver. When I open VZAM and click Detect Device both, Auto Detect, and USB Modem say the Device was not detected. I called Verizon they ran me through Turning it on and off, Unplugging/Plugging it in, Uninstalling/Reinstalling it, etc. Nothing worked and they said they don't know whats wrong with it. I asked if it's because I no longer have the Service Packs from doing the Recovery. They said I should try and get that.
I went to my dad's and hooked it up to the cable modem. Downloaded all the updates I had til the day my computer crashed. All the programs and pretty much everything works fine. (I think I just had so much dust and gunk everywhere in the system covering the fans, so it probably overheated, couldn't have been a Virus, I have the best Antivirus, AntiSpyware, and anti Malware scanners.) Tried installing it again. It downloaded the ZTE Driver. I open it up and it's still saying The device wasn't detected! It doesn't even show the WiFi router my dad had sitting right in the next room, and I even entered in his IP, Subnet, and Gateway info in the wifi prefrences screen. I took it out and tried installing it onto my Dad's PC. I opened it up and it detects it, shows the WiFi locations, but then on his I couldn't connect with the VPN. Someone PLease HELP ME!! Should I just go to Verizon and try to trade it in (it's only a month old). or is this a problem anyone else had, or knows how to fix? THanks

Does your laptop see any USB devices any more?
Does your laptop see any WIFI devices any more?
Does your wireless nic show in device manager as working?

Similar Messages

Login onto Oracle Access Manager HELP PLEASE!!!

Hi All,
I have a major problem, all of a sudden I am unable to log on to my Access Manager via the Web Console.
My OAM is using OVD for User Directory and AD as the configuration Directory.
When I try and logon using any user (LDAP mainly) it says "invalid credentials", I hit "Lost PW" button and returns the same message.
Has any one got any ideas, OVD seems ok, I can browse both my Active directories with it, my AD are avaliable (telnet port 389 ok)
I have enabled loggin on the OVD. It give me the following on the main server log. below is also the server exception log, sections are separated by a -------------.
Thanks inadvance
[2008-03-19 18:05:37,635] WARN - DoSManager: Found unbound connection from active ip addresses.[Session: cn=admin/192.168.200.75] [DoSManager]
[2008-03-19 18:05:37,635] WARN - DoSManager: Found unbound connection from active ip addresses.[Session: cn=admin/192.168.200.75] [DoSManager]
[2008-03-19 18:05:37,635] WARN - DoSManager: Found unbound connection from active users.[Session: cn=admin/192.168.200.75] [DoSManager]
[2008-03-19 18:05:37,635] WARN - DoSManager: Found unbound connection from active users.[Session: cn=admin/192.168.200.75] [DoSManager]
[2008-03-19 18:05:37,635] WARN - DoSManager: Found unbound connection from active users.[Session: cn=admin/192.168.200.75] [DoSManager]
[2008-03-19 18:05:37,635] WARN - DoSManager: Found unbound connection from active users.[Session: cn=admin/192.168.200.75] [DoSManager]
[2008-03-19 18:05:44,322] INFO - DumpTransactions: SEARCH Operation: (Transaction#OC-AD.Dump Before.32)
BindDN: cn=admin
Base: dc=MyCompany,dc=ovd
Scope: 2
Filter: (&(objectclass=inetorgperson)(&(uid=dpapadopoulos)(|(obUserAccountControl=ACTIVATED)(!(obUserAccountControl=*)))))
TypesOnly: FALSE
Attrs: [cn] [WorkThread# 7]
[2008-03-19 18:05:44,322] INFO - DumpTransactions: SEARCH Operation: (Transaction#OC-AD.Dump After.32)
BindDN: cn=admin
Base: dc=MyCompany,dc=ovd
Scope: 2
Filter: (&(objectclass=user)(&(samaccountname=dpapadopoulos)(|(obUserAccountControl=ACTIVATED)(!(obUserAccountControl=*)))))
TypesOnly: FALSE
Attrs: [cn] [WorkThread# 7]
[2008-03-19 18:05:44,322] WARN - ConnectionHandle: Remote Server Failure:connection closed [WorkThread# 7]
[2008-03-19 18:05:44,322] INFO - DumpTransactions: SEARCH Results: (Transaction#OC-AD.Dump After.32) NULL [WorkThread# 7]
[2008-03-19 18:05:44,322] INFO - DumpTransactions: SEARCH Results: (Transaction#OC-AD.Dump Before.32) NULL [WorkThread# 7]
[2008-03-19 18:05:44,322] INFO - exceptionlog: SEARCH Results: (Transaction#OC-AD.Dump After.32) NULL [WorkThread# 7]
com.octetstring.vde.util.DirectoryException: LDAP Error 2 : No Remote Servers Available at com.octetstring.vde.backend.jndi.BackendJNDI.flushConnections(BackendJNDI.java:1820) at com.octetstring.vde.backend.jndi.ConnectionManager.flushConnections(ConnectionManager.java:64) at com.octetstring.vde.backend.jndi.ConnectionHandle.search(ConnectionHandle.java:367) at com.octetstring.vde.backend.jndi.BackendJNDI.get(BackendJNDI.java:1108) at com.octetstring.vde.chain.Chain.nextGet(Chain.java:289) at com.octetstring.vde.chain.plugins.DumpTransactions.DumpTransactions.get(DumpTransactions.java:267) at com.octetstring.vde.chain.Chain.nextGet(Chain.java:298) at com.octetstring.vde.chain.BasePlugin.get(BasePlugin.java:86) at com.octetstring.vde.chain.Chain.nextGet(Chain.java:298) at com.octetstring.vde.chain.plugins.objectClass.ObjectClassMapper.get(ObjectClassMapper.java:267) at com.octetstring.vde.chain.Chain.nextGet(Chain.java:298) at com.octetstring.vde.chain.BasePlugin.get(BasePlugin.java:86) at com.octetstring.vde.chain.Chain.nextGet(Chain.java:298) at com.octetstring.vde.chain.plugins.DumpTransactions.DumpTransactions.get(DumpTransactions.java:267) at com.octetstring.vde.chain.Chain.nextGet(Chain.java:298) at com.octetstring.vde.chain.PluginChain.runGet(PluginChain.java:188) at com.octetstring.vde.chain.PluginManager.runGet(PluginManager.java:425) at com.octetstring.vde.chain.PluginManager.runGet(PluginManager.java:380) at com.octetstring.vde.backend.AdapterServiceInterface.get(AdapterServiceInterface.java:560) at com.octetstring.vde.backend.BackendHandler.get(BackendHandler.java:707) at com.octetstring.vde.chain.Chain.nextGet(Chain.java:282) at com.octetstring.vde.chain.plugins.AclCheckerPlugin.get(AclCheckerPlugin.java:322) at com.octetstring.vde.chain.Chain.nextGet(Chain.java:298) at com.octetstring.vde.chain.PluginChain.runGet(PluginChain.java:188) at com.octetstring.vde.chain.PluginManager.runGet(PluginManager.java:425) at com.octetstring.vde.chain.PluginManager.runGet(PluginManager.java:380) at com.octetstring.vde.chain.GlobalServicesInterface.runGet(GlobalServicesInterface.java:205) at com.octetstring.vde.operation.SearchOperation.perform(SearchOperation.java:401) at com.octetstring.vde.MessageHandler.doSearch(MessageHandler.java:517) at com.octetstring.vde.MessageHandler.answerRequest(MessageHandler.java:136) at com.octetstring.vde.WorkThread.run(WorkThread.java:89) [2008-03-19 18:05:44,322] INFO - exceptionlog: SEARCH Results: (Transaction#OC-AD.Dump Before.32) NULL [WorkThread# 7]
com.octetstring.vde.util.DirectoryException: LDAP Error 2 : No Remote Servers Available at com.octetstring.vde.backend.jndi.BackendJNDI.flushConnections(BackendJNDI.java:1820) at com.octetstring.vde.backend.jndi.ConnectionManager.flushConnections(ConnectionManager.java:64) at com.octetstring.vde.backend.jndi.ConnectionHandle.search(ConnectionHandle.java:367) at com.octetstring.vde.backend.jndi.BackendJNDI.get(BackendJNDI.java:1108) at com.octetstring.vde.chain.Chain.nextGet(Chain.java:289) at com.octetstring.vde.chain.plugins.DumpTransactions.DumpTransactions.get(DumpTransactions.java:267) at com.octetstring.vde.chain.Chain.nextGet(Chain.java:298) at com.octetstring.vde.chain.BasePlugin.get(BasePlugin.java:86) at com.octetstring.vde.chain.Chain.nextGet(Chain.java:298) at com.octetstring.vde.chain.plugins.objectClass.ObjectClassMapper.get(ObjectClassMapper.java:267) at com.octetstring.vde.chain.Chain.nextGet(Chain.java:298) at com.octetstring.vde.chain.BasePlugin.get(BasePlugin.java:86) at com.octetstring.vde.chain.Chain.nextGet(Chain.java:298) at com.octetstring.vde.chain.plugins.DumpTransactions.DumpTransactions.get(DumpTransactions.java:267) at com.octetstring.vde.chain.Chain.nextGet(Chain.java:298) at com.octetstring.vde.chain.PluginChain.runGet(PluginChain.java:188) at com.octetstring.vde.chain.PluginManager.runGet(PluginManager.java:425) at com.octetstring.vde.chain.PluginManager.runGet(PluginManager.java:380) at com.octetstring.vde.backend.AdapterServiceInterface.get(AdapterServiceInterface.java:560) at com.octetstring.vde.backend.BackendHandler.get(BackendHandler.java:707) at com.octetstring.vde.chain.Chain.nextGet(Chain.java:282) at com.octetstring.vde.chain.plugins.AclCheckerPlugin.get(AclCheckerPlugin.java:322) at com.octetstring.vde.chain.Chain.nextGet(Chain.java:298) at com.octetstring.vde.chain.PluginChain.runGet(PluginChain.java:188) at com.octetstring.vde.chain.PluginManager.runGet(PluginManager.java:425) at com.octetstring.vde.chain.PluginManager.runGet(PluginManager.java:380) at com.octetstring.vde.chain.GlobalServicesInterface.runGet(GlobalServicesInterface.java:205) at com.octetstring.vde.operation.SearchOperation.perform(SearchOperation.java:401) at com.octetstring.vde.MessageHandler.doSearch(MessageHandler.java:517) at com.octetstring.vde.MessageHandler.answerRequest(MessageHandler.java:136) at com.octetstring.vde.WorkThread.run(WorkThread.java:89)
If you have got this far then thanks for reading ;)

