I am trying to decrypt an rpmsg file received from inside my organization that has been encrypted with RMS. I have installed AD RMS and the MDE. I am using the MIP SDK for C# version 1.11.72.
Decryption fails with a generic message - "One or more errors occurred." However, in the MIP SDK logs, I see this:
Failed API call: file_create_file_handler_async Failed with: [NoPermissionsError: 'Received message: Can't find SLC public key in global lookup tenant when targeting https://api.aadrm.com/my/v2/enduserlicenses, NoPermissionsError.Category=UnknownTenant, CorrelationId=6f5fb43e-4fe8-452c-ad30-3d3e5e479a5c, CorrelationId.Description=ProtectionEngine'
I am not sure what this issue might be related to. Any advice as to how to diagnose would be very helpful.
Using AD RMS requires that you also have registered the _rmsdisco SRV record. Without that, the SDK defaults to using Azure.
https://learn.microsoft.com/en-us/information-protection/develop/quick-app-adrms#service-discovery
I'll look at adding a section to the Service Discovery section that links to the AD RMS details.
Once the record is published, you need to use the Identity property on the FileEngineSettings object. The SDK will use the domain suffix from the identity to chase the SRV record.
If your organization has multiple email domains, you'll need an SRV record for each that points to the RMS cluster.
Related
I am new to IBM cloud. I deleted my Watson Discovery service by mistake. Afterwards, I re-created a new service and there was no issue. But when I try to upload data to Watson Discovery, I'm given error 400 "Only one free environment is allowed per resource group". I'm on the Lite plan.
Any help?
login into your ibm cloud account and go to https://cloud.ibm.com/shell and run the following commands
ibmcloud resource reclamations
the above command list all resource reclamations under your account. to know which resource to delete check the Entity CRN and copy it's ID then use below command to delete the resource
ibmcloud resource reclamation-delete [ID] --force
Replace the ID with resource id to delete.
Maybe it is too late, but I found some information under this link: https://cloud.ibm.com/docs/discovery?topic=discovery-gs-api.
It mentions something like: "If you have recently deleted a Lite instance and then receive a 400 - Only one free environment is allowed per resource group error message when creating a new environment in a new Lite instance, you need to finish deleting the original Lite instance. See ibmcloud resource reclamations and follow the reclamation-delete instructions."
Also further information can be gathered from here: https://cloud.ibm.com/docs/cli?topic=cloud-cli-ibmcloud_commands_resource#ibmcloud_resource_reclamations
I am attempting to use the Microsoft Azure Storage Explorer, attaching with a SAS URI. But I always get the error:
Inadequate resource type access. At least service-level ('s') access
is required.
Here is my SAS URI with portions obfuscated:
https://ti<...>hare.blob.core.windows.net/?sv=2018-03-28&ss=b&srt=co&sp=rwdl&se=2027-07-01T00:00:00Z&st=2019-07-01T00:00:00Z&sip=52.<...>.235&spr=https&sig=yD%2FRUD<...>U0%3D
And here is my connection string with portions obfuscated:
BlobEndpoint=https://tidi<...>are.blob.core.windows.net/;QueueEndpoint=https://tidi<...>hare.queue.core.windows.net/;FileEndpoint=https://ti<...>are.file.core.windows.net/;TableEndpoint=https://tid<...>hare.table.core.windows.net/;SharedAccessSignature=sv=2018-03-28&ss=b&srt=co&sp=rwdl&se=2027-07-01T00:00:00Z&st=2019-07-01T00:00:00Z&sip=52.<...>.235&spr=https&sig=yD%2FRU<...>YU0%3D
It seems like the problem is with the construction of my URI/endpoints/connectionstring/etc, more than with permissions granted me on the server, due to the fact that when I click Next, the error displays instantaneously. I do not believe it even tried to reach out to the server.
What am I doing wrong? (As soon as I get this working, I'll be using the URI/etc to embed in my C# app for programmatic access.)
What you need to connect is a service requirement the "SRT" part of the URI.
The URI you have has a SRT of "CO" container and object and needs the "S" part, you need to create a new sas key this can be generated in portal, azure cli or powershell.
