WSUS and SQL login failures

Similar Messages

• SUP and SQL login failed

  Hi,
  Been racking my brain about this one, searched online (including here) but haven't found a solution yet. My scenario is: SCCM 2012 R2 and SQL 2012 (with databases CM_SCM and SUSDB, instance name is MSSQLSERVER) installed on the same server. SCCM will only
  be used to build servers using TS. I'm using SCCM as a SUP to do offline servicing of the wim files. This setup was working up to several weeks ago (don't know exactly when it stopped) and since, whenever I do a software update sync, I get
  'Sync failed: WSUS server not configured. Please refer to WCM.log for configuration error details.. Source: CWSyncMgr::DoSync'.
  Checking the WCM.log I get the following error: 
  System.Data.SqlClient.SqlException (0x80131904): Login failed for user 'DOMAIN\MACHINENAME$'.~~   at Microsoft.UpdateServices.Internal.BaseApi.SoapExceptionProcessor.DeserializeAndThrow(SoapException soapException)~~   at Microsoft.UpdateServices.Internal.DatabaseAccess.AdminDataAccessProxy.ExecuteSPGetConfiguration()~~
    at Microsoft.UpdateServices.Internal.BaseApi.UpdateServerConfiguration.Load()~~   at Microsoft.UpdateServices.Internal.ClassFactory.CreateWellKnownType(Type type, Object[] args)~~   at Microsoft.UpdateServices.Internal.ClassFactory.CreateInstance(Type
  type, Object[] args)~~   at Microsoft.UpdateServices.Internal.BaseApi.UpdateServer.GetConfiguration()~~   at Microsoft.SystemsManagementServer.WSUS.WSUSServer.SetUpstreamServerSettings(Boolean SyncFromMicrosoftUpdate, Boolean ReplicaServer, String
  UpstreamWSUSServerName, Int32 UpstreamWSUSServerPortNumber, Boolean UseSSL, Boolean HostBinariesOnMU, Int32 ReportingLevel, Int32 MaximumAllowedComputers)~~ClientConnectionId:00000000-0000-0000-0000-000000000000
  If I then check the SQL Server log, I have (over and over again) the error:
  Login failed for user "DOMAIN\MACHINENAME$". Reason: Could not find a login matching the name provided. [CLIENT: <local machine>] - Error 18456, Severity: 14, State: 5
  According to http://sqlblog.com/blogs/aaron_bertrand/archive/2011/01/14/sql-server-v-next-denali-additional-states-for-error-18456.aspx , state 5 indicates (as the error msg mentions) that the login doesn't exist, however in the SQL server it does exist
  and is also present under both DBs\Security\Users.
  There was no SPN set for the service account I created when setting the server up (in this case sccmsql), I've now set it manually to MSSQLSvc/FQDN:1433, as mentioned in http://technet.microsoft.com/en-us/library/hh427336.aspx#BKMK_ManageSPNforDBSrv
  , but without any luck.
  Thanks in advance for reading this.
  Dan

  Dan,
  Remove the SUP role. Remove WSUS and delete the SUSDB. Reboot the site server and reinstall WSUS and SUP. It'll recreate all the required permissions as part of the install.
  Cheers
  Paul | sccmentor.wordpress.com

• Design a job for Login failure alert

  HI,
       I need a query to get Login failure alert for both windows login and SQL login account. Also i need track to which database the Login user is connecting while he is getting Login failure error. I need to to schedule this as a job.

  To check what database was being used when the login failed, you will need to use default trace as mentioned in the link below:-
  http://www.eraofdata.com/the-sql-server-default-trace/
  or simply run the query below:-
  SELECT  TE.name AS [EventName] ,
          v.subclass_name ,
          T.DatabaseName ,
          t.DatabaseID ,
          t.NTDomainName ,
          t.ApplicationName ,
          t.LoginName ,
          t.SPID ,
          t.StartTime ,
          t.SessionLoginName
  FROM    sys.fn_trace_gettable(CONVERT(VARCHAR(150), ( 
                  SELECT TOP 1
                  f.[value]
                  FROM    sys.fn_trace_getinfo(NULL) f
                  WHERE   f.property = 2)), DEFAULT) T
          JOIN sys.trace_events TE 
                  ON T.EventClass = TE.trace_event_id
          JOIN sys.trace_subclass_values v 
                  ON v.trace_event_id = TE.trace_event_id
                  AND v.subclass_value = t.EventSubClass
  WHERE   te.name IN ( 'Audit Login Failed' )
  order by t.StartTime desc
  The only other way would be to use Auditing, Server Side Trace or Triggers if you want to maintain history of these. 
  Reference:
  http://sqlrows.blogspot.in/2011/10/note-to-self.html
  Please mark the answer as helpful if i have answered your query. Thanks and Regards, Kartar Rana