Finally managed to solve the problem.
While creating the Join view adapter, we had to specify the binding adapter as OID instead of the database as we had done.
Changed the binding adapter to OID and can login to OAM console now!
:)

Please help me about Sun Access Manager . . .

Hi every body,
I deploy successful Access Manager 7.1 on domain1 in GlassFish server.
At address admin console domain1 : http://my.test.domain:4848/
At adress listening : http://my.test.domain:8080/amserver/
And then I install Policy Agent 2.2 and deploy agentapp.war succesful on domain2 in GlassFish server.
At address admin console domain2 : http://my.test.domain:6868/
At adress listening : http://my.test.domain:6948/agentapp.war.
And then I deploy agentsample.ear on domain2 in GlashFish server and addess deployment is : http://my.test.domain:6948/agentsample
And then I login Access Manager that create policy : http://my.test.domain:6948/agentsample/*
When I browser http://my.test.domain:6948/agentsample on IE it redirect to Access Manager login.
But I read a attach document, it asked me, created user and asign roles employee, manager, admin.
I wondered that employee, manager and admin roles are available?
If it hasnt that roles, How to create it ?
And How to use LDAP and install Sun Directory server in window xp?
Then end, Can you tell me, Whats wrong if I configure like above ?
I hope you help me . . .
Thank you very much.
VinhND
Edited by: javatoall on Jan 17, 2008 9:44 PM

Hi,
I added a page to the wiki which adds more detail to the steps to create the sample app policies on the am/fam/opensso server console UI. This includes some screen shots as well.
This is one good thing about the sample app is that you have to learn to install the opensso server, install the agent, configure the agents properties for the sample app security and also use the opensso server UI to create policies.
It is a bit of work, but when done you will know how to use a lot of opensso features.
You do not need a directory server. The sample app readme refers to some directory things that really can be ignored. The wording should be changed.
Anyhow you can use this wiki page along with the readme to help you set up the policies, the subjects etc that map to the sample app
http://wikis.sun.com/display/OpenSSO/samplepolicy
I will try to make a getting started page for new users, though you have done most the steps now, and need to set up sample. But this page might be useful for others who want to get started http://wikis.sun.com/display/OpenSSO/getstarted
hth,
Sean

Oracle Access Manager, ADAM & UCM integration? Help please..

I`m currently investigating the potential of using Oracle Access Manager (OAM) as a tool that allows connections to multiple Active Directory(AD) or ADAM servers providing a single point to author and manage users with a good easy to use GUI.
The UCM will connect directly to OAM and authenticate users connecting from AD accounts..
At the moment we use Quest software to manage users, but the cost for setting up users is £15/user where as OAM is only £3. I believe..
Right the questions I have :)
1. Has any one set this type of environment up?
2. ls OAM stand alone or will I need additional software to set it up?
Reading the installation guide it says I need the following:
# Oracle Internet Directory 10g (10.1.4.0.1)
# Microsoft Active Directory
# Oracle Virtual Directory Server 10.1.4.0.1
# Oracle Virtual Directory Manager 10.1.4.0.1
# Oracle Virtual Directory Patch 10.1.4.0.1 (P5667977)
# Stand-alone Oracle HTTP Server 2.x (This needs to be preinstalled in your environment. You can download the OHS 2.x standalone from the Oracle SOA Suite 10g Companion (10.1.3.1.0) release from here.)
3. Can I use IIS instead of Oracle HTTP Server?
4. Can I install OAM on 1 server or do I need multiple servers, I`v been looking at the diagrams and reading through the guides I`m getting a little confused with Identity and Access server?

