Unable to setup user registry with "non-LDAP external registry" - windows

I am not able to setup user registry in RTC's JTS setup.
I selected "non-LDAP external registry" option and tried by giving users as "JAdmin", "Administrator", etc.
On click of next it is giving me error message
TypeError: 'this.currentForm.statusMsgHandler' is null or not an object
and Warning:
You need to be authenticated as a user from LDAP to
import your user and assign licenses.
Ensure the application container settings are configured correctly
for LDAP, restart the server, and log in with a user from the LDAP
directory to continue.
I think even if I am selecting "non-LDAP external registry" it is considering "LDAP" option and trying to connect to LDAP (According to log)
javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr:
DSID-0C0906E8, comment: In order to perform this operation
a successful bind must be completed on the connection., data 0, v1db1 ];
Remaining name: 'ou=people,dc=jazz,dc=net'
Please help out to get over it!

I configured RTC using OpenDJ LDAP.

Related

Oracle BIEE server unable to start on VirtualBox

I have an error when i try to start the Oracle BI server on Oracle VM VirtualBox. I am currently using SampleAppv607p-appliance.
This is my error.
/Servers/AdminServer/ListenPort=7001
Accessing admin server using URL t3://demo.us.oracle.com:7001
Starting AdminServer …
Admin Server Start Exception: Error occurred while performing nmStart : Error Starting server AdminServer : Received error message from Node Manager Server: [Server start command for WebLogic server ‘AdminServer’ failed due to: [Server failed to start up but Node Manager was not aware of the reason]. Please check Node Manager log and/or server ‘AdminServer’ log for detailed information.]. Please check Node Manager log for details.
Use dumpStack() to view the full stacktrace :
Reading domain…
/Servers/AdminServer/ListenPort=7001
Accessing admin server using URL t3://demo.us.oracle.com:7001
Requesting credentials …
Enter Weblogic login details at prompt
Please do help me. Thank you!
I'm guessing here, your database is probably not up. So confirm the Oracle DB in VM is up and start BI services.
Based on your logs it looks like you're starting the WebLogic Admin Server via the Node Manager. However, during startup of the Admin Server it prompts for the username/password of domain user (e.g. weblogic) but Node Manager is not passing anything.
To solve this, go to $DOMAIN_HOME/servers/AdminServer/security and create boot.properties file. Edit the file and enter the username and password on separate lines. The username/password was defined upon domain creation, so make sure you know what these values are. See example below:
username=weblogic
password=welcome123
Start the Admin Server again. This will automatically encrypt the contents of your boot.properties file.
It always helps if you check the logs, as they provide more information on the error. In this case, you can check the following logs at the $DOMAIN_HOME/servers/AdminServer/logs/ directory.

Event 4625 windows security auditing failed to logon. Failure Reason:Unknown user name or bad password

I have Windows server 2012 R2 azure virtual instance and few ports are open on it i.e. (80,443,RDC). I have observed the below logs into windows event viewer in security section.
Event 4625 : Microsoft windows security auditing
-------log description start
An account failed to log on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: ALLISON
Account Domain:
Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xC000006D
Sub Status: 0xC0000064
Process Information:
Caller Process ID: 0x0
Caller Process Name: -
Network Information:
Workstation Name:
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon request fails. It is generated on the computer where access was attempted.
The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
The Process Information fields indicate which account and process on the system requested the logon.
The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
-------log description end
The logs are continuously generating in event viewer (3-4 request per second) and account name always changes as mention below.
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: ATCNSBAYFG
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: SUPPORT
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: SUPPORT
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: HAYLEY
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: TEST5
and more...
What I tried:
1. Disabled the all open ports from azure portal even RDC.
2. Disabled the Windows Essentials services.
3. Disabled Alert Evaluations task from windows scheduler.
but still the logs are generating in event viewer. Is this windows attacked or some thing else? and how to prevent this?
This event is generated when a logon request fails. It is generated on the computer where access was attempted.
For testing, remove EVERYONE from folder and use local group Users with modify permission instead of EVERYONE.
4625: An account failed to log on
https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4625
Some application usually use the guest account to achieve some function, if you worry about the safety you can keep the disable or enable base on your practical application.
Can you turn on failure auditing for authentication attempts?
Get help fro this auditing solution to track the source of failed logon attempts in Active Directory.
Hope this helps!
I was looking for answer to this and came across this post. In the end I raised a paid Microsoft support case which came up with the following solution and wanted to share in case it helps anyone in the future:
Export the .cer file used for the WCF connection (unless it available elsewhere already):
a. Launch the manage local computer certificates mmc plugin
b. Navigate to Trusted People > Certificates
c. Right click on the coreapi.server01.gold.nas.faa.gov cert and click All tasks > Export.
d. Click Next
e. Click Next (DER encoded binary X.509 (.CER) is fine).
f. Choose a sensible place to export (i.e. Documents)
g. Click Next
h. Click Finish
i. Click OK on dialog that pops up.
Open Windows administrative tools from the start menu
Double click on Active Directory Users and Computers
In the menu click on View > Advanced Features
Double click on Users
Right click on suitable account (You can use any account I think but I used our special services account. The Microsoft support engineer also implied you can use a computer too)
Click on Name Mappings…
Click Add
Select exported cert from step 1.
Click Open
Click OK (leave both identity Mapping options ticked)
Click OK.
No need to reboot. The login failure is replaced with a login success (4648) which shouldn't trigger an intrusion detection issues.

