ZEN for Servers 7 agent on the NW 6.5 sp7
I've tried on couple of servers and it's definitely the problem in running
ZEN for Servers 7 agent on the newest NW 6.5 support pack 7 because it
causes high processor utilization after 4-5 days of server up-time. Than,
you cannot stop the agent with the exit command but only killing its java
thread when the processor utilization fails to the normal stage.
As we strongly use ZEN for Servers 7 agent to distribute applications to
users desktops, I would very appreciate if someone can help me in this
issue.
Sinisa
Please see my thread from last year, TED Subscriber Locking Up. The fix was to revert to Java 1.4.2_09. NetWare SP7 installs Java 1.4.2_13. We ran into this problem when we installed the latest version of Java to fix the Daylight Savings Time issue last year. When you back rev Java to 1.4.2_09 TED no longer hangs up. Be sure to run the TZUpdater from Sun to update Java for the new DST settings.
We are currently testing SP7 for deployment in a few weeks. I would greatly appreciate any ideas as to how we can deploy it without updating Java to 1.4.2_13. Any ideas?
Thanks, Brian Geissman
My Thread Post:
http://forums.novell.com/novell-prod...ocking-up.html
NetWare DST Page
Search Results Page
Similar Messages
-
Need Help with Zen for Servers 7.0 Inventory & Policies
I have Zen 7.0 for Servers installed on NW 6.5 box. I have installed the
Inventory agents on another 6.5 box. The Inventory database indicates it
is empty. I am not sure where to begin to troubleshoot this. I am sure
I am missing something.....but what....is the question.
Are there any documents out there that lists steps to troubleshoot this?
I also get a message on the server with the Inv database that the
dictionary files are setup to be updated by itself. How do I keep that
message from happening. I thought I needed to place the ip address of
the server that will be providing dictionary updates in the field which
is what I did but, it causes the above message.
Thanks in advance,
TJThanks for the reply Steve. I will give it a try.
> OK, i can help..i think. I've just set up ZFS. Monitoring bit was
pretty
> easy and straight forward. Inventory on the other hand was a real pain
in
> the arse until i cracked it.
>
> 1. Don't worry about the dictionary error. The only way to stop this is
to
> have a separate policy for the Inv server and don't enable the
dictionary
> update.
>
> 2. ***Most important piece*** It doesn't really state it in the docs,
but i
> kept seeing it in posts. The key to getting inventory working is to get
TED
> working first. Once you have TED working then it all falls into place.
>
> 3. I'm not sure if this is important but i read somewhere in a TID that
the
> ZFS Service Location Package (a policy obj) should reside in the same
OU as
> the ZFS server.
>
> 4. I had manually created a TED distribution and channel which didn't
seem
> to work but when i created one using the wizard it all started
> working...strange. Given this, i have now created a distribution and
channel
> that pushes a single file (which i called zfsinitial.txt) out to all
> subscribers. This basically activates everything, copies all the
required
> certifcates around etc, etc
>
> 5. As well as this initialisation distribution i have my policy
> distribution\channel that has all the Inventory settings in it
(location,
> schedule etc). I have assigned both of these to a subscriber group.
>
> once i got all this working, the subscribers and inv agents started
sending
> stuff to the Inv DB and the Distributor. The database is then
> populated...viola
>
> <[email protected]> wrote in message
> news:[email protected]...
> >I have Zen 7.0 for Servers installed on NW 6.5 box. I have installed
the
> > Inventory agents on another 6.5 box. The Inventory database
indicates it
> > is empty. I am not sure where to begin to troubleshoot this. I am
sure
> > I am missing something.....but what....is the question.
> >
> > Are there any documents out there that lists steps to troubleshoot
this?
> >
> > I also get a message on the server with the Inv database that the
> > dictionary files are setup to be updated by itself. How do I keep
that
> > message from happening. I thought I needed to place the ip address of
> > the server that will be providing dictionary updates in the field
which
> > is what I did but, it causes the above message.
> >
> > Thanks in advance,
> > TJ
>
> -
Cost diff. in % for SERVERS on Freeware Linux against whole SAP implementai
Hi One and All,
What is the % of money involved for Servers in comparisn to the complete SAP
implementation cost?
ex.
A company spends 40% on Purchasing SAP Liscence,
20% on Implementation Partner,
20% on Servers ,
5% on PC systems on which Abap programmers and Functional Consultants sits,
15% on Support Project.
1. What actual % of total cost of SAP implementation is spend on SERVERS.
2. If Linux Servers (Freewares like OPEN SUSE or FEDORA or LIKEWISE) are used, how much of money will be reduced, in case the existing servers are Windows?
3. There are 2 identical organizations:
ONE has implemented SAP with database on WINDOWS SERVERS and all SAP systems have Windows OS.
OTHER has implemented SAP with database on LINUX (Available as Freeware in market) Servers and all SAP systems have Linux as OS.
now the Question is:
What will be the difference in MONEY SPEND by above 2 Organizations in PERCENTAGES?1. What actual % of total cost of SAP implementation is spend on SERVERS.
This depends a) on the servers your buy and b) on the implementation. An implementation of e. g. just FI is less expensive than if you implement more "modules".
2. If Linux Servers (Freewares like OPEN SUSE or FEDORA or LIKEWISE) are used, how much of money will be reduced, in case the existing servers are Windows?
Linux ist not "freeware". There only specific distributions supported (SuSE SLES, Redhat Enterprise Server), especially the ones you you named are not. So you will need to buy an OS and maintenance license for the OS too.
What will be the difference in MONEY SPEND by above 2 Organizations in PERCENTAGES?
We also use Linux everywhere and money (or licenses) were not the reason to use one or the other but rather technical reasons.
The hardware and license costs are usually ony a very small amount of the total implementation costs. How much however, is project specific.
