• RELEVANCY SCORE 4.09

    DB:4.09:Security Propagation From Remote Ejb Clients To As7 9z





    Hi guys

    Would it be possible to add support to remote EJB AS7 Client JAAS Security Context Propagation ?

    Something like to get Subject from Call context on client Side and forward it to Server Side and let the Security Real to deside for authentication/authorization.

    This wuold be realy helpful, AS7 EJB remote Client without Security is pretty useless... and since beta1 Server Sider requres Authenticated users.. :-)

    DB:4.09:Security Propagation From Remote Ejb Clients To As7 9z


    This thread also deals with this issue and contains a JIRA reference: https://issues.jboss.org/browse/AS7-5047

  • RELEVANCY SCORE 3.56

    DB:3.56:Does Security Propagation From Remote Ejb Clients To Session Bean Work For Jboss 5.1!? k3





    hi,

    after browsing 10 pages of threads for the keyword 'anonymous' and found that Jboss 5.1 seems not ok for doing secuirty propagation from remote EJB client to session bean, is it ture!? since i've spending long long time to dig into this topic and 've tried so many approaches but the end result is 'anonymous' dumped by ctx.getCallerPrinciple() in session bean...!!!

    Can anybody tell me the truth...!?

    LAW

    DB:3.56:Does Security Propagation From Remote Ejb Clients To Session Bean Work For Jboss 5.1!? k3


    hi,

    after browsing 10 pages of threads for the keyword 'anonymous' and found that Jboss 5.1 seems not ok for doing secuirty propagation from remote EJB client to session bean, is it ture!? since i've spending long long time to dig into this topic and 've tried so many approaches but the end result is 'anonymous' dumped by ctx.getCallerPrinciple() in session bean...!!!

    Can anybody tell me the truth...!?

    LAW

  • RELEVANCY SCORE 3.28

    DB:3.28:Security Context Propagation From Servlet To Ejbs 1m





    How do you propagate security context information from Servlet to
    EJBs? I have an web app that uses the container's FORM based authentication.
    The servlet resource then calls a session EJB (w/ security contraints
    setup). The webapp and the ejbs are bundled into one EAR.

    Thanks!

    DB:3.28:Security Context Propagation From Servlet To Ejbs 1m

    After a user is authenticated via weblogic's security realm, this user's
    "principle" is actched in his thread. While this thread is looking up EJB
    without identifying "principle" and "credential", the "principle" stored in
    current thread is used.

    Fun

    Frank wrote:

    How do you propagate security context information from Servlet to
    EJBs? I have an web app that uses the container's FORM based authentication.
    The servlet resource then calls a session EJB (w/ security contraints
    setup). The webapp and the ejbs are bundled into one EAR.

    Thanks!

  • RELEVANCY SCORE 3.28

    DB:3.28:Security Context Propagation Between Servlet And Ejb c3



    How do you propagate security context information from Servlet to
    EJBs? I have an web app that uses the container's FORM based authentication.
    The servlet resource then calls a session EJB (w/ security contraints
    setup). The webapp and the ejbs are bundled into one EAR.

    Thanks!

    DB:3.28:Security Context Propagation Between Servlet And Ejb c3

    Frank,

    You do not have to do anything to propagate identity between the two
    containers. As long as the user is authenticating first..

    There have been a number of issues with the propagation, so be sure to stay up
    on the service packs.

    HTH.

    Frank wrote:

    How do you propagate security context information from Servlet to
    EJBs? I have an web app that uses the container's FORM based authentication.
    The servlet resource then calls a session EJB (w/ security contraints
    setup). The webapp and the ejbs are bundled into one EAR.

    Thanks!--
    Tom Mitchell
    tom@tom.org
    Very Current Stoneham, MA Weather
    http://www.tom.org

  • RELEVANCY SCORE 3.07

    DB:3.07:Risks Of Split Tunneling 9c



    Acknowledging that split tunneling is a risky policy to enable on an enterprise network. However, what would be some key configurations to have in place to lower the risk of unauthorized access to their network should someone compromise the security on the remote client machine. I think of: a) Remote clients have personal firewalls and no permissions to disable them. b) Determine the ip routing is not\cannnot be enabled on the remote client machine c) Antivirus\malware software on remote client d) Servers hosting critical data on enterprise network secured from remote access (network segmentation, Firewall, VLAN) e) Citrix\Terminal Server solution as means of remote access Any of these valid? Any additional measures that can be in place? THANK YOU!!

    DB:3.07:Risks Of Split Tunneling 9c


    I guess you have covered most of them, a personal firewall is bare minimum.

  • RELEVANCY SCORE 2.99

    DB:2.99:Specifying ≪Security-Principal-Map≫, How To ? c8



    I have developed an RA and have deployed successfully on WLS6.0. However, I am
    having problems invoking it from remote clients. I need to set it's security such
    that any client be able to use the resource. I understand it is somethign to do
    with the security-principal-map in weblogic-ra.xml. Can anyone tell me HOW?

    One more important(?) detail : My RA does not implement the security contract
    . I assume it is OK 'coz it is an optional contract.

    Regards,
    Shreesh.

    DB:2.99:Specifying ≪Security-Principal-Map≫, How To ? c8


    We support access of RAs only from webapp/ejb.

    prasen

    Shreesh Ponkshe wrote:

    I have developed an RA and have deployed successfully on WLS6.0. However, I am
    having problems invoking it from remote clients. I need to set it's security such
    that any client be able to use the resource. I understand it is somethign to do
    with the security-principal-map in weblogic-ra.xml. Can anyone tell me HOW?

    One more important(?) detail : My RA does not implement the security contract
    . I assume it is OK 'coz it is an optional contract.

    Regards,
    Shreesh.

  • RELEVANCY SCORE 2.87

    DB:2.87:Add Anotehr Subscriber ? Or Dod I Need To Rebuild Original Queue Table ms


    11.2 rdbms

    QUEUE to DBLINK PROPAGATION.

    I want to add another queue in remote side to read same messages from source.

    -------------------------------------- TARGETDB (QUEUE1)
    Source DB Message -------------------------------
    -------------------------------------- TARGETDB (QUEUE2)

    So any message thats enqueued in source is dequeued by both queues in destination ..... no impact on each other.

    any links ?

    Edited by: 957751 on Sep 7, 2012 12:52 PM

  • RELEVANCY SCORE 2.85

    DB:2.85:Rfarmor Shield Vs. Signal Propagation 9p



    By putting an RFarmor Shield kit on a Nanostation M can it change the antenna propagation pattern? Ubiquiti states the Nanostation M2 covers 55 degrees, if I put an RFarmor shield behind it, will it change the coverage pattern, I mean, reduce it the horizontal coverage?

    I'm making this question because I'm thinking of making one Nanostation Cluster using the shield kit from Rfarmor on each unit. I still don't know now many units I'm gonna use, since some people say depending on the distance I plan to cover, with 4 Nanostation M I can conver 360 degrees because in the real world they open more than 55 degrees. My doubt is, with the shield kit installed, is it gonna reduce the propagation pattern?

    And you guys might ask why I don't just put Rockets and basestations? Because here in Brazil it is kind of expensive and I'm searching for a solution where I can change a 10dbi Omni that is giving me headaches and I don't want to change all 40 clients I currently have, to 5GHz. I'm planning on putting 20 to 25 clients maximum on each nanostation.

    Thanks in advance for any help and advice!

    DB:2.85:Rfarmor Shield Vs. Signal Propagation 9p


    6 nanostations in a cluster.. be sure they are shielded and spaced apart as much as possible.

    i'd also be sure to use non overlapping channels.. use 10mhz, and arrange your channels so that the nanostations with the least isolation from their neighbors aren't on near by channels.

  • RELEVANCY SCORE 2.83

    DB:2.83:Troubles With Remote Control Audition aa


    A have enable remote access on SCCM clients in my network. But, for better security, i need audition for remote access on workstations from our help desk.If they use Admin console - no problem All access for users machines stored in database and viewed in reports, but if they manual launch rc.exe and connect to remote machine by ip address - no audit messages are generate.How can i resolve with problem?

    DB:2.83:Troubles With Remote Control Audition aa

    There is a client side log:RemoteControl.log. You could use software inventory-file collection to grab all of these files from clients, but depending on how many clients you have, that could be a lot of data/files.Jason | http://myitforum.com/cs2/blogs/jsandys

  • RELEVANCY SCORE 2.80

    DB:2.80:Propagation Policy Doesn't Work For Pool Ip Address xa


    Hello,

    We are using propagation policy to forward events from client BEM cell to our main Cell. Client cell is located at Client's Data Center. Main cell is located at our Data Center. This client is one of the banks so for security purposes, they have provided us pool Ip address. We have verified that telnet responds on port 1828 from Client cell to Main cell, however, ICMP does not respond.

    In this scenario, how we can propagate events from client cell to main cell.

    Thanks,
    Rahul

    DB:2.80:Propagation Policy Doesn't Work For Pool Ip Address xa


    Hi Rahul,

    As you said ICMP is blocked and you are able to telnet Main cell port from client cell server.

    you should not have have any problems propagating events to Main cell ,propagation should work.

    Make sure you make entry of Main cell in Mcell.dir of client cell.

    Thank You,

    Manish

  • RELEVANCY SCORE 2.78

    DB:2.78:Security Propagation Problem: Jboss 4.0.2 Vs 4.0.1sp1 3p



    Hello,I am in the process of upgrading from Jboss 4.0.1sp1 to Jboss 4.0.2 and it appears that the security identity propagation from the web to ejb container no longer works.I have a web application utilizing JAAS (form based authentication, DatabaseServerLoginModule), EJBs and Struts.Please note: I am use the same ear file in Jboss 4.0.1sp1 and Jboss 4.0.2.Jboss 4.0.1sp1-----------------------------1) User enters principalId and password on login page and submits (j_username and j_password posted to j_security_check)2) The web container succesfully authenticates the user3) A session bean is created
    PartyManagerHome.create()

    DB:2.78:Security Propagation Problem: Jboss 4.0.2 Vs 4.0.1sp1 3p


    soon_shin,Can you please provide the code for the application you have done.I am trying to achieve the same .(EJB+FormbasedAuthentication+Struts) .A lot of folks are looking for a sample applicationThanks a lot (Ahead).

  • RELEVANCY SCORE 2.75

    DB:2.75:Propagation Of Security Between Appplications And Servers m1


    It appears that WebLogic propagates security between applications and
    domains using a cookie. So as long as all applications use the same
    cookie id (JSESSIONID) then a single sign-on is enabled between
    applications.

