WS-Security: Fail to configure Keystore and Identity Certificates

Hi,
This is my first question here!
I want to set a secure web service, following the guide "Web Services Security Guide" i set up the keystore and Identity Certificates with a keystore that contains two certificates created by me, I set the keys to be used as signature and encryption. Not define any method for authentication.
I deployed the application to the server (oc4j_extended_101350) and up to this point apparently everything went well.
I created a web service proxy to test the web service with jdeveleper, but when I call the web service method the server responds with the error:
java.rmi.ServerException:
start fault message:
Internal Server Error
: End fault message
at oracle.j2ee.ws.client.StreamingSender._raiseFault (StreamingSender.java: 571)
at oracle.j2ee.ws.client.StreamingSender._sendImpl (StreamingSender.java: 401)
at oracle.j2ee.ws.client.StreamingSender._send (StreamingSender.java: 114)
at clientmessageoc4jstda.proxy.runtime.MyWebService1SoapHttp_Stub.getHelloWorld (MyWebService1SoapHttp_Stub.java: 77)
at clientmessageoc4jstda.proxy.MyWebService1SoapHttpPortClient.getHelloWorld (MyWebService1SoapHttpPortClient.java: 42)
at clientmessageoc4jstda.proxy.MyWebService1SoapHttpPortClient.main (MyWebService1SoapHttpPortClient.java: 30)
On the server the following error occurs:
ERROR OWS-04005 error has occurred on port: () http://messagelevelsecurity/ MyWebService1SoapHttpPort: oracle.j2ee.ws.common.soap.fault.SOAP11FaultException: java.lang.NullPointerException.
The client and server are not in the same directory.
The class exposed by the web service is a simple Hello World.
public class HelloWorld {
public HelloWorld() {
public String getHelloWorld(){
return "Hello World";
Thanks in advance
I apologize for my English

I had to add : " outProps.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference");" to the client code and it started working !

Similar Messages

Windows Azure Pack setup - 500 Internal Server Error - failed to configure databases and services

Hi,
I am trying to setup the Windows Azure pack to use the site to configure the Service bus 1.1 installation. When I try to configure the Windows Azure Pack I get the following error:
Admin Authentication Site
500 Internal Server Error - Failed to configure databases and services: Object reference not set to an instance of an object.
I'm not sure where the logs are to see what is causing this error. I have tried running as admin, running as a different user with no luck.
thanks,
Georgi
Georgi

Here's what I'm getting for this error:
Log Name: Microsoft-WindowsAzurePack-MgmtSvc-ConfigSite/Operational
Source: Microsoft-WindowsAzurePack-MgmtSvc-ConfigSite
Date: 3/27/2014 12:52:03 PM
Event ID: 103
Task Category: (65431)
Level: Error
Keywords: None
User: CLINICALSYSTEMS\Administrator
Computer: SERVER-PC.clinicalsystems.com
Description:
##### Application_Error: Exception=System.Web.HttpException (0x80004005): Failed to configure databases and services: Object reference not set to an instance of an object. ---> System.Management.Automation.CmdletInvocationException: Object reference not
set to an instance of an object. ---> System.NullReferenceException: Object reference not set to an instance of an object.
at Microsoft.WindowsAzure.Config.PowerShell.Configurer.CustomTokenServiceConfigurer.AddUserToGroup(GroupPrincipal group, UserPrincipal user)
at Microsoft.WindowsAzure.Config.PowerShell.Configurer.CustomTokenServiceConfigurer.ConfigureDefaultTrusts()
at Microsoft.WindowsAzure.Config.PowerShell.Configurer.CustomTokenServiceConfigurer.ConfigureClaimSecurity(Hashtable settings)
at Microsoft.WindowsAzure.Config.PowerShell.Configurer.CustomTokenServiceConfigurer.ConfigureCore(Hashtable settings)
at Microsoft.WindowsAzure.Config.PowerShell.Configurer.FeatureConfigurer.Configure(Hashtable settings)
at Microsoft.WindowsAzure.Server.PowerShell.Common.BaseCmdlet.ProcessRecord()
at System.Management.Automation.CommandProcessor.ProcessRecord()
--- End of inner exception stack trace ---
at System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input)
at Microsoft.MgmtSvc.Config.Controllers.PowerShell.PSClient.RunCommand(Command command)
at Microsoft.MgmtSvc.Config.Controllers.PowerShell.ConfigurationPSClient.InitializeFeature(String name, Hashtable settings)
at Microsoft.MgmtSvc.Config.Controllers.ConfigurationController.<>c__DisplayClass3.<ConfigureFeature>b__0()
at System.Threading.Tasks.Task`1.InnerInvoke()
at System.Threading.Tasks.Task.Execute()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.MgmtSvc.Config.Controllers.ConfigurationController.<ConfigureFeature>d__5.MoveNext()
at Microsoft.MgmtSvc.Config.Controllers.ConfigurationController.<ConfigureFeature>d__5.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at lambda_method(Closure , Task )
at System.Web.Mvc.Async.TaskAsyncActionDescriptor.EndExecute(IAsyncResult asyncResult)
at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass3f.<BeginInvokeAsynchronousActionMethod>b__3e(IAsyncResult asyncResult)
at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass37.<>c__DisplayClass39.<BeginInvokeActionMethodWithFilters>b__33()
at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass4f.<InvokeActionMethodFilterAsynchronously>b__49()
at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass37.<BeginInvokeActionMethodWithFilters>b__36(IAsyncResult asyncResult)
at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass25.<>c__DisplayClass2a.<BeginInvokeAction>b__20()
at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass25.<BeginInvokeAction>b__22(IAsyncResult asyncResult)
at System.Web.Mvc.Controller.<>c__DisplayClass1d.<BeginExecuteCore>b__18(IAsyncResult asyncResult)
at System.Web.Mvc.Async.AsyncResultWrapper.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar)
at System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult)
at System.Web.Mvc.Async.AsyncResultWrapper.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar)
at System.Web.Mvc.MvcHandler.<>c__DisplayClass8.<BeginProcessRequest>b__3(IAsyncResult asyncResult)
at System.Web.Mvc.Async.AsyncResultWrapper.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar)
at System.Web.HttpApplication.CallHandlerExecutionStep.OnAsyncHandlerCompletion(IAsyncResult ar).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-WindowsAzurePack-MgmtSvc-ConfigSite" Guid="{1F742CC8-BDAA-56B6-A4B8-49F946D19CD1}" />
<EventID>103</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>65431</Task>
<Opcode>0</Opcode>
<Keywords>0x0</Keywords>
<TimeCreated SystemTime="2014-03-27T16:52:03.223741300Z" />
<EventRecordID>111</EventRecordID>
<Correlation />
<Execution ProcessID="8068" ThreadID="7680" />
<Channel>Microsoft-WindowsAzurePack-MgmtSvc-ConfigSite/Operational</Channel>
<Computer>SERVER-PC.clinicalsystems.com</Computer>
<Security UserID="S-1-5-21-3021050346-1670805799-1320812125-500" />
</System>
<EventData>
<Data Name="exceptionInfo">System.Web.HttpException (0x80004005): Failed to configure databases and services: Object reference not set to an instance of an object. ---> System.Management.Automation.CmdletInvocationException: Object reference not set to an instance of an object. ---> System.NullReferenceException: Object reference not set to an instance of an object.
at Microsoft.WindowsAzure.Config.PowerShell.Configurer.CustomTokenServiceConfigurer.AddUserToGroup(GroupPrincipal group, UserPrincipal user)
at Microsoft.WindowsAzure.Config.PowerShell.Configurer.CustomTokenServiceConfigurer.ConfigureDefaultTrusts()
at Microsoft.WindowsAzure.Config.PowerShell.Configurer.CustomTokenServiceConfigurer.ConfigureClaimSecurity(Hashtable settings)
at Microsoft.WindowsAzure.Config.PowerShell.Configurer.CustomTokenServiceConfigurer.ConfigureCore(Hashtable settings)
at Microsoft.WindowsAzure.Config.PowerShell.Configurer.FeatureConfigurer.Configure(Hashtable settings)
at Microsoft.WindowsAzure.Server.PowerShell.Common.BaseCmdlet.ProcessRecord()
at System.Management.Automation.CommandProcessor.ProcessRecord()
--- End of inner exception stack trace ---
at System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input)
at Microsoft.MgmtSvc.Config.Controllers.PowerShell.PSClient.RunCommand(Command command)
at Microsoft.MgmtSvc.Config.Controllers.PowerShell.ConfigurationPSClient.InitializeFeature(String name, Hashtable settings)
at Microsoft.MgmtSvc.Config.Controllers.ConfigurationController.<>c__DisplayClass3.<ConfigureFeature>b__0()
at System.Threading.Tasks.Task`1.InnerInvoke()
at System.Threading.Tasks.Task.Execute()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.MgmtSvc.Config.Controllers.ConfigurationController.<ConfigureFeature>d__5.MoveNext()
at Microsoft.MgmtSvc.Config.Controllers.ConfigurationController.<ConfigureFeature>d__5.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at lambda_method(Closure , Task )
at System.Web.Mvc.Async.TaskAsyncActionDescriptor.EndExecute(IAsyncResult asyncResult)
at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass3f.<BeginInvokeAsynchronousActionMethod>b__3e(IAsyncResult asyncResult)
at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass37.<>c__DisplayClass39.<BeginInvokeActionMethodWithFilters>b__33()
at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass4f.<InvokeActionMethodFilterAsynchronously>b__49()
at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass37.<BeginInvokeActionMethodWithFilters>b__36(IAsyncResult asyncResult)
at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass25.<>c__DisplayClass2a.<BeginInvokeAction>b__20()
at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass25.<BeginInvokeAction>b__22(IAsyncResult asyncResult)
at System.Web.Mvc.Controller.<>c__DisplayClass1d.<BeginExecuteCore>b__18(IAsyncResult asyncResult)
at System.Web.Mvc.Async.AsyncResultWrapper.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar)
at System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult)
at System.Web.Mvc.Async.AsyncResultWrapper.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar)
at System.Web.Mvc.MvcHandler.<>c__DisplayClass8.<BeginProcessRequest>b__3(IAsyncResult asyncResult)
at System.Web.Mvc.Async.AsyncResultWrapper.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar)
at System.Web.HttpApplication.CallHandlerExecutionStep.OnAsyncHandlerCompletion(IAsyncResult ar)</Data>
</EventData>
</Event>
Kori Francis Lead Software Developer Clinical Support Systems, Inc.