Many people think Windows is "easier" than Unix and use it but I personally think that both are equally "difficult"; one shouldn´t let oneself cheat by having the possibility to "manage the system by clicking"
Markus -
Hi,
I am trying to install "System Center 2012 - Virtual Machine Manager by Using a Pre-Configured VHD".
I downloaded install guide & the binaries from http://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=10712
I have followed the installation document & getting an error while configuring VMM for System Center 2012.
error details from log file given below:
01:12:24:VMMPostinstallProcessor threw an exception: Threw Exception.Type: Microsoft.Carmine.WSManWrappers.WSManProviderException, Exception.Message: An internal error has occurred trying to contact an agent on the WIN-NTJTNEJ1UCN.mydomain.com server: : .
Ensure the agent is installed and running. Ensure the WS-Management service is installed and running, then restart the agent.
01:12:24:StackTrace: at Microsoft.Carmine.WSManWrappers.ErrorContextParameterHelper.ThrowTranslatedCarmineException(WsmanSoapFault fault, COMException ce)
at Microsoft.Carmine.WSManWrappers.WsmanAPIWrapper.RetrieveUnderlyingWMIErrorAndThrow(SessionCacheElement sessionElement, COMException ce)
at Microsoft.Carmine.WSManWrappers.WsmanAPIWrapper.Invoke(String actionUri, WSManUri targetUri, Hashtable parameters, Type returnType, Boolean isCarmineMethod, Boolean forceResponseCast)
at Microsoft.Carmine.WSManWrappers.AgentManagement.AssociateLibrary(WsmanAPIWrapper wsmanObject, String CertificateSubjectName, String& ExportedCertificate, ErrorInfo& ErrorInfo)
at Microsoft.VirtualManager.Setup.VirtualMachineManagerHelpers.AssociateAgentServer(String fullyQualifiedServerName)
at Microsoft.VirtualManager.Setup.VirtualMachineManagerHelpers.AssociateDefaultLibraryServer()
at Microsoft.VirtualManager.Setup.VirtualMachineManagerHelpers.SetupLibraryShare()
at Microsoft.VirtualManager.Setup.InstallItemCustomDelegates.PangaeaServerPostinstallProcessor()
01:12:24:InnerException.Type: System.Runtime.InteropServices.COMException, InnerException.Message: There is a time and/or date difference between the client and server.
01:12:24:InnerException.StackTrace: at WSManAutomation.IWSManSession.Invoke(String actionUri, Object resourceUri, String parameters, Int32 flags)
at Microsoft.Carmine.WSManWrappers.MyIWSManSession.Invoke(String actionUri, Object resourceUri, String parameters, Int32 flags)
at Microsoft.Carmine.WSManWrappers.WsmanAPIWrapper.Invoke(String actionUri, WSManUri targetUri, Hashtable parameters, Type returnType, Boolean isCarmineMethod, Boolean forceResponseCast)
01:12:24:ProcessInstalls: Running the PostProcessDelegate returned false.
01:12:24:ProcessInstalls: Running the PostProcessDelegate for PangaeaServer failed.... This is a fatal item. Setting rollback.
01:12:24:SetProgressScreen: FinishMinorStep.
01:12:24:ProcessInstalls: Rollback is set and we are not doing an uninstall so we will stop processing installs
I have completed MSSQL server configuration and while configuring VMM the below error displayed in the wizard:
An internal error has occurred trying to contact an agent on the WIN-NTJTNEJ1UCN.mydomain.com server: : .
Ensure the agent is installed and running. Ensure the WS-Management service is installed and running, then restart the agent.
I have checked that the following services are running:
1) Verified WS-Management srvice 2) MSSQL server + MSSQL (agent) 3)SC VM Manager Agent 4) Windows management instrumentation .
I have joined the VM (on which installing SC VMM) in a domain(as per install guide) and installing VMM using domain account & it is in local Administrators group.
Also I would like know if there is any stand alone SC VMM installer. If yes then please let me know the installer location & install guide.
thanks.
====Have you installed AppController on the same machine with VMM?
-
One of our SQL Server started creating SQLDUMP file and and on investigation I found the error longs are filled with Errors 3624 & 17066. There is transnational replication configured on one of the databases is the LogReader Agent is failing error "The
process could not execute 'sp_repldone/sp_replcounters' on XXXXX".
Not sure if both these Assertion & Logreader Agent errors are related. Before I remove and put the replication, I wanted to check if anyone has experienced the same issues or aware of what the cause.
***********Error messages from SQL Logs******
**Dump thread - spid = 0, EC = 0x0000000111534460
Message
A system assertion check has failed. Check the SQL Server error log for details. Typically, an assertion failure is caused by a software bug or data corruption. To check for database corruption, consider running DBCC CHECKDB. If you agreed to send dumps to
Microsoft during setup, a mini dump will be sent to Microsoft. An update might be available from Microsoft in the latest Service Pack or in a QFE from Technical Support.
Error: 3624, Severity: 20, State: 1.
SQL Server Assertion: File: <logscan.cpp>, line=2123 Failed Assertion = 'UtilDbccIsInsideDbcc () || (m_ProxyLogMgr->GetPru ()->GetStartupState () < RecoveryUnit::Recovered)'. This error may be timing-related. If the error persists after rerunning
the statement, use DBCC CHECKDB to check the database for structural integrity, or restart the server to ensure in-memory data structures are not corrupted.
Error: 17066, Severity: 16, State: 1.
External dump process return code 0x20000001.
External dump process returned no errors.
Thank you in advance.You need to determine if this error is a transient one or a show stopper one.
It sounds like your log reader agent has crashed and can't continue.
If so your best bet is to call Microsoft CSS and open a support incident.
It also sounds like DBCC CHECKDB was running while the log reader agent crashed.
If you need to get up and running again run sp_replrestart, but then you might find that replicated commands are not picked up. You will need to run a validation to determine if you need to reinitialize the entire publication or a single article.