• SQL Server 2012 syspolicy_purge_history job causes cross-instance login failures w. EraseSystemHealthPhantomRecords

  I have unique service accounts set up for multiple instances on the same SQL Server 2012.
  When step 3 of the inbuilt syspolicy_purge_history job(Erase Phantom System Health Records) runs, it appears to attempt to run against every instance on the server despite being passed the instance path!
  The SQLServer's powershell script call:
  if ('$(ESCAPE_SQUOTE(INST))' -eq 'MSSQLSERVER') {$a = '\DEFAULT'} ELSE {$a = ''};
  (Get-Item SQLSERVER:\SQLPolicy\$(ESCAPE_NONE(SRVR))$a).EraseSystemHealthPhantomRecords()
  so with instances SERVER\X this runs as...
  (Get-Item SQLSERVER:\SQLPolicy\SERVER\X).EraseSystemHealthPhantomRecords()
  SERVER\X's job will run and I will see login failures in the error logs of SERVER\Y and SERVER\Z for the service account set up for instance X.
  It seems Microsoft's only 'accepted solution' to this problem is for me to compromise my security by escalating the access of these service accounts?
  Has anyone else run into and corrected this failure?

  Hi Atombath,
  When you install multiple instances on one Server, and  the SQL Server’s powershell scripts are the same in inbuilt syspolicy_purge_history job steps. However, when you start PowerShell by right clicking
   syspolicy_purge_history job, you will find it will point to their own instance. I do a test in my SQL Server 2012,
   it will not across instance to collect the error logs. So I recommend you use its original powershell scripts for the syspolicy_purge_history job.
  Sometimes, if you run the syspolicy_purge_history job on a clustered instance, the syspolicy_purge_history SQL Server Agent job may fail due to using the computer node name instead of the virtual server name. For more information, see:
  http://support.microsoft.com/kb/955726/en-us
  In addition, you can use different service account for your multiple SQL Server instances on the same Server. And make sure the accounts that you created get added to the sysadmin fixed server role, the accounts are also set in the three Agent roles (SqlAgentUserRole,
  SqlAgentReaderRole, and SqlAgentOperatorRole).
  Regards,
  Sofiya Li
  Sofiya Li
  TechNet Community Support

• SQL Database Login failure

  I'm getting a SQL database login failure on one customer after many successful installations at other customers. My app uses OLE DB (ADO) database type with the SQLOLEDB provider to access the database. I create the table logon info structure internally in my app and use that to connect the Crystal Report for.Net framework to the database. I've verified that the server name is correct and the database allows access from SQL Management Studio and from the rest of my app, which uses VB SQL connection objects. But on this one customer I get a "Database Login" prompt when the Crystal Report is run. The prompt shows the correct user name and password. When I hit "Login" the login fails (as it failed internally leading to the dialog being shown in the first place).
  Anyone have any idea on what's going on here? Any idea on where else to look? I suspect some software the customer is running is interfering somehow with Crystal Reports. But I don't have any idea of what to check for. Any help will be appreciated.
  Jon Webb
  PEP Systems, Inc.

  Some of the more common causes for this are:
  1. Firewalls - If you have a firewall between the database server and your computer
  2. Different SubNets.  If your database server is on a different sub-net than the computer you are trying to connnect from - then it might not be able to see it / resolve the name.  To verify this, trying pinging the database computer by machine name  (e.g. ping myDBServer).   This can also be caused by the computer not being able to see the DNS server, and so not able to resolve the DB server machine name.
  3. Wrong DB driver version.  Sometimes if you are trying to connect to a newer version of SQL server using older drivers - it won't work.  Verify what version of the SQL server drivers are being used.
  4. MDAC is not installed.  To connect via ODBC you sometimes need MDAC installed.  You can check the version using the info in this kbase http://support.microsoft.com/kb/301202
  Shawn

• Linked Server error: Login Failed for user 'NT AUTHORITY\ANONYMOUS LOGON' between sql server 2005 32 bit and sql server 2012 64 bit

  Hi All,
  Here the linked server is created between sql server 2012 64 bit and sql server 2005 32 bit. I am getting the below error  when i try to access linked server from third server. I have created linked from Instance 1 to Instance 2. When i access it from
  instance 3 i am getting the below error. SPN setting has been done between these 2 servers. Also the option 'Trust the delegate' is enabled for the both the service account. 
  'Login Failed for user 'NT AUTHORITY\ANONYMOUS LOGON' 
  Appreciate your quick response. 
  Vikas.M.S

