XGrid: Authentication failure, Kerberos, Sandbox and parallel code with MPI
Hi,
After a few days of trying to set up a home built fortran code to run in parallel using Xgrid on Mac mini server 10.6.2 I've decided to look for help (before going crazy!).
the code is parallelised fortran (monteCarlo type stuff), which needs to read a file and print results to file.
The hardware is 4 Mac OSX 10.6.2 machines linked through the Mac mini Server.
First problem - without Authentication, Sandbox doesn't allow the executed program to read or write files (though see http://discussions.apple.com/thread.jspa?threadID=2329855&tstart=0). I can submit jobs to XGrid, they run but fail when attempting file reading/writing. so need to use Kerberos (tried changing the sandbox/xgridagentdtasknobody.sb to mirror the -somebody- file but to no avail).
In Server Admin, I set Client,Agent and Controller to Kerberos. Then repeat the job submit (which worked before), as:
xgrid -h localhost -auth Kerberos -job submit /Users/shared/executable
(this time adding the -auth Kerberos)
but get the following errors:
Error returned by gssinit_seccontext:
major error <1> Unspecified GSS failure. Minor code may provide more information
minor error <1> Negative cache rejected lookup for 'xgrid/[email protected]'
error = "could not connect to localhost (Authentication failed)";
What's going wrong?
While I'm here - once I get the parallel Fortran code working on Xgrid, will Xgrid distribute the work between the available processors (i.e. split the one job submission into it's parallel parts, and give these parts to the available resources on the grid)? I have seen a post claiming that this is not the case....that the POOCH application is the only tool available - is this still true in the current XGrid distribution? (it would be a shame to set all this up and find out that Xgrid is not suitable!)
Many thanks for any help or suggestions!
Trevor
Trevor,
First off, did you do anything to set Kerberos up, or did you just change the auth type? Kerberos is considerably more complex than just using password authentication. For xgrid to use kerberos I believe you'll have to have your server set up as an Open Directory Master, your agents bound to the ODM and your users be directory users, not just local. Kerberos is not my strong point but if you want to go that route there should be more info in the Xgrid server docs.
If you want to give password authentication another go I can probably be a little more helpful. Instead of granting read/write to the whole filesystem it's probably a better idea to set up a folder or two that has those rights. On my setup each user has a "Results" folder in their user folder which xgrid can read and write to. You can then edit the last line of the nobody.sb file to looks something like this…
(allow file-read* file-write* (regex "^/(private/)?(tmp|var)|(Users/*/Results)(/|$)"))
It's been a while since I had to edit my file so I'm not 100% on the syntax. You'll need to edit this file on each agent that's a part of your grid, not just the controller. I got my information from this thread.
http://lists.apple.com/archives/xgrid-users/2008/Feb/msg00012.html
For the last part of your post, well it's something I haven't tried because all the apps my users are running are single threaded. But this link should help.
http://lists.apple.com/faq/pub/xgrid_users/index.php?%20sid=3428&aktion=artikel& rubrik=001&id=5&lang=en
If you try this and get the results your looking for I would love to hear about it.
Good luck and I hope this helps.
-Curt.
Similar Messages
-
New MBA and Parallels 6 with Windows 7
Hi everyone. Can anyone tell me if they've tried the new MacBook Air with Parallels 6 and Windows 7? Any problems?
I'm seriously consideirng buying a new 13" MBA for work (which requires Windows) but want to make sure they "play nice" before I make the plunge. Any feedback would be greatly appreciated!
Thanks,
KeithHey all!
I just thought I'd chime in! I have loaded Parallels 6 to run Windows 7 on my MacBook Pro. I had 4 GB of RAM on my MBP and found I would get some pretty slow performance when running Parallels. It all depended what I was doing. I used Office 2007 alot and Visual Studio.
I upgraded to 8 GB of RAM and it was the best Mac decision I've made since buying my MBP. I bought it from an eBay store for $120 and installed it myself... unbelievable difference!
I would like to ask, why are you choosing the MB Air? I have never really played with one but it seems very limiting - not upgradeable, basically no ports, no CD ROM.
For the same money, you can get a MUCH more powerful MBP. The MBP is pretty thin and light-weight anyway. I'm just curious what the niche for MBAs is.
Good luck with your Mac purchases... any Mac is a good Mac! -
Wism2 SNMP Authentication Failure
I cannot seem to communicate with my new Wism2 via SNMP.
The configuration is the same as on my Wism 1, same version of code, same SNMP settings and strings and subnets.
Slot Controller Service IP Management IP SW Version Controller Type Status
----+-----------+----------------+----------------+------------+------------------+---------------
1 1 192.168.10.2 10.XX.XX.10 7.0.116.0 WS-SVC-WISM-1-K9 Oper-Up
1 2 192.168.10.3 10.XX.XX.15 7.0.116.0 WS-SVC-WISM-1-K9 Oper-Up
3 1 192.168.10.4 10.XX.XX.20 7.0.116.0 WS-SVC-WISM-2-K9 Oper-Up
SNMPWalk of the Wism1 controllers is fine. SNMPWalk of the Wism2 just gets me a timeout.