Hi,
Have you got information reg UCM & OAM integration?
Could you please help me with the integration guide?
Regards,
Ashish

Help with access manager

Hi All,
I am completely new to the access manager. I need your help.
I have sun-one app server and access manager installed successfully, all I want to do is just access the access manager from the a simple JSP page and authenticate the user.
Any sample code, tutorials for the initial configuration and run this sample would be greatly appreciated.
Thanks,
Bob

Hi
As you have successfully login into the access manager
can you help me in doing the same thing as after installing Access manager in linux in realm mode its not accessible through
http://localhost:80/amserver
Thanks in advance
Madhvi
[email protected]

Urgent help requested: Access Manager integration with BEA Portal

We're using Access Manager 7.1 and Policy Agent 2.2 to authenticate users for our BEA WL Portal 10 which contains all of our content and applications. The portal contains both anonymous pages and protected pages (for registered users).
Problem: When an anonymous user who is going through a multi-step application flow decides to sign-in to their account (or sign-up) Policy Agent wipes out the current content of the user session, and creates a brand new user session after the user is authenticated. Therefore we cannot send the user back to the same spot in the portal where they were before signing-in.
Is there anyway to make Policy Agent preserve the content and state of http session when authenticating a user?
We have a business requirement to allow users to continue their application process after successfully signing in.
Thanks in advance.

Hi,
I think this problem is not just related to weblogic 10 agent, it is a general problem for any agents.
Can you please clarify what you mean by "anonymous user "? Do you mean that this user has never logged in to Access Manager, and is just browsing the site as an anonymous user, or do you have a role specified as "anonymous user " that they are currently logged into when browsing the site?
thx,
Sean

Plse...help me on the communicating between CLEAN ACCESS MANAGER and Switch 3560E-24Ps by snmp

Dear All,
I try to configure in both Clean Access Manager and Switch 3560E-24Ps on SNMP Version 2 protocol but I can't make it working together (For CAM and Switch 3560G-48Ps I can do that). Plse give me any suggestion to solve that problem. All configuration is as below:

http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/412/cam/412_cam_book.html

HELP GETTING Started with Sun Access Manager without TEARS.

I am new to Sun Access Manager.
I am quite familiar with how Sun Java Identity Manager works.
The following is the issue I am facing.
I've downloaded the following images from the sun website
java_es_05Q4-ga1-solaris-x86-1-iso
and
java_es_05Q4-ga1-solaris-x86-2-iso
I've installed the components on sun solaris 10
The following components were installed
/opt/SUNWcomds
I am not sure what this is for
/opt/SUNWdsvmn
I am not sure what it is.
/opt/SUNWma
What is this I was expecting SUNWam the access management software!
/opt/SUNWwbsvr -- This is the Web Server.
I know how to use it.
Can anyone tell me on how to go about it?
Is there any online tutorial for the same.
What is the difference between sparc version and x86. Can i use any of these on solaris 10?
Anyhelp getting started would be highly appreciated.
I am looking at doing the following things.
ssl,fed, auth, custauth etc
Thanks a ton in Advance.
Regards,
Vinod

I documented my installation procedure for Access Manager 7.0 (2005Q4) and Portal 7.0. Take a look at my wiki page:
http://wiki.its.queensu.ca/display/JES/Access+Manager+installation
It's a two node Access manager Legacy site and I also implemented session-failover using Message Queue and Berkeley Database.

Can not login access manager

mail server version is JES messaging Server 6 2005Q4 :
My Access Manager:http://hostname:8080/amserver
last week, i login access manager, under the web label or configuration label�F
in "ldap" item�Ci add new dc=xx,dc=xx,dc=xx�C
then save configuration.
but after that i can not login access manager.
when i user admin login,it print:"
Authentication failed".
what should i do to restore access manage?
thanks!

javatoall wrote:
Hi,
I login Access Manager, access sample "realm" -> Authentication->
Advance Properties -> User profiles and then I choiced "Dynamic with user Alias".
Then I only configure JDBC authentication with mysql database that I don't used ldapservice.
When I created a one new user in MySQL, I can login into web application that i security as "sample.war" successfull but new user don't right access resource that i protected before.
When i login access manager with amdmin user, I can not find user that i has been created it in MySQL database. t
When the users are created through the dynamic profile, the default cn/sn are set to "default" , after creation you need to login to amconsole as amadmin and change/add proper values for these attributes.
Alternatively you can set the protected resource's policy subject to Authenticated users. This will work but not sure will meet your requirement
>
When i login access manager console with new user, it login successful, and view Profile of new user that I has been created.
Can you tell me How to manage new user that I has been new in MySQL by Access manager console ?
I want to configure access proteced resourse for that user. How to configure that ?
read above use the authenticated users subject
Thank for every help.
VinhND.

Problem with second instance of access manager

Well, after sorting out things with the first install of access manager, I went on to install a second instance on a different host (it's required for delegated admin..)
Here are the options I used on install:
Access Manager: Administration (1 of 6)
Administrator User ID: amAdmin
Administrator Password [] {"<" goes back, "!" exits}:
Retype Password [] {"<" goes back, "!" exits}:
LDAP User ID: amldapuser
LDAP Password [] {"<" goes back, "!" exits}:
Retype Password [] {"<" goes back, "!" exits}:
Password Encryption Key [gFoe4t8UlUW3wEApngAY3S8bCQFVMlGk] {"<" goes back,
"!" exits}: weW5jtopMLQsODiBZDp+hlEp1/CtbiXX
Install type (Realm/Legacy) Mode [Legacy] {"<" goes back, "!" exits}:
Access Manager: Web Container (2 of 6)
1. Sun Java System Application Server
2. Sun Java System Web Server
Select the container to deploy the component and hit enter key [2] {"<" goes
back, "!" exits}
Access Manager: Sun Java System Web Server (3 of 6)
Host Name [zone2.corenode.com] {"<" goes back, "!" exits}:
Web Server Instance Directory [opt/SUNWwbsvr/https-zone2.corenode.com] {"<"
goes back, "!" exits}:
Web Server Port [80] {"<" goes back, "!" exits}:
Document Root Directory [opt/SUNWwbsvr/docs] {"<" goes back, "!" exits}:
Secure Server Instance Port [No] {"<" goes back, "!" exits}:
Access Manager: Web Container for running Access Manager Services(4 of 6)
Host Name [zone2.corenode.com] {"<" goes back, "!" exits}:
Services Deployment URI [amserver] {"<" goes back, "!" exits}:
Common Domain Deployment URI [amcommon] {"<" goes back, "!" exits}:
Cookie Domain(Assure it is not a top level domain) [.corenode.com] {"<" goes
back, "!" exits}:
Administration Console [Yes] {"<" goes back, "!" exits}:
Console Deployment URI [amconsole] {"<" goes back, "!" exits}:
Password Deployment URI [ampassword] {"<" goes back, "!" exits}:
Access Manager: Directory Server Information (5 of 6)
Directory Server Host [] {"<" goes back, "!" exits}: zone1.corenode.com
Directory Server Port [] {"<" goes back, "!" exits}: 389
Directory Root Suffix [dc=corenode,dc=com] {"<" goes back, "!" exits}:
Directory Manager DN [cn=Directory Manager] {"<" goes back, "!" exits}:
Directory Manager Password [] {"<" goes back, "!" exits}:
Access Manager: Directory Server Information (6 of 6)
Is Directory Server provisioned with user data [No] {"<" goes back, "!"
exits}? Yes
Organization Marker Object Class [sunISManagedOrganization] {"<" goes back,
"!" exits}:
Organization Naming Attribute [o] {"<" goes back, "!" exits}:
User Marker Object Class [inetorgperson] {"<" goes back, "!" exits}:
User Naming Attribute [uid] {"<" goes back, "!" exits}:
Yes, I am using the same key as was used on host1 for access manager. Yes, access manager on host 1 is quite functional right now. Yes, that directory server works. Now I'm really stumped on what to do! Everything in JES seems to work great except access manager, the exceptions it throws really don't help any at all in troubleshooting.
Any ideas?