  Hello,
  Please read the following resources:
  http://www.databasejournal.com/features/mssql/article.php/3696506/Setting-Up-Delegation-for-Linked-Servers.htm
  http://social.msdn.microsoft.com/Forums/sqlserver/en-US/ea26de43-4c6b-4991-86d7-e1578f107c92/linked-server-login-failed-for-user-nt-authorityanonymous-logon?forum=sqldataaccess
  Hope this helps.
  Regards,
  Alberto Morillo
  SQLCoffee.com

• What's the difference between "login block-for X attempts X within X" and "security authentication failure rate X"?

  What's the difference between, just for example, "login block-for 100 attempts 15 within 100" and "security authentication failure rate 3"?
  Please ignore the numbers, I need to know what the differences are in commands and what they do, what they affect.

  security authentication failure rate number_of_failed_attempts : A global configuration mode command used to specify the maximum number of failed attempts (in the range of 2 to 1024) before introducing a 15-second delay
  login block-for 100 attempts 15 within 100 : Block all access after 15 failed login attempts within 100 Secs for the period of 100Secounds (1.40 Minutes).
  The Cisco IOS Login Enhancements (Login Block) feature allows users to enhance the security of a router by configuring options to automatically block further login attempts when a possible denial-of-service (DoS) attack is detected.
  The login block and login delay options introduced by this feature can be configured for Telnet or SSH virtual connections. By enabling this feature, you can slow down "dictionary attacks" by enforcing a "quiet period" if multiple failed connection attempts are detected, thereby protecting the routing device from a type of denial-of-service attack.

• Error while Assigning database level role (db_datareader) to SQL login (Domain Account)

  Team,
  I got an error while creating a User for Domain Account. Below is the screen shot of the error (error : 15401)
  Database instance is on SQL 2000 SP3. ( I know it is out of support, But the customer is relutanct to upgrade)
  On Google search, i found below article which is best matching for this error
  http://support.microsoft.com/kb/324321
  I have follows each step of troubleshooting. But still the issue persists.
  Step 1. The login does not exist == The login is very much exist in the domain as i am able to add the same domain id to other database instances
  Step 2. Duplicate security identifiers == i have used this query to find duplicate SID
  /*  SELECT name FROM syslogins WHERE sid = SUSER_SID ('YourDomain\YourLogin') */
  But there was only one row returned with create date of today's.
  Error while Assigning database level role (db_datareader) to SQL login (Domain Account) 
  Step 3. Authentication failure == Domain is available. User is able to login on other servers via RDP connection.
  Step 4. Case sensitivity == Database collation is set to Case insensitivity. (CI)
  Other two 5. Local Accounts & 6. Name resolution == is not applicable to me.
  I tried other ways also.
  A. Creating login and providing permission in one go only = User account is not created
  B. Instead of GUI, use query to create login and provide required permission = Same error.
  Does anybody has faced any such situation
  Chetan

  See the below output
  srvid
  sid
  xstatus
  xdate1
  xdate2
  name
  password
  dbid
  language
  isrpcinmap
  ishqoutmap
  selfoutmap
  NULL
  0x010500000000000515000000A1F66E1BFC1DC75D26E72530A2B80400
  14
  20:25.9
  57:33.4
  UKBAA\LHRAPPMuttavarapuS
  NULL
  1
  us_english
  0
  0
  0
  Chetan

• Error Msg: SQL login failed for HOSTNAME? Upgrade task?