Java.io.IOException: Invalid identity certificate signature

Hi,
My WebLogic 11g is running on a Windows Server 2008 64 bit server. I have obtained a certificate with private key for this Windows server. Now I would like to use this certificate and private key for my WebLogic server.
What I have done:
1. Exported server certificate using mmc.exe to my_domain.pfx
2. Extracted my certificates and key with OpenSSL:
openssl pkcs12 -in my_domain.pfx -out tempcertfile.crt -nodes
3. Cut and pasted the section
-----BEGIN RSA PRIVATE KEY-----
(Block of Encrypted Text)
-----END RSA PRIVATE KEY-----
of the generated tempcertfile.crt to file my_domain.key
4. Copied the second set of -----BEGIN CERTIFICATE----- & -----END CERTIFICATE----- from tempcertfile.crt to file TrustedRoot.crt
5. Used keytool to create a new trust certificate keystore:
keytool -import -trustcacerts -file TrustedRoot.crt -alias server -keystore new_trust_keystore.jks -storepass NEWPASSWORD
where NEWPASSWORD is the new password of the keystore
6. Used utils.ImportPrivateKey to create a new identity certificate keystore:
java utils.ImportPrivateKey -keystore new_identity_keystore.jks -storepass NEWPASSWORD -storetype JKS -keypass NEWPASSWORD -alias server -certfile tempcertfile.crt
-keyfile my_domain.key -keyfilepass PFXPASSWORD
7. Configured WebLogic to use the new trust and identity certificate keystores
When I try to start the WebLogic server it shuts down again with the following log:
####<22-03-2012 07:10:42 CET> <Critical> <WebLogicServer> <HID-1041559> <AdminServer> <main> <<WLS Kernel>> <> <> <1332396642889> <BEA-000362> <Server failed. Reason:
There are 1 nested errors:
java.io.IOException: Invalid identity certificate signature: [***]
at weblogic.server.channels.DynamicSSLListenThread.<init>(DynamicSSLListenThread.java:64)
     at weblogic.server.channels.DynamicListenThreadManager.createListener(DynamicListenThreadManager.java:296)
     at weblogic.server.channels.AdminPortService.bindListeners(AdminPortService.java:76)
     at weblogic.server.channels.EnableAdminListenersService.start(EnableAdminListenersService.java:39)
     at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
Caused by: weblogic.management.configuration.ConfigurationException: Invalid identity certificate signature: [***]
Does anybody know what I'm doing wrong?
Thanks in advance, Steffen

The solution is that the certificates in tempcertfile.crt must be in the correct order. The order must be:
Identity certificate
Intermediate certificate
Root certificate
The identity certificate can be located easily in tempcertfile.crt since there must be header that shows the identity--information such as the name of a person or an organization, their address, and so forth. The intermediate certificate will be the last certificate in the tempcertfile.crt.
After I changed the order of the certificates it worked fine.
Regards Steffen

Ie 11 fails with 'IE Security detected that the URL and the configuration link to not match

HI,
I Have a user that is using IE 11 and is getting the following error:
IE Security detected that the URL and the configuration link to not match. Please use the URL as configured. Is and IP based URL. On IE 10 we get a similar message, but as soon as we add it to our trusted site and switch to compatibility
mode the issue goes away.
For example http://10.10.10.180/xxx/iafwebsite_810/
What would be causing this issue?
Any help would be appreciated.
Thanks,
Trish
Trish Leppa

Hi,
It seems that this URL doesn't meet security level. Thus, as long as you add this URL to Trusted sites zone, this issue is fixed.
Thanks!
Andy Altmann
TechNet Community Support

Failed to validate IIS and ShareFolder configurations. Retrun code 0x80070002

Hi PROs,
We're installin DP within SCCM 2012 R2 architecture in remote office,In the log file SMSDPPROV of that DP we noted the following error logged:
[1C00][Fri 12/20/2013 13:31:37]:Failed to validate IIS and ShareFolder configurations. Return code: 0x80070002
it is stuck at that error level,
The DP server is Windows 2003 enterprise SP2,
what does it mean and how can I fiw it please?

