Weblogic Domain overwriting a different Domains config location

Similar Messages

• Weblogic 6.1sp1 - Weblogic 6.1sp1 in different domain messaging bridge configuration

  I'm trying to configure messaging bridge to send messages from WLS
            6.1sp1 to WLS 6.1sp1 in another domain and seems it doesn't work. I'm
            using following configuration, any idea?
            <MessagingBridge Name="BatchBridge"
            SourceDestination="BatchBridgeDestination" Started="true"
            TargetDestination="BatchBridgeSource" Targets="myserver"/>
            <BridgeDestination
            AdapterJNDIName="eis.jms.WLSConnectionFactoryJNDIXA"
            Name="BatchBridgeSource"
            Properties="ConnectionURL=t3://localhost:7001;DestinationJNDIName=ngfs.batch.Queue;ConnectionFactoryJNDIName=jms.connection.BridgeConnectionFactoryXA"
            UserName="system" UserPassword="something"/>
            <BridgeDestination
            AdapterJNDIName="eis.jms.WLSConnectionFactoryJNDIXA"
            Name="BatchBridgeDestination"
            Properties="ConnectionURL=t3://ngfsdev:8001;DestinationJNDIName=ngfs.batch.Test;ConnectionFactoryJNDIName=jms.connection.BridgeConnectionFactoryXA"
            UserName="system" UserPassword="something"/>
            