The snmplog does occasionally register an Authentication failure
Trying V1 and V2c with the same results.
Any advice?on thew new WiSM2 did you issue the command config network-mgmt-via-dyamic interface enable?
by default the WLC has issues with responding to requests from the wire, for a subnet that it is configured to use. The above is the workaround to this situation.
Per the best practices guide, "It is important to avoid configuring a dynamic interface in the same sub network as a server that has to be reachable by the controller CPU, for example a RADIUS server, as it might cause asymmetric routing issues."
HTH,
Steve -
Flash javascript and Activecontent code
I've got an animated chatbot that uses a variety of swfs and
phps and a big external JavaScript to work. It works fine with the
old style embed and object code, with the same variety of swfs and
phps and external JS.
But when I try to use the
<script src="AC_ActiveX.js"
type="text/javascript"></script>
<script src="AC_RunActiveContent.js"
type="text/javascript"></script>
and I code the main Flash piece like this:
<script type="text/javascript">
AC_FL_RunContent( 'codebase','
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,19,0',
'width','540','height','360','swliveconnect','true','src','whinbarnexp','quality','high',' pluginspage',
http://www.macromedia.com/go/getflashplayer','movie1','whinbarnexp'
</script>
The above broken into lines to make more readable here.
but when I run it it doesn't work right, and the error
console advises:
"movie1 has no properties."
and points to the first line of the big function in the
JavaScript "brain" of the chatbot:
shesaid=movie1.GetVariable("coder")
What am I doing wrong? It's got to be within this code since
the same "brain" file works fine with old style object/embed
coding.Sorry Dan,
This has got nothing to do with the question I asked.
I know about the Microsoft "patch" and have already allowed
for it.
@ndyB
"-->dan mode" <[email protected]> wrote in
message
news:e3ag7h$oob$[email protected]..
> Read this:
>
http://www.smithmediafusion.com/blog/?p=114
>
> Then, here is a simple way.
> You need to do three things and I will give examples as
follows.
>
> 1. all of the <object> tag must be taken out and
put into a .js file and
> placed within a function where you document.write the
<object tag>
> 2. you must include that .js file in the header of the
html where the swf
> resided
> 3. call the js function from step 1
>
>
> --Here is a sample of Step 1, save this file as
commFile.js:
>
> function commM()
> {
> document.write('<object
> classid="clsid
27CDB6E-AE6D-11cf-96B8-444553540000"
> codebase="
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,29,0"
> width="410" height="345">\n');
> document.write('<param name="movie"
value="/mySWF.swf">\n');
> document.write('<param name="quality"
value="high">\n');
> document.write('<embed src="/mySWF.swf"
quality="high" +'"
> pluginspage="
http://www.macromedia.com/go/getflashplayer"
> type="application/x-shockwave-flash" width="410"
> height="345"></embed>\n');
> document.write('</object>\n');
> }
>
> --Here is a sample for Step 2, put this in the head of
your html page:
>
> <script src="commFile.js"
type="text/javascript"></script>
>
> --Here is a sample for Step 3, place this code on the
spot of the page
> where
> you want your flash to show up:
>
> <script
type="text/javascript">commM();</script>
>
>
> That should be all you need.
>
> --
>
> Dan Mode
> *Must Read*
http://www.smithmediafusion.com/blog
> *Flash Helps*
http://www.smithmediafusion.com/blog/?cat=11
>
>
> -
Difference between parallel sequence and parallel operation in a routing.
Hi Experts,
Can any one explain me with example the difference between parallel sequence and parallel operation in a routing? wHEN CAN WE USE PARALLEL OPEARTION AND PARALLEL SEQUNCE WITH COMPONENT ALLOCATION.
Regards
Deepak sharmaI think u need to modify ur quest... i think u r asking about Parallel sequence and alternate seq. Below are the details from SAP site.
A parallel sequence enables you to process several operations at the same time.
You use an alternative sequence for example, if
--The production flow is different for certain lot-size ranges
For instance you can machine a work piece on conventional machine or on NC machines. A NC machine has a longer set-up time than a conventional machine. However the machining costs are considerably less. Therefore whether you use NC machines will depend on the lot size.
---The production flow changes under certain business conditions.
For instance, if you have a capacity problem, you have some production steps performed externally by a vendor. -
WAP321 Authentication failure log codes
Devices that have previoulsy connected to the WAP are still able to connect but any new device to the environment is not. If I delete the network from an existing device that device is no longer able to authenticate and connect to the WAP. Log entries below show the following errors for a single MAC. This happened once before and to solve the issue I reentered the key into the SSID setup on the WAP. All devices had to delete the existing SSID from their list of networks but then they were able to rejoin. I don't want to ask users to do that again. Any help on the log entries below is greatly appreciated!