I have run into errors like this, but they tend to be transient, ie the log reader agent crashes, and on restart it works fine.
looking for a book on SQL Server 2008 Administration?
http://www.amazon.com/Microsoft-Server-2008-Management-Administration/dp/067233044X looking for a book on SQL Server 2008 Full-Text Search?
http://www.amazon.com/Pro-Full-Text-Search-Server-2008/dp/1430215941 -
What would be the reason for sql server agent [MSSQLSERVER] service terminated unexpectedly?
What would be the reason for sql server agent [MSSQLSERVER] service terminated unexpectedly?
only below details found in error log
07:26:44.170 spid60
FILESTREAM: effective level = 3, configured level = 3, file system access share name = 'MSSQLSERVER'.
07:26:45.720 spid51
Configuration option 'Agent XPs' changed from 0 to 1. Run the RECONFIGURE statement to install.
07:26:45.730 spid51
FILESTREAM: effective level = 3, configured level = 3, file system access share name = 'MSSQLSERVER'.
07:28:57.840 spid64
Configuration option 'Agent XPs' changed from 1 to 0. Run the RECONFIGURE statement to install.
07:28:57.840 spid64
FILESTREAM: effective level = 3, configured level = 3, file system access share name = 'MSSQLSERVER'.
and below error on agent log
2014-01-01 07:26:28 - ? [131] SQLSERVERAGENT service stopping due to a stop request from a user, process, or the OS...
2014-01-01 07:26:43 - + [188] Scheduler engine timed out (after 15 seconds) waiting for 1 jobs(s) to stop
2014-01-01 07:26:44 - + [098] SQLServerAgent terminated (forcefully)
RahulWhat would be the reason for sql server agent [MSSQLSERVER] service terminated unexpectedly?
only below details found in error log
07:26:44.170 spid60
FILESTREAM: effective level = 3, configured level = 3, file system access share name = 'MSSQLSERVER'.
07:26:45.720 spid51
Configuration option 'Agent XPs' changed from 0 to 1. Run the RECONFIGURE statement to install.
07:26:45.730 spid51
FILESTREAM: effective level = 3, configured level = 3, file system access share name = 'MSSQLSERVER'.
07:28:57.840 spid64
Configuration option 'Agent XPs' changed from 1 to 0. Run the RECONFIGURE statement to install.
07:28:57.840 spid64
FILESTREAM: effective level = 3, configured level = 3, file system access share name = 'MSSQLSERVER'.
and below error on agent log
2014-01-01 07:26:28 - ? [131] SQLSERVERAGENT service stopping due to a stop request from a user, process, or the OS...
2014-01-01 07:26:43 - + [188] Scheduler engine timed out (after 15 seconds) waiting for 1 jobs(s) to stop
2014-01-01 07:26:44 - + [098] SQLServerAgent terminated (forcefully)
Rahul
Can you post the output of below query
select @@version.
If you are using SQl server express edition ,SQL server agent feature is not available.It seems from errorlog that you can start it but actually you cannot.But first confirm what is version and edition of your SQL server
Please mark this reply as the answer or vote as helpful, as appropriate, to make it useful for other readers -
The Server Core installation option is recommended for servers running Hyper-V
Hi,
I installed Hyper-V Server 2008 R2 on my machine and upon running BPA it says that
The Server Core installation option is recommended for servers running Hyper-V
I don't understand what it meant by re-installing hyper-v core instead of the full installation. My Hyper-v is a stand-alone Hyper-V Server 2008 R2 that is the free one.
Thanks!
JAnusHi JAnus,
I am afraid you can not change that report .
Please just ignore that .
Best Regards
Elton Ji
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
CAD Application gets Hanged for UCCE 7.5.1 when agent answered the call for particular location
Hi All,
We have a CAD server installed on ICM PG box.
Two agent location namely X and Y
Datacenter resided in location X
Users in location X were not facing any issue
Users from location Y facing diificulties and they were using CAD ver 7.5.1.
Randomly for all the users in location Y were reporting CAD application gets Hanged immediately when the agent answer the call.
Location Y is connected via WAN.
Both the location we are using same CAD version, but still issue persist in location Y.
Kindly let me know how to address this issue
If this was a BUG why it was not impacting other locationHi,
I found the problem in CAD Troubleshooting guide.
Problem: Agents can’t log into Agent Desktop.
Solution: During Unified ICM installation, an “Agent Login Required for Client Events” check box is displayed. By default this check box is unchecked. It must remain unchecked for agents to be able to log in. If the check box was checked during Unified ICM installation, you must reinstall Unified ICM and make sure the check box remains unchecked.
I reinstalled CTI Server without that checkbox and now the agent is able to login.
Thanks all for your help.
Cristian -
How long does it take for a cancellation fee to process? I just cancelled my annual subscription to adobe audition today and the customer service agent say the cancellation payment went through of $74.90, but i see no charge on my credit card. On the website it says my cancellation is effective in march 16, 2015. So when will i be charged?
Hi ,
I'm very sorry to hear of the problems you have had moving to pay as you go.
Please can you give customer service a call and ask to speak to the pay monthly retentions team who will be able to fix this issue for you.
Click here for contact details.
Thanks
James -
What should be the logger name for Dispatcher Flush agent?
Hi,
I was trying to setup logging configuration so that the log for Replication agents can be saved on file system. I was able to do it using the logger com.day.cq.replication.Agent.publish.
What would be the logger for Dispatcher Flush Agent if I need to setup logging for it on the Publish instance?
And how, where can we find the logger names?
ThanksThanks Sham.
I was able to setup the logging configuration for dispatcher flush agent.
Thanks,
Guru -
Zen neeon play for sure compatibility why was the thread closed/delete
About a week ago a thread asking why the neeon didn't support play for sure compatibility was on the forum.