Hi PROs,
We're installin DP within SCCM 2012 R2 architecture in remote office,In the log file SMSDPPROV of that DP we noted the following error logged:
[1C00][Fri 12/20/2013 13:31:37]:Failed to validate IIS and ShareFolder configurations. Return code: 0x80070002
it is stuck at that error level,
The DP server is Windows 2003 enterprise SP2,
what does it mean and how can I fiw it please?

Configuring JSSE to use Smartcards as Keystores and Trust Stores

Hello;
I want to use my Javacard enabled smart card as KeyStore and Truststore stock. I have read the part of JSSE Reference guide, and it says this is possible for smart card. Do anyone know how to do that? I think this happens like that : We get the certificate and keys file from javacard enabled smart card to out of card into java environment and we use the soft keys in the program. This is the first thing that I thought how to implement. Is there any other soulution ways? Any help is appreciated.

Hi,
I am also trying to develop a similar application but I dont know how to do. Can you please help me regarding that?
I need to get user's smartcard based certificate to store in server.

Use Secure HTTPS throughout this Forum and the Meteor Website

This is not a "Bright Idea", this is a security flaw with the setup of this forum. When registering to use this forum you are asked for these personal sensitive pieces of information: - Password- Email Address- Mobile Number- CUSTOMER SERVICE PIN!- Age Confirmation This forum does not use secure HTTPS TLS anywhere, so when you register with this form, and when you login you are sending this information is clear plain text over the Web. This is extremely insecure especially considering (A) It's a known fact most typical users will use the same account password on multiple sites, so one should assume a user registering for this forum will use the same password that they use for the main MyMeteor account. (B) The Customer Service PIN is one of the pieces of information used when interacting with Meteor either by phone, chat, email, forum or post as a way to verify a persons credentials and valid identity. So given (A) & (B) if a users password and/or PIN are intercepted on an insecure internet connection, the person gaining access to these credentials could use it to impersonate the customer when communicating with Meteor. The implications are obvious. When an attacker wants to gain access to customer details they will look for the weekest access link. This forum is one of the weekest access links and if comporimised or if user details are intercepted it gives the attacker all the information they need. This forum may be powered by the Lithium service, but it is Meteor's Technical team's responsibilty to setup and secure this forum adequetly. At the moment they have not done this. They are leaving customers at risk of identity theft and are failing in their obligations under Data Protection laws. This needs to be addressed immediatly. On a wider issue it is now considered good practice for public serving websites to use TLS throughout their website and not just for registration and login pages. Contrary to misconception using TLS throughout your site will not greatly reduce the speed or performance of the site if the sys admins have used correct modern server configurations, optimisations and TLS implementation. The major browsers are now blocking out non-secure elements on secure web pages and even Google is going to start using TLS as a signal for traffic ranking. So websites using TLS throughout their site will potentially get better search rankings on Google than those without. I would ask the Meteor Sys admins to at the very least seurce this forum with TLS and then role out TLS across their entire meteor.ie web properties and follow best practise.

I have found that there is an SSL certificate installed on the server to cover the forums.meteor.ie domain, however it is not being enforced. Whilst not a perfect solution, for those using the EFF HTTPS Everywhere browser extension, I have written a ruleset that will force the browser to load https://forums.meteor.ie. I have submitted this ruleset to the EFF but you can also add the ruleset yourself with this following these directions, using this code: <ruleset name="Meteor.ie Community Forum">
<target host="forums.meteor.ie"/>
<rule from="^http://(www\.)?forums\.meteor\.ie/" to="https://forums.meteor.ie/"/>
</ruleset> Still waiting on an official response from Meteor.

Keystores and Certs etc

Hi, we've got a webapp running in Tomcat. It makes a call (using HttpUrlConnection) to an external site using HTTP. We're getting this in the logs:
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targetFrom what I've read, this is usually because the external site's public key isnt in the keystore. So, I've (hopefully) found the correct keystore and imported the public keys. But I still get the same error.
So, I wrote some basic test programs, using HttpUrlConnection like this:
URL url = new URL(address);
HttpURLConnection conn = (HttpURLConnection)url.openConnection();
conn.connect();and also for good measure using SSLSockets
SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket sslsocket = (SSLSocket) sslsocketfactory.createSocket(host, port);I was expecting to see the same problem on my own PC here, but both connection methods work fine... I thought my code would fail until I manually imported the site's certificates into my keystore (I've been testing with HTTPS sites that my PC never seen before)
Any ideas what could be causing the original exception if it's not a missing public key as I originally thought?
Thanks

Hi sdf_iain, and a warm welcome to the forums!
I'm on Leopard at the moment, but in fact, the etc folder is an Alias here, and identical in content to the private/etc folder!

Problem with Java keystore and certificates (unable to find valid cert path

Our program is made so that when a certificate is not signed by a trusted Certification Authority, it will ask the user if he/her wishes to trust the certificate or not. If they decide to trust the certificate, it will accept the self signed certificate and import it into the keystore and then use that certificate to log the user in. This works fine. It will import the certificate into the keystore and use the specified ip address to establish a connection with the LDAP server (Active Directory in our case) and authenticate properly. However, the problem arises when we then try and connect to a different ip address (without restarting tomcat, if we restart tomcat, it works fine...). It imports the certificate into the keystore fine, but always gives the exception
"Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"
and does not authenticate with our LDAP server (which is Active Directory). The problem seems to be that it is no longer looking at the System.setProperty("javax.net.ssl.trustStore", myTrustStore);
I have tried multiple times to just reset this property and try and "force" it to read from my specified trust file when this error happens. I have also imported the certificates directly into the <java_home>/jre/lib/security/cacerts and <java_home>/jre/lib/security/jssecacerts directories as the java documentation says that it will look at those directories first to see if it can find a trusted certificate. However, this does not work either. The only way that I can get this to work is by restarting tomcat all together.
If both of the certificates are already in the keystore before tomcat is started up, everything will work perfect. Again, the only problem is after first connecting to an IP address using TLS and importing the certificate, and then trying to connect to another IP address with a different certificate and import it into the keystore.
One of the interesting features of this is that after the second IP address has failed, I can change the IP address back to the first one that authenticated successfully and authenticate successfully again (ie
I use ip 1.1.1.1, import self signed certificate, authenticates successfully
login with ip 2.2.2.2 import self signed certificate, FAILS
login again with 1.1.1.1 (doesn't import certificate because it is already in keystore) successfully authenticates
Also, I am using java 1.5.0_03.
Any help is greatly appreciated as I've been trying to figure this out for over a week now.
Thanks

Please don't post in threads that are long dead and don't hijack other threads. When you have a question, start your own topic. Feel free to provide a link to an old post that may be relevant to your problem.
I'm locking this thread now.