Jul 19 2013 01:42:34
info
hostapd[1078]
wlan0: IEEE 802.11 STA 90:18:7c:b1:79:ea deauthed from BSSID c4:64:13:0c:e3:00 reason 1
Jul 19 2013 01:42:34
info
hostapd[1078]
Station 90:18:7c:b1:79:ea had an authentication failure, reason 16
Jul 19 2013 01:42:32
warn
hostapd[1078]
Received invalid EAPOL-Key MIC (msg 2/4)
Jul 19 2013 01:42:32
info
hostapd[1078]
Station 90:18:7c:b1:79:ea had an authentication failure, reason 22
Jul 19 2013 01:42:31
info
hostapd[1078]
Station 90:18:7c:b1:79:ea had an authentication failure, reason 22
Jul 19 2013 01:42:30
warn
hostapd[1078]
Received invalid EAPOL-Key MIC (msg 2/4)
Jul 19 2013 01:42:30
info
hostapd[1078]
Station 90:18:7c:b1:79:ea had an authentication failure, reason 22
Jul 19 2013 01:42:30
info
hostapd[1078]
wlan0: IEEE 802.11 STA 90:18:7c:b1:79:ea associated with BSSID c4:64:13:0c:e3:00
Jul 19 2013 01:42:30
info
hostapd[1078]
wlan0: IEEE 802.11 Assoc request from 90:18:7c:b1:79:ea BSSID c4:64:13:0c:e3:00 SSID KnightIns1Hi, My name is Eric Moyers. I am a Network Support Engineer in the Cisco Small Business Support Center. Thank you for using the Cisco Community Post Forums.
Reason Code 16: Authentication failed due to a user credentials mismatch.
Reason-Code 22: The client could not be authenticated because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server.
I am not sure what is causing this. However I would ask that you do two things. While everything is working normally go to Administration/Support Information and download a diagnostic file. Label it with a date WAP321 and the word "good". Save it somewhere. When this happens again, before doing anything go back in and get another diagnostic file label it the same except with the word "bad".
Call in and open a support case and have the engineer notify me that you have opened one and also give them a reference to this community support thread.
I will work with your engineer to see what is happening.
Thanks
Eric Moyers .:|:.:|:.
Cisco Small Business US STAC Advanced Support Engineer
CCNA, CCNA-Wireless
866-606-1866
Mon - Fri 09:00 - 18:00 (UTC - 05:00)
*Please rate the Post so other will know when an answer has been found. -
HI, Im using Iphone 4 and i recently got my IOS updated to IOS7 and now im getting the error message as "PDP authentication failure" Im using Aircel carrier.
Please let me know how to fix this issueupdate...
I am not one to give up. So I called AT&T today. Now they are telling me they canceled my order because they were unable to fulfill my order. Basically, AT&T told me they sold out so they canceled my order so I can proceed to reorder again. It took them 4 days to realize this. I will be lucky if I get a new phone by Christmas. I am sure they will find a way to cancel my order again.
Again, I argued, how is this my fault. I placed my order at the store around 11 a.m. Pacific time. My friend ordered his phone online sometime after me. He got his but my order was canceled. AT&T tried to explain to me that they sold over 600,000 phones, almost 500 per minute during there peak. Again, I asked, how this was my fault.
I can understand over selling the phone. It is a great product. There is no reason to cancel my order. You adjust my order and tell me you will let me know when my phone will be in. I would have been mad that my phone was going to be late but I would have survived. At least I would be getting one.
At this point, I have no order and AT&T or Apple website will allow me to order one. I just want to get in the QUEUE for one.
Frustrated. -
Please can someone help me to solve the error message "Could not activate cellular data network: PDP authentication failure"when using 3G or GPRS on safari with an iphone 4GS and latest software updates. I have tried resetting the network and phone settings. I have restored the factory settings on itunes and still the problem persists.
All iPhones sold in Japan are sold carrier locked and cannot be officially unlocked by the carrier. If you unlocked it, it was by unauthorized means (hacked), and support cannot be given to you in this forum.
Hacked iPhones are subject to countermeasures by Apple, particularly when updating the firmware. It is likely permanently re-locked or permanently disabled.
Message was edited by: modular747 -
I have problem c connecting to cellular data network. There is massage "couldn't activate cellular data network, PDP authentication failure". What is it and how I solve this problem?
If you have a data only plan for the iPad with your carrier, if no change after powering your iPad off and on you will need to contact your carrier.