For some reason this has now been deleted and I would like to know why. Deleting that thread has to be a very childish attempt to silence a customer complaint about a product, have you ever heard of consumer rights?s000m,
Your thread was not deleted, it simply moved down the page because it hasn't had any recent replies. Threads are listed by which one has the most recent replies.
Here is the thread you're referring to:
http://forums.creative.com/creativel...ssage.id=48495
Threads are never deleted unless they are advertising, or otherwise inappropriate (threatening, abusi've, pornographic images/links, and so on).
Cat -
No log for am policy agent for iis6
Hello!
Im trying to get Policy Agent for IIS to run on my Win Srv 2003 with IIS6 and Sharepoint Services.
I am running the OpenSSO version of Access Manager.
I have installed the agent and done the initial cofiguration.
When i try to browse the resource i get a login prompt (IIS Basic Auth)and cannot login followed by "Not Authorized 401.3"
I should get redirected to the AM Login page, shouldn't I?
I tried to look for answers in the log file but the /debug/<id> directory i empty.
Anyone know what to do?
The amAgent.properties file:
# $Id: AMAgent.properties,v 1.103 2005/09/19 22:08:34 madan Exp $
# The syntax of this file is that of a standard Java properties file,
# see the documentation for the java.util.Properties.load method for a
# complete description. (CAVEAT: The SDK in the parser does not currently
# support any backslash escapes except for wrapping long lines.)
# All property names in this file are case-sensitive.
# NOTE: The value of a property that is specified multiple times is not
# defined.
# WARNING: The contents of this file are classified as an UNSTABLE
# interface by Sun Microsystems, Inc. As such, they are subject to
# significant, incompatible changes in any future release of the
# software.
# The name of the cookie passed between the Access Manager
# and the SDK.
# WARNING: Changing this property without making the corresponding change
# to the Access Manager will disable the SDK.
com.sun.am.cookie.name = iPlanetDirectoryPro
# The URL for the Access Manager Naming service.
com.sun.am.naming.url = http://login.lta.mil.se:8080/opensso/namingservice
# The URL of the login page on the Access Manager.
com.sun.am.policy.am.login.url = http://login.lta.mil.se:8080/opensso/UI/Login
# Name of the file to use for logging messages.
com.sun.am.policy.agents.config.local.log.file = C:/Sun/Access_Manager/Agents/2.2/debug/Identifier_1414639615/amAgent
# This property is used for Log Rotation. The value of the property specifies
# whether the agent deployed on the server supports the feature of not. If set
# to false all log messages are written to the same file.
com.sun.am.policy.agents.config.local.log.rotate = true
# Name of the Access Manager log file to use for logging messages to
# Access Manager.
# Just the name of the file is needed. The directory of the file
# is determined by settings configured on the Access Manager.
com.sun.am.policy.agents.config.remote.log = amAuthLog.sharepoint.lta.mil.se.80
# Set the logging level for the specified logging categories.
# The format of the values is
# <ModuleName>[:<Level>][,<ModuleName>[:<Level>]]*
# The currently used module names are: AuthService, NamingService,
# PolicyService, SessionService, PolicyEngine, ServiceEngine,
# Notification, PolicyAgent, RemoteLog and all.
# The all module can be used to set the logging level for all currently
# none logging modules. This will also establish the default level for
# all subsequently created modules.
# The meaning of the 'Level' value is described below:
# 0 Disable logging from specified module*
# 1 Log error messages
# 2 Log warning and error messages
# 3 Log info, warning, and error messages
# 4 Log debug, info, warning, and error messages
# 5 Like level 4, but with even more debugging messages
# 128 log url access to log file on AM server.
# 256 log url access to log file on local machine.
# If level is omitted, then the logging module will be created with
# the default logging level, which is the logging level associated with
# the 'all' module.
# for level of 128 and 256, you must also specify a logAccessType.
# *Even if the level is set to zero, some messages may be produced for
# a module if they are logged with the special level value of 'always'.
com.sun.am.log.level = 5
# The org, username and password for Agent to login to AM.
com.sun.am.policy.am.username = UrlAccessAgent
com.sun.am.policy.am.password = PN4rEZ1uhx1404ivWY6HPQ==
# Name of the directory containing the certificate databases for SSL.
com.sun.am.sslcert.dir = C:/Sun/Access_Manager/Agents/2.2/iis6/cert
# Set this property if the certificate databases in the directory specified
# by the previous property have a prefix.
com.sun.am.certdb.prefix =
# Should agent trust all server certificates when Access Manager
# is running SSL?
# Possible values are true or false.
com.sun.am.trust_server_certs = true
# Should the policy SDK use the Access Manager notification
# mechanism to maintain the consistency of its internal cache? If the value
# is false, then a polling mechanism is used to maintain cache consistency.
# Possible values are true or false.
com.sun.am.notification.enable = true
# URL to which notification messages should be sent if notification is
# enabled, see previous property.
com.sun.am.notification.url = http://sharepoint.lta.mil.se:80/amagent/UpdateAgentCacheServlet?shortcircuit=false