Auditing failed access to files and folders in Windows Storage Server 2008 R2

Hello,
I've been trying to figure out why I cannot audit the failed access to files and folders on my server. I'm trying to replace a unix-based NAS with a Windows Storage Server 2008 R2 solution so I can use my current audit tools (the 'nix NAS
has basically none). I'm looking for a solution for a small remote office with 5-10 users and am looking at Windows Storage Server 2008 R2 (no props yet, but on a Buffalo appliance). I specifically need to audit the failure of a user to access
folders and files they are not supposed to view, but on this appliance it never shows. I have:
Enabled audit Object access for File system, File share and Detailed file share
Set the security of the top-level share to everyone full control
Used NTFS file permissions to set who can/cannot see particular folders
On those folders (and letting those permissions flow down) I've set the auditing tab to "Fail - Everyone - Full Control - This folder, subfolders and files"
On the audit log I only see "Audit Success" messages for items like "A network share object was checked to see whether client can be granted desired access (Event 5145) - but never a failure audit (because this user was not allowed access by NTFS permissions).
I've done this successfully with Windows Server 2008 R2 x64 w/SP1 and am wondering if anybody has tried this with the Windows Storage Server version (with success of course). My customer wants an inexpensive "appliance" and I thought this new
variant of 2008 was the ticket, but I can't if it won't provide this audit.
Any thoughts? Any of you have luck with this? I am (due to the fact I bought this appliance out of my own pocket) using the WSS "Workgroup" flavor and am wondering if this feature has been stripped from the workgroup edition of WSS.
TIA,
--Jeffrey

Hi Jeffrey,
The steps to setup Audit on a WSS system should be the same as a standard version of Windows Server. So please redo the steps listed below to see if issue still exists:
Enabling file auditing is a 2-step process.
[1] Configure "audit object access" in AD Group Policy or on the server's local GPO. This setting is located under Computer Configuration-->Windows Settings-->Security Settings-->Local Policies-->Audit Policies. Enable success/failure auditing
for "Audit object access."
[2] Configure an audit entry on the specific folder(s) that you wish to audit. Right-click on the folder-->Properties-->Advanced. From the Auditing tab, click Add, then enter the users/groups whom you wish to audit and what actions you wish to audit
- auditing Full Control will create an audit entry every time anyone opens/changes/closes/deletes a file, or you can just audit for Delete operations.
A similar thread:
http://social.technet.microsoft.com/Forums/en-US/winserverfiles/thread/da689e43-d51d-4005-bc48-26d3c387e859
TechNet Subscriber Support in forum |If you have any feedback on our support, please contact [email protected]

Not Working-central web-authentication with a switch and Identity Service Engine

on the followup the document "Configuration example : central web-authentication with a switch and Identity Service Engine" by Nicolas Darchis, since the redirection on the switch is not working, i'm asking for your help...
I'm using ISE Version : 1.0.4.573 and WS-C2960-24PC-L w/software 12.2(55)SE1 and image C2960-LANBASEK9-M for the access.
The interface configuration looks like this:
interface FastEthernet0/24
switchport access vlan 6
switchport mode access
switchport voice vlan 20
ip access-group webauth in
authentication event fail action next-method
authentication event server dead action authorize
authentication event server alive action reinitialize
authentication order mab
authentication priority mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
authentication violation restrict
mab
spanning-tree portfast
end
The ACL's
Extended IP access list webauth
    10 permit ip any any
Extended IP access list redirect
    10 deny ip any host 172.22.2.38
    20 permit tcp any any eq www
    30 permit tcp any any eq 443
The ISE side configuration I follow it step by step...
When I conect the XP client, e see the following Autenthication session...
swlx0x0x#show authentication sessions interface fastEthernet 0/24
           Interface: FastEthernet0/24
          MAC Address: 0015.c549.5c99
           IP Address: 172.22.3.184
            User-Name: 00-15-C5-49-5C-99
               Status: Authz Success
               Domain: DATA
       Oper host mode: single-host
     Oper control dir: both
        Authorized By: Authentication Server
           Vlan Group: N/A
     URL Redirect ACL: redirect
         URL Redirect: https://ISE-ip:8443/guestportal/gateway?sessionId=AC16011F000000510B44FBD2&action=cwa
      Session timeout: N/A
         Idle timeout: N/A
    Common Session ID: AC16011F000000490AC1A9E2
      Acct Session ID: 0x00000077
               Handle: 0xB7000049
Runnable methods list:
       Method   State
       mab      Authc Success
But there is no redirection, and I get the the following message on switch console:
756005: Mar 28 11:40:30: epm-redirect:IP=172.22.3.184: No redirection policy for this host
756006: Mar 28 11:40:30: epm-redirect:IDB=FastEthernet0/24: In epm_host_ingress_traffic_qualify ...
I have to mention I'm using an http proxy on port 8080...
Any Ideas on what is going wrong?
Regards
Nuno

OK, so I upgraded the IOS to version
SW Version: 12.2(55)SE5, SW Image: C2960-LANBASEK9-M
I tweak with ACL's to the following:
Extended IP access list redirect
    10 permit ip any any (13 matches)
and created a DACL that is downloaded along with the authentication
Extended IP access list xACSACLx-IP-redirect-4f743d58 (per-user)
    10 permit ip any any
I can see the epm session
swlx0x0x#show epm session ip 172.22.3.74
     Admission feature: DOT1X
     ACS ACL: xACSACLx-IP-redirect-4f743d58
     URL Redirect ACL: redirect
     URL Redirect: https://ISE-ip:8443/guestportal/gateway?sessionId=AC16011F000000510B44FBD2&action=cwa
And authentication
swlx0x0x#show authentication sessions interface fastEthernet 0/24
     Interface: FastEthernet0/24
     MAC Address: 0015.c549.5c99
     IP Address: 172.22.3.74
     User-Name: 00-15-C5-49-5C-99
     Status: Authz Success
     Domain: DATA
     Oper host mode: multi-auth
     Oper control dir: both
     Authorized By: Authentication Server
     Vlan Group: N/A
     ACS ACL: xACSACLx-IP-redirect-4f743d58
     URL Redirect ACL: redirect
     URL Redirect: https://ISE-ip:8443/guestportal/gateway?sessionId=AC16011F000000510B44FBD2&action=cwa
     Session timeout: N/A
     Idle timeout: N/A
     Common Session ID: AC16011F000000160042BD98
     Acct Session ID: 0x0000001B
     Handle: 0x90000016
     Runnable methods list:
     Method   State
     mab      Authc Success
on the logging, I get the following messages...
017857: Mar 29 11:27:04: epm-redirect:IDB=FastEthernet0/24: In epm_host_ingress_traffic_qualify ...
017858: Mar 29 11:27:04: epm-redirect:epm_redirect_cache_gen_hash: IP=172.22.3.74 Hash=271
017859: Mar 29 11:27:04: epm-redirect:IP=172.22.3.74: CacheEntryGet Success
017860: Mar 29 11:27:04: epm-redirect:IP=172.22.3.74: Ingress packet on [idb= FastEthernet0/24] matched with [acl=redirect]
017861: Mar 29 11:27:04: epm-redirect:IDB=FastEthernet0/24: Enqueue the packet with if_input=FastEthernet0/24
017862: Mar 29 11:27:04: epm-redirect:IDB=FastEthernet0/24: In epm_host_ingress_traffic_process ...
017863: Mar 29 11:27:04: epm-redirect:IDB=FastEthernet0/24: Not an HTTP(s) packet
What I'm I missing?