-
Unable to connect to FDM workbench and workspace Authentication failure 2007
Hi
I am not able to login to FDM workbench and workspace through Admin user . when i tried to login i am getting Authentication Failure 2007 message.
i had created .udl file and checked whether its connecting to SQL DB its working fine i am getting successful message .
i had checked whether the user is in tsecusers in database tables . i am able to see Admin user in tsecuser in database tables
Hi tried deprovisioned the Admin user and reprovisioned the user but no luck
but when i created new user and given permission to Application has a Administrator . its working fine with new user .
How can i connect with Admin user .
ThanksHi Thanos
Thanks for you reply
i had raised a SR in my oracle support waiting for reply . Its upgrade application from 11.1.1.3 to 11.1.2.2 . i am not able to connect from Admin user also .
In SQL DB UniqueID is NULL
after removing admin from tsecuser user i am able to add also in tsecuser.
Thanks -
A few days ago I suddenly started getting an error message when trying to connect to the internet over 3G. "Could not activate cellular data network. PDP authentication failure"
I am in Germany, on Telekom. Have called Telekom customer service and went to the Telekom retail store. Neither could figure out the problem and advised I do a factory restore on the iphone via iTunes. I did that and am still getting the error message.
The only weird thing that happened before the error started showing up is I had called Telekom the night before to add a U.S. data roaming package to my phone plan for an upcoming stateside trip. They told me to text "W2S" to 7277 in order to add the U.S. data roaming plan. I did that, and the next morning this error started popping up. Don't know if that is related or coincidence.
I am traveling to the states in a few days and would really like to get this cleared up. The only option Telekom has left for me is to mail my phone in to Apple. :-(If I may ask, what country are you from?
To note, what you see is just not possible from a radio communication level, you're the first I've ever seen with this problem. (see photo and footnote below)
Since you said the Carrier option is available, can you go to it, turn off automatic and see what networks show? Normally it you will see At&t and T-mobile, however, if you see Sprint, you will need to go talk to Apple.
But if T-mobile does show, select it and see if your phone connects.
If not, remove the SIM card reboot the phone and try again.
I'm sorry about not being clear about the phone number, while connected to the Verizon network, is the phone number showing your T-mobile one or is it something different?
For reference,
Normally, what you will see in the status bar when on the Verizon network when not on 3G/LTE is the 1X symbol.
GPRS is a completely different communication type from 1X and Verizon doesn't support it. If you visit a Verizon store (or T-mobile) the staff will probably be surprised and confused about what your phone is showing. -
What's the difference between, just for example, "login block-for 100 attempts 15 within 100" and "security authentication failure rate 3"?
Please ignore the numbers, I need to know what the differences are in commands and what they do, what they affect.security authentication failure rate number_of_failed_attempts : A global configuration mode command used to specify the maximum number of failed attempts (in the range of 2 to 1024) before introducing a 15-second delay
login block-for 100 attempts 15 within 100 : Block all access after 15 failed login attempts within 100 Secs for the period of 100Secounds (1.40 Minutes).
The Cisco IOS Login Enhancements (Login Block) feature allows users to enhance the security of a router by configuring options to automatically block further login attempts when a possible denial-of-service (DoS) attack is detected.
The login block and login delay options introduced by this feature can be configured for Telnet or SSH virtual connections. By enabling this feature, you can slow down "dictionary attacks" by enforcing a "quiet period" if multiple failed connection attempts are detected, thereby protecting the routing device from a type of denial-of-service attack. -
Hi.
I'm using SCOM 2012 R2 and have imported the Exchange server 2010 MP.
I have runned the TestCasConnectivityUser.ps1 script and almost everything is okay except for the OWA test login.
The OWA rule is working for some time until (I think) SCOM is doing a automatic password reset of the extest_ account. Then I get the OWA error below. The other test connectivity are working. Any suggestions.
One or more of the Outlook Web App connectivity tests had warnings. Detailed information:
Target: xxx|xxx
Error: The test couldn't sign in to Outlook Web App due to an authentication failure.
URL: https://xxx.com/OWA/
Mailbox: xxxx
User: extest_xxx
Details:
[22:50:08.936] : The TrustAnySSLCertificate flag was specified, so any certificate will be trusted.
[22:50:08.936] : Sending the HTTP GET logon request without credentials for authentication type verification.
[22:50:09.154] : The HTTP request succeeded with result code 200 (OK).
[22:50:09.154] : The sign-in page is from ISA Server, not Outlook Web App.
[22:50:09.154] : The server reported that it supports authentication method FBA.
[22:50:09.154] : This virtual directory URL type is External or Unknown, so the authentication type won't be checked.
[22:50:09.154] : Trying to sign in with method 'Fba'.
[22:50:09.154] : Sending HTTP request for logon page 'https://xxx.com/CookieAuth.dll?Logon'.
[22:50:09.154] : The HTTP request succeeded with result code 200 (OK).
[22:50:09.373] : The test couldn't sign in to Outlook Web App due to an authentication failure.