    Is it correct this would apply to propagation between portal and
    non-portal applications in the same clustered environment?

    In a different vein, is there a way of propagating security
    information between different servers or different clusters?

    Say, for example, server1 (or cluster1) allows a user to sign-in and
    presents a page with a link to server2 (or cluster2). We would like to
    be able to propagate transparently the security information gathered
    at the sign-in on server1 to the application on server2.

    I'm assuming the cookie placed in the browser from server1 would not
    be passed to server2. Is there a way, programmatically or otherwise,
    to enable this to occur in a secure way?

    DB:2.75:Propagation Of Security Between Appplications And Servers m1

    It appears that WebLogic propagates security between applications and
    domains using a cookie. So as long as all applications use the same
    cookie id (JSESSIONID) then a single sign-on is enabled between
    applications.

    Is it correct this would apply to propagation between portal and
    non-portal applications in the same clustered environment?

    In a different vein, is there a way of propagating security
    information between different servers or different clusters?

    Say, for example, server1 (or cluster1) allows a user to sign-in and
    presents a page with a link to server2 (or cluster2). We would like to
    be able to propagate transparently the security information gathered
    at the sign-in on server1 to the application on server2.

    I'm assuming the cookie placed in the browser from server1 would not
    be passed to server2. Is there a way, programmatically or otherwise,
    to enable this to occur in a secure way?

  • RELEVANCY SCORE 2.74

    DB:2.74:Ormi + Jaas Subject Propagation Not Working 7x


    Hi,

    Has anyone managed to enable ormi subject propagation in oc4j? How can I make sure that subject propagation has been turned on (except for the fact that the option is in the startup command)?

    I'm having problems enabling subject propagation on OC4J 10.1.3.0.0.

    My setup:
    I have deployed 2 ear modules:
    - ear1: containing ejb module with secured EJB3 session beans. @RolesAllowed...
    jazn-data.xml specifying roles and users.
    - ear2: containing web module with a servlet. From this servlet, I'm trying to remotely lookup the ejb and invoke the protected methods.

    Invoking the servlet will prompt the user for the jaas credentials. I can see the bean is being looked up from the context, but I'm getting an error calling the protected methods:

    07/01/10 13:19:08 javax.ejb.EJBException: oc4jadmin is not allowed to call this EJB method, check your security settings (method-permission in ejb-jar
    .xml and security-role-mapping in orion-application.xml).; nested exception is: oracle.oc4j.rmi.OracleRemoteException: anonymous is not allowed to cal
    l this EJB method, check your security settings (method-permission in ejb-jar.xml and security-role-mapping in orion-application.xml).
    07/01/10 13:19:08 at com.evermind.server.rmi.RMICall.EXCEPTION_ORIGINATES_FROM_THE_REMOTE_SERVER(RMICall.java:110)
    07/01/10 13:19:08 at com.evermind.server.rmi.RMICall.throwRecordedException(RMICall.java:128)
    07/01/10 13:19:08 at com.evermind.server.rmi.RMIClientConnection.obtainRemoteMethodResponse(RMIClientConnection.java:472)
    07/01/10 13:19:08 at com.evermind.server.rmi.RMIClientConnection.invokeMethod(RMIClientConnection.java:416)
    07/01/10 13:19:08 at com.evermind.server.rmi.RemoteInvocationHandler.invoke(RemoteInvocationHandler.java:63)
    07/01/10 13:19:08 at com.evermind.server.rmi.RecoverableRemoteInvocationHandler.invoke(RecoverableRemoteInvocationHandler.java:28)
    07/01/10 13:19:08 at com.evermind.server.ejb.StatelessSessionRemoteInvocationHandler.invoke(StatelessSessionRemoteInvocationHandler.java:43)
    07/01/10 13:19:08 at __Proxy1.addAccountInfos(Unknown Source)

    The username that is not allowed to execute the method is not the username from the jaas realm, but it's the username that I used to create the remote context. Using subject propagation, I would presume this should be the jaas principals username???

    Other info:
    Server startup:
    Starting OC4J from c:\java\101300\j2ee\home ...
    Executing: C:\Program Files\java\jdk1.5.0_07\bin\java -Xms256m -Xmx512m -XX:PermSize=64m -XX:MaxPermSize=128m -Dsubject.propagation=true -jar "c:\java
    \101300\j2ee\home\oc4j.jar" -config "c:\java\101300\j2ee\home\config\server.xml"

    Initial context creation
    Hashtable env = new Hashtable();
    env.put(Context.INITIAL_CONTEXT_FACTORY,"com.evermind.server.rmi.RMIInitialContextFactory");
    env.put(Context.PROVIDER_URL, "ormi://localhost:23791/essai4-ct");
    env.put(Context.SECURITY_PRINCIPAL, "oc4jadmin");
    env.put(Context.SECURITY_CREDENTIALS, "welcome");
    Context ctx = new InitialContext(env);

    I've also enabled the jaas-mode="doAs", as indicated in the security guide in my orion-application.xml
    jazn provider="XML" location="./jazn-data.xml" default-realm="test.com" jaas-mode="doAs"/

    Note: if both my web- and ejb-module are in the same .ear and I'm not using the remote context (just plain new InitialContext()), all is working fine. Security exceptions correspond to the jaas roles, etc.

    Appreciate the help!

    Kind regards,
    Bert

    DB:2.74:Ormi + Jaas Subject Propagation Not Working 7x

    Hi,

    Has anyone managed to enable ormi subject propagation in oc4j? How can I make sure that subject propagation has been turned on (except for the fact that the option is in the startup command)?

    I'm having problems enabling subject propagation on OC4J 10.1.3.0.0.

    My setup:
    I have deployed 2 ear modules:
    - ear1: containing ejb module with secured EJB3 session beans. @RolesAllowed...
    jazn-data.xml specifying roles and users.
    - ear2: containing web module with a servlet. From this servlet, I'm trying to remotely lookup the ejb and invoke the protected methods.

    Invoking the servlet will prompt the user for the jaas credentials. I can see the bean is being looked up from the context, but I'm getting an error calling the protected methods:

    07/01/10 13:19:08 javax.ejb.EJBException: oc4jadmin is not allowed to call this EJB method, check your security settings (method-permission in ejb-jar
    .xml and security-role-mapping in orion-application.xml).; nested exception is: oracle.oc4j.rmi.OracleRemoteException: anonymous is not allowed to cal
    l this EJB method, check your security settings (method-permission in ejb-jar.xml and security-role-mapping in orion-application.xml).
    07/01/10 13:19:08 at com.evermind.server.rmi.RMICall.EXCEPTION_ORIGINATES_FROM_THE_REMOTE_SERVER(RMICall.java:110)
    07/01/10 13:19:08 at com.evermind.server.rmi.RMICall.throwRecordedException(RMICall.java:128)
    07/01/10 13:19:08 at com.evermind.server.rmi.RMIClientConnection.obtainRemoteMethodResponse(RMIClientConnection.java:472)
    07/01/10 13:19:08 at com.evermind.server.rmi.RMIClientConnection.invokeMethod(RMIClientConnection.java:416)
    07/01/10 13:19:08 at com.evermind.server.rmi.RemoteInvocationHandler.invoke(RemoteInvocationHandler.java:63)
    07/01/10 13:19:08 at com.evermind.server.rmi.RecoverableRemoteInvocationHandler.invoke(RecoverableRemoteInvocationHandler.java:28)
    07/01/10 13:19:08 at com.evermind.server.ejb.StatelessSessionRemoteInvocationHandler.invoke(StatelessSessionRemoteInvocationHandler.java:43)
    07/01/10 13:19:08 at __Proxy1.addAccountInfos(Unknown Source)

    The username that is not allowed to execute the method is not the username from the jaas realm, but it's the username that I used to create the remote context. Using subject propagation, I would presume this should be the jaas principals username???

    Other info:
    Server startup:
    Starting OC4J from c:\java\101300\j2ee\home ...
    Executing: C:\Program Files\java\jdk1.5.0_07\bin\java -Xms256m -Xmx512m -XX:PermSize=64m -XX:MaxPermSize=128m -Dsubject.propagation=true -jar "c:\java
    \101300\j2ee\home\oc4j.jar" -config "c:\java\101300\j2ee\home\config\server.xml"

    Initial context creation
    Hashtable env = new Hashtable();
    env.put(Context.INITIAL_CONTEXT_FACTORY,"com.evermind.server.rmi.RMIInitialContextFactory");
    env.put(Context.PROVIDER_URL, "ormi://localhost:23791/essai4-ct");
    env.put(Context.SECURITY_PRINCIPAL, "oc4jadmin");
    env.put(Context.SECURITY_CREDENTIALS, "welcome");
    Context ctx = new InitialContext(env);

    I've also enabled the jaas-mode="doAs", as indicated in the security guide in my orion-application.xml
    jazn provider="XML" location="./jazn-data.xml" default-realm="test.com" jaas-mode="doAs"/

    Note: if both my web- and ejb-module are in the same .ear and I'm not using the remote context (just plain new InitialContext()), all is working fine. Security exceptions correspond to the jaas roles, etc.

    Appreciate the help!

    Kind regards,
    Bert

  • RELEVANCY SCORE 2.70

    DB:2.70:Dequeue Message In Remote Database ds


    Hello,

    I have 2 Oracle 10.2 databases. I need to dequeue messages D1 from D2. Is there any way to do such a thing with a single-consumer queue? If not, is the propagation from D1 to D2 and then dequeue from D2 the fastest way to do the dequeue in D2?

    Thank you.

    DB:2.70:Dequeue Message In Remote Database ds

    hi
    this best refrence:

    askanantha.googlepages.com/Oracle_AQ-Example-MultiQueue.pdf

  • RELEVANCY SCORE 2.70

    DB:2.70:Ip Security Cameras 3k



    Anyone using WD MyCloud for storing video from a remote IP security camera?

    DB:2.70:Ip Security Cameras 3k


    Hello,

    I haven't heard of anyone doing that.




    Click the Kudos star to say thank you for helpful posts and be sure to come back and 'Accept as Solution' under options for the post that solved your issue.

  • RELEVANCY SCORE 2.69

    DB:2.69:Implement Custom Security For Ejb kp


    Hello,

    we have several EJB (Session) that can be accessed from both web and standalone(Swing) java clients. All remote ejb methods should be protected (require authentication/authorization). All the user info are stored in database and can be dynamically changed by system administrator.
    How can we implement custom security mechanism for EJB? May be we can implement JAAS LoginModule and further integrate it into EJB security model?