In the portal is this part:
You have to enter to the storage acount and select what you need:
Allowed services (if you are looking for blob)
Blob
Allowed resource types
Service (make sure this one is activated)
Container
Object
Allowed permissions (this to do everything)
Read
Write
Delete
List
Add
Create
Example where to look
If you need more info look here:
https://learn.microsoft.com/en-us/rest/api/storageservices/create-account-sas?redirectedfrom=MSDN
If you like to create the SAS key in the CLI use this:
https://learn.microsoft.com/en-us/azure/storage/blobs/storage-blob-user-delegation-sas-create-cli
If you like to create the SAS key in powershell use this:
https://learn.microsoft.com/en-us/azure/storage/blobs/storage-blob-user-delegation-sas-create-powershell
I has a similar issue trying to connect to the blob container using a Shared Access Signature (SAS) URL, and this worked for me:
Instead of generating the SAS URL in Azure Portal, I used Azure Storage Explorer.
Right click the container that you want to share -> "Get Shared Access Signature"
Select the Expiry time and permissions and click create
This URL should work when your client/user will try to connect to the container.
Cheers
I had the same problem and managed to get this to work by hacking the URL and changing "srt=co" to "srt=sco". It seems to need the "s".
Kind of new with the integration runtime.
I had a pipeline running with no issues but recently we had an AD upgrade and the local on premesis SQL db changed my user from 'bluecompany\joe' to 'redcompany\joe'
This has caused my datafactory to stop working properly . as it can't connect to the SQL onpremesis .
I can't seem to find the place of where I can update this change?
Error:
Copy activity encountered a user error at Source side: Integration Runtime (Self-hosted) Node Name=ORG200016,ErrorCode=UserErrorFailedToConnectToSqlServer,'Type=Microsoft.DataTransfer.Common.Shared.HybridDeliveryException,Message=Cannot connect to SQL Server: 'org200016.bluecompany.com.au', Database: 'GroupRisk', User: 'bluecompany\joe'.,Source=Microsoft.DataTransfer.ClientLibrary,''Type=System.ComponentModel.Win32Exception,Message=This user can't sign in because this account is currently disabled,Source=Microsoft.DataTransfer.ClientLibrary,'.
any ideas would be very welcomed. Thank you
As your login account has changed, I think you will need to update the account in the corresponding linked service, where you entered your credentials for this database previously.
Be sure the test connection succeeds after you edit the linked serivce. Then the pipeline should be able to connect to your database again.
Depending on which version of ADF you're using, there are different ways to update your linked service:
login to https://portal.azure.com/ and find you data factory (if you don't have an account to login to portal, you need to find the admin who create this linked service and ask him to update for you)
if you're using v1 data factory, find the "Author and Deploy" where you should be able to find your linked service corresponding to your on premise SQL server.
if you're using v2 data factory, find the "Author and Monitor", click on the pen logo where you should be able to find your linked service from the "connections" tab, it will allow you to edit the linked service.
Thanks,
Eva
I am new to Bluemix as part creating an app following the steps below:
Log in to Bluemix with your Bluemix account.
Open the Catalog menu.
From the Runtimes section, click Liberty for Java.
In the App field, specify the name of your app [entered name]
Click the Create button
I am getting the error below:
BXNUI2032E: An error occurred when contacting Cloud Foundry to create a resource. Resource: routes. Cloud Foundry message: "The host is taken: vTest." See the Troubleshooting topics in the IBM Bluemix Documentation to check service status, review troubleshooting information, or for information about getting help.
Thanks in Advance
Bluemix will auto create the hostname for your app based on what you type into the name of the app. The above error means someone else has that hostname for their app.
The error message will probably look like the following.
cf push watson-um-demo
Creating app watson-um-demo in org jbsloyer#us.ibm.com / space demos as jbsloyer#us.ibm.com...
OK
Creating route watson-um-demo.mybluemix.net...
FAILED
Server error, status code: 400, error code: 210003, message: The host is taken: watson-um-demo
To resolve the issue you can modify the hostname field.
Bluemix assigns your app with a domain of mybluemix.net if you are running in the US-South region. If you are running in the EU-GB region Bluemix will assign your app with a domain of eu-gb.mybluemix.net You can map your own domains to your app as well. See https://www.ng.bluemix.net/docs/#manageapps/index-gentopic3.html#domain.
The guys before me already gave you the answer you were looking for, I just want share some good practices, if you don't mind. While it might not work for you, it has worked like a charm for me over past months
What has worked best for me is to start every App Name with my initials and than the app name. Colleagues of mine are doing the same just adding their name at the end.
So whenever I create a new app I follow my little schema in head:
Initials in front
no spaces just underscores
Descriptive and easy to remember so that I can quickly type it in the command line
The host you input will be the part of your url before mybluemix.net (yours would be vTest.mybluemix.net), so it needs to be globally unique across all of Bluemix. Try adding some random characters to the end of your host.