  Are the two servers having the same name?
            Try not to use the same name for different WebLogic servers.
            Also It is not recommended that different JMS servers or
            different JMS stores use the same name, even if they
            are on different WebLogic servers.
            Try it.
            Dongbo
            Vyacheslav wrote:
            >
            > I tryed what you adviced to me and it finally started to work on one
            > server. When both ConnectionURL point to t3://localhost:7001 it is
            > working. That is a progress already.
            > But when I'm pointing it to remote server it gives me exception. What
            > coud be the reason?
            > Configuration now looks like following:
            >
            > <MessagingBridge Name="BatchBridge"
            > SourceDestination="BatchBridgeSource" Started="true"
            > TargetDestination="BatchBridgeDestination"
            > Targets="myserver"/>
            >
            > <BridgeDestination
            > AdapterJNDIName="eis.jms.WLSConnectionFactoryJNDIXA"
            > Name="BatchBridgeSource"
            > Properties="ConnectionURL=t3://localhost:7001;DestinationJNDI=ngfs.batch
            > .Queue;ConnectionFactoryJNDI=jms.connection.BridgeConnectionFactoryXA"
            > UserName="system" UserPassword="something"/>
            >
            > <BridgeDestination
            > AdapterJNDIName="eis.jms.WLSConnectionFactoryJNDIXA"
            > Name="BatchBridgeDestination"
            > Properties="ConnectionURL=t3://ngfsdev:8001;DestinationJNDI=ngfs.batch.Test;ConnectionFactoryJNDI=jms.connection.BridgeConnectionFactoryXA"
            > UserName="system" UserPassword="something"/>
            >
            > I don't understand why it cannot connect.
            >
            > I have created factory jms.connection.BridgeConnectionFactoryXA on
            > remote server.
            > I have created queue ngfs.batch.Test on remote server.
            > What is wrong?
            >
            > Server output:
            >
            > configured = jms.connection.BridgeConnectionFactoryXA ra's =
            > jms.connection.Brid
            > geConnectionFactoryXA
            > Lookup: cfJNDI = jms.connection.BridgeConnectionFactoryXA
            > Username = system password = <cut>
            > configured = jms.connection.BridgeConnectionFactoryXA ra's =
            > jms.connection.Brid
            > geConnectionFactoryXA
            > Lookup: cfJNDI = jms.connection.BridgeConnectionFactoryXA
            > Username = system password = <cut>
            > weblogic.jms.common.JMSException: Connection not found
            > at weblogic.jms.dispatcher.InvocableManager.invocableFind(InvocableManag
            > er.java:121)
            > at weblogic.jms.dispatcher.Request.wrappedFiniteStateMachine(Request.jav
            > a:503)
            > at weblogic.jms.dispatcher.DispatcherImpl.dispatchSync(DispatcherImpl.ja
            > va:272)
            > at weblogic.jms.client.JMSConnection.sessionCreate(JMSConnection.java:26
            > 1)
            > at weblogic.jms.client.JMSXAConnection.createXAQueueSession(JMSXAConnect
            > ion.java:67)
            > at weblogic.jms.adapter.JMSBaseConnection.start(JMSBaseConnection.java:2
            > 00)
            > at weblogic.jms.adapter.JMSManagedConnectionFactory.createManagedConnect
            > ion(JMSManagedConnectionFactory.java:200)
            > at weblogic.connector.common.internal.ConnectionPool.makeResources(Conne
            > ctionPool.java:808)
            > at weblogic.connector.common.internal.ConnectionPool.getConnection(Conne
            > ctionPool.java:1441)
            > at weblogic.connector.common.internal.ConnectionPoolManager.getConnectio
            > n(ConnectionPoolManager.java:154)
            > at weblogic.connector.common.internal.ConnectionManagerImpl.allocateConn
            > ection(ConnectionManagerImpl.java:20)
            > at weblogic.jms.adapter.JMSBaseConnectionFactory.getTargetConnection(JMS
            > BaseConnectionFactory.java:157)
            > at weblogic.jms.bridge.internal.MessagingBridge.getConnections(Messaging
            > Bridge.java:543)
            > at weblogic.jms.bridge.internal.MessagingBridge.execute(MessagingBridge.
            > java:677)
            > at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
            > at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
            > <Jul 23, 2002 4:52:37 PM EDT> <Error> <Connector> <Error granting
            > connection req
            > uest.>
            >
            > "Dongbo Xiao" <[email protected]> wrote in message news:<[email protected]>...
            > > Having looked at your configuration again, I found an interesting thing,
            > > which may have caused the problem. Your bridge is configured to
            > > transfer messages from ngfs.batch.Test to ngfs.batch.Queue, while you
            > > expect to see it working in the reverse direction.
            > >
            > > Dongbo
            > >
            > > > > "Vyacheslav" <[email protected]> wrote in message
            > > > > news:[email protected]...
            > > > > > I'm trying to configure messaging bridge to send messages from WLS
            > > > > > 6.1sp1 to WLS 6.1sp1 in another domain and seems it doesn't work. I'm
            > > > > > using following configuration, any idea?
            > > > > >
            > > > > > <MessagingBridge Name="BatchBridge"
            > > > > > SourceDestination="BatchBridgeDestination" Started="true"
            > > > > > TargetDestination="BatchBridgeSource" Targets="myserver"/>
            > > > > >
            > > > > > <BridgeDestination
            > > > > > AdapterJNDIName="eis.jms.WLSConnectionFactoryJNDIXA"
            > > > > > Name="BatchBridgeSource"
            > > > > >
            > > > >
            > > Properties="ConnectionURL=t3://localhost:7001;DestinationJNDIName=ngfs.batch
            > > > >
            > > .Queue;ConnectionFactoryJNDIName=jms.connection.BridgeConnectionFactoryXA"
            > > > > > UserName="system" UserPassword="something"/>
            > > > > >
            > > > > > <BridgeDestination
            > > > > > AdapterJNDIName="eis.jms.WLSConnectionFactoryJNDIXA"
            > > > > > Name="BatchBridgeDestination"
            > > > > >
            > > > >
            > > Properties="ConnectionURL=t3://ngfsdev:8001;DestinationJNDIName=ngfs.batch.T
            > > > > est;ConnectionFactoryJNDIName=jms.connection.BridgeConnectionFactoryXA"
            > > > > > UserName="system" UserPassword="something"/>
            

• PLEASE HELP!! I've used iWeb to create multiple sites, all published to third party servers.  The very last site I made changes to is showing up in any domain file I open - despite their different names and locations on my iMac.  I just switched to Lion.

  Please HELP!!  I just switched to Lion.  I have created multiple websites using iWeb  3.0.4 and despite my having saved their 'domain' files in various locations and using different filenames, upon opening the domain files I keep getting the very last site I published.  All the sites were published to third party servers.  The domain files (still have a preview that look correct and have different file sizes) but keep going back to the last site published. HELP ME PLEASE!! Are the old files still available?!!