URL: https://xxx.com/OWA/
Mailbox: xxx
User: extest_xxx
[22:50:09.373] : Test failed for URL 'https://xxx/OWA/'.
Authentication Method: FBA
Mailbox Server: xxx
Client Access Server Name: xxx
Scenario: Logon
Scenario Description: Sign in to Outlook Web App and verify the response page.
User Name: extest_xxx
Performance Counter Name: Logon Latency
Result: Skipped
Site: xxx
Latency: -00:00:00.0010000
Secure Access: True
ConnectionType: Plaintext
Port: 0
Latency (ms): -1
Virtual Directory Name: owa (Default Web Site)
URL: https://xxx.com/OWA/
URL Type: External
Error:
The test couldn't sign in to Outlook Web App due to an authentication failure.
URL: https://xxx.com/OWA/
Mailbox: xxx
User: extest_xxx
Diagnostic command: "Test-OwaConnectivity -TestType:External -MonitoringContext:$true -TrustAnySSLCertificate:$true -LightMode:$true"
EventSourceName: MSExchange Monitoring OWAConnectivity External
Knowledge:
http://go.microsoft.com/fwlink/?LinkID=67336&id=CB86B85A-AF81-43FC-9B07-3C6FC00D3D42
Computer: xxx
Impacted Entities (3):
OWA Service - xxx, xxx - xxx, Exchange
Knowledge: View additional knowledge...
External Knowledge Sources
For more information, see the respective topic at the Microsoft Exchange Server TechCenter
Thanks
MHemHi,
Based on the error, it looks like an OWA authentication failure.
Have you tried post this to LYNC forums?
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Windows authentication failure on SharePoint 2013 zone
I am attempting to set up a Windows authentication zone in a SharePoint 2013 installation for use by the search crawler. The zone has been configured to use NTLM in order to eliminate Kerberos from the equation. The result of my
attempts to access the Windows authentication zone is a 403 error. Central Administration is working on the same server, and of course is using Windows authentication.
I know about the issue of using Windows authentication to localhost, and have configured the backconnectionhostnames entry in the registry. To prove that I can use Windows authentication using the intended host name for the SharePoint zone, I have
set up a test IIS site that binds to the host name used by the zone, and successfully authenticated using Windows authentication.
From monitoring the ULS logs it's obvious that I'm actually successfully completing Windows authentication, and getting a SharePoint claim, but from that point I'm being denied by SharePoint. I do know that my Windows credentials has site collection
administrator privileges. The most interesting failure in the ULS log appears to be:
SPApplicationAuthenticationModule: Authorization header doesn't contain Bearer, can't try to perform application authentication.
Another odd thing is that after the ULS indicates I have failed authentication, I'm redirected to /_layouts/AccessDenied.aspx instead of the login page defined in web.config. I have tried many things, including enabling Kernel-mode authentication.
Below is an excerpt from my ULS logs:
SPApplicationAuthenticationModule: There is no Authorization header, can't try to perform application authentication.
Non-OAuth request. IsAuthenticated=False, UserIdentityName=, ClaimsCount=0
[Forced due to logging gap, cached @ 12/01/2014 15:48:32.53, Original Level: Verbose] Value for isAnonymousAllowed is : {0}
[Forced due to logging gap, Original Level: Verbose] Value for checkAuthenticationCookie is : {0}
Claims Windows Sign-In: Sending 401 for request 'https://crawler.my.host/' because the user is not authenticated and resource requires authentication.
[Forced due to logging gap, cached @ 12/01/2014 15:48:32.56, Original Level: VerboseEx] Sending HTTP response {0} - {1}:{2}.
[Forced due to logging gap, Original Level: Verbose] SPRequestModule.PreSendRequestHeaders
Leaving Monitored Scope (Request (GET:https://crawler.my.host:443/)). Execution Time=5320.19544383434
Name=Timer Job SchedulingApproval
Leaving Monitored Scope (Timer Job SchedulingApproval). Execution Time=16.4101862108173
Name=Timer Job SchedulingApproval
Leaving Monitored Scope (Timer Job SchedulingApproval). Execution Time=14.9021733209109
Name=Timer Job SchedulingApproval
[Forced due to logging gap, cached @ 12/01/2014 15:48:32.95, Original Level: Verbose] Completed deserializing the type named {0} and with id {1}.
[Forced due to logging gap, Original Level: VerboseEx] SPFederationAuthenticationModule.OnEndRequest: Start
SPFederationAuthenticationModule.OnEndRequest: User was being redirected to authenticate.
Leaving Monitored Scope (Timer Job SchedulingApproval). Execution Time=17.2175513927049
Claims Windows Sign-In: Sending 401 for request 'https://crawler.my.host/' because the user is not authenticated and resource requires authentication.