More info from error logs:
# pwd
/var/opt/SUNWam/debug
# tail -200 amAuth
04/12/2006 09:56:47:127 AM HST: Thread[main,5,main]
ERROR: AuthD failed to get auth session
04/12/2006 09:56:47:165 AM HST: Thread[main,5,main]
ERROR: AuthD init()
com.iplanet.dpro.session.SessionException: AuthD failed to get auth session
at com.sun.identity.authentication.service.AuthD.initAuthSessions(AuthD.java:709)
at com.sun.identity.authentication.service.AuthD.<init>(AuthD.java:229)
at com.sun.identity.authentication.service.AuthD.getAuth(AuthD.java:494)
at com.sun.identity.authentication.UI.LoginLogoutMapping.init(LoginLogoutMapping.java:71)
at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:921)
at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:813)
at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3478)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:3760)
at com.iplanet.ias.web.WebModule.start(WebModule.java:251)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:652)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:355)
at org.apache.catalina.startup.Embedded.start(Embedded.java:995)
at com.iplanet.ias.web.WebContainer.start(WebContainer.java:431)
at com.iplanet.ias.web.WebContainer.startInstance(WebContainer.java:500)
at com.iplanet.ias.server.J2EERunner.confPostInit(J2EERunner.java:161)
# tail -200 amSession
04/12/2006 09:56:47:098 AM HST: Thread[main,5,main]
ERROR: SessionService.SessionService(): Initialization Failed
com.iplanet.services.naming.ServerEntryNotFoundException: Cannot find server ID.
at com.iplanet.services.naming.WebtopNaming.getServerID(WebtopNaming.java:350)
at com.iplanet.dpro.session.service.SessionService.<init>(SessionService.java:1540)
at com.iplanet.dpro.session.service.SessionService.getSessionService(SessionService.java:382)
at com.sun.identity.authentication.service.AuthD.getSS(AuthD.java:685)
at com.sun.identity.authentication.service.AuthD.initAuthSessions(AuthD.java:706)
at com.sun.identity.authentication.service.AuthD.<init>(AuthD.java:229)
at com.sun.identity.authentication.service.AuthD.getAuth(AuthD.java:494)
at com.sun.identity.authentication.UI.LoginLogoutMapping.init(LoginLogoutMapping.java:71)
at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:921)
at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:813)
at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3478)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:3760)
at com.iplanet.ias.web.WebModule.start(WebModule.java:251)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:652)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:355)
at org.apache.catalina.startup.Embedded.start(Embedded.java:995)
at com.iplanet.ias.web.WebContainer.start(WebContainer.java:431)
at com.iplanet.ias.web.WebContainer.startInstance(WebContainer.java:500)
at com.iplanet.ias.server.J2EERunner.confPostInit(J2EERunner.java:161)
04/12/2006 09:56:47:126 AM HST: Thread[main,5,main]
ERROR: Error creating service session
java.lang.NullPointerException
at com.iplanet.dpro.session.service.SessionService.generateEncryptedID(SessionService.java:588)
at com.iplanet.dpro.session.service.SessionService.generateSessionId(SessionService.java:612)
at com.iplanet.dpro.session.service.SessionService.newInternalSession(SessionService.java:557)
at com.iplanet.dpro.session.service.SessionService.getServiceSession(SessionService.java:501)
at com.iplanet.dpro.session.service.SessionService.getAuthenticationSession(SessionService.java:408)
at com.sun.identity.authentication.service.AuthD.initAuthSessions(AuthD.java:706)
at com.sun.identity.authentication.service.AuthD.<init>(AuthD.java:229)
at com.sun.identity.authentication.service.AuthD.getAuth(AuthD.java:494)
at com.sun.identity.authentication.UI.LoginLogoutMapping.init(LoginLogoutMapping.java:71)
at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:921)
at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:813)
at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3478)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:3760)
at com.iplanet.ias.web.WebModule.start(WebModule.java:251)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:652)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:355)
at org.apache.catalina.startup.Embedded.start(Embedded.java:995)
at com.iplanet.ias.web.WebContainer.start(WebContainer.java:431)
at com.iplanet.ias.web.WebContainer.startInstance(WebContainer.java:500)
at com.iplanet.ias.server.J2EERunner.confPostInit(J2EERunner.java:161)
#

Too Slow - Domino 6.5.4 with access manager agent 2.2 ?