# This property determines whether URL string case sensitivity is
# obeyed during policy evaluation
com.sun.am.policy.am.url_comparison.case_ignore = true
# This property determines the amount of time (in minutes) an entry
# remains valid after it has been added to the cache. The default
# value for this property is 3 minutes.
com.sun.am.policy.am.polling.interval=3
# This property allows the user to configure the User Id parameter passed
# by the session information from the access manager. The value of User
# Id will be used by the agent to set the value of REMOTE_USER server
# variable. By default this parameter is set to "UserToken"
com.sun.am.policy.am.userid.param=UserToken
# Profile attributes fetch mode
# String attribute mode to specify if additional user profile attributes should
# be introduced into the request. Possible values are:
# NONE - no additional user profile attributes will be introduced.
# HTTP_HEADER - additional user profile attributes will be introduced into
# HTTP header.
# HTTP_COOKIE - additional user profile attributes will be introduced through
# cookies.
# If not within these values, it will be considered as NONE.
com.sun.am.policy.agents.config.profile.attribute.fetch.mode=NONE
# The user profile attributes to be added to the HTTP header. The
# specification is of the format ldap_attribute_name|http_header_name[,...].
# ldap_attribute_name is the attribute in data store to be fetched and
# http_header_name is the name of the header to which the value needs
# to be assigned.
# NOTE: In most cases, in a destination application where a "http_header_name"
# shows up as a request header, it will be prefixed by HTTP_, and all
# lower case letters will become upper case, and any - will become _;
# For example, "common-name" would become "HTTP_COMMON_NAME"
com.sun.am.policy.agents.config.profile.attribute.map=cn|common-name,ou|organiz ational-unit,o|organization,mail|email,employeenumber|employee-number,c|country
# Session attributes mode
# String attribute mode to specify if additional user session attributes should
# be introduced into the request. Possible values are:
# NONE - no additional user session attributes will be introduced.
# HTTP_HEADER - additional user session attributes will be introduced into HTTP header.
# HTTP_COOKIE - additional user session attributes will be introduced through cookies.
# If not within these values, it will be considered as NONE.
com.sun.am.policy.agents.config.session.attribute.fetch.mode=NONE
# The session attributes to be added to the HTTP header. The specification is
# of the format session_attribute_name|http_header_name[,...].
# session_attribute_name is the attribute in session to be fetched and
# http_header_name is the name of the header to which the value needs to be
# assigned.
# NOTE: In most cases, in a destination application where a "http_header_name"
# shows up as a request header, it will be prefixed by HTTP_, and all
# lower case letters will become upper case, and any - will become _;
# For example, "common-name" would become "HTTP_COMMON_NAME"
com.sun.am.policy.agents.config.session.attribute.map=
# Response Attribute Fetch Mode
# String attribute mode to specify if additional user response attributes should
# be introduced into the request. Possible values are:
# NONE - no additional user response attributes will be introduced.
# HTTP_HEADER - additional user response attributes will be introduced into
# HTTP header.
# HTTP_COOKIE - additional user response attributes will be introduced through
# cookies.
# If not within these values, it will be considered as NONE.
com.sun.am.policy.agents.config.response.attribute.fetch.mode=NONE
# The response attributes to be added to the HTTP header. The specification is
# of the format response_attribute_name|http_header_name[,...].
# response_attribute_name is the attribute in policy response to be fetched and
# http_header_name is the name of the header to which the value needs to be
# assigned.
# NOTE: In most cases, in a destination application where a "http_header_name"
# shows up as a request header, it will be prefixed by HTTP_, and all
# lower case letters will become upper case, and any - will become _;
# For example, "common-name" would become "HTTP_COMMON_NAME"
com.sun.am.policy.agents.config.response.attribute.map=
# The cookie name used in iAS for sticky load balancing
com.sun.am.policy.am.lb.cookie.name = GX_jst
# indicate where a load balancer is used for Access Manager
# services.
# true | false
com.sun.am.load_balancer.enable = false
####Agent Configuration####
# this is for product versioning, please do not modify it
com.sun.am.policy.agents.config.version=2.2
# Set the url access logging level. the choices are
# LOG_NONE - do not log user access to url
# LOG_DENY - log url access that was denied.
# LOG_ALLOW - log url access that was allowed.
# LOG_BOTH - log url access that was allowed or denied.
com.sun.am.policy.agents.config.audit.accesstype = LOG_BOTH
# Agent prefix
com.sun.am.policy.agents.config.agenturi.prefix = http://sharepoint.lta.mil.se:80/amagent