  Hi everybody,
  Since some weeks we see an error message in all servers our SharePoint 2010 SP1 Farm, regulary every hour:
  SQL database login for 'SharePoint_Config' on instance 'sqlsrv' failed.
  Additional error information from SQL Server is included below.
  Login failed for user 'OURDOMAIN\SERVERNAME$'.
  The interesting part is that the
  server tries to connect to the SharePoint Config database, not a dedicated account, which is normally used for every SharePoint service.
  What circumstances can lead to an access of a server?
  Unfortunately I get no details of the service or application which is trying to access. The event log just states "SharePoint Foundation (Microsoft-SharePoint Products-SharePoint
  Foundation)" , Task Category "Database". The user who raises the error is "SYSTEM".
  In the ULS log I can find the Stack Trace below which indicates to an upgrade task. But why is the SYSTEM user trying an update? Normally we do an upgrade by running the Upgrade Wizard with an dedicated account. And only the SharePoint Administration
  windows service runs as Local System.
  And I never heard or read something like: Give Local System (so the server) access to the SharePoint Config database?!
  Thanks for your ideas :-)
  Benjamin
  System.Data.SqlClient.SqlException: Login failed for user 'DOMAIN\SERVERNAME$'.   
  at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection)   
  at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)   
  at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)   
  at System.Data.SqlClient.SqlInternalConnectionTds.CompleteLogin(Boolean enlistOK)   
  at System.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo serverInfo, String newPassword, Boolean ignoreSniOpenTimeout, Int64 timerExpire, SqlConnection owningObject)
  at System.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(String host, String newPassword, Boolean redirectedUserInstance, SqlConnection owningObject, SqlConnectionString connectionOptions, Int64 timerStart)   
  at System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(SqlConnection owningObject, SqlConnectionString connectionOptions, String newPassword, Boolean redirectedUserInstance)   
  at System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, Object providerInfo, String newPassword, SqlConnection owningObject, Boolean redirectedUserInstance)   
  at System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection)   
  at System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnection owningConnection, DbConnectionPool pool, DbConnectionOptions options)   
  at System.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection owningObject)   
  at System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection owningObject)   
  at System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection owningObject)   
  at System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection owningConnection)   
  at System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory)   
  at System.Data.SqlClient.SqlConnection.Open()   
  at Microsoft.SharePoint.Utilities.SqlSession.OpenConnection()
  at Microsoft.SharePoint.Utilities.SqlSession.ExecuteReader(SqlCommand command, CommandBehavior behavior, SqlQueryData monitoringData, Boolean retryForDeadLock)   
  at Microsoft.SharePoint.Utilities.SqlSession.ExecuteReader(SqlCommand command, Boolean retryForDeadLock)   
  at Microsoft.SharePoint.Utilities.SqlSession.ExecuteReader(SqlCommand command)   
  at Microsoft.SharePoint.Upgrade.SPDatabaseSequence.GetVersion(SPDatabase database, Guid id, Version defaultVersion, SqlSession session, SPDatabaseSequence sequence)   
  at Microsoft.SharePoint.Upgrade.SPDatabaseWssSequence.get_BuildVersion()   
  at Microsoft.SharePoint.Upgrade.SPSequence.get_CanUpgrade()   
  at Microsoft.SharePoint.Upgrade.SPUpgradeSession.CanUpgrade(Object o)   
  at Microsoft.SharePoint.Administration.SPPersistedUpgradableObject.get_CanUpgrade()   
  at Microsoft.SharePoint.Upgrade.SPUpgradeSession.ReflexiveCanUpgrade(Object o)   
  at Microsoft.SharePoint.Upgrade.SPUpgradeSession.NeedsUpgrade(Object o, Boolean bRecurse)   
  at Microsoft.SharePoint.Administration.SPPersistedUpgradableObject.get_NeedsUpgrade()   
  at Microsoft.SharePoint.Administration.SPPersistedUpgradableObject.ValidateBackwardsCompatibility()   
  at Microsoft.SharePoint.Administration.SPConfigurationDatabase.Initialize(SqlConnectionStringBuilder connectionString, Boolean enableCaching, Boolean checkCompatibility, Boolean bindRequestGuid)   
  at Microsoft.SharePoint.Administration.SPConfigurationDatabase.Initialize(SqlConnectionStringBuilder connectionString, Boolean enableCaching, Boolean checkCompatibility)   
  at Microsoft.SharePoint.Administration.SPConfigurationDatabase.get_Local()   
  at Microsoft.SharePoint.Administration.SPFarm.FindLocal(SPFarm& farm, Boolean& isJoined)   
  at Microsoft.SharePoint.Administration.SPWebService.get_ContentService()   
  at Microsoft.SharePoint.PowerShell.SPCmdletSnapIn.get_Cmdlets()   
  at System.Management.Automation.Runspaces.RunspaceConfigForSingleShell.MergeCustomPSSnapIn(PSSnapInInfo mshsnapinInfo, CustomPSSnapIn customPSSnapIn)   
  at System.Management.Automation.Runspaces.RunspaceConfigForSingleShell.LoadCustomPSSnapIn(PSSnapInInfo mshsnapinInfo)   
  at System.Management.Automation.Runspaces.RunspaceConfigForSingleShell.LoadPSSnapIn(PSSnapInInfo mshsnapinInfo)   
  at System.Management.Automation.Runspaces.RunspaceConfigForSingleShell.LoadPSSnapIn(PSSnapInInfo mshsnapinInfo, PSSnapInException& warning)   
  at System.Management.Automation.Runspaces.RunspaceConfigForSingleShell.DoAddPSSnapIn(String name, PSSnapInException& warning)   
  at Microsoft.PowerShell.Commands.AddPSSnapinCommand.AddPSSnapIns(Collection`1 snapInList)   
  at Microsoft.PowerShell.Commands.AddPSSnapinCommand.ProcessRecord()   
  at System.Management.Automation.CommandProcessor.ProcessRecord()   
  at System.Management.Automation.CommandProcessorBase.DoExecute()   
  at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(Object input, Hashtable errorResults, Boolean enumerate)   
  at System.Management.Automation.PipelineNode.Execute(Array input, Pipe outputPipe, ArrayList& resultList, ExecutionContext context)   
  at System.Management.Automation.StatementListNode.ExecuteStatement(ParseTreeNode statement, Array input, Pipe outputPipe, ArrayList& resultList, ExecutionContext context)   
  at System.Management.Automation.StatementListNode.Execute(Array input, Pipe outputPipe, ArrayList& resultList, ExecutionContext context)   
  at System.Management.Automation.ifStatementNode.Execute(Array input, Pipe outputPipe, ArrayList& resultList, ExecutionContext context)   
  at System.Management.Automation.StatementListNode.ExecuteStatement(ParseTreeNode statement, Array input, Pipe outputPipe, ArrayList& resultList, ExecutionContext context)   
  at System.Management.Automation.StatementListNode.Execute(Array input, Pipe outputPipe, ArrayList& resultList, ExecutionContext context)   
  at System.Management.Automation.ParseTreeNode.Execute(Array input, Pipe outputPipe, ExecutionContext context)   
  at System.Management.Automation.ScriptCommandProcessor.ExecuteWithCatch(ParseTreeNode ptn, Array inputToProcess)   
  at System.Management.Automation.ScriptCommandProcessor.RunClause(ParseTreeNode clause, Object dollarUnderbar, Object inputToProcess)   
  at System.Management.Automation.CommandProcessorBase.DoComplete()   
  at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(Object input, Hashtable errorResults, Boolean enumerate)   
  at System.Management.Automation.PipelineNode.Execute(Array input, Pipe outputPipe, ArrayList& resultList, ExecutionContext context)   
  at System.Management.Automation.StatementListNode.ExecuteStatement(ParseTreeNode statement, Array input, Pipe outputPipe, ArrayList& resultList, ExecutionContext context)   
  at System.Management.Automation.StatementListNode.Execute(Array input, Pipe outputPipe, ArrayList& resultList, ExecutionContext context)   
  at System.Management.Automation.ParseTreeNode.Execute(Array input, Pipe outputPipe, ExecutionContext context)   
  at System.Management.Automation.ScriptCommandProcessor.ExecuteWithCatch(ParseTreeNode ptn, Array inputToProcess)   
  at System.Management.Automation.ScriptCommandProcessor.RunClause(ParseTreeNode clause, Object dollarUnderbar, Object inputToProcess)   
  at System.Management.Automation.CommandProcessorBase.DoComplete()   
  at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(Object input, Hashtable errorResults, Boolean enumerate)   
  at System.Management.Automation.Runspaces.LocalPipeline.InvokeHelper()   
  at System.Management.Automation.Runspaces.LocalPipeline.InvokeThreadProc()   
  at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)   
  at System.Threading.ThreadHelper.ThreadStart()