I don't know how to tune Domino 6.5.4 with access manager agent 2.2?
I think AMAgent.properties is not good for SSO.
Please help me to tune it.
# $Id: AMAgent.properties,v 1.103 2005/09/19 22:08:34 madan Exp $
# Copyright ? 2002 Sun Microsystems, Inc. All rights reserved.
# U.S. Government Rights - Commercial software. Government users are
# subject to the Sun Microsystems, Inc. standard license agreement and
# applicable provisions of the FAR and its supplements. Use is subject to
# license terms. Sun, Sun Microsystems, the Sun logo and Sun ONE are
# trademarks or registered trademarks of Sun Microsystems, Inc. in the
# U.S. and other countries.
# Copyright ? 2002 Sun Microsystems, Inc. Tous droits r閟erv閟.
# Droits du gouvernement am閞icain, utlisateurs gouvernmentaux - logiciel
# commercial. Les utilisateurs gouvernmentaux sont soumis au contrat de
# licence standard de Sun Microsystems, Inc., ainsi qu aux dispositions en
# vigueur de la FAR [ (Federal Acquisition Regulations) et des suppl閙ents
# ? celles-ci.
# Distribu? par des licences qui en restreignent l'utilisation. Sun, Sun
# Microsystems, le logo Sun et Sun ONE sont des marques de fabrique ou des
# marques d閜os閑s de Sun Microsystems, Inc. aux Etats-Unis et dans
# d'autres pays.
# The syntax of this file is that of a standard Java properties file,
# see the documentation for the java.util.Properties.load method for a
# complete description. (CAVEAT: The SDK in the parser does not currently
# support any backslash escapes except for wrapping long lines.)
# All property names in this file are case-sensitive.
# NOTE: The value of a property that is specified multiple times is not
# defined.
# WARNING: The contents of this file are classified as an UNSTABLE
# interface by Sun Microsystems, Inc. As such, they are subject to
# significant, incompatible changes in any future release of the
# software.
# The name of the cookie passed between the Access Manager
# and the SDK.
# WARNING: Changing this property without making the corresponding change
# to the Access Manager will disable the SDK.
com.sun.am.cookie.name = iPlanetDirectoryPro
# The URL for the Access Manager Naming service.
com.sun.am.naming.url = http://sportal.yjy.dqyt.petrochina:80/amserver/namingservice
# The URL of the login page on the Access Manager.
com.sun.am.policy.am.login.url = http://sportal.yjy.dqyt.petrochina:80/amserver/UI/Login
# Name of the file to use for logging messages.
com.sun.am.policy.agents.config.local.log.file = c:/Sun/Access_Manager/Agents/2.2/debug/C__Lotus_Domino/amAgent
# This property is used for Log Rotation. The value of the property specifies
# whether the agent deployed on the server supports the feature of not. If set
# to false all log messages are written to the same file.
com.sun.am.policy.agents.config.local.log.rotate = true
# Name of the Access Manager log file to use for logging messages to
# Access Manager.
# Just the name of the file is needed. The directory of the file
# is determined by settings configured on the Access Manager.
com.sun.am.policy.agents.config.remote.log = amAuthLog.Dominoad.yjy.dqyt.petrochina.80
# Set the logging level for the specified logging categories.
# The format of the values is
#     <ModuleName>[:<Level>][,<ModuleName>[:<Level>]]*
# The currently used module names are: AuthService, NamingService,
# PolicyService, SessionService, PolicyEngine, ServiceEngine,
# Notification, PolicyAgent, RemoteLog and all.
# The all module can be used to set the logging level for all currently
# none logging modules. This will also establish the default level for
# all subsequently created modules.
# The meaning of the 'Level' value is described below:
#     0     Disable logging from specified module*
#     1     Log error messages
#     2     Log warning and error messages
#     3     Log info, warning, and error messages
#     4     Log debug, info, warning, and error messages
#     5     Like level 4, but with even more debugging messages
# 128     log url access to log file on AM server.
# 256     log url access to log file on local machine.
# If level is omitted, then the logging module will be created with
# the default logging level, which is the logging level associated with
# the 'all' module.
# for level of 128 and 256, you must also specify a logAccessType.
# *Even if the level is set to zero, some messages may be produced for
# a module if they are logged with the special level value of 'always'.
com.sun.am.log.level =
# The org, username and password for Agent to login to AM.
com.sun.am.policy.am.username = UrlAccessAgent
com.sun.am.policy.am.password = LYnKyOIgdWt404ivWY6HPQ==
# Name of the directory containing the certificate databases for SSL.
com.sun.am.sslcert.dir = c:/Sun/Access_Manager/Agents/2.2/domino/cert
# Set this property if the certificate databases in the directory specified
# by the previous property have a prefix.
com.sun.am.certdb.prefix =
# Should agent trust all server certificates when Access Manager
# is running SSL?
# Possible values are true or false.
com.sun.am.trust_server_certs = true
# Should the policy SDK use the Access Manager notification
# mechanism to maintain the consistency of its internal cache? If the value
# is false, then a polling mechanism is used to maintain cache consistency.
# Possible values are true or false.
com.sun.am.notification.enable = true
# URL to which notification messages should be sent if notification is
# enabled, see previous property.
com.sun.am.notification.url = http://Dominoad.yjy.dqyt.petrochina:80/amagent/UpdateAgentCacheServlet?shortcircuit=false
# This property determines whether URL string case sensitivity is
# obeyed during policy evaluation
com.sun.am.policy.am.url_comparison.case_ignore = true
# This property determines the amount of time (in minutes) an entry
# remains valid after it has been added to the cache. The default
# value for this property is 3 minutes.
com.sun.am.policy.am.polling.interval=3
# This property allows the user to configure the User Id parameter passed
# by the session information from the access manager. The value of User
# Id will be used by the agent to set the value of REMOTE_USER server
# variable. By default this parameter is set to "UserToken"
com.sun.am.policy.am.userid.param=UserToken
# Profile attributes fetch mode
# String attribute mode to specify if additional user profile attributes should
# be introduced into the request. Possible values are:
# NONE - no additional user profile attributes will be introduced.
# HTTP_HEADER - additional user profile attributes will be introduced into
# HTTP header.
# HTTP_COOKIE - additional user profile attributes will be introduced through
# cookies.
# If not within these values, it will be considered as NONE.
com.sun.am.policy.agents.config.profile.attribute.fetch.mode=NONE
# The user profile attributes to be added to the HTTP header. The
# specification is of the format ldap_attribute_name|http_header_name[,...].
# ldap_attribute_name is the attribute in data store to be fetched and
# http_header_name is the name of the header to which the value needs
# to be assigned.
# NOTE: In most cases, in a destination application where a "http_header_name"
# shows up as a request header, it will be prefixed by HTTP_, and all
# lower case letters will become upper case, and any - will become _;
# For example, "common-name" would become "HTTP_COMMON_NAME"
com.sun.am.policy.agents.config.profile.attribute.map=cn|common-name,ou|organizational-unit,o|organization,mail|email,employeenumber|employee-
number,c|country
# Session attributes mode
# String attribute mode to specify if additional user session attributes should
# be introduced into the request. Possible values are:
# NONE - no additional user session attributes will be introduced.
# HTTP_HEADER - additional user session attributes will be introduced into HTTP header.
# HTTP_COOKIE - additional user session attributes will be introduced through cookies.
# If not within these values, it will be considered as NONE.
com.sun.am.policy.agents.config.session.attribute.fetch.mode=NONE
# The session attributes to be added to the HTTP header. The specification is
# of the format session_attribute_name|http_header_name[,...].
# session_attribute_name is the attribute in session to be fetched and
# http_header_name is the name of the header to which the value needs to be
# assigned.
# NOTE: In most cases, in a destination application where a "http_header_name"
# shows up as a request header, it will be prefixed by HTTP_, and all
# lower case letters will become upper case, and any - will become _;
# For example, "common-name" would become "HTTP_COMMON_NAME"
com.sun.am.policy.agents.config.session.attribute.map=
# Response Attribute Fetch Mode
# String attribute mode to specify if additional user response attributes should
# be introduced into the request. Possible values are:
# NONE - no additional user response attributes will be introduced.
# HTTP_HEADER - additional user response attributes will be introduced into
# HTTP header.
# HTTP_COOKIE - additional user response attributes will be introduced through
# cookies.
# If not within these values, it will be considered as NONE.
com.sun.am.policy.agents.config.response.attribute.fetch.mode=NONE
# The response attributes to be added to the HTTP header. The specification is
# of the format response_attribute_name|http_header_name[,...].
# response_attribute_name is the attribute in policy response to be fetched and
# http_header_name is the name of the header to which the value needs to be
# assigned.
# NOTE: In most cases, in a destination application where a "http_header_name"
# shows up as a request header, it will be prefixed by HTTP_, and all
# lower case letters will become upper case, and any - will become _;
# For example, "common-name" would become "HTTP_COMMON_NAME"
com.sun.am.policy.agents.config.response.attribute.map=
# The cookie name used in iAS for sticky load balancing
com.sun.am.policy.am.lb.cookie.name = GX_jst
# indicate where a load balancer is used for Access Manager
# services.
# true | false
com.sun.am.load_balancer.enable = false
####Agent Configuration####
# this is for product versioning, please do not modify it
com.sun.am.policy.agents.config.version=2.2
# Set the url access logging level. the choices are
# LOG_NONE - do not log user access to url
# LOG_DENY - log url access that was denied.
# LOG_ALLOW - log url access that was allowed.
# LOG_BOTH - log url access that was allowed or denied.
com.sun.am.policy.agents.config.audit.accesstype = LOG_DENY
# Agent prefix
com.sun.am.policy.agents.config.agenturi.prefix = http://Dominoad.yjy.dqyt.petrochina:80/amagent
# Locale setting.
com.sun.am.policy.agents.config.locale = en_US
# The unique identifier for this agent instance.
com.sun.am.policy.agents.config.instance.name = unused
# Do SSO only
# Boolean attribute to indicate whether the agent will just enforce user
# authentication (SSO) without enforcing policies (authorization)
com.sun.am.policy.agents.config.do_sso_only = true
# The URL of the access denied page. If no value is specified, then
# the agent will return an HTTP status of 403 (Forbidden).
com.sun.am.policy.agents.config.accessdenied.url =
# This property indicates if FQDN checking is enabled or not.
com.sun.am.policy.agents.config.fqdn.check.enable = true
# Default FQDN is the fully qualified hostname that the users should use
# in order to access resources on this web server instance. This is a
# required configuration value without which the Web server may not
# startup correctly.
# The primary purpose of specifying this property is to ensure that if
# the users try to access protected resources on this web server
# instance without specifying the FQDN in the browser URL, the Agent
# can take corrective action and redirect the user to the URL that
# contains the correct FQDN.
# This property is set during the agent installation and need not be
# modified unless absolutely necessary to accommodate deployment
# requirements.
# WARNING: Invalid value for this property can result in the Web Server
# becoming unusable or the resources becoming inaccessible.
# See also: com.sun.am.policy.agents.config.fqdn.check.enable,
# com.sun.am.policy.agents.config.fqdn.map
com.sun.am.policy.agents.config.fqdn.default = Dominoad.yjy.dqyt.petrochina