    DB:2.69:Implement Custom Security For Ejb kp

    Hello,

    we have several EJB (Session) that can be accessed from both web and standalone(Swing) java clients. All remote ejb methods should be protected (require authentication/authorization). All the user info are stored in database and can be dynamically changed by system administrator.
    How can we implement custom security mechanism for EJB? May be we can implement JAAS LoginModule and further integrate it into EJB security model?

  • RELEVANCY SCORE 2.69

    DB:2.69:Ip Changes Need Dns Propagation? 9z





    I moved a clients site from one IP address to another. Their ISP doesnt update their DNS but once every three days.

    Now, when you type in their URL from that ISP, you get my default site instead of theirs.

    The funny thing is, everything is on the same server. Can I do anything on my end, or do I need to wait for DNS to propagate to their ISP?

  • RELEVANCY SCORE 2.67

    DB:2.67:Allow Remote Vpn Clients To Access Other Networks ca



    Hi, I have an ASA 5520 8.2(3) and need some help with allowing my remote client-to-site-vpn clients to access resources directly connected to my ASA on seperate lower security interfaces (not the outside) besides just clients on my internal networks.  Someone mentioned to me configuring 'VPN on a stick' however from what I've read this seems to be only applicable when it comes to split-tunneling back out the outside interface (could be off on that).  Is this possible on other lower security interfaces as well, and if so what would a mock config that accomplishes that look like (acl's, nat, etc)?  Also, if I want internal users to be able to connect to these remote clients once they are active, are there any nat statements necessary (such as nonatting them) or are the vpn clients just seen as internal clients from the rest of the internal network's standpoint by default?

    Thank you,

    Jared Dufrene

    DB:2.67:Allow Remote Vpn Clients To Access Other Networks ca


    Hi Jared,

    This is a quick example:

    interface f0/0

         ip address 192.168.1.0 255.255.255.0

         nameif inside

         security-level 100

    !

    interface f0/1

         ip address 192.168.2.0 255.255.255.0

         nameif dmz

         security-level 50

    !

    interface f0/2

         ip address 192.168.3.0 255.255.255.0

         nameif wireless

         security-level 30

    !

    access-list nat_inside_0 permit ip 192.168.1.0 255.255.255.0 192.168.254.0 255.255.255.0

    access-list nat_dmz_0 permit ip 192.168.2.0 255.255.255.0 192.168.254.0 255.255.255.0

    access-list nat_wireless_0 permit ip 192.168.3.0 255.255.255.0 192.168.254.0 255.255.255.0

    nat (inside) 0 access-list nat_inside_0

    nat (dmz) 0 access-list nat_dmz_0

    nat (wireless) 0 nat_wireless_0

    access-list VPN_CLIENT_SPLIT permit 192.168.1.0 255.255.255.0

    access-list VPN_CLIENT_SPLIT permit 192.168.2.0 255.255.255.0

    access-list VPN_CLIENT_SPLIT permit 192.168.3.0 255.255.255.0

    ip local pool VPN_CLIENT_POOL 192.168.254.1-192.168.254.254

    group-policy VPN_RA internal

    group-policy VPN_RA attributes

         split-tunnel-network-list VPN_CLIENT_SPLIT

         split-tunnel-policy tunnelspecified

    !

    tunnel-group VPN_RA type remote-access

    tunnel-group VPN_RA general-attributes

         default-group-policy VPN_RA

    This is a simple example of what you need in order to access other interfaces:

    1- Add the specific network to the split ACL.

    2- Add the NAT rules.

    The complete configuration is here:

    Configuring Remote Access VPNs

    HTH.

    Portu.

    Please rate any helpful posts.

    Message was edited by: Javier Portuguez

    Jared and Eric found an error in the group-policy settings, I just added the correct entry "split-tunnel-network-list VPN_CLIENT_SPLIT "

  • RELEVANCY SCORE 2.67

    DB:2.67:W32_Sqlexp_Worm_Propagation ma


    In that last 3 days, I've been bombarded with 2 different types of attacks from all over (including Beijing). One is the W32_SQLEXP_Worm_Propagation, the other is the Nimda_Propagation. At least Norton Internet Security is catching the attacks, but what happened that on the Comcast Network to let it get that far?

    DB:2.67:W32_Sqlexp_Worm_Propagation ma

    Forward the firwall info to abuse@comcast.net so they can notify the isp. Lucky your firewall stopped it.

  • RELEVANCY SCORE 2.66

    DB:2.66:Security Context Cross Propagation Across Nonclustered Weblogic Instances 31


    Scenario: startup class deployed on weblogic 6.1 instance 1, creates an
    initial context for the local JNDI tree with Context.SECURITY_PRINCIPAL and
    Context.SECURITY_CREDENTIALS specified. It then gets the home and remote
    interfaces for an stateless session EJB on weblogic instance 1, and calls a
    method on the remote interface. If that EJB wishes to invoke a method on
    another stateless session bean on weblogic 6.1 instance 2(not clustered with
    1), does creation of the second initial context need to set the
    Context.SECURITY_PRINCIPAL and Context.SECURITY_CREDENTIALS explicitly?

    I'm curious if principal and credentials are not specified, if guest or the
    current user is the identity on server 2.

    I was planning on setting the Context.INITIAL_CONTEXT_FACTORY and
    Context.PROVIDER_URL in the properties object passed to the second initial
    context constructor. If I need to pass the principal and credentials, I
    believe I can grab the principal from the EJBContext object, but is there a
    way to request the credential or otherwise forward it along to the next
    context?

    Any issues with both servers accessing the same oracle schema for RDMSRealm
    implementation if only one of those servers is a mutator of the underlying
    data?

    Any help would be appreciated.

    Thanks!

    DB:2.66:Security Context Cross Propagation Across Nonclustered Weblogic Instances 31

    Scenario: startup class deployed on weblogic 6.1 instance 1, creates an
    initial context for the local JNDI tree with Context.SECURITY_PRINCIPAL and
    Context.SECURITY_CREDENTIALS specified. It then gets the home and remote
    interfaces for an stateless session EJB on weblogic instance 1, and calls a
    method on the remote interface. If that EJB wishes to invoke a method on
    another stateless session bean on weblogic 6.1 instance 2(not clustered with
    1), does creation of the second initial context need to set the
    Context.SECURITY_PRINCIPAL and Context.SECURITY_CREDENTIALS explicitly?

    I'm curious if principal and credentials are not specified, if guest or the
    current user is the identity on server 2.

    I was planning on setting the Context.INITIAL_CONTEXT_FACTORY and
    Context.PROVIDER_URL in the properties object passed to the second initial
    context constructor. If I need to pass the principal and credentials, I
    believe I can grab the principal from the EJBContext object, but is there a
    way to request the credential or otherwise forward it along to the next
    context?

    Any issues with both servers accessing the same oracle schema for RDMSRealm
    implementation if only one of those servers is a mutator of the underlying
    data?

    Any help would be appreciated.

    Thanks!

  • RELEVANCY SCORE 2.66

    DB:2.66:Rv042 - Quick Vpn Can Not Access Or Ping Remote Network kk



    I have an RV042 router configured to use Quick VPN by creating the clients on the router. The router has a Verizon gateway in bridge mode providing the internet access. I can connect using the Quick VPN but I can not access any of the computers on the remote network. I can not ping any of the remote PCs, with static or dynamic IPs. I can ping my local computer from a remote computer when I am connected via the Quick VPN, by using logmein on another local PC. The remote network has a static IP on it. The remote network has an IP range of 192.168.168.x.  My local IP is 192.168.1.x. I have tried turning off all firewalls, internet security, etc. Any help would be appreciated. Thanks.   

    DB:2.66:Rv042 - Quick Vpn Can Not Access Or Ping Remote Network kk


    Today I reset the router to factory settings, put in our static public IP address, setup a VPN client and acccepted the new private IP address of 10.x.x.x. I tried connecting to the VPN connection at home using the Quick VPN software, I got a mesage "Server's certificate doesn't exist on your local computer. Do you want to quit this connection". Which I expected since I have not put the certiciate file on this computer. I replied no and it connected. I tried to ping the VPN server and that worked ok. I tried to ping a computer on the network with a static ip. That did not work. I tried pinging to a printer with a static IP, still no good. My IP address on my home network is 192.168.1.46. I am using the Quick VPN client version 1.4.1.2.

  • RELEVANCY SCORE 2.65

    DB:2.65:Ipx Tunnels xd



    I recently had to create IPX tunnels to connect five sites that still run Novell. Our network is Gigabit Fiber with Cisco 3550 switches at the remote sites and a 6509 at the central location. At the Novell sites I left the Cisco 1602 routers that existed with our previous frame-relay network in place and created an IPX tunnel from the 1602 routers to the 3662 router at the central location. The 3662 is also left over from the frame relay network. I am seeing the IPX routes when I look at each router. Even though I have ipx type 20 propagation enabled on all interfaces, I am unable to access any of the Novell servers. I also do not see any type 20 entries when I do a "show ipx servers" command. Should I? We are currently phasing out Novell, so this is only a temporary solution. The clients are logging in fine from the remote sites. The servers are just not browsable. Any help would be appreciated.

    DB:2.65:Ipx Tunnels xd


    Bill

    Thanks for posting the additional information. I think it has helped me understand the situation better. But I will admit that probably the most helpful thing was your repeating the question you asked earlier about should you be seeing type 20 entries. What we see in the output of show ipx servers are the SAP types. I think we confused the purpose of type-20-propagation. This is not a SAP type but an IPX packet type. So no you should not be seeing type 20 entries in the table of show ipx servers.

    The IPX type 20 packet was to support NetBIOS over IPX. The type 20 packet was a broadcast packet and routers by default do not forward broadcasts. So the type-20-propagation was to enable forwarding of these broadcast packets (it is very similar to the function of the ip helper-address command which is to forward some particular IP broadcasts).

    I believe that the servers are generating their NetBIOS packets as IPX packets. And I suspect that they are being forwarded to your network. But I bet that your PCs are configured for NetBIOS over TCP rather than over IPX. This would explain why clients are able to log into the servers with no problem (because they are being properly advertised in IPX) but the servers are not browseable (because you are not configured to recognize their advertisement).