# Locale setting.
com.sun.am.policy.agents.config.locale = en_US
# The unique identifier for this agent instance.
com.sun.am.policy.agents.config.instance.name = unused
# Do SSO only
# Boolean attribute to indicate whether the agent will just enforce user
# authentication (SSO) without enforcing policies (authorization)
com.sun.am.policy.agents.config.do_sso_only = true
# The URL of the access denied page. If no value is specified, then
# the agent will return an HTTP status of 403 (Forbidden).
com.sun.am.policy.agents.config.accessdenied.url =
# This property indicates if FQDN checking is enabled or not.
com.sun.am.policy.agents.config.fqdn.check.enable = true
# Default FQDN is the fully qualified hostname that the users should use
# in order to access resources on this web server instance. This is a
# required configuration value without which the Web server may not
# startup correctly.
# The primary purpose of specifying this property is to ensure that if
# the users try to access protected resources on this web server
# instance without specifying the FQDN in the browser URL, the Agent
# can take corrective action and redirect the user to the URL that
# contains the correct FQDN.
# This property is set during the agent installation and need not be
# modified unless absolutely necessary to accommodate deployment
# requirements.
# WARNING: Invalid value for this property can result in the Web Server
# becoming unusable or the resources becoming inaccessible.
# See also: com.sun.am.policy.agents.config.fqdn.check.enable,
# com.sun.am.policy.agents.config.fqdn.map
com.sun.am.policy.agents.config.fqdn.default = sharepoint.lta.mil.se
# The FQDN Map is a simple map that enables the Agent to take corrective
# action in the case where the users may have typed in an incorrect URL
# such as by specifying partial hostname or using an IP address to
# access protected resources. It redirects the browser to the URL
# with fully qualified domain name so that cookies related to the domain
# are received by the agents.
# The format for this property is:
# com.sun.am.policy.agents.config.fqdn.map = [invalid_hostname|valid_hostname][,...]
# This property can also be used so that the agents use the name specified
# in this map instead of the web server's actual name. This can be
# accomplished by doing the following.
# Say you want your server to be addressed as xyz.hostname.com whereas the
# actual name of the server is abc.hostname.com. The browsers only knows
# xyz.hostname.com and you have specified polices using xyz.hostname.com at
# the Access Manager policy console, in this file set the mapping as
# com.sun.am.policy.agents.fqdn.map = valid|xyz.hostname.com
# Another example is if you have multiple virtual servers say rst.hostname.com,
# uvw.hostname.com and xyz.hostname.com pointing to the same actual server
# abc.hostname.com and each of the virtual servers have their own policies
# defined, then the fqdnMap should be defined as follows:
# com.sun.am.policy.agents.fqdn.map = valid1|rst.hostname.com,valid2|uvw.hostname.com,valid3|xyz.hostname.com
# WARNING: Invalid value for this property can result in the Web Server
# becoming unusable or the resources becoming inaccessible.
com.sun.am.policy.agents.config.fqdn.map =
# Cookie Reset
# This property must be set to true, if this agent needs to
# reset cookies in the response before redirecting to
# Access Manager for Authentication.
# By default this is set to false.
# Example : com.sun.am.policy.agents.config.cookie.reset.enable=true
com.sun.am.policy.agents.config.cookie.reset.enable=false
# This property gives the comma separated list of Cookies, that
# need to be included in the Redirect Response to Access Manager.
# This property is used only if the Cookie Reset feature is enabled.
# The Cookie details need to be specified in the following Format
# name[=value][;Domain=value]
# If "Domain" is not specified, then the default agent domain is
# used to set the Cookie.
# Example : com.sun.am.policy.agents.config.cookie.reset.list=LtpaToken,
# token=value;Domain=subdomain.domain.com
com.sun.am.policy.agents.config.cookie.reset.list=
# This property gives the space separated list of domains in
# which cookies have to be set in a CDSSO scenario. This property
# is used only if CDSSO is enabled.
# If this property is left blank then the fully qualified cookie
# domain for the agent server will be used for setting the cookie
# domain. In such case it is a host cookie instead of a domain cookie.
# Example : com.sun.am.policy.agents.config.cookie.domain.list=.sun.com .iplanet.com
com.sun.am.policy.agents.config.cookie.domain.list=
# user id returned if accessing global allow page and not authenticated
com.sun.am.policy.agents.config.anonymous_user=anonymous
# Enable/Disable REMOTE_USER processing for anonymous users
# true | false
com.sun.am.policy.agents.config.anonymous_user.enable=false
# Not enforced list is the list of URLs for which no authentication is
# required. Wildcards can be used to define a pattern of URLs.
# The URLs specified may not contain any query parameters.
# Each service have their own not enforced list. The service name is suffixed
# after "# com.sun.am.policy.agents.notenforcedList." to specify a list
# for a particular service. SPACE is the separator between the URL.
com.sun.am.policy.agents.config.notenforced_list = SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/UI/* SERVER_PROTO://SERVER_HOST:SERVER_PORTCONSOLE_DEPLOY_URI/* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/login_images/* SERVER_PROTO://SERVER_HOST:SERVER_PORT/docs* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/namingservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/sessionservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/loggingservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/profileservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/policyservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/config* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/js/* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/css/* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/authservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/SAMLAwareServlet SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/SAMLSOAPReceiver SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/SAMLPOSTProfileServlet
# Boolean attribute to indicate whether the above list is a not enforced list
# or an enforced list; When the value is true, the list means enforced list,
# or in other words, the whole web site is open/accessible without
# authentication except for those URLs in the list.
com.sun.am.policy.agents.config.notenforced_list.invert = false
# Not enforced client IP address list is a list of client IP addresses.
# No authentication and authorization are required for the requests coming
# from these client IP addresses. The IP address must be in the form of
# eg: 192.168.12.2 1.1.1.1
com.sun.am.policy.agents.config.notenforced_client_ip_list =
# Enable POST data preservation; By default it is set to false
com.sun.am.policy.agents.config.postdata.preserve.enable = false
# POST data preservation : POST cache entry lifetime in minutes,
# After the specified interval, the entry will be dropped
com.sun.am.policy.agents.config.postcache.entry.lifetime = 10
# Cross-Domain Single Sign On URL
# Is CDSSO enabled.
com.sun.am.policy.agents.config.cdsso.enable=false
# This is the URL the user will be redirected to for authentication
# in a CDSSO Scenario.
com.sun.am.policy.agents.config.cdcservlet.url =
# Enable/Disable client IP address validation. This validate
# will check if the subsequent browser requests come from the
# same ip address that the SSO token is initially issued against
com.sun.am.policy.agents.config.client_ip_validation.enable = false
# Below properties are used to define cookie prefix and cookie max age
com.sun.am.policy.agents.config.profile.attribute.cookie.prefix = HTTP_
com.sun.am.policy.agents.config.profile.attribute.cookie.maxage = 300
# Logout URL - application's Logout URL.
# This URL is not enforced by policy.
# if set, agent will intercept this URL and destroy the user's session,
# if any. The application's logout URL will be allowed whether or not
# the session destroy is successful.
com.sun.am.policy.agents.config.logout.url=
# Any cookies to be reset upon logout in the same format as cookie_reset_list
com.sun.am.policy.agents.config.logout.cookie.reset.list =
# By default, when a policy decision for a resource is needed,
# agent gets and caches the policy decision of the resource and
# all resource from the root of the resource down, from the Access Manager.
# For example, if the resource is http://host/a/b/c, the the root of the
# resource is http://host/. This is because more resources from the
# same path are likely to be accessed subsequently.
# However this may take a long time the first time if there
# are many many policies defined under the root resource.
# To have agent get and cache the policy decision for the resource only,
# set the following property to false.
com.sun.am.policy.am.fetch_from_root_resource = true
# Whether to get the client's hostname through DNS reverse lookup for use
# in policy evaluation.
# It is true by default, if the property does not exist or if it is
# any value other than false.
com.sun.am.policy.agents.config.get_client_host_name = true
# The following property is to enable native encoding of
# ldap header attributes forwarded by agents. If set to true
# agent will encode the ldap header value in the default
# encoding of OS locale. If set to false ldap header values
# will be encoded in UTF-8
com.sun.am.policy.agents.config.convert_mbyte.enable = false
#When the not enforced list or policy has a wildcard '*' character, agent
#strips the path info from the request URI and uses the resulting request
#URI to check against the not enforced list or policy instead of the entire
#request URI, in order to prevent someone from getting access to any URI by
#simply appending the matching pattern in the policy or not enforced list.