# The FQDN Map is a simple map that enables the Agent to take corrective
# action in the case where the users may have typed in an incorrect URL
# such as by specifying partial hostname or using an IP address to
# access protected resources. It redirects the browser to the URL
# with fully qualified domain name so that cookies related to the domain
# are received by the agents.
# The format for this property is:
# com.sun.am.policy.agents.config.fqdn.map = [invalid_hostname|valid_hostname][,...]
# This property can also be used so that the agents use the name specified
# in this map instead of the web server's actual name. This can be
# accomplished by doing the following.
# Say you want your server to be addressed as xyz.hostname.com whereas the
# actual name of the server is abc.hostname.com. The browsers only knows
# xyz.hostname.com and you have specified polices using xyz.hostname.com at
# the Access Manager policy console, in this file set the mapping as
# com.sun.am.policy.agents.fqdn.map = valid|xyz.hostname.com
# Another example is if you have multiple virtual servers say rst.hostname.com,
# uvw.hostname.com and xyz.hostname.com pointing to the same actual server
# abc.hostname.com and each of the virtual servers have their own policies
# defined, then the fqdnMap should be defined as follows:
# com.sun.am.policy.agents.fqdn.map = valid1|rst.hostname.com,valid2|uvw.hostname.com,valid3|xyz.hostname.com
# WARNING: Invalid value for this property can result in the Web Server
# becoming unusable or the resources becoming inaccessible.
com.sun.am.policy.agents.config.fqdn.map =
# Cookie Reset
# This property must be set to true, if this agent needs to
# reset cookies in the response before redirecting to
# Access Manager for Authentication.
# By default this is set to false.
# Example : com.sun.am.policy.agents.config.cookie.reset.enable=true
com.sun.am.policy.agents.config.cookie.reset.enable=false
# This property gives the comma separated list of Cookies, that
# need to be included in the Redirect Response to Access Manager.
# This property is used only if the Cookie Reset feature is enabled.
# The Cookie details need to be specified in the following Format
# name[=value][;Domain=value]
# If "Domain" is not specified, then the default agent domain is
# used to set the Cookie.
# Example : com.sun.am.policy.agents.config.cookie.reset.list=LtpaToken,
# token=value;Domain=subdomain.domain.com
com.sun.am.policy.agents.config.cookie.reset.list=
# This property gives the space separated list of domains in
# which cookies have to be set in a CDSSO scenario. This property
# is used only if CDSSO is enabled.
# If this property is left blank then the fully qualified cookie
# domain for the agent server will be used for setting the cookie
# domain. In such case it is a host cookie instead of a domain cookie.
# Example : com.sun.am.policy.agents.config.cookie.domain.list=.sun.com .iplanet.com
com.sun.am.policy.agents.config.cookie.domain.list=
# user id returned if accessing global allow page and not authenticated
com.sun.am.policy.agents.config.anonymous_user=anonymous
# Enable/Disable REMOTE_USER processing for anonymous users
# true | false
com.sun.am.policy.agents.config.anonymous_user.enable=false
# Not enforced list is the list of URLs for which no authentication is
# required. Wildcards can be used to define a pattern of URLs.
# The URLs specified may not contain any query parameters.
# Each service have their own not enforced list. The service name is suffixed
# after "# com.sun.am.policy.agents.notenforcedList." to specify a list
# for a particular service. SPACE is the separator between the URL.
com.sun.am.policy.agents.config.notenforced_list = http://dominoad.yjy.dqyt.petrochina/*.nsf http://dominoad.yjy.dqyt.petrochina/teamroom.nsf/TROutline.gif?
OpenImageResource http://dominoad.yjy.dqyt.petrochina/icons/*.gif
# Boolean attribute to indicate whether the above list is a not enforced list
# or an enforced list; When the value is true, the list means enforced list,
# or in other words, the whole web site is open/accessible without
# authentication except for those URLs in the list.
com.sun.am.policy.agents.config.notenforced_list.invert = false
# Not enforced client IP address list is a list of client IP addresses.
# No authentication and authorization are required for the requests coming
# from these client IP addresses. The IP address must be in the form of
# eg: 192.168.12.2 1.1.1.1
com.sun.am.policy.agents.config.notenforced_client_ip_list =
# Enable POST data preservation; By default it is set to false
com.sun.am.policy.agents.config.postdata.preserve.enable = false
# POST data preservation : POST cache entry lifetime in minutes,
# After the specified interval, the entry will be dropped
com.sun.am.policy.agents.config.postcache.entry.lifetime = 10
# Cross-Domain Single Sign On URL
# Is CDSSO enabled.
com.sun.am.policy.agents.config.cdsso.enable=false
# This is the URL the user will be redirected to for authentication
# in a CDSSO Scenario.
com.sun.am.policy.agents.config.cdcservlet.url =
# Enable/Disable client IP address validation. This validate
# will check if the subsequent browser requests come from the
# same ip address that the SSO token is initially issued against
com.sun.am.policy.agents.config.client_ip_validation.enable = false
# Below properties are used to define cookie prefix and cookie max age
com.sun.am.policy.agents.config.profile.attribute.cookie.prefix = HTTP_
com.sun.am.policy.agents.config.profile.attribute.cookie.maxage = 300
# Logout URL - application's Logout URL.
# This URL is not enforced by policy.
# if set, agent will intercept this URL and destroy the user's session,
# if any. The application's logout URL will be allowed whether or not
# the session destroy is successful.
com.sun.am.policy.agents.config.logout.url=
#http://sportal.yjy.dqyt.petrochina/amserver/UI/Logout
# Any cookies to be reset upon logout in the same format as cookie_reset_list
com.sun.am.policy.agents.config.logout.cookie.reset.list =
# By default, when a policy decision for a resource is needed,
# agent gets and caches the policy decision of the resource and
# all resource from the root of the resource down, from the Access Manager.
# For example, if the resource is http://host/a/b/c, the the root of the
# resource is http://host/. This is because more resources from the
# same path are likely to be accessed subsequently.
# However this may take a long time the first time if there
# are many many policies defined under the root resource.
# To have agent get and cache the policy decision for the resource only,
# set the following property to false.
com.sun.am.policy.am.fetch_from_root_resource = true
# Whether to get the client's hostname through DNS reverse lookup for use
# in policy evaluation.
# It is true by default, if the property does not exist or if it is
# any value other than false.
com.sun.am.policy.agents.config.get_client_host_name = false
# The following property is to enable native encoding of
# ldap header attributes forwarded by agents. If set to true
# agent will encode the ldap header value in the default
# encoding of OS locale. If set to false ldap header values
# will be encoded in UTF-8
com.sun.am.policy.agents.config.convert_mbyte.enable = false
#When the not enforced list or policy has a wildcard '*' character, agent
#strips the path info from the request URI and uses the resulting request
#URI to check against the not enforced list or policy instead of the entire
#request URI, in order to prevent someone from getting access to any URI by
#simply appending the matching pattern in the policy or not enforced list.
#For example, if the not enforced list has the value http://host/*.gif,
#stripping the path info from the request URI will prevent someone from
#getting access to http://host/index.html by using the URL http://host/index.html?hack.gif.
#However when a web server (for exmample apache) is configured to be a reverse
#proxy server for a J2EE application server, path info is interpreted in a different
#manner since it maps to a resource on the proxy instead of the app server.
#This prevents the not enforced list or policy from being applied to part of
#the URI below the app serverpath if there is a wildcard character. For example,
#if the not enforced list has value http://host/webapp/servcontext/* and the
#request URL is http://host/webapp/servcontext/example.jsp the path info
#is /servcontext/example.jsp and the resulting request URL with path info stripped
#is http://host/webapp, which will not match the not enforced list. By setting the
#following property to true, the path info will not be stripped from the request URL
#even if there is a wild character in the not enforced list or policy.
#Be aware though that if this is set to true there should be nothing following the
#wildcard character '*' in the not enforced list or policy, or the
#security loophole described above may occur.
com.sun.am.policy.agents.config.ignore_path_info = false
# Override the request url given by the web server with
# the protocol, host or port of the agent's uri specified in
# the com.sun.am.policy.agents.agenturiprefix property.
# These may be needed if the agent is sitting behind a ssl off-loader,
# load balancer, or proxy, and either the protocol (HTTP scheme),
# hostname, or port of the machine in front of agent which users go through
# is different from the agent's protocol, host or port.
com.sun.am.policy.agents.config.override_protocol =
com.sun.am.policy.agents.config.override_host =
com.sun.am.policy.agents.config.override_port =
# Override the notification url in the same way as other request urls.
# Set this to true if any one of the override properties above is true,
# and if the notification url is coming through the proxy or load balancer
# in the same way as other request url's.
com.sun.am.policy.agents.config.override_notification.url =
# The following property defines how long to wait in attempting
# to connect to an Access Manager AUTH server.
# The default value is 2 seconds. This value needs to be increased
# when receiving the error "unable to find active Access Manager Auth server"
com.sun.am.policy.agents.config.connection_timeout =
# Time in milliseconds the agent will wait to receive the
# response from Access Manager. After the timeout, the connection
# will be drop.
# A value of 0 means that the agent will wait until receiving the response.
# WARNING: Invalid value for this property can result in
# the resources becoming inaccessible.
com.sun.am.receive_timeout = 0
# The three following properties are for IIS6 agent only.
# The two first properties allow to set a username and password that will be
# used by the authentication filter to pass the Windows challenge when the Basic
# Authentication option is selected in Microsoft IIS 6.0. The authentication
# filter is named amiis6auth.dll and is located in
# Agent_installation_directory/iis6/bin. It must be installed manually on
# the web site ("ISAPI Filters" tab in the properties of the web site).
# It must also be uninstalled manually when unintalling the agent.
# The last property defines the full path for the authentication filter log file.
com.sun.am.policy.agents.config.iis6.basicAuthentication.username =
com.sun.am.policy.agents.config.iis6.basicAuthentication.password =
com.sun.am.policy.agents.config.iis6.basicAuthentication.logFile = c:/Sun/Access_Manager/Agents/2.2/debug/C__Lotus_Domino/amAuthFilter