  In Lion the Library folder is now invisible. To make it permanently visible enter the following in the Terminal application window: chflags nohidden ~/Library and hit the Enter button - 10.7: Un-hide the User Library folder.
  To open your domain file in Lion or to switch between multiple domain files Cyclosaurus has provided us with the following script that you can make into an Applescript application with Script Editor. Open Script Editor, copy and paste the script below into Script Editor's window and save as an application.
  do shell script "/usr/bin/defaults write com.apple.iWeb iWebDefaultsDocumentPath -boolean no"delay 1
  tell application "iWeb" to activate
  You can download an already compiled version with this link: iWeb Switch Domain.
  Just launch the application, find and select the domain file you want to open and it will open with iWeb. It modifies the iWeb preference file each time it's launched so one can switch between domain files.
  WARNING: iWeb Switch Domain will overwrite an existing Domain.sites2 file if you select to create a new domain in the same folder.  So rename your domain files once they've been created to something other than the default name.
  OT

• Config Manager 2012 setup w/ SQL DB in a different domain and Forest

  Hi all I'm hoping these are easy questions.  The SQL admins in my environment are pushing for me to have the DB hosted on the managed SQL servers vs on the PSS.  The only potential problem is that the SQL servers currently are in a different domain/forest. 
  There is a two trust between forests. The managed workstations will be in the same domain as the SCCM infrastructure.  There will not be any managed workstations in domain where the SQL server resides.  Eventually all SQL servers will be moved to
  a different domain, but it will not be the same domain as the SCCM infrastructure.  My questions are below
  Will I need to have another PSS in the same domain as the SQL Server?  If yes then i assume I'll need a CAS as well to manage both PSS.
  Since the SQL servers will eventually be moved to another domain/forest, which will have a two was trust as well, what are the potential issues that can arise from this?
  Thanks

  Technically what you're asking for will work.  THat said:  you should be willing to demonstrate to your SQL team that SCCM will be fully capable of overwriting, dismounting and otherwise destroying every database on that shared SQL server due to
  the ridiculously elevated permissions required on said said SQL system.
  To clarify:
  SCCM will require local administrator permissions to every node in the cluster.  When it connects, it will immediately install a server role on said cluster.  It will also require full administrative access to the instance the database will reside
  in.  By the time all this fun stuff is open, anyone who knows how to open up a command prompt under the system context of your SCCM server will be able to to all sorts of fun stuff that really REALLY won't make your SQL team very happy.
  I'd fight the desire tooth and nail.  If they threaten to not support the SQL instance I'd be OK with that even.  Microsoft won't even support you if you make any edits/changes to the SQL database directly anyway.

• IMS 5.2 : user with 2 email-addresses in in different domains

  in iMS 5.2, how can I add an user and configure MTA to accept 2 email (and mailalternateaddress) in 2 different domains ?
  uid: joe
  mailalternateaddress: [email protected]
  mailalternateaddress: [email protected]
  I have "o=siroe.com, o=isp" and "o=sunroe.com, o=isp" ?
  and in o=internet.com, dc=com ... how to point these domains ?

  The default structure is set up not to allow what you want. Initially I thought you could get an entity to receive mail just by putting the address you wanted as mail= or mailalternateaddress=. But it turns out that it uses both the directory structure and the individual properties. That is, if you send mail to [email protected], two things must be true:
  - the entry for user must be in whatever hierarchy is pointed to when you track down dc=foo, dc=com, o=internet.
  - the user must have mail= or mailalternate= with [email protected]
  The problem is that your uid joe has to be located in o=siroe.com,o=isp in order to get mail addressed to anything @siroe.com, and in o=sunroe.com to get mail addressed to anything @sunroe.com. Since directory aliases aren't implemented, an entry can only be in one place at a time.
  However there is an approach. In imta/config/option.dat, normally you have ALIAS_URL0, with ALIAS_URL1 and 2 commented out. If you add ALIAS_URL1=ldap:///$B?*?sub?$R, then if it can't find an entry in the appropriate place, it will do a global search for any entry with a matching mail= or mailalternateaddress=. I believe in your configuration the search will be all of o=isp. You can watch the access log in your directory server to see what the actual lookups are. If $B doesn't work you can hardcode o=isp in the URL.
  Another approach would be to forget the structure entirely and just replace $V with $B in ALIAS_URL0. That depends upon how your system is going to be administered. If the administrators for the various domains are independent, you want to give entries in the domain priority access to names in the domain. That is, if there are several entries with mail or mailalternateaddress attributes of [email protected], you probably want to give priority to the one actually in siroe.com. Hence my original suggestion.
  Note that I'm using direct LDAP access. I make no guarantees if you're not doing that.
  When testing this sort of thing, remember that lookups are cached for 10 min. This can produce odd effects when you're testing. Changes seem not to do anything.
  A better way of testing is to do "imsmta test -rewrite [-debug] foo@bar" That will show exactly how an address is treated, and if -debug is specified, you'll have a decent chance figuring out what it doesn't work the way you expected.