Don't stress out :) The reality is you likely will not want to use mybluemix.net for a customer facing URL/Route. Simply replace the name that you initially used that is already used by someone else with a compliant one see Restrictions on Valid Hostnames. It really doesn't matter which one.
Then get yourself a DNS provider like Domainmaster.com register your own custom domain. Like: www.mygreatsite.com
Then modify Bluemix to use your own custom domain you created. Read the documentation on Creating and using a custom domain with Bluemix.
You may want to setup other settings in your DNS like Cname, AAAA records and A records. Work with the DNS provider to figure out which ones you want to change.
We have an development enviroment, with the AE and CE in the same websphere instance.
Now, we are trying to mount, the AE in one of our local machine, in a IRAD Websphere instance.
When the application tries to access filenet objects we get the following error:
com.filenet.api.exception.EngineRuntimeException:
SECURITY_ANONYMOUS_DISALLOWED: Anonymous users aren't allowed access
to the Content Engine. errorStack={ at
com.filenet.engine.context.SecurityContext.(SecurityContext.java:87)
at
com.filenet.engine.context.ServerCallContext.(ServerCallContext.java:87)
at
com.filenet.engine.context.ServerCallContext.newInstance(ServerCallContext.java:985)
at
com.filenet.engine.jca.impl.RequestBrokerImpl.getUserName(RequestBrokerImpl.java:1300)
at
com.filenet.engine.ejb.EngineCoreBean._getUserName(EngineCoreBean.java:731)
at
com.filenet.engine.ejb.EngineCoreBean.getUserName(EngineCoreBean.java:713)
at
com.filenet.engine.ejb.EJSLocalStatelessEngineCore_22877cb1.getUserName(Unknown
Source) at
com.filenet.engine.ejb.EngineBean.processUserLicense(EngineBean.java:977)
at com.filenet.engine.ejb.EngineBean.methodInit(EngineBean.java:175)
at com.filenet.engine.ejb.EngineBean.getObjects(EngineBean.java:303)
at
com.filenet.apiimpl.transport.ejbstubs.EJSRemoteStatelessEngine_2e64c374.getObjects(Unknown
Source) at
com.filenet.apiimpl.transport.ejbstubs._EJSRemoteStatelessEngine_2e64c374_Tie.getObjects(_EJSRemoteStatelessEngine_2e64c374_Tie.java:184)
at
com.filenet.apiimpl.transport.ejbstubs._EJSRemoteStatelessEngine_2e64c374_Tie._invoke(_EJSRemoteStatelessEngine_2e64c374_Tie.java:98)
at
com.ibm.CORBA.iiop.ServerDelegate.dispatchInvokeHandler(ServerDelegate.java:613)
at com.ibm.CORBA.iiop.ServerDelegate.dispatch(ServerDelegate.java:466)
at com.ibm.rmi.iiop.ORB.process(ORB.java:503) at
com.ibm.CORBA.iiop.ORB.process(ORB.java:1552) at
com.ibm.rmi.iiop.Connection.respondTo(Connection.java:2673) at
com.ibm.rmi.iiop.Connection.doWork(Connection.java:2551) at
com.ibm.rmi.iiop.WorkUnitImpl.doWork(WorkUnitImpl.java:62) at
com.ibm.ejs.oa.pool.PooledThread.run(ThreadPool.java:95) at
com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1498)
We've already:
Configured the same JAAS as in the dev env.
Installed a certificate from our local machine in the Websphere instance.
We've enabled the administrative security and the application security
The LDAP configuration is the same as in the AE on the dev env
The primary administrative user name is the same in both AE and CE
We are using Websphere 6.1.
You don't mention setting up a trust relationship (LTPA keys) between the two WAS instances. That can lead to these symptoms.
It is hard to tell the exact reason as there are not enough details about your environment. There might various causes for the exception that you are seeing.
In general, all nuts and bolts are described in the following document – Problems with Anonymous principal UNAUTHENTICATED when using the Java API. You should not have problems with authentication if you follow the instructions provided there.
Try one simple thing and check the proper string value where you specify the path of :
1)abc=file:/c:/WebSphere/AppClient/properties/sas.client.props
2)xyz=C:\jaas.conf.WebSphere
The format should be exactly the same as above for respective files.
This was the most basic problem which I had faced.