  http://aanuwizard.com/2010/04/30/login-failed-for-user-domainservername/
  It  will  need to add user ‘NT AUTHORITY\NETWORK SERVICE’
  to your database  to get rid of this problem.
  An asp.net application  is running under NT AUTHORITY\NETWORK SERVICE account.
  http://stackoverflow.com/questions/2806438/login-failed-for-user-domain-machinename
  NETWORK SERVICE and LocalSystem will authenticate themselves always as the correpsonding account locally (builtin\network service and builtin\system) but both will authenticate as the machine account remotely.
  If you see a failure like Login failed for user 'DOMAIN\MACHINENAME$' it means that a process running as NETWORK SERVICE or as LocalSystem has accessed a remote resource, has authenticated itself as the machine account and was denied authorization.
  Typical example would be an ASP application running in an app pool set to use NETWORK SERVICE credential and connecting to a remote SQL Server: the app pool will authenticate as the
  machine running the app pool, and is this machine account that needs to be granted access.
  When access is denied to a machine account, then access must be granted to the machine account. If the server refuses to login 'DOMAIN\MACHINE$', then you must grant login rights to 'DOMAIN\MACHINE$' not to NETWORK SERVICE. Granting access to NETWORK SERVICE
  would allow a local process running as NETWORK SERVICE to connect, not a remote one, since the remote one will authenticate as, you guessed, DOMAIN\MACHINE$.
  If you expect the asp application to connect to the remote SQL Server as a SQL login and you get exceptions about DOMAIN\MACHINE$ it means you use Integrated Security in the connection string. If this is unexpected, it means you screwed up the connection
  strings you use.
  If this helped you resolve your issue, please mark it Answered