Name=Request (GET:https://crawler.my.host:443/)
Micro Trace Tags: 0 nasq
Leaving Monitored Scope (Request (GET:https://crawler.my.host:443/)). Execution Time=9.54646470431298
Name=Request (GET:https://crawler.my.host:443/)
SPTokenCache.ReadTokenXml: Successfully read token XML 'mydomain\myuser'.
Token Cache: Failed to get token from distributed cache for '0).w|s-0-0-0-0-0-0-1234'.(This is expected during the process warm up or if data cache Initialization is getting done by some other thread).
Token Cache: Reverting to local cache to get the token for '0).w|s-0-0-0-0-0-0-1234'.
Token Cache: Entry missing for user 'mydomain\myuser'.
Token Cache: Failed to get token from distributed cache for '0).w|s-0-0-0-0-0-0-1234'.(This is expected during the process warm up or if data cache Initialization is getting done by some other thread).
Token Cache: Reverting to local cache to get the token for '0).w|s-0-0-0-0-0-0-1234'.
Claims Windows Sign-In: User 'mydomain\myuser' for request url 'https://crawler.my.host/' does not have a cached SessionSecurityToken.
[Forced due to logging gap, cached @ 12/01/2014 15:48:33.24, Original Level: VerboseEx] We are in claims windows only mode for for request url '{0}'.
[Forced due to logging gap, Original Level: VerboseEx] Reverting to process identity
[Forced due to logging gap, cached @ 12/01/2014 15:48:33.71, Original Level: Verbose] Completed deserializing the type named {0} and with id {1}.
SPSecurityContext: Added JsonWebSecurityTokenHandler to trust channel factory
SPSecurityContext: Replaced WSTrustRequestSerializer with SPTrust13RequestSerializer
SPSecurityContext: The SecurityTokenServiceBehavior is attached to the TrustChannel.
SecurityTokenServiceSendRequest: RemoteAddress: 'http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc' Channel: 'Microsoft.IdentityModel.Protocols.WSTrust.IWSTrustChannelContract' Action: 'http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue'
MessageId: 'urn:uuid:f175f6ef-a93d-4efe-9173-1fba74b1eed2'
SecurityTokenServiceReceiveRequest: LocalAddress: 'http://servername:32843/SecurityTokenServiceApplication/securitytoken.svc' Channel: 'System.ServiceModel.Channels.ServiceChannel' Action: 'http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue' MessageId:
'urn:uuid:f175f6ef-a93d-4efe-9173-1fba74b1eed2'
Entering monitored scope (ExecuteSecurityTokenServiceOperationServer). Parent No
STS Call: Issuing new security token.
SPSecurityTokenServiceManager!EnsureSharePointLogonRequestClaims: Found primary sid claim. Value: 's-0-0-0-0-0-0-1234'.
Using claim provider 'System' for operation because it is default and it is visible.
Excluding claim provider 'AD' for operation because it is not default and .
Using claim provider 'AllUsers' for operation because it is default and it is visible.
Excluding claim provider 'Forms' for operation because it is not default and .
Using claim provider 'User Profile Claim Provider' for operation because it is default and it is visible.
STS Call Claims Windows: Setting cookie lifetime to: Microsoft.IdentityModel.Protocols.WSTrust.Lifetime
STS Call Claims Windows: Successfully requested sign-in claim identity for user 'mydomain\myuser'.
STS Call: Successfully issued new security token.
Leaving Monitored Scope (ExecuteSecurityTokenServiceOperationServer). Execution Time=13.187150880908
[Forced due to logging gap, cached @ 12/01/2014 15:48:34.87, Original Level: Verbose] The SecurityTokenServiceHeaderInfo including the correlation ID was added.
Leaving Monitored Scope (ExecuteSecurityTokenServiceOperationCaller:http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue). Execution Time=719.713539011243
[Forced due to logging gap, cached @ 12/01/2014 15:48:35.60, Original Level: Verbose] ____{0}={1}
Claims Windows Sign-In: Siginging in the the user 'mydomain\myuser' for request url 'https://crawler.my.host/'.
Updating X.509 certificate validation policy
[Forced due to logging gap, cached @ 12/01/2014 15:48:36.26, Original Level: Verbose] Completed deserializing the type named {0} and with id {1}.
Adding X.509 certificate thumbprint '493E6806F4178EDD685BE5EA0AAF79ED30FB4A90' to root authority trust
SPLocalLoginProvider: Initializing and creating S2S Claim Mappings
SPLocalLoginProvider: Initialized S2S Claim Mappings.
[Forced due to logging gap, cached @ 12/01/2014 15:48:36.37, Original Level: Verbose] Completed deserializing the type named {0} and with id {1}.
[Forced due to logging gap, Original Level: Verbose] Deserializing the type named {0} and with id {1}.
[Forced due to logging gap, cached @ 12/01/2014 15:48:37.17, Original Level: Verbose] Completed deserializing the type named {0} and with id {1}.