    HTH

    Rick

  • RELEVANCY SCORE 2.65

    DB:2.65:Trouble With Propagation From 8i-Database To 9i-Database 11


    I have created on our database (8.1.6.0.0) on Linux 7.0 Kernel 2.2.16
    several advanced queues with propagations to remote database-instances.
    All propagations work fine, except the one with an propgation to an
    9i-Database. Each time the propagation starts, it reports an error in
    DBA_QUE_SCHEDULES:

    ORA-24054: cannot propagate to an Oracle 8.0.3 release or lower release

    The compatible-Parameter of the Remote-Database is 9.0.0

    If have no idea what to do to solve this problem.

    I hope somone can help me

    Thanks in advance

    Hans

    DB:2.65:Trouble With Propagation From 8i-Database To 9i-Database 11

    Hello,

    If you check Note:15470.1 on Metalink you will see that you are hitting
    Bug:1657186. This is fixed in 8.1.7.2 and above. There is no workaround
    and no fix was generated for 8.1.6.

    Thanks

    Peter

  • RELEVANCY SCORE 2.65

    DB:2.65:Propagation Problem 8s


    I'm having trouble getting propagation to work between databases. I've set up two subscribers to a queue, one is a local queue, the other a remote queue, and while propagation works locally, the meessages that should be delivered to the remote queue are marked UNDELIVERED. I've tested the database link and that works. Both local and remote queues should be identical. There are 10 job queue processes configured. All the admin I've done is via enterprise manager. I'm fairly obviously doing something wrong, but I'd be much obliged if someone could suggest what.

    TIA,

    Nigel Purdy

    DB:2.65:Propagation Problem 8s

    Thanks for that. I think I had my permissions set up correctly (probably by accident). I found that the remote queue did not have any subscribers, so the enqueue initiated by the propagation failed.

  • RELEVANCY SCORE 2.65

    DB:2.65:Can I Disable The Certificate Propagation Service pz


    I bought a Smart Card reader. Its instruction manual directs the user to "disable the 'Certificate Propagation' service from Service.msc in order for the card reader to function properly under Windows 7."

    Should I do that?

    DB:2.65:Can I Disable The Certificate Propagation Service pz

    Someone elsewhere instructed me to read this Technet article:

    http://technet.microsoft.com/en-us/library/ff404288(WS.10).aspx

    which points out that the scope of "Certificate Propagation" service is only confined to a Smart Card, not something system-wide. So I, now without fear, went to disable that service. Now my card reader works fine.

  • RELEVANCY SCORE 2.65

    DB:2.65:Soa-Direct Binding Vs Http ak


    Hi all,

    Are we going to get any advanatges if i invoke the OSB process from BPEL using direct binding other than security or transaction propagation ?

    will it improve performance ? If i dont use security or transaction propagation can i make ordinary HTTP call without SOA-DIRECT ?

    Thanks
    Phani

    DB:2.65:Soa-Direct Binding Vs Http ak

    It uses RMI, see http://download.oracle.com/docs/cd/E14571_01/doc.1111/e15866/soa.htm

  • RELEVANCY SCORE 2.64

    DB:2.64:Using The Portal Propagation Tools (Weblogic Portal 9.2) Across Environment 7z


    Requirement :Using the Portal Propagation Tools (Weblogic Portal 9.2)need to propagate the portal components and remote portlets from one environment(Testing) to another environment (Production).

    Problem : Portal Components (Desktop ,Books ,Pages and Portlets)are being propagated from one environment to another .But remote portlets are not being propagated .BEA has clear documentation that for WSRP remote portlet propagation ,the consumer applications of source and destination environments should point to the same producer which is not possible with our current production configuration .

    But in weblogic 10.2 or above versions it is possible to have a separate producer for the source and destination consumer applications .

    Just want to know if there is alternate way of propagating remote portlets using propagation tools of weblogic portal 9.2 or a confirmation that it is not possible

    to propagate remote portlets with restricted configuration that the consumer applications of source and destination environments should point to the same producer .

    DB:2.64:Using The Portal Propagation Tools (Weblogic Portal 9.2) Across Environment 7z

    Hello,

    unfortunately, propagating portlets to different producers is not possible with WLP 9.2. As you have already mentioned, it is supported in WLP 10.2, so if upgrading is a possibility it would solve your use-case.

    Kevin

  • RELEVANCY SCORE 2.64

    DB:2.64:One Way Vpn With Fvs336g ca


    I've got a few permanent Gateway VPNs set up between client offices and my home office. I've enabled NETBios so I can easly support remote client's workstations and servers. The problem is they can (if they're smart) see my network. Now I trust most of the small non-profit clients that I've enabled these VPNs too, but I don't like the visibility of my network from their end. I know there are also additional risks, but I fully manage the security of these networks and trust that there is little chance of viruses or other threats spreading across the VPN from infected remote devices.

    Still, what can I do to at least minimize my network's visibility and all the devices on it to these remote clients? I would like to be able to connect via netbios names to any client I chose on the remote networks, but prevent the same in reverse.

    DB:2.64:One Way Vpn With Fvs336g ca

    I forgot to answer.. I think KwheelerAZ answered

    Look Layer 3 switches

  • RELEVANCY SCORE 2.64

    DB:2.64:Remote Access To Java:Comp/Env/Security 3z



    I use an external Tomcat instance (because this eases development of the web tier alot) to call into ejb's in jboss. authentication within tomcat has to be done with the JBossSecurityMgrRealm, but this needs access to the jboss security context (under java:comp/env/security); but java:comp is not visible for remote clients ("NameNotFoundException: comp not bound");i found the following post from scott stark from 2001:"The default bundled JBossSecurityMgrRealm integrates based on a special JNDI context(java:comp/env/security). This could be remote enabled so that an external Tomcat instance could use the JBossSecurityMgrRealm..."but HOW can i 'remote enable' this entry?thanks in advance for any help, uwe.

    DB:2.64:Remote Access To Java:Comp/Env/Security 3z


    I use an external Tomcat instance (because this eases development of the web tier alot) to call into ejb's in jboss. authentication within tomcat has to be done with the JBossSecurityMgrRealm, but this needs access to the jboss security context (under java:comp/env/security); but java:comp is not visible for remote clients ("NameNotFoundException: comp not bound");i found the following post from scott stark from 2001:"The default bundled JBossSecurityMgrRealm integrates based on a special JNDI context(java:comp/env/security). This could be remote enabled so that an external Tomcat instance could use the JBossSecurityMgrRealm..."but HOW can i 'remote enable' this entry?thanks in advance for any help, uwe.

  • RELEVANCY SCORE 2.64

    DB:2.64:Saml And Caller Principal Propagation j8



    Hi all,

    One question regarding the planned implementation of the JBoss identity.SAML is usually used for securing the web services. Is it intended to propagate the SAML token alone with the further calls from WS e.g. to EJBs?

    Is it also planned to propagate SAML token to remote EJBs?

    Thanks.

    DB:2.64:Saml And Caller Principal Propagation j8


    Anil Saldhana a crit:

    Token propagation between a client and the STS happens over soap. But the client can propagate the token to anything in any transport it desires. The latter is yet to be implemented.

    is token propagation over JBoss Remoting included in as 7.1.1.Final now ?

  • RELEVANCY SCORE 2.63

    DB:2.63:Principal Propagation - No Checkbox In Sender/Receiver Agreement cs



    My SAP XI version is NW04s SP11 (upgraded from sp09). I activated Principal Propagation in RSXMB_CONFIG_PP (it's status is green) and made the settings according this blog:/people/alexander.bundschuh/blog/2007/01/16/principal-propagation-in-sap-xi , but there is no Principal Propagation checkbox in Sender/Receiver agreement of Integration Directory.

    Can anybody help me?

    SAPXIAF11P_1-10003482.SCA and SAPXIAFC11P_5-10003481.SCA were deployed, ABAP kernel patch level is 95.

    DB:2.63:Principal Propagation - No Checkbox In Sender/Receiver Agreement cs


    No, I didn't. Now, when i've imported it, the checkbox appears. Thanks a lot!

  • RELEVANCY SCORE 2.63

    DB:2.63:Re: Moving Consumer And Producer To Testing Environment. xf


    Hi Kevin

    Can I conculde that,

    * If seemless propagation is needed only possible way is upgrading to wlp 10.1..
    * To live with WLP 9.2 avoid propagation, create the desktop and consume the remote portlets from the scratch in the admin console. And for any further modification use the admin-console.

    thanks
    rajesh

    DB:2.63:Re: Moving Consumer And Producer To Testing Environment. xf

    Hello Rajesh,

    There is no bug or CR for this issue with WLP 9.2-- it is a known limitation. WLP 9.2 doesn't support WSRP 2.0 (which didn't exist when WLP 9.2 came out) and WSRP 2.0's exportPortlet / importPortlet operation is what was required to solve this propagation problem.

    WLP 10.0 and higher versions all have full support for doing exactly what you want to do through the propagation tool, as they all support the WSRP 2.0 exportPortlet and importPortlet operations.

    The documentation you referenced is probably the only documentation out there regarding this shortcoming of WLP 9.2.

    Kevin

  • RELEVANCY SCORE 2.62

    DB:2.62:Need A Vpn Design am



    i need to design a site-to-site VPN and VPN for remote users. I have attach a drawing, need to know if this is good setup. Mostly my concern is security.

    Im using ASA5520 for edge firewall and Linux firewalls are for additional security.I have to create 5 site-to-site VPN using IPSEC and 5 remote VPN clients. Site-to-site VPN are for trusted Office and remote VPN clients are only for our staff use.

    From the diagram ASA5520 is configured as followed

    outside interface is set to security 0 and connected to boder router to internet

    inside interface is set to security 100 which is connected to a linux firewall which then goes to our internal lan.

    DMZ interface is set to security 50 which is connected to DMZ segment

    I decided to use the 4th interface for all VPNs which is set to security 100, and for this 4th interface i have created two sub interfaces vlan 400 (for site-tosite VPN) and vlan 500 (for remote access VPN). I did this because i have to use two separate linux firewall box.

    Linux firewall box for Site to Site VPN is configured with NAT but Linux firewall box for remote access VPN users are configured without NAT.

    I also want to know do i need to create a CA server or can i use pre-shared key with XAuth for remote access VPN users?

    DB:2.62:Need A Vpn Design am


    Hi,

    I'm assuming that all your VPN tunnels are being terminated on the ASA?

    If so I suggest that you simplify your network. Reduce the number of Linux firewalls down from three to one.

    You can have a firewall sandwich design, ie an outer firewall which is your ASA and then an internal firewall which is one of the Linux boxes.