• Can I run 2 different domains with same name but on 2 different machines?

  I am trying to setup 2 domains with same name (sharedcds1) on 2 different machines (Machine1 and Machine2).
            When I start the weblogic managed server 1 (sharedcds1managedserver1) on Machine2, it throws an error saying it has some conflicts with the managed server 1 running on Machine1. How did the managed server of one machine know about the other server. Can I run 2 different domains with same name but on 2 different machines?
            Here is the error in the log -
            <Jun 14, 2005 10:53:29 AM EDT> <Error> <Cluster> <BEA-000123> <Conflict start: You tried to bind an
            object under the name weblogic.transaction.coordinators.sharedcds1managedserver1 in the JNDI tree.
            The object from 4596206652609838848S:130.170.61.153:[9505,9505,-1,-1,9505,-1,-1,0,0]:sharedcds1:s
            haredcds1managedserver1 is non-clusterable, and you have tried to bind more than once from two or m
            ore servers. Such objects can only be deployed from one server.>
            <Jun 14, 2005 10:53:29 AM EDT> <Error> <Cluster> <BEA-000123> <Conflict start: You tried to bind an
            object under the name weblogic.transaction.coordinators.sharedcds1managedserver1 in the JNDI tree.
            The object from 8842351474821025197S:130.170.61.154:[9505,9505,-1,-1,9505,-1,-1,0,0]:sharedcds1:s
            haredcds1managedserver1 is non-clusterable, and you have tried to bind more than once from two or m
            ore servers. Such objects can only be deployed from one server.>
            Thanks
            Satish

  Yes you can. Make sure that domains configured to use different multicast address. WLS uses multicast for communications between nodes in domain.
            although your configuration will work, you could have troubles if you going to execute inter-domain calls between domains/servers with the same names.

• How can I add a user Role member that is from a different domain

  We are currently building out SCOM 2012 R2 to provide monitoring as a service to some of our customers.  As of now we have the RMS on our own department's domain (Domain A) which we have full control of and we have a gateway server that is on the company
  wide domain (Domain B) so that we can monitor other departments devices as the leverage this system.
  Monitoring is working just fine on both domains and we are just working on fine tuning SCOM so that we can roll it out as a service we offer to our customers.  One of the next steps we are working on before rolling it out is giving specific users access
  to view only their own devices, dashboards, and groups.  So I created a Read-Only profile and went to add a user to test it out, but that user is on Domain B and SCOM is unable to resolve this account.  I'm seeing Event ID 26319 with Error Code 1332.
  How can I get SCOM to discover devices on a different domain so that I can give them different permissions for accessing the Operations Console and/or Web Console?  Is this possible?
  Here is the Error I'm seeing.
  Log Name:      Operations Manager
  Source:        OpsMgr SDK Service
  Date:          2/4/2015 1:11:59 PM
  Event ID:      26319
  Task Category: None
  Level:         Error
  Keywords:      Classic
  User:          N/A
  Computer:      xxxxx.xxxx.xxxxxxxx.xxx
  Description:
  An exception was thrown while processing UpsertUserRolesV2 for session ID uuid:f3b4015e-9583-4237-b7a6-406826434553;id=40.
   Exception message: The creator of this fault did not specify a Reason.
   Full Exception: System.ServiceModel.FaultException`1[Microsoft.EnterpriseManagement.Common.UserRoleUserUnresolvedException]: The creator of this fault did not specify a Reason. (Fault Detail is equal to Microsoft.EnterpriseManagement.Common.UserRoleUserUnresolvedException:
  Unable to resolve the user [email protected] associated with the user role. Error code 1332. Check your active directory configuration.).
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="OpsMgr SDK Service" />
      <EventID Qualifiers="49152">26319</EventID>
      <Level>2</Level>
      <Task>0</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2015-02-04T21:11:59.000000000Z" />
      <EventRecordID>172748</EventRecordID>
      <Channel>Operations Manager</Channel>
      <Computer>xxxxx.xxxx.xxxxxxxx.xxx</Computer>
      <Security />
    </System>
    <EventData>
      <Data>UpsertUserRolesV2</Data>
      <Data>uuid:f3b4015e-9583-4237-b7a6-406826434553;id=40</Data>
      <Data>The creator of this fault did not specify a Reason.</Data>
      <Data>System.ServiceModel.FaultException`1[Microsoft.EnterpriseManagement.Common.UserRoleUserUnresolvedException]: The creator of this fault did not specify a Reason. (Fault Detail is equal to Microsoft.EnterpriseManagement.Common.UserRoleUserUnresolvedException:
  Unable to resolve the user [email protected]  associated with the user role. Error code 1332. Check your active directory configuration.).</Data>
    </EventData>
  </Event>
  Thanks for any help I can get in resolving this issue.
  Jake