[Forced due to logging gap, Original Level: Verbose] Deserializing the type named {0} and with id {1}.
[Forced due to logging gap, cached @ 12/01/2014 15:48:37.96, Original Level: Verbose] Completed deserializing the type named {0} and with id {1}.
[Forced due to logging gap, Original Level: VerboseEx] SPFederationAuthenticationModule.OnSessionSecurityTokenCreated: Start
[Forced due to logging gap, cached @ 12/01/2014 15:48:38.10, Original Level: VerboseEx] SPSam.SetPrincipalFromSessionToken: End
[Forced due to logging gap, Original Level: Verbose] Looking up {0} site {1} in the farm {2}
Token Cache: Failed to add token from distributed cache for '0).w|s-0-0-0-0-0-0-1234'.(This is expected during the process warm up or if data cache Initialization is getting done by some other thread).
Token Cache: Reverting to local cache to Add the token for '0).w|s-0-0-0-0-0-0-1234'.
Token Cache: Successfully added token to cache for '0).w|s-0-0-0-0-0-0-1234'.
SPTokenCache.ReadTokenXml: Successfully read token XML '0).w|s-0-0-0-0-0-0-1234,0#.w|mydomain\myuser,123456789012345,True,dpoRtB/hPcjVrEaJtqVWxhY8Pbfm++oHwWQ5TCB9jBlLx5n2Ky5OqGXM7ntfLB0kqIJNDUkeQrl4wL7xW2m4r0rV1TiOUf+e2mpHq8WOgN67puRViZbCxCkwmmxUpE/1OVNcDFXRCh26tvVFieK99LKZn8BJUtmP8RqxtwtwqBolNjCyZ3rfSSmtFyM3pdWjphdj312R9Lcp9/EhTpvvV1J2lFCig901ZGaPo7zOw3pFyXl1eDs+gF2Bcbc7/mMZw67/gEccsFaekBVH1TK0d9qqr6P/ISeEgzhlK4DChV94ntsw8m8Pb255yTL8WrbTykMFV3jC7R2MvqCmiKGK+g==,https://crawler.my.host/'.
Claims Windows Sign-In: Not writing a cookie for request 'https://crawler.my.host/'.
Claims Windows Sign-In: Successfully signed-in the the user 'mydomain\myuser' for request url 'https://crawler.my.host/'.
Updating header 'LOGON_USER' with value '0#.w|mydomain\myuser' for the request url 'https://crawler.my.host/'.
Leaving Monitored Scope (SPClaimsCounterScope). Execution Time=4957.74267399907
SPApplicationAuthenticationModule: Authorization header doesn't contain Bearer, can't try to perform application authentication.
Non-OAuth request. IsAuthenticated=True, UserIdentityName=0#.w|mydomain\myuser, ClaimsCount=27
Leaving Monitored Scope (PostAuthenticateRequestHandler). Execution Time=31.2877754016223
Micro Trace Tags: 0 nasq,69 air4a,1 air4b,22 air4a,0 air4b,1641 aeayb,732 b4ly,654 erv2,58 erv3,1814 air36,0 air37,42 b4ly,5 agb9s,39 b4ly
Leaving Monitored Scope (Request (GET:https://crawler.my.host:443/)). Execution Time=5101.04328902137
SPFederationAuthenticationModule.OnEndRequest: User was being redirected to authenticate.
[Forced due to logging gap, cached @ 12/01/2014 15:48:38.24, Original Level: Verbose] {0}
[Forced due to logging gap, Original Level: VerboseEx] SPRequestParameters: AppPrincipal={0}, UserName={1}, UserKye={2}, RoleCount={3}, Roles={4}
Site=/
[Forced due to logging gap, cached @ 12/01/2014 15:48:38.37, Original Level: Verbose] {0}
[Forced due to logging gap, Original Level: VerboseEx] Reverting to process identity
[Forced due to logging gap, cached @ 12/01/2014 15:48:38.40, Original Level: VerboseEx] No SPAggregateResourceTally associated with thread.
[Forced due to logging gap, Original Level: VerboseEx] Reverting to process identity
[Forced due to logging gap, cached @ 12/01/2014 15:48:38.48, Original Level: VerboseEx] No SPAggregateResourceTally associated with thread.