• SSL VPN Login failure issue

  Hello,
  I am having an issue with some users trying to login to our SSL VPN (Anyconnect) via ASA5505 8.2(1).  Authentication is done via AD.  From the same computer, the client finds the DNS name and unlocks the login username and password.  When I enter a username and password and click connect, it is instantly rejected with login failure with the following event log:
  Function: ConnectMgr::setPromptAttributes
  File: .\ConnectMgr.cpp
  Line: 2657
  Invoked Function: setPromptAttributes
  Return Code: -33554423 (0xFE000009)
  Description: GLOBAL_ERROR_UNEXPECTED
  Error text:
  Login failed.
  If I change the user account to another user (from the same PC), login works perfectly fine - this is only happening with 3 or 4 users - I have compared the user accounts of a failing account and a successful account and they are identical in AD. 
  This has been driving me crazy - as a work around for the failing users, I just created a temporary account which works perfectly fine.  The request doesn't even seem to hit the ASA (there is nothing in the logs that show a failed attempt).  Still troubleshooting and looking at certificate's at this point.  Any help/suggestions would be greatly appreciated!!  Thanks.
  Regards.
  After a little more testing, seems somehow related to users being in to many groups in AD.      
  Message was edited by: Rich Viola

  Hello,
  If the website is unavailable or in this case, the website is missing several characters(charts, canvas, etc or some other objects), usually could be an issue with the rewrite engine.
  Solution (workaround):
  You may use smart tunnel for this website, so the rewrite engine will not override any content, and it will display the website as it should.
  You can implement it as follow:
  Add a Bookmark
  Bookmark for the service and clicking the Enable Smart Tunnel option in the Add or Edit Bookmark dialog box.
  For further information you can find it here:
  http://www.cisco.com/c/en/us/td/docs/security/asa/asa83/configuration/guide/config/webvpn.html#wp1272236
  Let me know how tit works out!
  Please don't forget to rate and mark as correct the helpful Post!
  David Castro,
  Regards,