  The SCOM Management Server is in Domain A.  I've tried it already and it has failed.  
  So just to clarify the method I used was to go to Administration>Security>User Roles.  Then New User Role>Read-Only Operator.  In the Create User Role Wizard I then gave the User Role a name, Clicked "Add" under User Role Members.
   Then the Select Users or Groups window pops up and I changed the Locations from Domain A to Domain B and searched for the user, which it's able to find, then clicked "OK" to add it to the User Role members which it does just fine.  On
  the next page which is Group Scope I checked the one group I want this account to have access to and then click next.  This brings me to Dashboards and Views where I click the radio button for "Only the dashboards and views selected in each tab are
  approved" and chose the folder of dashboards I want this account to access and then click next.  This brings me to the Summary and I click "Create".  At this point it thinks for a moment then closes out the wizard but the new Read-Only
  Operator does not appear.  I then look in Event Viewer and see the Event I pasted above.
  Am I doing something wrong here?  Any guidance on how to get around this issue would be much appreciated.
  Thanks,
  Jake

• Dynamic CRM connect outlook Client with different domain

  Hi Guys,
  I had installed CRM 2011 in cloud with different domain.
  If I use browser is working fine just that when i use Outlook client it show 
  15:24:16|  Error| Exception : The request for security token could not be satisfied because authentication failed.    at System.ServiceModel.Security.SecurityUtils.ThrowIfNegotiationFault(Message message, EndpointAddress target)
     at System.ServiceModel.Security.SspiNegotiationTokenProvider.GetNextOutgoingMessageBody(Message incomingMessage, SspiNegotiationTokenProviderState sspiState)
  I found that is because you must connect to the same domain.
  any idea that i can use my Outlook client to connect to CRM 2011 without changing my domain?
  Regards,
  Kim

  Yes - I've been scarred with this for many years :(
  If it is just CAS 1 that is causing issues, then focus in on that.  The support statement for Win 2008 R2 is that NLB is still a 3rd party component and support may ask for it to be disabled.
  http://support.microsoft.com/kb/278431 
  Does CAS1 and CAS2 have the same NICs (firmware as well), driver, teaming software, and teaming config? 
  I also want to ask what the network team did for configuring the switch ports on the servers?  This will vary from vendor to vendor  - did they do the same config on both?
  Cheers,
  Rhoderick
  Microsoft Senior Exchange PFE
  Blog:
  http://blogs.technet.com/rmilne 
  Twitter:   LinkedIn:
    Facebook:
    XING:
  Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.
  Thanks Rhoderick, issue still persists
  can you also help clarify what you meant by "configuring the switch ports on the servers"?
  thanks again

• Same username and password in different domain cannot be auth.

  I created 2 domains with a user created into each domain. The users have same username and password, like below
  Domain1: user1 (password)
  Domain2: user1 (password)
  Then I create 2 policy sets
  PolicySet1 with Domain1 and add a policy (called Policy1)  with user1 from Domain1 and proper permissions
  PolicySet2 with Domain2 and add a policy (called Policy2) with user1 from Domain2 and proper permissions
  Now I apply policy1 to a document to form a secured document called SecuredDoc1.pdf
  Then I apply policy2 to a document to form a secured document called SecuredDoc2.pdf
  I open SecuredDoc1.pdf, and try to authenticate with user1 (password), I can successfully open the document
  I open SecuredDoc2.pdf, and try to authenticate with user1 (password), I can NOT open the document.
  Is this a bug? Does RightManagement authenticated with domain id?
  Thanks