Windows Updates Failed to Configure in Windows 8 in Lenovo G500s

I am purchased my G500s in October 2013 and tried to install windows 8 updates first time. Before running updates I deleted all my data and switched laptop into default condition using One Key Recovery.
But while windows updates are being configured I am getting a message " Failed to Configure windows Updates, Reverting Changes" which is lasting for more than an hour and my laptop is restarting several time in this duration.
As I am running updates immediately after running One Key Recovery and there is no data on other drives, so this problem is not being caused by any Virus. My problem is similar as mentioned in this link Failure configuring Windows Updates - Windows 8 but I laptop came with Nitro 8, while this link is about problems caused by Nitro 7. Lenovo has not updated this article since 2012.
My laptop is pre installed with these important softwares:
Nitro Pdf 8, Mcafee Internet Security, CyberLink You Cam, Power Dvd.
If anyone can tell what is the cause of this problem I will be thankful to him.
Solved!
Go to Solution.

Thanks for returning to provide your update.
I've marked your post as the solution. It may help other members in the community.
Cheers.
English Community Deutsche Community Comunidad en Español Русскоязычное Сообщество
Community Resources: Participation Rules • Images in posts • Search (Advanced) • Private Messaging
PM requests for individual support are not answered. If a post solves your issue, please mark it so.
X1C3 Helix X220 X301 X200T T61p T60p Y3P • T520 T420 T510 T400 R400 T61 Y2P Y13
I am not a Lenovo employee.

URGENT! Configuring WNA and keytab problems

Hi, I've configured OAS10g integration with AD successfully and able to map the users successfully from AD to OID. The external authentication plugin is working as well. However, I am having problems configuring WNA and getting the following erros in the OC4J_SECURITY logfile:
08/01/06 13:18:44 Getting creds for HTTP/[email protected]...
08/01/06 13:18:44 Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null KeyTab is /san/oas10g/oracle/product/10gas_infra/j2ee/OC4J_SECURITY/config/oraprda01.keytab refreshKrb5Config is false principal is HTTP/oraprda01.mpx.biz tryFirstPass is false useFirstPass is false storePass is false clearPass is false
principal's key obtained from the keytab
08/01/06 13:18:44 principal is HTTP/[email protected]
08/01/06 13:18:44 [Krb5LoginModule] authentication failed
Pre-authentication information was invalid (24)
08/01/06 13:18:44 KerberosAuthenticator: GSSException raised in constructor - No valid credentials provided (Mechanism level: Attempt to obtain new ACCEPT credentials failed!)
08/01/06 13:18:44 GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new ACCEPT credentials failed!)
08/01/06 13:18:44 at sun.security.jgss.krb5.Krb5AcceptCredential.getKeyFromSubject(Krb5AcceptCredential.java:189)
08/01/06 13:18:44 at sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.java:80)
08/01/06 13:18:44 at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:75)
08/01/06 13:18:44 at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:149)
08/01/06 13:18:44 at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:334)
08/01/06 13:18:44 at sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:44)
08/01/06 13:18:44 at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:102)
08/01/06 13:18:44 at oracle.security.jazn.oc4j.KerberosAuthenticator.<init>(Unknown Source)
08/01/06 13:18:44 at oracle.security.jazn.oc4j.RealmUserManager.getHttpAuthenticator(Unknown Source)
08/01/06 13:18:44 at oracle.security.jazn.oc4j.FilterUserManager.getHttpAuthenticator(Unknown Source)
08/01/06 13:18:44 at com.evermind.server.http.HttpApplication.initAuthenticator(HttpApplication.java:5371)
08/01/06 13:18:44 at com.evermind.server.http.HttpApplication.initDynamic(HttpApplication.java:980)
08/01/06 13:18:44 at com.evermind.server.http.HttpApplication.<init>(HttpApplication.java:549)
08/01/06 13:18:44 at com.evermind.server.Application.getHttpApplication(Application.java:890)
08/01/06 13:18:44 at com.evermind.server.http.HttpServer.getHttpApplication(HttpServer.java:707)
08/01/06 13:18:44 at com.evermind.server.http.HttpSite.initApplications(HttpSite.java:625)
08/01/06 13:18:44 at com.evermind.server.http.HttpSite.setConfig(HttpSite.java:278)
08/01/06 13:18:44 at com.evermind.server.http.HttpServer.setSites(HttpServer.java:278)
08/01/06 13:18:44 at com.evermind.server.http.HttpServer.setConfig(HttpServer.java:179)
08/01/06 13:18:44 at com.evermind.server.ApplicationServer.initializeHttp(ApplicationServer.java:2394)
08/01/06 13:18:44 at com.evermind.server.ApplicationServer.setConfig(ApplicationServer.java:1551)
08/01/06 13:18:44 at com.evermind.server.ApplicationServerLauncher.run(ApplicationServerLauncher.java:92)
08/01/06 13:18:44 at java.lang.Thread.run(Thread.java:534)
08/01/06 13:18:44 Caused by: javax.security.auth.login.LoginException: Pre-authentication information was invalid (24)
08/01/06 13:18:44 at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:585)
08/01/06 13:18:44 at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:475)
08/01/06 13:18:44 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
08/01/06 13:18:44 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
08/01/06 13:18:44 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
08/01/06 13:18:44 at java.lang.reflect.Method.invoke(Method.java:324)
08/01/06 13:18:44 at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)
08/01/06 13:18:44 at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
08/01/06 13:18:44 at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
08/01/06 13:18:44 at java.security.AccessController.doPrivileged(Native Method)
08/01/06 13:18:44 at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
08/01/06 13:18:44 at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
08/01/06 13:18:44 at sun.security.jgss.LoginUtility.run(LoginUtility.java:57)
Our setup is such that the SSO hostname is oraprda01.mpx.biz but the AD/KDC realm is AD.MULTIPLEX.BIZ. I found http://www.oracle.com/technology/obe/obe_as_10g/im/wna/wna.htm and we have more or less the same situation so it should work but it doesn't. I've already got this working in the test environment but the SSO hostname there is gfradev01.ad.multiplex.biz. Note that it has the same domain name as the AD realm.
Doing a kinit without using the keytab file works for HTTP/[email protected] but when I use the keytab file, I get the pre-authentication error.
Can anyone advice as to how we can make this work? Are there extra setups which need to be done on the AD server which Oracle did not document?
Thank you very much,
Abigail

If urgent, contact Support.
Is the account option ‘Do not require kerberos preauthentication’ checked (see MicroSoft KB 832572)
In addition: metalink Note: 466288.1
Message was edited on 1-feb-2008 by: Frank van Bortel