    Personally I don't really see the need for separate firewalls for the different types of VPN traffic.

    If you run Active Directory in your company and you are using a Cisco VPN client then you can also authenticate your remote servers against your domain controller.

    Please remember to rate all posts that are helpful.

  • RELEVANCY SCORE 2.61

    DB:2.61:Caller Identity Propagation In 9.0.3 k3


    Hi,

    In Oracle 9iAS Security Guide document:
    http://otn.oracle.com/tech/java/oc4j/904/doc_library/security-904-preview.pdf

    It specifically mentions that caller identity propagation is supported between J2EE containers using CSIv2.

    Is identity propagation between J2EE containers supported in any form in Oracle 9iAS 9.0.3?

    Regards,
    Len Takeuchi

    DB:2.61:Caller Identity Propagation In 9.0.3 k3

    Len,

    I am also interested in propagating caller identify to the EJB container. Shawn Clark posted another forum entry on this subject:
    Passing Credentials from Servlet to EJB
    As well as an anonymous user:
    InitialContext and caller identity

    I completed a quick search of relevant Oracle Documentation (9.0.2, 9.0.3, and 9.0.4 beta) and could only find your reference in 9.0.4 beta docs and Shawn's reference at:
    http://download-west.oracle.com/docs/cd/A97329_01/web.902/a95880/security.htm#1042116

    Currently it seams that you need to specify/send the username/password credentials in the initial context when the WEB container creates an EJB Home object via JNDI. You then store this user specific EJB handle in the Web Container user-session-context. There are two problems with this approach:
    1) How in the heck do you get the username/password from the web container to create the appropriate user-specific initial context (Shawn's post has a solution)
    2) The web container user-session has a handle to a user-specific stateless session bean. If the EJB container is not that smart, it defeats the purpose of the stateless session bean.

    I see now way to conveniently use the method-permission EJB-JAR.XML tags nor use the EJB isCallerInRole() function when authenticating in a Web Container and calling an EJB container.

    Our application uses the Business Delegate / Session Facade pattern. At this point in time we store the Session Facade EJB handle in each users web-session-context, but the handle is not user-specific. The app is implemented in a 9.0.3 standalone server within the same instance and EAR file. As a defensive programming measure we have isolated the code that creates the Session Faade EJB handle so, if need be, we could easily implement user-specific credentials in the JNDI initial context or change the code to use CSIv2. Our user count is currently very small, but will expand shortly.

    We hope that Oracle 9.0.4/10g will smartly implement a version of CSIv2 so that user credentials can be passed to stateless session beans without the need to store user-specific EJB handles or create an initial context from clear-text passwords for every EJB call.

    To the OC4J Team, it sure would be nice if the 9.0.4 EJB Security Document, Chapter 12 provided guidance and code examples of passing credentials between Web Containers and EJB Containers under various scenarios (i.e. local homes, within the same EAR, within the same instance, clusters, a pointer to chapter 14). It would also warm my heart to have a quick note included on how passing credentials may affect the number/resources of stateless session beans in the EJB container.

    Todd

  • RELEVANCY SCORE 2.61

    DB:2.61:Cant Ping Remote Sr 520 Router, Zone Based Security 8x



    Hi,

    I have an SR 520 router located at my remote site with public IP xx.8.140.226, and private IP 192.168.3.1.

    The central office is at public IP xx.60.101.154, and has a 10.1.1.0 scheme. I have a site to site VPN tunnel between the central and remote sites.

    It seems to work fine, but I can't ping the remote site from the central site. In other words, I can't ping 192.168.3.1, the SR520's inside address, from the central site. The SR 520's public address (xx.8.140.226) also cannot be pinged from the internet.

    From the remote site, I can ping to the central site fine. I must be using zone based security incorrectly in the attached remote site config? What do I need to do to make the remote site pingable, and preferably the clients behind the remote site SR520 pingable from the central site. Can someone help? It would be much appreciated.

    DB:2.61:Cant Ping Remote Sr 520 Router, Zone Based Security 8x


    Anyone have any idea if I apply "match default-inspection-traffic" to class map "allow-ping-in", will I be able to operate on clients behind this firewall, as in use VNC on them, access a database I have over there?

  • RELEVANCY SCORE 2.60

    DB:2.60:Rmi Security cf


    Hi,

    I want to restrict access to my RMI server, so only clients
    from specific IPs can get a remote reference to my remote objects.
    How can I implement it?

    Thanks,
    Moshe

    DB:2.60:Rmi Security cf

    Hi
    You can specify that in your policy file.

    /Fredrik

  • RELEVANCY SCORE 2.59

    DB:2.59:Corba Clients≪-≫ Ejbs In Wls zp


    This is the situation we have:
    1) We must support both C++ and Java clients that will be requesting
    services from our EJBs running in WLS. The clients are internal apps running
    in different companies and we would prefer to avoid requiring our clients to
    use an ORB by a specific vendor. At the same time we do not want to deal
    with potential problems related to the implementation differences by
    different ORB vendors. What would be the best way to handle this situation?

    2) WLS documentation has the following paragraph:
    "WebLogic RMI over IIOP is the framework for EJB-to-CORBA mapping support.
    Currently, however, a standard for passing user identity -- required to
    implement EJB-to-CORBA mapping -- does not exist and the requirement for
    transaction propagation from the client is in question. While RMI over IIOP
    does allow CORBA clients to access EJBeans, the following services will not
    be available:
    EJB transaction services
    EJB security services"

    Does this mean that:
    2.1) CORBA client initiated transactions will not be supported,
    everything will work
    2.2) None of the EJB security services will be available in EJB method
    called by a CORBA client (i.e. getCallerPrincipal() and isCallerInRole()
    will fail)

    Thanks in advance

    DB:2.59:Corba Clients≪-≫ Ejbs In Wls zp

    Could you elaborate on why the identity of a CORBA client cannot be
    established without SSL? There is at least one app server where it can be
    done. TIA

    "Eduardo Ceballos" ec@weblogic.com wrote in message
    news:39870FB4.2AFBD282@weblogic.com...

    You definitely have this wrong in part. What you can do is disallow"guest" access to your bean. You can not establish the identity of the
    CORBA client without SSL. (We are not allowed to comment on when any new
    feature will become available, but you can reasonably infer that I would
    not comment on
    a feature if we were not in a position to respond with such a feature.)

  • RELEVANCY SCORE 2.59

    DB:2.59:Accessing A Remote Ejb From A Custom Loginmodule zz



    Hi. I created a custom LoginModule and I need to call a remote service from it to do some security validations. The problem is that, like other EJB clients, I published the EJB remote interface to the jar where my LoginModule is packaged (using Maven assembly plugin). The lookup on the LoginModule works fine, but I get a ClassCastException when calling PortableRemoteObject.narrow(ref, clazz).I tested the same source code that does the lookup from a simple Java client and worked fine. The service is running ok too. Am I missing something?Thanks for your time.Fbio.

    DB:2.59:Accessing A Remote Ejb From A Custom Loginmodule zz


    Hi. I created a custom LoginModule and I need to call a remote service from it to do some security validations. The problem is that, like other EJB clients, I published the EJB remote interface to the jar where my LoginModule is packaged (using Maven assembly plugin). The lookup on the LoginModule works fine, but I get a ClassCastException when calling PortableRemoteObject.narrow(ref, clazz).I tested the same source code that does the lookup from a simple Java client and worked fine. The service is running ok too. Am I missing something?Thanks for your time.Fbio.

  • RELEVANCY SCORE 2.59

    DB:2.59:Windows Xp Embedded V1.0 Ipsec Problems p7


    When I put Remote access in Connection Type in my Rule Properties, my policy for all IP traffic on (Require Security mode) permit access from not authenticated clients.
    When I put Local area network this work fine, requiring authentication in the same local area.

    DB:2.59:Windows Xp Embedded V1.0 Ipsec Problems p7

    Hi,I am going through old posts that do not have a reply to find out if the issue has been resolved, orif it is still applicable?Lynda

  • RELEVANCY SCORE 2.59

    DB:2.59:Propagation To Local And Remote 7d



    when i add a new method in my stateless sessionEJB but I am not able to propagate to local and remote interfaces, nothing is happening.

    I still able to remove the other method from local and remote interfaces, I am able to remove from those interfaces,

    Any Idea/ suggestion!

    DB:2.59:Propagation To Local And Remote 7d


    when i add a new method in my stateless sessionEJB but I am not able to propagate to local and remote interfaces, nothing is happening.

    I still able to remove the other method from local and remote interfaces, I am able to remove from those interfaces,

    Any Idea/ suggestion!

  • RELEVANCY SCORE 2.58

    DB:2.58:Propagation Is Not Changing Msg_State To Processed - Is This An Issue? cx


    Hi -

    I'm trying to get queue-to-queue propagation set up and I have it "working" within the same database. However, once messages are propagated to the destination queue they are staying in the source queue with a msg_state of READY.

    The documentation states that "A message is marked as processed in the source queue immediately after the message has been propagated, even if the consumer has not dequeued the message at the remote queue."

    I'm wondering if I have incorrectly configured the queues, default subscriber or the propagation schedule. I'm also wondering if this is a happenstance of using a multi-consumer queue? I tried specifying a specific recipient during enqueue and the propagation did not work.

    The current version of our database is as such -

    SQL select * from v$version;

    BANNER
    --------------------------------------------------------------------------------

    Oracle Database 11g Enterprise Edition Release 11.1.0.7.0 - 64bit Production
    PL/SQL Release 11.1.0.7.0 - Production
    CORE 11.1.0.7.0 Production
    TNS for Linux: Version 11.1.0.7.0 - Production
    NLSRTL Version 11.1.0.7.0 - Production

    Thanks for any help that anybody can provide.

    rb

    Edited by: user13008920 on Apr 19, 2010 11:36 AM

    DB:2.58:Propagation Is Not Changing Msg_State To Processed - Is This An Issue? cx

    Hi

    Yes sorry only just seen your previous update...I think you are hitting a bug, I've seen a few things on Metalink about this.

    You could either try upgrading to the latest 10.2.0.4 patchset (psu 4) or use your workaround.

    Thanks
    Paul

  • RELEVANCY SCORE 2.58

    DB:2.58:Enabled Propagation Does Not Work 93


    Hi Experts,

    I set up Stream replication successfully on 11.2.0.2.0 (one way, some tables, dml and ddl, no custom rules). Everything worked fine until target database gets restarted.
    Now replication does not work but Capture, Propagation and Apply are enabled.