• Session timeout and Custon login module

  Hi,
  Dev Platform: Jdev 10.1.3.4.0, Oracle 10.2.4
  I'm trying to trap the session timeout and display a page. I'm using the code below from Frank Nimphius. I've also provided a console log of what is happening when the application times out. Instead of the filter being called the system is calling the dblogin module and attempting to login the anonymous user. I renamed the anonymous user and I just see log entries where the system attempted to find the anonymous user.
  If I use the application to logout I get a Logout page with a button to confirm the logout. When I press the button the session is invalidated and the filter code brings up my "Session Timeout" notification page. This isn't what will happen in the end but I just wanted to tell you that the filter does work in certain instances.
  How can I make the system not attempt to login the anonymous user and have the filter code run?
  TIA, Dave
  package isdbs.view.security;
  import java.io.IOException;
  import javax.servlet.Filter;
  import javax.servlet.FilterChain;
  import javax.servlet.FilterConfig;
  import javax.servlet.ServletException;
  import javax.servlet.ServletRequest;
  import javax.servlet.ServletResponse;
  import javax.servlet.http.HttpServletRequest;
  import javax.servlet.http.HttpServletResponse;
  public class ApplicationSessionExpiryFilter implements Filter {
      private FilterConfig _filterConfig = null;
      public void init(FilterConfig filterConfig) throws ServletException {
          _filterConfig = filterConfig;
      public void destroy() {
          _filterConfig = null;
      public void doFilter(ServletRequest request, ServletResponse response,
                           FilterChain chain) throws IOException, ServletException {
          String requestedSession =   ((HttpServletRequest)request).getRequestedSessionId();
          String currentWebSession =  ((HttpServletRequest)request).getSession().getId();
          boolean sessionOk = currentWebSession.equalsIgnoreCase(requestedSession);
          // if the requested session is null then this is the first application
          // request and "false" is acceptable
          if (!sessionOk && requestedSession != null){
              // the session has expired or renewed. Redirect request
              ((HttpServletResponse) response).sendRedirect(_filterConfig.getInitParameter("SessionTimeoutRedirect"));
          else{
              chain.doFilter(request, response);
  }Mar 30, 2009 9:38:04 AM oracle.security.jazn.oc4j.RealmUserAdaptor isMemberOf
  FINE: JAAS-OC4J: Membership check for group: ISDBS_USER failed for user: anonymous
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option debug = true
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option log level = log all
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option logger class = null
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option data_source_name = jdbc/elearnDS
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option user table = TBL_LOGIN
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option roles table = XREF_LOGIN_ROLE
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option username column = LOGIN_NM
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option password column = PASSWORD
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option roles column = ROLE_NM
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option user pk column = LOGIN_NM
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option roles fk column = LOGIN_NM
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option password encoding class = oracle.sample.dbloginmodule.util.DBLoginModuleClearTextEncoder
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option realm_column = null
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option application_realm = null
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] login called on DBTableLoginModule
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] Calling callbackhandler ...
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] Username returned by callback = null
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] User query string: select LOGIN_NM,PASSWORD, LOGIN_ATTEMPTS, ACTIVE_IND from TBL_LOGIN where lower(LOGIN_NM)= lower((?))
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] Logon Successful = false
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] Abort called on LoginModule
  Mar 30, 2009 9:38:04 AM oracle.security.jazn.oc4j.OC4JUtil doJAASLogin
  WARNING: Login Failure: all modules ignored
  javax.security.auth.login.LoginException: Login Failure: all modules ignored
       at javax.security.auth.login.LoginContext.invoke(LoginContext.java:921)
       at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
       at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
       at java.security.AccessController.doPrivileged(Native Method)
       at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
       at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
       at oracle.security.jazn.oc4j.OC4JUtil.doJAASLogin(OC4JUtil.java:241)
       at oracle.security.jazn.oc4j.GenericUser$1.run(JAZNUserManager.java:818)
       at oracle.security.jazn.oc4j.OC4JUtil.doWithJAZNClsLdr(OC4JUtil.java:173)
       at oracle.security.jazn.oc4j.GenericUser.authenticate(JAZNUserManager.java:814)
       at oracle.security.jazn.oc4j.FilterUser.authenticate(JAZNUserManager.java:1143)
       at com.evermind.server.http.EvermindHttpServletRequest.checkAndSetRemoteUser(EvermindHttpServletRequest.java:3760)
       at com.evermind.server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:706)
       at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:453)
       at com.evermind.server.http.HttpRequestHandler.serveOneRequest(HttpRequestHandler.java:221)
       at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:122)
       at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:111)
       at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260)
       at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
       at java.lang.Thread.run(Thread.java:595)
  Mar 30, 2009 9:38:04 AM oracle.security.jazn.oc4j.GenericUser authenticate
  FINE: JAAS-OC4J: Authentication failure for user: null
  Mar 30, 2009 9:38:04 AM oracle.security.jazn.oc4j.RealmUserAdaptor isMemberOf
  FINE: JAAS-OC4J: Membership check for group: ISDBS_USER failed for user: anonymous

  I added an HttpSessionListener upon login here's what I get:
  09/03/31 08:21:25 Inside sessionCreated
  09/03/31 08:21:25 Before New session createb = 0
  09/03/31 08:21:25 Created session id: 854b4b95cf28ceb065d0489a31ee79c19feabb80716f6d828b77fc7044b210bf
  09/03/31 08:21:25 After New session count = 1
  At session timeout here's what I get:
  09/03/31 08:23:27 Count before destroyed = 1
  09/03/31 08:23:27 Destroyed session id: 854b4b95cf28ceb065d0489a31ee79c19feabb80716f6d828b77fc7044b210bf
  09/03/31 08:23:27 Count after destroyed = 0
  09/03/31 08:23:27 Inside sessionCreated
  09/03/31 08:23:27 Before New session createb = 0
  09/03/31 08:23:27 Created session id: 854b4b95cf28ceb065d0489a31ee79c19feabb80716f6d828b77fc7044b210bf
  09/03/31 08:23:27 After New session count = 1
  Notice that the session Id in each case is IDENTICAL. That is why the Filter code isn't doing what it is intended to do. Whay is the same session ID being created after it is destroyed? Is there a configuration parameter that controls it?
  Thanks,
  Dave

• ESR and ID login issue in Clustered SAP PI 7.3 environment

  Hi PI Gurus,
  We currently have issue for login in ESR and ID of PI 7.3 systems from desktop which is in customer VLAN.
  Please find below status for PI systems :
  Development and Quality PI systems as standalone : ESR and ID login works fine
  Regression and Production PI systems as clustered : ESR and ID login does not work.
  Client Java Web start version : 1.6
  PI system JVM version : 1.6
  Please find attached screenshot for error that we get while login.
  Request you to provide your inputs to resolve this issue.
  Thanks in Advance.
  Regards,
  Hanumant