Psconsole Authentication Failed, Please reenter username and password

Hi,
I have JES5 installed ( App server + Directory server + Portal server + Access manager) on a windows 2003 server with Oracle 10g. After the installation i was able to access the amconsole, psconsole, and the admin console without any errors.
After the server was restarted, i started the application server and the directory server (dsadm start) and now i can login to admin console and /amconsle and also to the /portal/dt, but i am not able to login to /psconsole.
i have used the default login details(amadmin) login for both the /amconsole and the /psconsle, /amconsole logins sucessfully but /psconsole gives me the error "Authentication Failed, Please reenter username and password"
the log details of portal.admin.console.0.0.log are:
[#|2008-01-08T12:13:58.672+0530|SEVERE|SJS Portal Server|debug.com.sun.portal.admin.console|ThreadID=21; ClassName=com.sun.portal.admin.console.common.PSBaseBean; MethodName=log; |Failed to authenticate with JMX Server: LoginBean.login()
javax.management.remote.JMXProviderException: Connection refused: connect
     at com.sun.cacao.agent.impl.CacaoJmxConnectorProvider.newJMXConnector(CacaoJmxConnectorProvider.java:388)
     at javax.management.remote.JMXConnectorFactory.getConnectorAsService(JMXConnectorFactory.java:415)
     at javax.management.remote.JMXConnectorFactory.newJMXConnector(JMXConnectorFactory.java:307)
     at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:247)
     at com.sun.portal.admin.common.util.AdminUtil.getConnector(AdminUtil.java:813)
     at com.sun.portal.admin.common.util.AdminClientUtil.getJMXConnector(AdminClientUtil.java:113)
     at com.sun.portal.admin.common.util.AdminClientUtil.getJMXConnector(AdminClientUtil.java:139)
     at com.sun.portal.admin.common.util.AdminClientUtil.getJMXConnector(AdminClientUtil.java:163)
     at com.sun.portal.admin.console.common.LoginBean.JMXConnect(LoginBean.java:287)
     at com.sun.portal.admin.console.common.LoginBean.authenticate(LoginBean.java:256)
     at com.sun.portal.admin.console.common.LoginBean.login(LoginBean.java:230)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:585)
     at com.sun.faces.el.MethodBindingImpl.invoke(MethodBindingImpl.java:146)
     at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:92)
     at javax.faces.component.UICommand.broadcast(UICommand.java:332)
     at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:287)
     at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:401)
     at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:95)
     at com.sun.faces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:245)
     at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:110)
     at javax.faces.webapp.FacesServlet.service(FacesServlet.java:213)
     at sun.reflect.GeneratedMethodAccessor139.invoke(Unknown Source)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:585)
     at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:249)
     at java.security.AccessController.doPrivileged(Native Method)
     at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
     at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:282)
     at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:165)
     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:257)
     at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:55)
     at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:161)
     at java.security.AccessController.doPrivileged(Native Method)
     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
     at com.sun.web.ui.util.UploadFilter.doFilter(UploadFilter.java:203)
     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
     at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:55)
     at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:161)
     at java.security.AccessController.doPrivileged(Native Method)
     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
     at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:263)
     at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
     at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:225)
     at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:173)
     at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
     at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
     at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
     at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:933)
     at com.sun.enterprise.web.connector.httpservice.HttpServiceProcessor.process(HttpServiceProcessor.java:235)
     at com.sun.enterprise.web.HttpServiceWebContainer.service(HttpServiceWebContainer.java:2114)
Caused by: java.net.ConnectException: Connection refused: connect
     at java.net.PlainSocketImpl.socketConnect(Native Method)
     at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333)
     at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:195)
     at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:182)
     at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
     at java.net.Socket.connect(Socket.java:516)
     at java.net.Socket.connect(Socket.java:466)
     at java.net.Socket.<init>(Socket.java:366)
     at java.net.Socket.<init>(Socket.java:179)
     at com.sun.jmx.remote.socket.SocketConnection.connect(SocketConnection.java:94)
     at com.sun.jmx.remote.generic.ClientSynchroMessageConnectionImpl.connect(ClientSynchroMessageConnectionImpl.java:69)
     at javax.management.remote.generic.GenericConnector.connect(GenericConnector.java:177)
     at javax.management.remote.jmxmp.JMXMPConnector.connect(JMXMPConnector.java:119)
     at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:248)
     at com.sun.cacao.agent.JmxClient.getUnknownJmxClientConnection(JmxClient.java:904)
     at com.sun.cacao.agent.impl.CacaoJmxConnectorProvider.newJMXConnector(CacaoJmxConnectorProvider.java:362)
     ... 52 more
Also, when i try to start the cacaoadm or check for the status i get the Perl lib version (v5.8.3) doesn't match executable version (v5.8.8) error.
i have JES5 and Oracle 10G installed on a windows 2003 server,
can you please let me know what do i have to correct here.
C:\Program Files\Sun\JavaES5\share\cacao_2\bin>cacaoadm.bat status
Perl lib version (v5.8.3) doesn't match executable version (v5.8.8) at E:\oracle
\product\10.2.0\db_1\perl\5.8.3\lib/MSWin32-x86-multi-thread/Config.pm line 32.
Compilation failed in require at E:\oracle\product\10.2.0\db_1\perl\5.8.3\lib/Fi
ndBin.pm line 97.
BEGIN failed--compilation aborted at E:\oracle\product\10.2.0\db_1\perl\5.8.3\li
b/FindBin.pm line 97.
Compilation failed in require at C:\PROGRA~1\Sun\JavaES5\share\cacao_2\lib\tools
\scripts\cacaoadm.pl line 17.
BEGIN failed--compilation aborted at C:\PROGRA~1\Sun\JavaES5\share\cacao_2\lib\t
ools\scripts\cacaoadm.pl line 17.
Thanks in advance
Regards
Gani

Hi,
depending on the cacao version used. The only authorized user (user allowed to use cacao) may be a privileged user (user part of local administrator group).
to know the version of cacao just run "cacaoadm -V" .
from 2.1 , non privileged user can install their own copy of cacao.
Your case (login on pconsole failing) may be a credential
probleme. did you check the password given for the connection ?
For the service part (enabling cacao) you must not touch the configuration. Everything is done using the command line.
you should not modify information set in the service manager.
just use the command line "cacaoadm enable -f <password file>". the Password file must contain the password of the Administrator who installed cacao.
hope this helps