Hi,
I installed opensso (so Sun Java(TM) System Access Manager 7.5) and the agent for Domino 6.5.4 and I have the message in logs "amAgent"
2007-07-11 18:40:16.119 Error 1708:3dbcf768 PolicyAgent: render_response(): Entered.
I have the box to identify but it doesnot connect me on my opensso server.
It still identify with Domino's server
Thanks for your response
Thomas

How to change LDAP server setting in Access Manager 6.2

Hi,
We have initially set authentication as a SunONE Directory Server 5.1 (master DS1) in Sun Java System Access Manager 6.2. In both /etc/opt/SUNWam/config/serverconfig.xml
/etc/opt/SUNWam/config/AMConfig.properties
conf files, DS1 was set initially. Also on console's Service Configuration ->LDAP->Primary LDAP Server was set as "DS1"
Now the problem is that I am not able to change the DS1 to the other master "DS2". I set DS2 in both above conf files and also the Service Configuration page as Primary LDAP Server. I restarted the server. When I stopped the DS1, I couldn't login access manager console with any user. It looks like it is still trying to get authentication from DS1.
Does anybody know what I am missing here?
Regards,

After hopeless tries, I finally made it work;) The trick was actually updating the sunKeyValue attribute of the entry:
"dn:ou=default,ou=OrganizationConfig,ou=1.0,ou=iPlanetAMAuthLDAPService,ou=ser
vices,dc=company,dc=com" in one of the master DS I have.
Even though I set DS2 and loadBalancer hosts in all conf files and in Primary LDAP conf in amconsole's Service Configuration, it just didn't work until I inserted loadBalancer host in sunKeyValue attribute.
Hope it helps to someone....
-Bora

Setting up Access Manager and Directory Server for Failover.