#For example, if the not enforced list has the value http://host/*.gif,
#stripping the path info from the request URI will prevent someone from
#getting access to http://host/index.html by using the URL http://host/index.html?hack.gif.
#However when a web server (for exmample apache) is configured to be a reverse
#proxy server for a J2EE application server, path info is interpreted in a different
#manner since it maps to a resource on the proxy instead of the app server.
#This prevents the not enforced list or policy from being applied to part of
#the URI below the app serverpath if there is a wildcard character. For example,
#if the not enforced list has value http://host/webapp/servcontext/* and the
#request URL is http://host/webapp/servcontext/example.jsp the path info
#is /servcontext/example.jsp and the resulting request URL with path info stripped
#is http://host/webapp, which will not match the not enforced list. By setting the
#following property to true, the path info will not be stripped from the request URL
#even if there is a wild character in the not enforced list or policy.
#Be aware though that if this is set to true there should be nothing following the
#wildcard character '*' in the not enforced list or policy, or the
#security loophole described above may occur.
com.sun.am.policy.agents.config.ignore_path_info = false
# Override the request url given by the web server with
# the protocol, host or port of the agent's uri specified in
# the com.sun.am.policy.agents.agenturiprefix property.
# These may be needed if the agent is sitting behind a ssl off-loader,
# load balancer, or proxy, and either the protocol (HTTP scheme),
# hostname, or port of the machine in front of agent which users go through
# is different from the agent's protocol, host or port.
com.sun.am.policy.agents.config.override_protocol =
com.sun.am.policy.agents.config.override_host =
com.sun.am.policy.agents.config.override_port = true
# Override the notification url in the same way as other request urls.
# Set this to true if any one of the override properties above is true,
# and if the notification url is coming through the proxy or load balancer
# in the same way as other request url's.
com.sun.am.policy.agents.config.override_notification.url =
# The following property defines how long to wait in attempting
# to connect to an Access Manager AUTH server.
# The default value is 2 seconds. This value needs to be increased
# when receiving the error "unable to find active Access Manager Auth server"
com.sun.am.policy.agents.config.connection_timeout =
# Time in milliseconds the agent will wait to receive the
# response from Access Manager. After the timeout, the connection
# will be drop.
# A value of 0 means that the agent will wait until receiving the response.
# WARNING: Invalid value for this property can result in
# the resources becoming inaccessible.
com.sun.am.receive_timeout = 0
# The three following properties are for IIS6 agent only.
# The two first properties allow to set a username and password that will be
# used by the authentication filter to pass the Windows challenge when the Basic
# Authentication option is selected in Microsoft IIS 6.0. The authentication
# filter is named amiis6auth.dll and is located in
# Agent_installation_directory/iis6/bin. It must be installed manually on
# the web site ("ISAPI Filters" tab in the properties of the web site).
# It must also be uninstalled manually when unintalling the agent.
# The last property defines the full path for the authentication filter log file.
com.sun.am.policy.agents.config.iis6.basicAuthentication.username =
com.sun.am.policy.agents.config.iis6.basicAuthentication.password =
com.sun.am.policy.agents.config.iis6.basicAuthentication.logFile = C:/Sun/Access_Manager/Agents/2.2/debug/Identifier_1414639615/amAuthFilterIf the agent doesnot start properly you would always get redirected to com.sun.am.policy.agents.config.accessdenied.url , if thats not specified you will get a 403.
For the agent itself check that the naming.url is correct. the agent username and passwords are correct, and see that the user has priviledges to write to the agent log files. Apart from these post the windows event logs. -
Site list update not working with TED and Zenworks for Servers
Product: Zenworks for Desktops 7Sp1 and Zenworks For Server/TED 7Sp1HP5
Subject: Site list update not working with TED and Zenworks for Servers ,
all on Linux
Description: We have an exiting environment with 6 ZfS Servers and now we
brought up a new Server for another location. I configured all same as on
the other Server and the new one created all NAL-Apps at the new location.
But in the Application Site list on the golden App is this Application
missing. So I clicked on the Link up site list on the Distribution Screen
in C1. On ApplicationSite list the App from the new location is missing.
So I removed all and added the new from the new location and now i see all
in the application site list.When I install an app on the client on the
new location NAL is connecting alway th the same (wrong location-server
and i get an msi error 1612 or id=53272 with path=\Wrong serverpath to
file.
I looked on the other tab on C1 at the golden app an I see the backlinks
are going to all other servers without the new one. Software installation
on other locations are ok
RegardsAndreas,
I forgot to mention that you can also set the loging level on the Distributor and the Subscriber to 6. to do this at the Zenworks Server Management prompt type "setconsolelevel 6" if you want to capture this to the log file ted.log then use "setfilelevel 6"
Next delete the Distribution from the Subscriber and then re-push the channel.
What we are looking for here in the log is the creation of the object and the linking information about the gold object. it should look like this (not the failure part ;-))) )
In this excerpt you will see the entry
Golden App =
This should be were the link is to
You can check this both ways in the Golden App and in the Distributed Application.
Here is a log from me that shows this info as an example of what you should be looking for.