  Hi Pavan,
  Thank you for details,
  I checked hostname for all PI systems and FQDN are maintained for them in "hosts" file.
  Also one more point, it shows exeception when clicked on ESR or ID links:
  java.io.IOException: Authentication failure
      at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
      at java.net.HttpURLConnection.getResponseCode(Unknown Source)
      at com.sun.deploy.net.BasicHttpRequest.doRequest(Unknown Source)
  Do you have any Idea which authentication is failing here?
  Regards,
  Hanumant

• After creating a contained database, getting a login failure error while trying to connect to it.

  After creating a contained database and a user with passowrd under the same database, I tried connecting to the contained database. I entered the server name, login credentials and went to the connection properties tab to select the contained database using
  <browse server> option under "connect to database". Here I get the login failure error.
  TITLE: Browse Server for Database
  Failed to connect to server <servername>\<login>. (Microsoft.SqlServer.ConnectionInfo)
  But when I manually enter the Database name instead of selecting from the <browse server> option the connection gets through.
  Is this a Bug ? Has anyone else faced this error?

  Hello,
  Is this a Bug ? Has anyone else faced this error?
  It's not a bug, it's working as intended. Contained users don't have instance level permissions and cannot "login" to the instance (which is what the "browse" button is attempting). In order for it to work, the database name must be in the connection string
  (which with the browse button, it will not be).
  Welcome to contained users, they aren't for everyone.
  Sean Gallardy | Blog | Microsoft Certified Master

• PHP and SQL trouble

  Hi there,
  Im currently creating a login system using php and sql. At the moment i have it that when the user registers their information (i.e username,password) it gets stored in the database. The part that i am having an issue with is that when the user logs in, I want to retrive the relavant data from the database and compare it to what they have entered into the login section. I persume i have to use an sql query something like (SELECT username, password FROM Users) but not sure how to compare it to what the user has entered.
  Any help you be greatly appreciated.
  Thanks,
  Barrie

  Hi,
  does it mean that you´re not using Dreamweaver, which comes with a Login User server behavior which would do all the heavy lifting and generate a correct query ? Just asking, because you posted in the Dreamweaver Application Development forum

• Count number of rows from oracle and sql database and generate a report

  Hi All,
  Can someone help me in writing a java program for the following scenario?
  1. Read the number of rows available from oracle table and print the total row count in a Report.txt text file.
  2. Read the number of rows inserted in a sql database (after a specific process-just an information) and print the total row count in the same text file Report.txt .
  3. Read the Error Log file (which is generated after a specific process say it has success and failed report for each iterations) and print the number of success and number of failure in the same text file Report.txt .
  I need the final Report.txt file in the following format:
  1. Oracle table <table name> has 500000 rows.
  2. After completion of the specific process 300000 rows were added to SQL table <table name>
  Error Log Report:
  300000 successfull entries and 200000 failed entries were found from the Error Log file.

  Thanks for your immediate reply.
  I'm just a beginner in java so if i make any mistake please correct and excuse me. :)
  This is the code i have for connecting to two different database.
  package connectDatabase;
  * @author
  import java.sql.*;
  public class ConnectTo
       public void OracleDB()
            Connection dbconn;
            try {
              DriverManager.registerDriver(new oracle.jdbc.driver.OracleDriver());
              String connString="jdbc:oracle:thin:@SYS_IP:1521:oracl";
              dbconn = DriverManager.getConnection(connString, "uname","pwd" );
          catch(SQLException sqlex)
               sqlex.printStackTrace();
          catch(Exception excp)
              excp.printStackTrace();
       public void SqlDB()
            Connection conn;
            try { 
              Class.forName("sun.jdbc.odbc.JdbcOdbcDriver"); 
              String url = "jdbc:odbc:connectDB"; 
              conn = DriverManager.getConnection(url,"uname","pwd");  
            catch (Exception e)
              System.err.println("An Exception occured! " +e.getMessage()); 
  }I'm just codding the second half which is for connecting to oracle databse and calculates the row count and displayes in the command prompt.
  then connects to SQL database and counts successfull insert in the table.(row count) and displayes on the command prompt.
  can you simplify the above code so that i can call the oracleDB() method and SqlDB() method seperately from another calss file using the object of this class?
  I'm ok if the report can be seen in a command prompt. FInally i need to calculate the success and failure count from the log file. will let you know once i'm done with codding.