[Forced due to logging gap, Original Level: VerboseEx] Reverting to process identity
Access Denied for /. StackTrace: at Microsoft.SharePoint.Utilities.SPUtility.HandleAccessDenied(HttpContext context) at Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModule.OnEndRequest(Object sender,
EventArgs eventArgs) at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
at System.Web.HttpApplication.PipelineStepManager.ResumeSteps(Exception error) at System.Web.HttpApplication.BeginProcessRequestNotification(HttpContext context, AsyncCallback cb) at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest
wr, HttpContext context) at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags) at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr
rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags) at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus)
at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus) at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr
nativeRequestContext, IntPtr moduleData, Int32 flags) at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
Leaving Monitored Scope (SPFederationAuthenticationModule.OnEndRequest). Execution Time=351.625416079418
Entering monitored scope (Request (GET:https://crawler.my.host:443/_layouts/AccessDenied.aspx?Source=https%3A%2F%2Fcrawler%2Emy%2Ehost)). Parent No
I'm extending an existing claims based web application. The way I'm testing authentication is by attempting to log in to the Windows authentication zone using the browser and an account with site collection administrator privileges. I've also
tried using the intended crawler service account, but that also fails authentication.
With regard to the default zone issue, I've already experimented with using both the default zone and another zone, but neither works.
BTW, I already have this working in a SharePoint 2013 development environment, and a similar configuration has been in a SharePoint 2010 production environment for over a year, which makes this a particularly maddening problem.
I have enabled Failed Request Tracing, and get a 401.1, 401.2, then a 403 (which says it was caused by the 401.2). I'm not sure of the significance, but the 403 trace shows the module for the 401.2 to be UrlAuthorizationModule, while the module for
the 403 error is FederatedAuthentication.
Per my ULS trace included in my original post, it appears that I'm actually getting a SharePoint claim. -
Authentication Failure (Password Mismatch)
Hi there.
I am having a nightmare trying to get my web server working under Snow Leopard. To cut a long story short the server died and I had to restore it using a disk image before I migrate it to a new mavericks server. For obvious reasons I'd like to get everything working before I migrate.
Whenever a users tries to access a secure page (mainly for svn access) they get rejected. If I try to access the page via safari/chrome I get a pop up window asking for a username and password. If the user enters their correct name and password it is constantly rejected (the name and password work elsewhere for email etc).
In the logs on the server I get:
[Wed Feb 05 16:34:33 2014] [error] [client 192.168.0.56] mod_auth_apple: User XXX authentication failure for "/xxx/xxxxxx": Password mismatch according to checkpw
[Wed Feb 05 16:34:33 2014] [notice] [client 192.168.0.56] mod_auth_apple: Authenticating using lookupd or checkpw failed, and no configured htaccess file (AuthUserFile)
If in Versions I try to refresh the svn repository I get:
OPTIONS of 'https://[email protected]/svn/project'://[email protected]/svn/project': authorization failed: Could not authenticate to server: rejected Basic challenge (https://server.name.com)
I am also having issues with iCal Server and AFP which makes me think there is some authorisation service which is corrupt/broken?
Any help MOST appreciated as I am tearing my hair out here!
Yours,
NicOk something I have worked out by a bit of trial and error.
NEVER run a server with two HDDs both with clones/installs of Mac OS.
My server had the internal (faulty HDD) with the original server install called Macintosh HD. The clone was on a USB drive called SnowLeopardServer_Backup.
Now for the most part the server worked (because most stuff uses Unix and proper paths). However it looks like all of apples stuff (Web services, iCal server and AFP) use the full path or at least components of them do. So because the server was originally set up on an HDD called Macintosh HD I can only suspect that it was freaking out by 1) now being on an HDD called something else and 2) that there was another HDD there called Macintosh HD.
I have now renamed my old HDD to something else and renamed all the OS folders in it to something different too. I also renamed the clone drive to Macintosh HD.
So far I turned on Web services and AFP and they work perfectly I have not turned on iCal yet as I want to ensure each service is working before turning on another.
Also finally got the holy grail of Kerberos and Open Directory triangle working. I though that the iCal/Web/AFP not working with accounts was Open Directory related so I backed it up (and WGM), change to standalone and then tried to go back to a Master. It complained about the DNS not being set up and I finally found a post saying that you need to have your DNS set to point at 127.0.0.1 in the System Preferences > Network settings. I changed that and boom no more complaints about bad DNS
Nic.
Maybe you are looking for
-
I am trying to create a Windows 7 Image Backup on my Windows 7 Ultimate 32 bit PC. I have two bootable partitions on my hard drive. One is NTFS and contains the Win-7 system files. The other is FAT-32 and contains a Windows-ME system. When it comes t
-
HP Officejet Pro 8600 - Google Cloud Print
Hi, I use google cloudprint to print my 8600 from my chromebook. Within the cloudprint dialog, the settings always default to gray scale with 300 dpi. I can't seem to find a way to change these defaults - I don't see any configuration information t
-
At first got some printing problems, I fixed them, but cannot print or find the pdf icon on printer drives. Stupidly, I accidentally uninstall the Adobe Acrobat 7 Professional thinking i can reinstall back just like the printer drives, but then find
-
The title is pretty much my question >_>
-
Attachement of documents and components to PO
Hi All, Please let me know how to attach the documents and components in the purchase order transaction ME21N. Regards Mahesh