    Propagation shows errors in dba_propagation:

    ORA-01089: immediate shutdown in progress - no operations are permitted
    ORA-01089: immediate shutdown in progress - no operations are permitted
    ORA-02063: preceding line from TARGET_DB

    I tried restart of propagation by dbms_propagation.start/stop_propagation, dbms_aqadm.enable/disable_propagation_schedule and dbms_aqadm.unschedule/schedule_propagation. No effect.
    Any hints by the community?

    BTW what is expected behavior of Propagation if target DB bounces?

    Thanks
    Michael

    DB:2.58:Enabled Propagation Does Not Work 93

    Check database links, test them they must be valid and tnsnames.ora file for tns names.

  • RELEVANCY SCORE 2.58

    DB:2.58:Remote Desktop Services Rdp 6.0 a3


    We installed Remote Desktop Services on Server 2012 Standard
    We have HP t5710 Thin Clients with XP Embedded version 2002 Service Pack 2
    The Thin Client uses RDP version 6.0 build 6000
    We cannot update RDP on the Thin Clients to 6.1, no updates available from HP
    We tried to install RDP 6.1 on the Thin Clients, but it says you need Embedded standard 2009.
    Clients with RDP 6.1 or higher cansuccessfully connect to the Remote Desktop 2012 server.
    On the thin clients we get the following error when they connect:
    because of a security error, the client could not connect to the remote computer
    It looks like RDP 6.0 isn't supported on Server 2012?
    We already disabled Network Level Authentication in the Session Collection on the 2012 server.

    Is there a way to connect our Thin Clients to Server 2012 with RDP?

    DB:2.58:Remote Desktop Services Rdp 6.0 a3

    Thank you for sharing your experience and solution.

  • RELEVANCY SCORE 2.57

    DB:2.57:Security Suggestions For Aironet 1130ag In Remote Office 1s



    I've been tasked with implementing a pair of Aironet 1130AG's in a remote office. The requirements are:

    1) The two AP's are roots.

    2) There will be two SSID's, one for internal use, one for guests (seperate VLAN).

    3) All security services must come from the AP's. There are no systems acting as security servers on the site.

    4) All the clients are XP PC's running native wireless (no Cisco clients).

    5) There are only about 20 regular clients.

    What would be the suggested security implementation for this configuration?

    Thanks.

    DB:2.57:Security Suggestions For Aironet 1130ag In Remote Office 1s


    Greetings!

    Create 2 VLANs on an AP (one for Internal and other for guest internet Access)

    Set WPA-PSK on internal network VLAN.

    Broadcast guest VLAN with no security or if you want put a simple WEP key.

    WPA-PSK is a most secure method for such deplyment.

    Security FAQ:

    http://www.cisco.com/en/US/tech/tk722/tk809/technologies_q_and_a_item09186a00805e8297.shtml

    Thanks for your time!

    -Jai

  • RELEVANCY SCORE 2.57

    DB:2.57:Propagation Is Too Slow dk


    I preapared replication between two databases 11g release 1. Everything works fine but propagation is too slow. Propagation of a single row takes from 2 to 40 seconds. Why there are such differences?

    I tried few different values for job_queue_interval = 1, 5, job_queue_processes=5, 10, 20, 1000, latency in propagation scheduler =3, 1, 0, but there was no result.

    Databases are not laden.

    Thanks for any sugestions

    DB:2.57:Propagation Is Too Slow dk

    When I commit transaction data appear in source queue almost immediately so I think that capture works fine. I have to wait on data in destination queue from 2 to 40 seconds. When data appear in dest queue Apply process inserts them into table immediately.

    Regards.

  • RELEVANCY SCORE 2.57

    DB:2.57:Propagation ds


    propagation

  • RELEVANCY SCORE 2.57

    DB:2.57:Security Context Propagation On The Server Side xz



    We want to propagate security context from client (Servlet) -- EJB methods --
    EJBHelperClasses (BusinessObject) -- SQLHelperClasses etc., after authentication.

    We don't want to pass this securityContext as an argument from one method to other
    method. Even with JAAS, once we get the security context from EJBContext.. from
    then on we have to pass the security context from method to other method thru
    argument (e.g., EJB method to the EJBHelperclasses). Is there a way to get the
    security Context from the associated java thread? meaning in Gemstone, we can
    associate the security context of the user to the under lying java thread and
    get the security context at any time with in the thread with the single method
    calling something like getThreadOwner() which would return Principal of that user...
    that way we don't have to pass security context explicitly thru method arguments
    from one method to other method.

    Thanks

    DB:2.57:Security Context Propagation On The Server Side xz


    We want to propagate security context from client (Servlet) -- EJB methods --
    EJBHelperClasses (BusinessObject) -- SQLHelperClasses etc., after authentication.

    We don't want to pass this securityContext as an argument from one method to other
    method. Even with JAAS, once we get the security context from EJBContext.. from
    then on we have to pass the security context from method to other method thru
    argument (e.g., EJB method to the EJBHelperclasses). Is there a way to get the
    security Context from the associated java thread? meaning in Gemstone, we can
    associate the security context of the user to the under lying java thread and
    get the security context at any time with in the thread with the single method
    calling something like getThreadOwner() which would return Principal of that user...
    that way we don't have to pass security context explicitly thru method arguments
    from one method to other method.

    Thanks

  • RELEVANCY SCORE 2.57

    DB:2.57:Principal Propagation With Remote Ejb Calls 1c



    Hi,I have setup CallerIdentityModule as described in this post [url]http://wiki.jboss.org/wiki/ConfigJCALoginModule, if I issue a remote call from an authentified EJB(residing in EAR1) how should the propagation work?I tried adding jboss-app fragment below to the other EAR (EAR2) hosting the target EJB:

    jboss-app
    security-domainjava:/jaas/RDMRealm/security-domain
    /jboss-app

    DB:2.57:Principal Propagation With Remote Ejb Calls 1c


    As long as you set up the login-context.xml and jboss-app.xml with the security information, calls between ejb's in different EAR's should be no different. You should the user_credentials passwords in the Property object use that while looking up the jndi. Should work.

  • RELEVANCY SCORE 2.56

    DB:2.56:Vpn Connection Oddity zf



    I am running a PIX515E, OS 6.3(4) UR at our central office and have multiple PIX501s in our field offices running 6.3(4).

    Each remote site has a VPN Tunnel to the central site.

    The configuration for each remote PIX is the same other than WAN/LAN IP Addressing, hostname, and PSK.

    The VPN Tunnels are established quite quickly and rarely give me any problems.

    At the central site, we have 6 VLANs that need to be accessible to the remote clients, and of course, support personnel at the central site need to be able to access the machines on the remote networks.

    The oddity that I'm running into is that if I reboot a remote device and/or clear the security associations, support personnel at the central site don't seem to be able to initiate communications to the remote site.

    If a computer at the remote site pings a host on the network that the support personnels' workstations are on, afterwards the support personnel can contact the remote clients on demand.

    What I need to enable is that the support personnel can initiate communications from the central site to the remote sites at any time without needing a client machine at the remote site to establish a connection to the central site first.

    Has anyone seen this type of behavior before and can it be fixed?

    Thank you.

    DB:2.56:Vpn Connection Oddity zf


    Both ends are static IPs

    I figured it out lte yesterday.

    In an effort to simplify the access-lists for the VPNs at the central site,I replaced the multiple access-list VPN_SOMEPLACE permit ip AAA.BBB.CCC.DDD 255.255.255.0 WWW.XXX.YYY.ZZZZ 255.255.255.0 statements with a single:

    access-list VPN_SOMEPLACE permit ip any WWW.XXX.YYY.ZZZ 255.255.255.0

    statement.

    That allowed the remote sites to establish connectivity to the central site but the central site couldn't establish connectivity to the remote sites.

    As soon as I placed access-list statements with specific networks higher than the any statements, nodes in the central site could establish connectivity.

  • RELEVANCY SCORE 2.56

    DB:2.56:How Do I Setup Remote Management On A E1200 Router? 89



    I want to be able to login to a router remotely and foward a port on the router. I thought i saw a spot for remote management but don't know how to use it. I have a dyn account and can create a dns for it.

    i setup security dvrs on the internet so clients can see cameras from outside their homes. I would like to be able to login to a router if i need to foward a port or something similar.

    DB:2.56:How Do I Setup Remote Management On A E1200 Router? 89

    the above screenshot will show you where to enable remote access. protocol access can either be through http or https and you can enable remote upgrade to allow firmware upgrade process over the internet. to allow any external IP to remotely manage the router, select ANY IP or specify an IP range if you plan on accessing the router froma certain outside resource. the remote management port is 8080. if you have a specific port you need to use, the port will need to be opened/ forwarded.

    to use your DynDNS account, enable DDNS service on the router.

    an example URL for remote management would be http://yourDynDNSdomainname:8080

  • RELEVANCY SCORE 2.56

    DB:2.56:Csa And Patchlink And Worm Propagation Annoyances zs



    Patch link is being run in my CSA environment. My current CSA clients generate 1000's of "potential worm propagation" error messages per day. Cisco has told me that since there is no way to configure the worm rule untill next version I basically have to either shut off the worm propagation rule or purge the events daily.

    Has anyone run into similar experiences and found a work around?

    DB:2.56:Csa And Patchlink And Worm Propagation Annoyances zs


    We see similar messages when user go to MSN maps. Apparently it runs a script that tires to access their username.WAB and that triggers the worm rule.

    I chose not to except these because it's none of MSN's business!

    You might try creating an app class for Patchlink executables and give it broad permissions for COM objects and access to all.WAB files and see how it handles it.

    Also, if you have Profiler it might give you more insight into everything that's happening.

  • RELEVANCY SCORE 2.56

    DB:2.56:Ejb3 Remote Security Propagation 1m



    Hi,I'm trying to setup security for my EJB3 applications.I have a first JBoss Server with EJB3 calling remote EJB3 on another server.How does it work for Security ? Is there a way of propagating the principal from one server to the others like we do for Transaction ?I'm trying to find out what are the options for that.Tks.

    DB:2.56:Ejb3 Remote Security Propagation 1m


    Thank you very much.The goal was not to re-login when we access those remote service.But, I don't think there is an easy solution for that.For info, since the remote layer is completely private and not accessible outside our private network, I don't see any problem by not using security restriction.Of course, for public services, (Web, WS, and so on) we are going to use a strong security model.Thanks.