Not able to login to IBM websphere console

In Websphere, on Security settings, I changed the flag "Trim Kerberos realm from principal name" and now I am trying to log to websphere console, it keeps saying error Invalid user id or password.
Check the SystemOut.log file, it shows below error
An unexpected exception occurred when trying to run getUserDN() method : GSSException: com.ibm.ws.security.auth.kerberos.NoCredentialFoundException: Did not find user in userRegistry for userName: wasadmin#abccompany.com
What are different options I can try to login to console successfully?
I am not sure what your security setting are and why the login is failing after enabling the setting. But if you want to get into admin console to fix your security setting, you can disable security as follows temporarily.
To disable security, please perform the following steps via wsadmin:
<WAS_INSTALL_DIR>/bin/> wsadmin -conntype NONE.
wsadmin> securityoff.
wsadmin> exit.
Restart the servers.
Enable the security from administrative console.
http://www-01.ibm.com/support/docview.wss?uid=swg21405302

Websphere 7/Data Sources: ORA-01017: invalid username/password;

I am setting up multiple datasources on WS 7 for JNDI access.
After clicking one of the datasources -> Connection Pool Properties -> Connection Pool Custom Properties, I gave two properties:
Property1 Name: user
value: someuser
Property2 Name: password
value: somepassword
And after save the configuration and get back to that data source, I hit the Test connection button so it give me a nice exception:
java.sql.SQLException: ORA-01017: invalid username/password; logon denied DSRA0010E: SQL State = 72000, Error Code = 1,017
And I do see that exception from JVM log as well. The issue remains even get the server restarted?
What's going wrong then?
Update 1
Forget to mention that I have set JAAS authentication to none but still get the exceptions..
You may try using an 'J2C authentication alias' to define your username/password pair instead of custom properties. You may see the link for J2C Authentication Alias definitions at right hand side of datasource definition screen. After you define you username/password pair as an authentication alias, you shall select that alias for your datasource form the list of aliases.
For reference you may check Configuring a data source using the administrative console (item 10) at infocenter.

WebSphere to Oracle - doesn't accept correct password

In WebSphere 6.1 I have created a datasource to an Oracle 11g instance using the thin JDBC client.
In Oracle I have two users, one existing and another newly created.
My websphere datasource is OK if I use the component-managed authentication alias of the existing user, but fails with "invalid user/password" message if I use the alias of the new user. The error message is:
The test connection operation failed for data source MyDB (Non-XA) on
server nodeagent at node MY_node with the following exception:
java.sql.SQLException: ORA-01017: invalid username/password;
logon denied DSRA0010E: SQL State = 72000, Error Code = 1,017.
View JVM logs for further details.
There is nothing in the JVM logs. I have grepped all websphere logs and they do not mention my connection at all.
I can confirm that the username and password are correct by logging in via SQLPlus or (to prove the JDBC connection is OK) via SQuirreL.
I have checked in Oracle that the new user has all the system privs that the existing user has.
Any thoughts on what is going on or how I can debug this further?
Just FYI. I am guessing you are running WebSphere in Network Deployment mode.
This behavior you're experiencing is actually by design.
The reason for it is that the "Test Connection" button you see on the admin console, invokes the JDBC connection test from within the process of the Node Agent. There is no way for the J2C Alias information to propagate to the Node Agent without restarting it; some configuration objects take effect in WebSphere as soon as you save the configuration to the master repository, and some only take effect on a restart. J2C aliases take effect on restarts.
In a Network Deployment topology, you may have any number of server instances controlled by the same Node Agent. You may restart your server instances as you'd like, but unless you restart the Node Agent itself, the "test connection" button will never work.
It's a known WebSphere limitation... Which also exists on version 7.0, so don't be surprised when you test it during your next migration. :-)
If this happens to anyone else, I restarted WebSphere and all my problems went away. It's a true hallmark of quality software.
Oftentimes when people tell me they can't log into Oracle 11g with the correct password, I know they've been caught out by passwords becoming case-sensitive between 10g and 11g.
Try this :
data source definition
security
use the j2c alias both autentication managed by component and autentication managed by container
IBM WAS 8.5.5 Knowledge Center - Managing Java 2 Connector Architecture authentication data entries for JAAS
If you create or update a data source that points to a newly created J2C authentication data alias, the test connection fails to connect until you restart the deployment manager.
After you restart the deployment manager, the J2C authentication data is reflected in the runtime configuration. Any changes to the J2C authentication data fields require a deployment manager restart for the changes to take effect.
The node agent must also be restarted.
I have point my data source to componenet-manage authentication as well as container-managed authentication.Its working fine now........

Resources