Shared services registration failing during configuration of EPMA 11.1.1.3

Hi All, I am currently woking on essbase and no knowledge of planning so trying to upgrade my knowledge. I installed epma 11.1.1.3 on windows 2003 VMware work station as I have windows 7 laptop. installed oracle 10g created a database (epma) created user/schemas (sm,ms) trying to configure foundation services, essbase, planning and reporting and analysis. the configure database and register with shared services failed. Am I doing anything wrong. I followed some documents for configuration which are well documented with screen shots still do not know what wrong I am doing. Please advice on how to avoid these failures.
Below is the validation results of the configuration.
Thanks in advance.
Srinivas
Oracle EPM System
Diagnostic Reports
Generated on 3/3/12 11:05 PM
Validation run on srinivas
Validation tool info: 11.1.1.3.0 drop 9-0 build 3129 on 07/16/2009 01:24 PM
OS name: Windows 2003
OS version: 5.2
Test Status Service Test Description Duration
Hyperion Foundation
FAILED CFG: Configuration Check whether all configuration tasks have been completed
Error: Next tasks are not configured:
relationalStorageConfiguration: Configuration Failed
Recommended Action: Try to configure mentioned tasks 0 s
FAILED OPN: OpenLDAP Check if global roles number no less than 16
Error: $item.exception.localizedMessage
Recommended Action: 0 s
FAILED OPN: OpenLDAP Connection to OpenLDAP
Error: srinivas:28089
Recommended Action: Start open LDAP 1 s
ERP Integrator
PASSED CFG: Configuration WARNING: Some of suggested configuration tasks not completed yet.
Check whether all configuration tasks have been completed 0 s
Essbase / Client
PASSED WR: Windows Registry Check if EQD excel addin registered for Essbase Client 0 s
Essbase / Essbase
FAILED CFG: Configuration Check whether all configuration tasks have been completed
Error: Next tasks are not configured:
hubRegistration: Configuration Failed
Recommended Action: Try to configure mentioned tasks 0 s
FAILED EAS: Essbase server Essbase Server startup check using Maxl command
Error: Result: Unable to connect Essbase Server using MAXL command. Please check that essbase server is running.
Recommended Action: Check Essbase Server is started. 0 s
FAILED SVR: Essbase Java API Launch external checker with next command: C:\Hyperion\common\validation\9.5.0.0\launchEssbaseJavaAPI.bat EssbaseJAPIConnect admin ****** srinivas http://srinivas:13080/aps/JAPI
Error: Result: -1; Error message: Cannot connect to olap service. Cannot connect to Essbase Server at srinivas. Timed out waiting to connect to the Essbase Agent/Server using TCP/IP. Check your network connections.
Recommended Action: Make sure external checker is working. 7 s
Essbase / Essbase Administration Services
FAILED CFG: Configuration Check whether all configuration tasks have been completed
Error: Next tasks are not configured:
hubRegistration: Configuration Failed
Some of suggested configuration tasks not completed yet.
Recommended Action: Try to configure mentioned tasks 0 s
Essbase / Provider Services
FAILED CFG: Configuration Check whether all configuration tasks have been completed
Error: Next tasks are not configured:
hubRegistration: Configuration Failed
Recommended Action: Try to configure mentioned tasks 0 s
Essbase / Smart Search
PASSED CFG: Configuration Check whether all configuration tasks have been completed 0 s
Essbase / Studio
FAILED CFG: Configuration Check whether all configuration tasks have been completed
Error: Next tasks are not configured:
hubRegistration: Configuration Failed
Some of suggested configuration tasks not completed yet.
Recommended Action: Try to configure mentioned tasks 0 s
Financial Data Quality Management
PASSED CFG: Configuration WARNING: Some of suggested configuration tasks not completed yet.
Check whether all configuration tasks have been completed 0 s
Foundation / Calculation Manager
FAILED CFG: Configuration Check whether all configuration tasks have been completed
Error: Next tasks are not configured:
hubRegistration: Configuration Failed
Some of suggested configuration tasks not completed yet.
Recommended Action: Try to configure mentioned tasks 0 s
Foundation / Performance Management Architect
FAILED CFG: Configuration Check whether all configuration tasks have been completed
Error: Next tasks are not configured:
hubRegistration: Configuration Failed
Some of suggested configuration tasks not completed yet.
Recommended Action: Try to configure mentioned tasks 0 s
Foundation / Workspace
FAILED CFG: Configuration Check whether all configuration tasks have been completed
Error: Next tasks are not configured:
hubRegistration: Configuration Failed
Some of suggested configuration tasks not completed yet.
Recommended Action: Try to configure mentioned tasks 0 s
PASSED HTTP: Http Is file [C:\Hyperion\common\httpServers\Apache\2.0.59\bin\installhyperionapacheservice.err] empty 0 s
PASSED HTTP: Http Check string [LoadModule jk_module modules/mod_jk] in file[C:\Hyperion\common\httpServers\Apache\2.0.59\conf\httpd.conf] 0 s
PASSED REG: Registry All links are present in registry. 0 s
Performance Scorecard
PASSED CFG: Configuration WARNING: Some of suggested configuration tasks not completed yet.
Check whether all configuration tasks have been completed 0 s
Planning
FAILED CFG: Configuration Check whether all configuration tasks have been completed
Error: Next tasks are not configured:
hubRegistration: Configuration Failed
applicationServerDeployment: Configuration Failed
Some of suggested configuration tasks not completed yet.
Recommended Action: Try to configure mentioned tasks 0 s
Profitability and Cost Management
PASSED CFG: Configuration WARNING: Some of suggested configuration tasks not completed yet.
Check whether all configuration tasks have been completed 0 s
Strategic Finance
PASSED CFG: Configuration WARNING: Some of suggested configuration tasks not completed yet.
Check whether all configuration tasks have been completed 0 s
Financial Management
PASSED CFG: Configuration WARNING: Some of suggested configuration tasks not completed yet.
Check whether all configuration tasks have been completed 0 s
Reporting and Analysis
PASSED CFG: Configuration Check whether all configuration tasks have been completed 0 s
FAILED SVR: Essbase Java API Launch external checker with next command: C:\Hyperion\common\validation\9.5.0.0\launchEssbaseJavaAPI.bat EssbaseJAPIConnect admin ****** srinivas http://srinivas:13080/aps/JAPI
Error: Result: -1; Error message: Cannot connect to olap service. Cannot connect to Essbase Server at srinivas. Timed out waiting to connect to the Essbase Agent/Server using TCP/IP. Check your network connections.
Recommended Action: Make sure external checker is working. 3 s
Test start time: 11:05:18 PM
Test end time: 11:05:40 PM
Total test duration: 21 s