  • RELEVANCY SCORE 2.56

    DB:2.56:In Windows Server 2008, How Can We Solve An Inconsistency Generated By A Permission Propagation Stopped In A Subfolder dc


    We got a message Stopping the propagation of permission leads to an inconsisting state, in which some objects have the settings but others don’t”, when trying to remove a group from a folder, as admin was denied access to the third subfolder in the tree(due
    to a previous issue now solved), When we open the security properties of any folder in the tree afted that one, the group we removed is not there, but there is like a garbage entry with a question mark. Can we fix this inconsistency issue by readding the group
    now that admin has permision to the subfolder that stop before the process? Or how can we clean this inconsistency? Thanks in advance for any feedback.

    DB:2.56:In Windows Server 2008, How Can We Solve An Inconsistency Generated By A Permission Propagation Stopped In A Subfolder dc

    Thank you for visiting the Microsoft Answers Community.
    The issue you posted is related to Windows Server and would be better suited in the MS TechNet

    Windows Server Forum. Please visit this link to find a community that will offer the support you request.

  • RELEVANCY SCORE 2.56

    DB:2.56:Win2000 Clients And 2008r2 Server fx


    hi there,
    I'm trying to connect several win2000 clients up to a couple of RDS 2008r2 servers. (I know win2000 isn't officially supported).
    The clients won't connect giving the error
    because of a security error, the client could not connect to the remote computer
    From what I've read this is due to the fact that win2000 will only run the remote desktop client v5.2 and a later version is required to pickup a (2008r2) 2048 bit CAL.
    Other than updating about 50 clients to winXP does anyone know of a way around this issue?
    Thanks in advance,
    Al

    DB:2.56:Win2000 Clients And 2008r2 Server fx

    Hi,

    As the win 2000 stopped supporting quite along time ago, i do suggest you upgrade your clients to at least XP.
    As a workaround,pls try to disable the NLA,and select the security layer to RDP Security Layer to see whether it works.

    regards,
    ClarencePlease remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

  • RELEVANCY SCORE 2.55

    DB:2.55:S:Link Propagation="End" ff


    Hi all,I'm newbie with Seam framework and I've got into some troubles. I'm trying to do a navigation from a richfaces menu like this.

    rich:menuItem submitMode="none"
    s:link value="#{messages['menu.assets.addAsset']}"
    view="/asset/editAsset.xhtml" action="#{editAsset.add()}" propagation="end" /
    /rich:menuItem
    rich:menuItem submitMode="none"
    s:link value="#{messages['menu.tasks.addTask']}"
    view="/task/editTask.xhtml" action="#{editTask.add()}"
    propagation="end" /
    /rich:menuItem

    DB:2.55:S:Link Propagation="End" ff

    I don't think you can embed an s:link / in a rich:menuItem / like that.

  • RELEVANCY SCORE 2.55

    DB:2.55:Security Data Propagation 9s


    Hi

    Since propagation tool doesnt propagate some of the security data (like global roles etc for more details http://download.oracle.com/docs/cd/E13155_01/wlp/docs103/prodOps/propToolAdvanced.html#wp1054464 ).

    We would like to use the import/export options in the WLS console to migrate from one domain to another domain the embedded ldap data.

    Questions:

    can we use this options for migrating global roles. But this options will also move other data in embedded ldap associated with visitor roles etc. So can we use both the ldap migration option and propagation tool? In the ldap migration option there is no way to select to move only the global roles.

    Is there a possibility of inconsistency between the ldap data after the migration and using propagation tool

    Any ideas?

    DB:2.55:Security Data Propagation 9s

    Hi

    Since propagation tool doesnt propagate some of the security data (like global roles etc for more details http://download.oracle.com/docs/cd/E13155_01/wlp/docs103/prodOps/propToolAdvanced.html#wp1054464 ).

    We would like to use the import/export options in the WLS console to migrate from one domain to another domain the embedded ldap data.

    Questions:

    can we use this options for migrating global roles. But this options will also move other data in embedded ldap associated with visitor roles etc. So can we use both the ldap migration option and propagation tool? In the ldap migration option there is no way to select to move only the global roles.

    Is there a possibility of inconsistency between the ldap data after the migration and using propagation tool

    Any ideas?

  • RELEVANCY SCORE 2.55

    DB:2.55:Remote Access Vpn Clients Connected To Internet From Vpn cz



    Greetings,

    I need to let remote VPN clients to connect to Internet from the same ASA VPN server

    " client connects to ASA through VPN tunnel from outside interface then access Internet from the same ASA from outside interface again

    thanks

    DB:2.55:Remote Access Vpn Clients Connected To Internet From Vpn cz


    you'll need to configure 'same-security-traffic permit intra-interface' on the ASA .

    Also, need to setup the corresponding nat statements for your clients pool range.

    i.e.

    global (outside) 1 interface

    nat (outside) 1 access-list anyconnectacl

    where anyconnectacl is the pool for your clients:

    access-list anyconnectacl permit ip 172.16.1.0 255.255.255.0 any

  • RELEVANCY SCORE 2.55

    DB:2.55:Remote Desktop Connection Not Using Saved Credentials dx


    Even though I've clicked "edit" and put in my credentials Windows 7 Remote Desktop Connection does not automatically use them.
    The checkbox "always ask for credentials" is NOT checked.
    When I connect from other Windows clients to the same target machine their saved credentials are used properly.
    Is this a Windows 7 Remote Desktop Connection bug or am i doing something wrong?

    DB:2.55:Remote Desktop Connection Not Using Saved Credentials dx

    Even though I've clicked "edit" and put in my credentials Windows 7 Remote Desktop Connection does not automatically use them.
    The checkbox "always ask for credentials" is NOT checked.
    When I connect from other Windows clients to the same target machine their saved credentials are used properly.
    Is this a Windows 7 Remote Desktop Connection bug or am i doing something wrong?

    I have seen a lot of traffic on this thread, but not one that addresses the particular issue that was the start of it all.
    The user clearly specified that he had correctly saved his login credentials in the RDP GUI as he speaks about clicking on the “edit” button.
    The “edit” button would not be available to anyone who has not previously saved credentials.
    He goes on to say that even after clicking the “edit” button and confirming the correct credentials are set that it continues to not pass through the authentication.
    I manage well over hundreds of servers in a DC ranging from NT4.0 to Windows 2008R2 not to mention a host of UNIX, AIX, Linux, OS 400, and BSD, so I will attempt to share some of the things I have learned:
    1. You cannot pass credentials to a 2000 server.
    It just won’t work. (If I am wrong, tell be how, and I will love you forever).
    2. In the username box include the source of the credentials i.e. if connecting to a standalone server try: myserver\username
    If connecting to a machine on a domain try: mydomain\username
    Note: If you typed “myserver” and your machine is not named “myserver” or you typed “mydomain” and you do not have a domain named “mydomain” then may I suggest beauty school.

    3. If you are a top level admin for your domain and you feel comfortable with your network security, may I recommend turning on “pass through authentication.”

    These are all the relevant items I can think of at this time, and please remember that I do not consider myself an expert on the subject, I have merely had some experience with RDP and these are some of the lessons I have learned.
    I hope this helps.

  • RELEVANCY SCORE 2.55

    DB:2.55:Remote Management And Windows Vnc Clients p9


    Hey guys,

    I recently had a go at getting the built-in VNC server in Leopard (as part of remote management) up and running.

    Remote control works flawlessly from other Macs, but it refuses connections to Windows clients most of the time (throws up errors like 'Error waiting for server message' or something).

    Any ideas? I thought it might have something to do with the Windows client not understanding the encryption, but haven't found any way to change security settings.

    Thanks in advance!

    DB:2.55:Remote Management And Windows Vnc Clients p9

    The built-in Mac OS X VNC server uses port 5900

    But since your questions have nothing to with Windows VNC clients (as per the thread title), you should really start a new thread with a properly named title.

  • RELEVANCY SCORE 2.55

    DB:2.55:Windows 2003 Sp2 Event Id 1262 fa


    На втором контроллере домена выскочила вот такая ошибка Event id 1262. На первом контроллере все чисто, репликация проходит, dcdiag на обоих контроллерах ошибок не выявил. Может кто нибудь сталкивался с данной ошибкой и как ее лечить? В следствии чего выскачила ошибка тоже непонятноТип события:    ОшибкаИсточник события:    NTDS SDPROPКатегория события:    Internal Processing Код события:    1262Дата:        11.11.2008Время:        10:44:16Пользователь:        NT AUTHORITY\АНОНИМНЫЙ ВХОДКомпьютер:    BY17D2Описание:The security descriptor propagation task could not process a propagation event starting from the following container.  Container:DC=..Deleted-test.ru.dom\0ADEL:2b272e54-7e54-4a02-b839-7fa5eddb2e78,CN=Deleted Objects,DC=ForestDnsZones,DC=test,DC=ru,DC=dom  As a result, the security descriptor propagation task will either suspend processing for thirty minutes or wait until a security descriptor has changed for any object.  User Action Check the security descriptor on this container.  Additional Data Error value:fffffc07 []Дополнительные сведения можно найти в центре справки и поддержки, в http://go.microsoft.com/fwlink/events.asp.

    DB:2.55:Windows 2003 Sp2 Event Id 1262 fa

    Jet - это тот же Extensible Storage Engine, что используется и для организации баз Exchange. В Вашем случае похоже, что он выдает ошибку обнаружив в индексе ссылки на несуществующие объекты. Проверьте дефолтные значения тайм-аутов сборщиков мусора - http://support.microsoft.com/?kbid=198793
    Второе, что Вам видимо придется сделать, это произвести дефрагментацию базы NTDS.dit с помощью утилиты NTDSUtil. http://support.microsoft.com/?kbid=232122
    И советую провести после проверку целостности базы. http://www.askit.ru/custom/ad/m10/lab10_01_integrity_defragmentation.htm

  • RELEVANCY SCORE 2.55

    DB:2.55:Event Propagation 1a



    Hi

    The event propagation start from capturing, targeting and bubbling phase.

    Does this also means the event handlers in the targeting phase is always executed before the handlers in bubbling phase?