  Although LiveCycle will allow you to create two users with the same user ID (each in different domains) it is not recommended for the reson you are experiencing.  The domain is not used in the authentication, LiveCycle attempts to authenticate with the first user id it locates that matches the supplied user id.
  In your example, The first instance of "user1" that LiveCycle is finding happens to be part of "Domain1", this is why SecuredDoc1.pdf can be opened and SecuredDoc2.pdf can't be opened (the user1 that is a member of the policy applied to the second document is not the user that has been authenticated).
  You need to keep all user ids unique.
  Regards
  Steve

• Loading a combobox with data from a different domain

  I have filled in a combobox with values from an .asp page and
  have used it
  successfully. The problem is that if the flash file is ran
  from a different
  domain from the load location, the combobox doesn't get
  filled in (as
  apposed to the error if I ran it off of my drive).
  datafeed.asp spits out the appropriate stuff for the AddItems
  function to
  read correctly. (as I has said, it does work). The combobox
  gets filled in
  the development environment (Macromedia Flash MX Professional
  2004) as well
  as flash player.
  But when I upload it to one of my other websites, the data is
  never
  retrieved. Even though that the webserver containing the data
  feed, the
  webserver hosting the flash file and my machine can all read
  datafeed.asp.
  Am I missing a setting that allows a flash file to read data
  from another
  domain?
  The following code has been changed for security reasons. But
  believe me it
  works in its original format.
  myData = new LoadVars();
  myData.onLoad = AddItems;
  myData.load("
  http://www.mydomain.com/datafeed.asp")
  function AddItems() {
  for (i=0; i<numItems; i++) {
  var ProductID = eval("myData.ProductID"+i);
  var ProductName = eval("myData.ProductName"+i);
  var ProductSale = eval("myData.ProductSale"+i);
  var DataProvider = { productid
  roductID, productsale
  roductSale };
  _root.application.chooseproducts.prodlist_cb.addItem(ProductName,
  DataProvider);
  Thank You,
  Julian

  not sure, but this might be what you need...
  //allow loading of files from domain
  System.security.allowDomain("
  http://www.mydomain.com");

• CDSSO Issue in Web Server 6.1 SP 5. Agent and AM in different domain.

  I have Sun ONE Web Server 6.1SP5 and installed Policy Agent 2.2.
  URL: http://sjws6-dev-10.team.xtra.co.nz:10080
  I have Access Manager 7.0 in Application Server.
  URl : http://sjapp9-dev.uname.tech.co.nz:8080/amserver
  So Agent and Access Manager is in different domain.
  I have enabled CDSSO.
  # Cross-Domain Single Sign On URL
  # Is CDSSO enabled.
  com.sun.am.policy.agents.config.cdsso.enable=true
  # This is the URL the user will be redirected to for authentication
  # in a CDSSO Scenario.
  com.sun.am.policy.agents.config.cdcservlet.url = http://sjapp9-dev.uname.tech.co.nz:8080/amserver/cdcservlet
  Now problem what i am facing is :-
  When i try accessing a protected resource then it searches the Parent Realm Data Store.
  It should search the LDAP Data store which i configured for the Realm.
  com.sun.am.policy.am.login.url = http://ajapp9-dev.uname.tech.co.nz:8080/amserver/UI/Login?realm=YTel
  amAuthLDAP Log.
  08/25/2008 12:13:02:459 PM NZST: Thread[service-j2ee,5,main]
  LDAP resbundle locale=en_US
  08/25/2008 12:13:02:459 PM NZST: Thread[service-j2ee,5,main]
  Host: sjapp9-dev
  PORT : 38389
  08/25/2008 12:13:21:153 PM NZST: Thread[service-j2ee,5,main]
  LDAP initialize()
  08/25/2008 12:13:21:153 PM NZST: Thread[service-j2ee,5,main]
  attrs is : []
  08/25/2008 12:13:21:166 PM NZST: Thread[service-j2ee,5,main]
  bindDN-> cn=amldapuser,ou=DSAME Users,dc=uname,dc=tech,dc=co,dc=nz
  baseDN-> dc=uname,dc=tech,dc=co,dc=nz
  userNamingAttr-> uid
  userSearchAttr(s)-> [uid]
  userCreationAttrs-> []
  searchFilter->
  searchScope-> 2
  ssl-> false
  authLevel: 0
  Host: sjapp9-dev
  PORT : 38389
  Pattern : *|(|)|&|!
  08/25/2008 12:13:21:171 PM NZST: Thread[service-j2ee,5,main]
  Connecting to sjapp9--dev:38389
  Searching dc=uname,dc=tech,dc=co,dc=nz for (uid=johndoe)
  scope = 2
  08/25/2008 12:13:21:171 PM NZST: Thread[service-j2ee,5,main]
  Create LDAPConnectionPool: sjapp9--dev:38389
  08/25/2008 12:13:21:171 PM NZST: Thread[service-j2ee,5,main]
  LDAPAuthUtils.LDAPAuthUtils: min=1, max=5
  08/25/2008 12:13:21:183 PM NZST: Thread[service-j2ee,5,main]
  userAttrSize is : 2
  08/25/2008 12:13:21:184 PM NZST: Thread[service-j2ee,5,main]
  Cannot find entries for (uid=johndoe)
  But it should seach in the User LDAP Data store.
  Not sure what is the problem.
  Regards,
  Edited by: IDM1312 on Aug 25, 2008 2:10 AM