Thanks to all for your suggestions. Below is the log I have checked at the first instance of failure after that resitering with shared services failed for every product. Is this something to do withis database connection? Please advise on how to resolve it.
Mar 6, 2012 10:48:54 AM org.apache.coyote.http11.Http11BaseProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-28080
Mar 6, 2012 10:48:54 AM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 3531 ms
Mar 6, 2012 10:48:54 AM org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
Mar 6, 2012 10:48:54 AM org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Hyperion Embedded Java Container/1.0.0
Mar 6, 2012 10:48:55 AM org.apache.catalina.core.StandardHost start
INFO: XML validation disabled
log dir isC:\Hyperion\logs\SharedServices9
urlManifest jar:file:/C:/Hyperion/deployments/Tomcat5/SharedServices9/webapps/interop/WEB-INF/lib/interop-mmc.jar!/META-INF/MANIFEST.MF
Shared Services Version: 11.1.1.3.24
Shared Services Drop Number: 6
Attempting to verify the database configuration
Attempting to verify the database configuration
Database configuration test passed.
06 Mar 2012 10:50:27 - org.apache.slide.common.Domain - INFO - Auto-Initializing Domain
06 Mar 2012 10:50:27 - org.apache.slide.common.Domain - INFO - Configuration found in classpath
06 Mar 2012 10:50:27 - org.apache.slide.common.Domain - INFO - Domain configuration : {org.apache.slide.lock=true, org.apache.slide.versioncontrol=true, org.apache.slide.debug=false, org.apache.slide.search=true, org.apache.slide.security=true, org.apache.slide.urlEncoding=UTF-8, org.apache.slide.domain=C:/Hyperion/deployments/Tomcat5/SharedServices9/config/Domain.xml}
configURL: file:///C:/Hyperion/deployments/Tomcat5/SharedServices9/config/CSS.xml
Done initialize: null
06 Mar 2012 10:50:35 - org.apache.slide.common.Domain - ERROR - Unable to migrate hub groups to css
connection pool registered:dbcpPool-org.apache.commons.pool.impl.GenericObjectPool@9b2a51
connection pool registered:dbcpPool-org.apache.commons.pool.impl.GenericObjectPool@2431b9
CMSOfflineServlet Initialized
2012-03-06 10:50:42,328 [main] ERROR com.hyperion.ces.utils.db.DBRegistryManager.<init>(DBRegistryManager.java:74) - Failed to get Registry Instance! DB Connection is not existing for SharedService. Check registry for SharedService.
2012-03-06 10:50:42,328 [main] ERROR com.hyperion.workflow.engine.server.repository.WfDomainStoreRdbms.initialize(WfDomainStoreRdbms.java:167) - java.lang.Exception: Failed to get Registry Instance! DB Connection is not existing for SharedService. Check registry for SharedService.
2012-03-06 10:50:42,328 [main] ERROR com.hyperion.workflow.engine.server.repository.WfDomainStoreRdbms.initialize(WfDomainStoreRdbms.java:167) - java.lang.Exception: Failed to get Registry Instance! DB Connection is not existing for SharedService. Check registry for SharedService.
2012-03-06 10:50:42,343 [main] ERROR com.hyperion.cesdsf.server.framework.DsfServer.init(DsfServer.java:51) - com.hyperion.workflow.engine.api.base.WfException: Failed to get Registry Instance! DB Connection is not existing for SharedService. Check registry for SharedService.
2012-03-06 10:50:42,390 [main] ERROR com.hyperion.workflow.engine.server.framework.WorkflowEngineServiceLocal.wfx(WorkflowEngineServiceLocal.java:2584) - Cannot getUsers.
java.lang.NullPointerException
     at com.hyperion.workflow.engine.server.framework.WorkflowEngineServiceLocal.getUsers(WorkflowEngineServiceLocal.java:780)
     at com.hyperion.workflow.engine.server.framework.WorkflowEngineServiceLocal.getUserFromCES(WorkflowEngineServiceLocal.java:536)
     at com.hyperion.workflow.engine.server.framework.WorkflowEngineServiceLocal.systemSignOn(WorkflowEngineServiceLocal.java:341)
     at com.hyperion.workflow.engine.server.framework.WorkflowEngineServiceLocal.signOn(WorkflowEngineServiceLocal.java:387)
     at com.hyperion.workflow.engine.api.base.WorkflowEngine.signOn(WorkflowEngine.java:80)
     at com.hyperion.workflow.engine.api.base.WorkflowEngine.trustedSignOn(WorkflowEngine.java:94)
     at com.hyperion.workflow.engine.api.base.WorkflowEngine.trustedSignOn(WorkflowEngine.java:90)
     at com.hyperion.workflow.agent.TaskReceiver.init(TaskReceiver.java:34)
     at javax.servlet.GenericServlet.init(GenericServlet.java:211)
     at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1105)
     at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:932)
     at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3917)
     at org.apache.catalina.core.StandardContext.start(StandardContext.java:4201)
     at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:759)
     at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:739)
     at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:524)
     at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:904)
     at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:867)
     at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:474)
     at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1122)
     at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:310)
     at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
     at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1021)
     at org.apache.catalina.core.StandardHost.start(StandardHost.java:718)
     at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1013)
     at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:442)
     at org.apache.catalina.core.StandardService.start(StandardService.java:450)
     at org.apache.catalina.core.StandardServer.start(StandardServer.java:709)
     at org.apache.catalina.startup.Catalina.start(Catalina.java:551)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:585)
     at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:294)
     at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432)
2012-03-06 10:50:42,390 [main] ERROR com.hyperion.workflow.engine.server.framework.WorkflowEngineServiceLocal.wfx(WorkflowEngineServiceLocal.java:2584) - Cannot signOn.
com.hyperion.workflow.engine.api.base.WfException: Cannot getUsers.null
     at com.hyperion.workflow.engine.server.framework.WorkflowEngineServiceLocal.wfx(WorkflowEngineServiceLocal.java:2593)
     at com.hyperion.workflow.engine.server.framework.WorkflowEngineServiceLocal.getUsers(WorkflowEngineServiceLocal.java:782)
     at com.hyperion.workflow.engine.server.framework.WorkflowEngineServiceLocal.getUserFromCES(WorkflowEngineServiceLocal.java:536)
     at com.hyperion.workflow.engine.server.framework.WorkflowEngineServiceLocal.systemSignOn(WorkflowEngineServiceLocal.java:341)
     at com.hyperion.workflow.engine.server.framework.WorkflowEngineServiceLocal.signOn(WorkflowEngineServiceLocal.java:387)
     at com.hyperion.workflow.engine.api.base.WorkflowEngine.signOn(WorkflowEngine.java:80)
     at com.hyperion.workflow.engine.api.base.WorkflowEngine.trustedSignOn(WorkflowEngine.java:94)
     at com.hyperion.workflow.engine.api.base.WorkflowEngine.trustedSignOn(WorkflowEngine.java:90)
     at com.hyperion.workflow.agent.TaskReceiver.init(TaskReceiver.java:34)
     at javax.servlet.GenericServlet.init(GenericServlet.java:211)
     at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1105)
     at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:932)
     at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3917)
     at org.apache.catalina.core.StandardContext.start(StandardContext.java:4201)
     at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:759)
     at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:739)
     at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:524)
     at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:904)
     at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:867)
     at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:474)
     at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1122)
     at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:310)
     at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
     at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1021)
     at org.apache.catalina.core.StandardHost.start(StandardHost.java:718)
     at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1013)
     at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:442)
     at org.apache.catalina.core.StandardService.start(StandardService.java:450)
     at org.apache.catalina.core.StandardServer.start(StandardServer.java:709)
     at org.apache.catalina.startup.Catalina.start(Catalina.java:551)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:585)
     at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:294)
     at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432)
2012-03-06 10:50:42,390 [main] ERROR com.hyperion.workflow.agent.TaskReceiver.init(TaskReceiver.java:39) - Error Getting the workflowEngine Cannot signOn.Cannot getUsers.null
Mar 6, 2012 10:50:42 AM org.apache.coyote.http11.Http11BaseProtocol start
INFO: Starting Coyote HTTP/1.1 on http-28080
Mar 6, 2012 10:50:43 AM org.apache.jk.common.ChannelSocket init
INFO: JK: ajp13 listening on /0.0.0.0:28082
Mar 6, 2012 10:50:43 AM org.apache.jk.server.JkMain start
INFO: Jk running ID=0 time=0/125 config=null
Mar 6, 2012 10:50:43 AM org.apache.catalina.startup.Catalina start
INFO: Server startup in 108250 ms

WS-Security: Fail to configure Keystore and Identity Certificates

Similar Messages

Maybe you are looking for