I'm setting up 2 Access Managers AM1,AM2 and 2 Directory Servers DS1 and DS2 for failover. I've connected AM1 and AM2 to DS1. Suffixes of DS1 is replicated to DS2. Any change made to AM1 is replicated to AM2 as expected. I just patched AM1 with Access Manager patch 1 and the version information for AM1 shows 7.1 126359-01. I followed the same procedure to patch AM2 but AM2 still shows ver 7.1.
How do I make sure both Access Managers are patched to the same version?
I'm able to authenticate to one IIS6 site and authentication is passed on to Outlook Web Access on AM1 but when I shut down AM1 to test failover to AM2 OWA prompts me again for password. How do I resolve this?
On AM1 http://host.domain/amserver/UI/Login?realm=sso successfully logs in but the same on AM2 gives Warning that "You have already logged in. Do you want to log out and then login to a different organization?"
Please help !!!

I'll answer what bits I can:
Q: AM showing the same version?
A: No idea on this one. I would have expected the operation you described to have produced the right answer. Check that neither your application server nor your web browser are caching old pages (ctrl-F5 in my browser)
Q: How do I resolve re-authentication on failover?
A: The AM documentation includes a deployment example that covers pretty closely what it is you are trying to achieve:
http://docs.sun.com/app/docs/doc/820-2278
Specifically, the problem you are describing is related to session failover. The sessions are stored in a local DB so when you failover the backup server does not store the same information and hence requires a reauthentication. The section of the above doc that deals with this is here:
http://docs.sun.com/app/docs/doc/820-2278/gdsre?l=en&a=view
Q: "You have already logged in" warning
A: No idea. Sorry.
R

Am not able to get the Access manager 7- login page

I have installed Access Manager and configured it was worked. but i did the Policy agent cofiguration for Access Manager after that i couldn't login to Access manager ie /amserver while on trying http://localhost:8080/amserver/UI/Login
am getting the following error
exception
javax.servlet.ServletException
     org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:300)
     org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:165)
     java.security.AccessController.doPrivileged(Native Method)
     com.sun.mobile.filter.AMLController.doFilter(AMLController.java:163)
root cause
java.lang.NoClassDefFoundError
     com.sun.identity.authentication.server.AuthContextLocal.(AuthContextLocal.java:140)
     com.sun.identity.authentication.service.LoginState.createAuthContext(LoginState.java:1121)
     com.sun.identity.authentication.service.AuthUtils.getAuthContext(AuthUtils.java:310)
     com.sun.identity.authentication.service.AuthUtils.getAuthContext(AuthUtils.java:250)
     com.sun.identity.authentication.UI.LoginViewBean.forwardTo(LoginViewBean.java:325)
     com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:981)
     com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
     com.iplanet.jato.ApplicationServletBase.doGet(ApplicationServletBase.java:459)
     javax.servlet.http.HttpServlet.service(HttpServlet.java:747)
     javax.servlet.http.HttpServlet.service(HttpServlet.java:860)
     sun.reflect.GeneratedMethodAccessor115.invoke(Unknown Source)
     sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     java.lang.reflect.Method.invoke(Method.java:585)
     org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:249)
     java.security.AccessController.doPrivileged(Native Method)
     javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
     org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:282)
     org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:165)
     java.security.AccessController.doPrivileged(Native Method)
     com.sun.mobile.filter.AMLController.doFilter(AMLController.java:163)
please any do some need full to solve this problem
regards
vimalraj.s

Guys,
This is a common problem that I have noticed when policy agent is installed on the same DAS (Domain Admin Server of Sun java Application Server) instance where access manager is installed.
Best solution is to deploy your application on a different DAS and configure / install policy agent for the new DAS.
If web server is used for Access Manager, Deploy your application on a different instance.
Alternatively, follow these instructions.
Assume that you have policy agent binary installed on /opt/SUNWam/policyagent/ j2ee_agents/am_as81_agent.
When policy agent is configured, it creates a new configuration folder named agent_001.
1.     Login to DAS and remove the class path changes done by the policy agent installer.
These are the class path to remove:
/opt/SUNWam/ policyagent /j2ee_agents/am_as81_agent/lib/agent.jar
/opt/SUNWam/ policyagent /j2ee_agents/am_as81_agent/lib/amclientsdk.jar
/opt/SUNWam/ policyagent /j2ee_agents/am_as81_agent/locale
/opt/SUNWam/ policyagent /j2ee_agents/am_as81_agent/agent_001/config
2.     Add these to the class path to the end of the class path suffix. NOT AT THE START
/opt/SUNWam/ policyagent /j2ee_agents/am_as81_agent/lib/agent.jar
/opt/SUNWam/ policyagent /j2ee_agents/am_as81_agent/lib/locale
3.     Insert amclientsdk.jar to the classpath. Insert this before agent.jar but after am_*.jar files (am_sdk.jar,am_services.jar,am_sso_provider.jar,am_logging.jar )
4.     open amConfig.properties . Add this line to the bottom of the file.
com.sun.identity.agents.config.location=/opt/SUNWam/ policyagent /j2ee_agents/am_as81_agent/agent_001/config/AMAgent.properties
Above line points to the policy agent configuration file.
5.     last but not the least:
a.     Make sure that an agent is created in Access manager with the same name and password as the one that you gave when installing policy agent.
b.     Set property com.sun.identity.agents.config.filter.mode = SSO_ONLY in AMAgent.properties. This will help initial testing of the configuration.
c.     Above configuration is for Unix. But shouldwork for other OS as well.
Best of Luck
KK

Getting error while opening Sun access manager console

We are facing problem while accessing console of Sun Access Manager. We got No Page Found error whenever we try to access the Sun Access Manager console. We have tried restarting the directory server and web server but even that doesn�t help us. Following are the error that gets recorded in log files:-
ERROR: AuthD init() com.iplanet.dpro.session.SessionException: AuthD failed to get auth session
ERROR: Error creating service session java.lang.NullPointerException

The ns-slapd.exe process belongs to the Directory Server. You should therefore check if your DS instance is set up properly.
Michael

Veizon Fivespot VZ Access Manager HELP

Similar Messages

Maybe you are looking for