  I presume that by now you have tried changeing your cdcservlet.url to read:
  com.sun.am.policy.agents.config.cdcservlet.url = http://sjapp9-dev.uname.tech.co.nz:8080/amserver/cdcservlet?realm=YTel

• Moving SAP ERP Servers to a different domain.

  Hello Experts
  I currently have 3 SAP ERP 6.0 servers (central installs) a solution manager 7.0 EHP1 and netweaver CE machine all located in one windows domain (currenlty windows 2003 domain controllers) all running Oracle databases.  I have been asked to look into moving all of these severs into the main corporate domain (currently windows 2008 r2 domain controllers) with a view to streamlining the domain structure.  All the SAP installs are domain installs and therefore the accounts would need migrating to the new domain, what I would like to know, is are there  any other factors other than those listed below that I need to consider:-
  Migrate SAP user and service account to new domain
  Adjust Profile Parameters for SAP G:\usr\sap\<SID>\sys\profile
  Change frontend gui's to reference new domain (SSO has reference to the sap service account from the users domain)
  Review folder permissions to ensure security is maintained (the current dommain no users log on to this domain- the new domain everyone logs onto)
  Is there anything specific for oracle that should be changed?? 
  It would be usful to know if anyone has done this and any pitfuls to avoid.
  Thanks you.
  Liz

  Hi,
  If some of your SAP systems will stay in the previous domain, you may have problems with the saplogon tickets because, as http cookies,   they are valid for a domain. So SSO between SAP systems in different domains may generate problems (which can be solved).
  If you use BSP or web dynpro applications, and use URL rewrites or redirects ,the change of FQDN may also need some configuration changes.
  Concerning Oracle, check your OPS$ users.
  Regards,
  Olivier

• Deploy SCOM 2012 R2 Agents to Domain Servers on Perimeter Network using SCOM Gateway on different Domain

  Hi, I have a bit odd situation on a SCOM 2012R2 deployment.
  I have a MS on the internal network, and a Gateway Server on the perimeter network. Each server is connected to different Active Directory Forests and there are no trust relationships between them. I configured the communication between the two using certificates.
  I have already connected some servers through the Gateway using certificates because there are on Workgroups, they are already approved on the MS and reporting their status.
  However, I have some servers that are member servers of the internal AD domain but are located on the perimeter network.
  So I've tried to configure one of them for testing to connect to the Gateway Server using a certificate using manual agent installation. Initially it didn't report on the SCOM, but then I ran the get-scompendingmanagement and saw that it showed there,
  so I ended up approving the agent using Powershell and then it was reported on the Console as "Not Monitored"
  First the agent was running as local system and then tried using a local admin account on the server, neither options have worked.
  I get the following errors:
  The OpsMgr Connector connected to scomgateway.externaldomain.com, but the connection was closed immediately after authentication occurred.  The most likely cause of this error is that the agent is not authorized to communicate with the server, or the
  server has not received configuration.  Check the event log on the server for the presence of 20000 events, indicating that agents which are not approved are attempting to connect.
  For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
  OpsMgr was unable to set up a communications channel to scomgateway.externaldomain.com and there are no failover hosts.  Communication will resume when scomgateway.externaldomain.com is available and communication from this computer is allowed.
  For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
  Is this configuration possible? Or do I need to open communication ports from the agents to the MS inside the corporate network and not use the Gateway?
  Any ideas if someone else has done this are appreciated.
  Thank you.
  Regards.
  Eduardo Rojas

  I'm sorry, maybe I didn't explained myself correctly, I already have the gateway up and running with some Workgroup machines connected to it using certificates, so the Gateway is indeed working. These Workgroup machines are in fact reporting back to the
  Management Server on the internal network through the Gateway.
  My problem is with Domain Member machines that are on the perimeter network. This machines are joined to the Active Directory inside the corporate firewall, not the Active directory from the perimeter network (where the Gateway is joined). So my question
  is, can I connect these machines through the Gateway (even if the Gateway is on a different domain) or do I need to open ports and connect them directly to the management server (which is on the same active directory domain)? 
   Let me know if I made myself clear.
  Thank you.
  Regards.
  Eduardo Rojas

• Authentication needed after doing trust between two different domains.