2008.05.29 03:35:41 [TED:Work Order In(yourserver.yes.com)] Receiving distribution: Creating new application failed,
Subscriber Tree Name= YOUR-TREE,
Subscriber DN = SUBSCRIBER_YOURSERVER.BRN.FL.SUBS.SUBSCRIBERS.ZSM. GRS.CBH,
Golden App = SCRIPT-MS-HOTFIX.APP.BRN.ZENGOLD.GRS.CBH,
Attempted AppName = SCRIPT-MS-HOTFIX.APP.BRN.HAVERHI.PALM.FL.CBH,
error message: Failed creating SCRIPT-MS-HOTFIX.APP.BRN.HAVERHI.PALM.FL.CBH. With error message: Setting the trustee for BRN.HAVERHI.PALM.FL.CBH on the file "VOL1:\ZEN\UTILS" failed. Look in subscriber log file for more details..
2008.05.29 03:35:41 [TED:Event Processing] Handle Event: Work order IN completed... Creating new application failed,
Subscriber Tree Name= YOUR-TREE,
Subscriber DN = SUBSCRIBER_HAVERHI-FLBRN1.BRN.FL.SUBS.SUBSCRIBERS.ZSM.GRS.CBH,
Golden App = SCRIPT-MS-HOTFIX.APP.BRN.ZENGOLD.GRS.CBH,
Attempted AppName = SCRIPT-MS-HOTFIX.APP.BRN.HAVERHI.PALM.FL.CBH,
error message: Failed creating SCRIPT-MS-HOTFIX.APP.BRN.HAVERHI.PALM.FL.CBH. With error message: Setting the trustee for BRN.HAVERHI.PALM.FL.CBH on the file "VOL1:\ZEN\UTILS" failed. Look in subscriber log file for more details..
2008.05.29 03:35:41 [TED:Event Processing] Received (from haverhi-flbrn1.yesbank.com) Creating new application failed,
Subscriber Tree Name= YOUR-TREE,
Subscriber DN = SUBSCRIBER_HAVERHI-FLBRN1.BRN.FL.SUBS.SUBSCRIBERS.ZSM.GRS.CBH,
Golden App = SCRIPT-MS-HOTFIX.APP.BRN.ZENGOLD.GRS.CBH,
Attempted AppName = SCRIPT-MS-HOTFIX.APP.BRN.HAVERHI.PALM.FL.CBH,
error message: Failed creating SCRIPT-MS-HOTFIX.APP.BRN.HAVERHI.PALM.FL.CBH. With error message: Setting the trustee for BRN.HAVERHI.PALM.FL.CBH on the file "VOL1:\ZEN\UTILS" failed. Look in subscriber log file for more details.. -
Does SNMP agent on the admin server polls managed objects automatically?
Hi All,
If I enable SNMP agent on the admin server, does it mean that it polls and caches MIB of all the managed servers in the domain and return it if a client requests for information or it polls and caches that MIB value only when requested?
2)Suppose a client requests for SNMP data of a managed instance and the instance is down, does admin server keep polling or does it timeout after a number of secs or retries. I don't see any config params in weblogic 8.1.3 or weblogic 9.0 console.
Thanks. I appreciate your answers.
Thanks,Are you saying the notes are incorrect?
No, I wasn't commenting on that at all. I was just saying that DBUA is the recommended way of upgrading databases... and that's in spades if you're talking about 100GB databases.
I'll lay odds that DBUA to 10.2.0.1 and then patching to 10.2.0.3 is quicker than exporting and importing 100GB of data.
(Applying a 10.2.0.3 patch is done with opatch and doesn't require a fresh installation of Oracle. A patch mostly just modifies the data dictionary: it's finished in minutes, not hours).
My real point: these sorts of questions are incredibly easy to ask, answer, discard, re-ask, modify, mull over and basically experiment with in a virtual environment.
And again: it's utterly bizarre why you wouldn't have physical access to this database (and keep in mind that I can't keep in mind little nuggets of information such as this one which you didn't see fit to share earlier!)
It's in a virtual server. Virtual servers can be zipped up and emailed! (OK, maybe not 100GB... but I've shipped a small hard disk in a zip-lok pack envelope half way round the world before now -though obviously it wasn't critical to have the contents of that envelope available for use all the time... Still, it sounds to me like here's a technology (virtualisation) that's not being properly exploited). -
Animated gif icon for an exception instead of the standard icon?
Hello,
is there a possibillity to use an animated gif icon for an exception instead of the red standard icon in a web template?
I tried to change the standard icon s_s_ledr.gif against an animated gif icon in the mime repository, but it does not work. In the IE the icon is still shown without animation.
Maybe I´ve changed the wrong icon?
Can you please help me?
Greetings
Andreas
Edited by: Andreas Zenner on Feb 25, 2009 1:22 PMHi Andreas,
it is possible to integrate own symbols for exceptions. If you can use animated gif I don't know. However there is a post over here explaining the usage of the modification for symbols:
Re: BI 7 Web Design API - Parameter modification - Exception symbol
If you have questions just let us know.
Brgds,
Marcel
Maybe you are looking for
-
Hyperlink code to populate Oracle form
Can I have a hyperlink that contains the code to pass it's values and populate a series of fields on a portal form when I click it?
-
User exit for vf01 for delivery date should be a current date
Hi Experts, I won t allow to save vf01 delivery date mismatch with system date. Delivery date must equal with system date. kindly give any userexit for this issue. regards G.Vendhan
-
JSP taglibs from dynamic source
Hello folks, i wonder if it is possible to use taglibs that come form a dynamic source during request time, like this: <% String myOtherTag = "<bla:myOtherTag/>"; // the string could come from a database or form %> <bla:myTag> <%= myOtherTag %> <
-
Screen saver toggles between 2 photos
My O/S 10.5.5 screen saver is set to use photos from my iPhoto albums. It cycles properly for a few minutes and then settles on 2 photos and oscillates back and forth. Each time this happens the photos that oscillate are not the same as before. I nev
-
Denim update to my Icon Froze my phone
My Icon downloaded the update and has been stuck on the Verizon red screen of death ever since. Waited about 40 minutes and then powered phone off and restarted - got to the same point. It is stuck on the red screen. Ideas?