  Hi There,
  I have a problem when i did the trust relationship between two different domains in two different forests ,,in the trust relationship steps all working two ways trust,with external trust,stub zone created on both domains and they are validated in both sides
  ,,my problem is with the objects it can't be retrieved from side and it can be from the other side . For instance :
  NY domain can get the users and computers of 2012DC1 
  but 2012DC1 can't get the users and computers of NY
  Date and time are the same,i am always getting this error 
  The session setup from computer '2012DC1' failed because the security database does not contain a trust account 'test.com.' referenced by the specified computer.  
  USER ACTION  
  If this is the first occurrence of this event for the specified computer and account, this may be a transient issue that doesn't require any action at this time.  If this is a Read-Only Domain Controller and 'test.com.' is a legitimate machine account
  for the computer '2012DC1' then '2012DC1' should be marked cacheable for this location if appropriate or otherwise ensure connectivity to a domain controller  capable of servicing the request (for example a writable domain controller).  Otherwise,
  the following steps may be taken to resolve this problem:  
  If 'test.com.' is a legitimate machine account for the computer '2012DC1', then '2012DC1' should be rejoined to the domain.  
  If 'test.com.' is a legitimate interdomain trust account, then the trust should be recreated.  
  Otherwise, assuming that 'test.com.' is not a legitimate account, the following action should be taken on '2012DC1':  
  If '2012DC1' is a Domain Controller, then the trust associated with 'test.com.' should be deleted.  
  If '2012DC1' is not a Domain Controller, it should be disjoined from the domain.
  Can you please help me in this error.
  Thank You in advance.

  Hello,
  "The session setup from computer '2012DC1' failed because the security database does not contain a trust account 'test.com.' referenced by the specified computer. "
  This belongs to the machine 2012Dc1 in test.com and not to the other domain from your trust. Seems for me that you mix the trust with the problems of the machine 2012DC1 in test.com.
  In this error message 2012DC1 has lost the trust to its OWN domain and therefore you have to find the reason. How exactly was this machine installed?
  Or was there a restore on that machine from not supported type of backup like image/clone/snapshot?
  Best regards
  Meinolf Weber
  MVP, MCP, MCTS
  Microsoft MVP - Directory Services
  My Blog: http://blogs.msmvps.com/MWeber
  Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
  Twitter:  

• How to configure SCSM exchange connector when exchange server is in different domain.

  We installed/configured SCSM in ABC domain and now need to use exchange connector for incident alert mail.
  But exchange server is in different domain, say XYZ.
  How do we configure?
  Thanks,
  Abhilash

  Cannot configure trust at AD level. But in the config article, following points are given.. but not clear on first 2 steps. Also, we did not find option to "navigate to certificate template and right click certificate templates".
  sorry, i dont have much exp with certificates. If steps are described little more clear, would be helpful.
  a.     If your Service Manager management server does not have a trusted relationship with the Exchange Server, open Certificate Services and create a duplicate copy of the Web Server Certificate Template. Ensure that Private Key Export and Publish
  in AD are selected, and then add Read and Enroll permission to Authenticated Users.
  b.     In Certificate Services, navigate to Certificate Template and right-click Certificate Templates. Click New and then click Certificate Template to Issue. Select the template that you created in the previous step.
  c.     In Exchange Server, open the Microsoft Management Console and add the Certificates snap-in for the local computer. Right-click the Personal logical store, and then hover over All Tasks.
  d.     Select Request for New certificate and in the Certificate Enrollment wizard, select Active Directory Enrollment Policy and select the template that you created previously. When you select the certificate, you can click More Information to type
  the Exchange Server’s FQDN name as the common name in the Subject tab. You can also type the FQDN name as the Friendly Name in the General tab.
  Thanks,
  Abhilash