  • RELEVANCY SCORE 2.55

    DB:2.55:Vpn Problem With Asa Ver 7.2 d1



    hi,i am new in the security world, so i having connectivity problems from the vpn clients to the internal lan, when a remote vpn client connects with the asa, the vpn works fine, but the vpn clien is not able to ping any inside host , and the remote vpn client stops to navigate in internet, but it has internet....what could happen?

    thanks

    DB:2.55:Vpn Problem With Asa Ver 7.2 d1


    hi

    u have to stages to resolve ur problems

    u said the client is connected and geting ip address but unable to comunicat or ping this ca be solved by nat exmption or nat 0

    for example

    if u r local LAN network is 192.168.1.0 /24

    and the vpn clients pool ip addresses is 172.16.1.0 /24

    then do the following

    access-list 100 permit ip 192.168.1.0 255.255.255.0 172.16.1.0 255.255.255.0

    nat (inside) 0 access-list 100

    now they will be able to ping

    about the second issue which is the internet browsing this can be sovled wiht feature called siplet tunneling

    in this feature u gonna let the client to sed traffic only to ur LAN behind the firewall as tunneled traffic anything els will go based on user local machine setting

    first creat ACL for the split tunling

    assuming ur LAN is 192.168.1.0

    access-list split standard permit 192.168.1.0 255.255.255.0

    group-policy [ ur gorup policy name] internal

    group-policy [ur gorup policy name] attributes

    split-tunnel-policy tunnelspecified

    split-tunnel-network-list value split

    and the folowing example for refrence

    http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702992.shtml

    good luck

    please, if helpful rate

  • RELEVANCY SCORE 2.55

    DB:2.55:Ds Internal Processing Event Id: 1262 9j


    In Windows Server 2003 SP2 the DS event viewer is showing the event below every 15 to 30 minutes.Event Type: Error Event Source: NTDS SDPROP Event Category: Internal Processing Event ID: 1262
    User: NT AUTHORITY\ANONYMOUS LOGON
    Description: The security descriptor propagation task could not process a propagation event starting from the following container...
    As a result, the security descriptor propagation task will either suspend processing for thirty minutes or wait until a security descriptor has changed for any object. User Action Check the security descriptor on this container. Additional Data Error value: 20ef The directory service encountered an unknown failure.I cant find a solution for this specific error. Thank you in advance for your help in this matter.

    DB:2.55:Ds Internal Processing Event Id: 1262 9j

    Hi -
    There is an event 2008 as you describe. I attempted to run the ldifde utility but it consistantly returnd No Enteries found, and that the command completed successfully.
    Thank you agin for you assistance.

    Walter

  • RELEVANCY SCORE 2.55

    DB:2.55:Security Context Propagation From Web Client To Ejb 3p



    Hi,I have Tomcat 4.1.29 and JBoss 3.2.2 running on 2 different VM. On the web application side, security constraints are defined in web.xml using J2EE standard.Now I need to secure our EJBs. I want the security context in the web side for the current request to be propagated with the EJB call, or at least the associated Principal.How can I do this ?JCG

    DB:2.55:Security Context Propagation From Web Client To Ejb 3p


    This is why I chose tokenized security instead of JAAS, which I view as a work in progress. You can pass a user session token as a simple parameter to any EJB method from any Java client. With one line of code, your EJB method can validate that the user has access to the business method. The line of code will throw an AccessDenied exception if the user does not have access, which your client framework can handle in a standardized way. No container context is required for tokenized security. Indeed, it is even J2EE vendor independent, so your WebSphere clients can call JBoss EJBs.

  • RELEVANCY SCORE 2.55

    DB:2.55:Vnc Access To Remote Clients Assigned Address From Vpnclient Ip Pool pm



    Hi,

    I was wondering if anyone knows if it is possible to vnc to remote vpn clients that are assigned an address from a client IP pool defined on the pix.

    The remote clients are using cisco vpn client, the access-list is a dynamic acl downloaded from a tacacs server.

    thanks.

    DB:2.55:Vnc Access To Remote Clients Assigned Address From Vpnclient Ip Pool pm


    It is not possible to vnc to remote vpn clients that are assigned an address from a client IP pool defined on the pix

  • RELEVANCY SCORE 2.55

    DB:2.55:Osb Security: Security Propagation From Http Basic To Ws-Security 3m


    I have proxy configured for http BASIC authentication. I am trying to configure a SOAP BusinessService with WS-Policy with username token assertion. How do I propagate the username/credential received via HTTP BASIC from the proxy to WS-Security headers of the business service ? Appreciate any help on this.

    Thanks.

    DB:2.55:Osb Security: Security Propagation From Http Basic To Ws-Security 3m

    Thank you for the response. I tried with a pass-through service account but could not get it working.

    This is what I did:

    1. I have a SOAP business service with WS-Policy with username security assertion.
    2. I created a SOAP business service with the wsdl. OSB EPE editor said OSB does not support WSSE 1.2 policies. I extended my OSB domain to include OWSM and in the business service policy tab, selected OWSM policy option and added "oracle/wss_username_token_client_policy". (Now I am not sure how the user credentials in HTTP BASIC (headers) will be propagated to WS-Security headers)
    3. I created a pass through service account and added this service account in the SOAP business service. I am able to configure service account only when I choose HTTP BASIC authentication in the business service. This did not propagate the username from HTTP to WS-Security. I see errors in the log like "WSM-00015 : The user name is missing.". Looks like wss_username_token_client_policy is looking for username in csf-key map. I do not know this map gets populated internally. If I have to do it programmatically I saw there is java code to set BindingProvider.USER_NAME in the request context. How do I do this from OSB designer ?
    4. I tried creating a wrapper proxy around the secure SOAP business service and include the wrapper proxy in my main proxy but could not get it working. I get lof of NullPointers.

    I am missing something. Can you please help ?

  • RELEVANCY SCORE 2.54

    DB:2.54:2003 R2 Server Giving Active Directory Errors 476 And 2008 sx


    Server 2003 sp2. System has be running without incident since 2007. The Active Directory log has filled with event id 476 and 2008 since 3/23 - possibly longer as that is the first entry in the log. I am also getting DNS errors 4011 and 4015.
    THe text of the errors is:
    error 476 ----------------------------------------------------------------------------

    The security descriptor propagation task could not process a propagation event starting from the following container.

    Container:
    DC=terry-laptop2,DC=SouthLake.local,CN=MicrosoftDNS,CN=System,DC=SouthLake,DC=local

    As a result, the security descriptor propagation task will either suspend processing for thirty minutes or wait until a security descriptor has changed for any object.

    User Action
    Check the security descriptor on this container.

    Additional Data
    Error value:
    fffffa7a []
    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp.
    error 2008 --------------------------------------------------------------------------------

    Internal error: The security descriptor propagation task encountered an error while processing the following object. The propagation of security descriptors may not be possible until the problem is corrected.

    Object:
    DC=terry-laptop2,DC=SouthLake.local,CN=MicrosoftDNS,CN=System,DC=SouthLake,DC=local

    Additional Data
    Error value:
    -1414 JET_errSecondaryIndexCorrupted, Secondary index is corrupt. The database must be defragmented
    Internal ID:
    d0008b1
    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp.
    Niether of the help links provide any information.
    ___________________________
    I
    am off to do an offline defrag per article 232122

    Thanks
    you for any assistance

    Walter

    DB:2.54:2003 R2 Server Giving Active Directory Errors 476 And 2008 sx


    Hi - It appears that the active directory is corrupted. I atempted to defrag the dit file through ntdsutil and it failed with the error message:
    Operation terminated eith error -327(jet_drrBadPageLink, Database corrupted) after 2.78 seconds. Spawned process ExtCode 0xfffffeb9(-327) What is the repair process for a corrupted active directory database? It has been suggested that I do an athouritive
    restore of active directoy.
    Thank you for any assistance
    Walter

    Hello,
    do you have other DCs in the domain? You didn't answer the question from my previous post.
    If yes, make sure the other DC is also DNS server and Global catalog, then transfer the FSMO roles and copy required data to it. Then demote the server to member server. That way the database on this server is removed and after checking the other DC for
    problems with the support tools you can promote the server again to DC, soa new Database will be recreated.Best regards Meinolf Weber Disclaimer: This posting is provided AS IS with no warranties or guarantees , and confers no rights.

  • RELEVANCY SCORE 2.54

    DB:2.54:Remote Ejb Call From Different Container And Jaas Propagation ck


    Hi all,

    I am trying to call an EJB in a S1SE container from an EJB different S1SE container. The calling works, but the security context propagation does not work. Does anyone know what I should do?

    All EJB methods are secured by roles. Login to the both EJB-Containers works through fileRealm. Lookup of both EJBs seems to work. The Exception thrown is:

    [08/Oct/2003:11:31:55] FINE (17768): Creating ContextError message: major code = 2minor code= 1
    [08/Oct/2003:11:31:55] FINE (17768):
    org.omg.CORBA.NO_PERMISSION: vmcid: 0x0 minor code: 0 completed: No
    at com.sun.enterprise.iiop.security.SecServerRequestInterceptor.receive_request(SecServerRequestInterceptor.java:449)
    at com.sun.corba.ee.internal.Interceptors.InterceptorInvoker.invokeServerInterceptorIntermediatePoint(InterceptorInvoker.java:479)
    at com.sun.corba.ee.internal.Interceptors.PIORB.invokeServerPIIntermediatePoint(PIORB.java:810)
    at com.sun.corba.ee.internal.POA.GenericPOAServerSC.internalDispatch(GenericPOAServerSC.java:207)
    at com.sun.corba.ee.internal.POA.GenericPOAServerSC.dispatch(GenericPOAServerSC.java:113)
    at com.sun.corba.ee.internal.iiop.ORB.process(ORB.java:275)
    at com.sun.corba.ee.internal.iiop.RequestProcessor.process(RequestProcessor.java:83)
    at com.iplanet.ias.corba.ee.internal.iiop.ServicableWrapper.service(ServicableWrapper.java:25)
    at com.iplanet.ias.util.threadpool.FastThreadPool$ThreadPoolThread.run(FastThreadPool.java:283)
    at java.lang.Thread.run(Thread.java:534)

    [08/Oct/2003:11:31:55] FINE (17761): No SAS context element found in service context list
    [08/Oct/2003:11:31:55] FINE (17761): Returning OID in DER format
    [08/Oct/2003:11:31:55] FINE (17761): OID = 2.23.130.1.1.1
    [08/Oct/2003:11:31:55] FINE (17761): DER OID: 06 06 67 81 02 01 01 01
    [08/Oct/2003:11:31:55] FINE (17761): Returning OID in DER format
    [08/Oct/2003:11:31:55] FINE (17761): OID = 2.23.130.1.1.1
    [08/Oct/2003:11:31:55] FINE (17761): DER OID: 06 06 67 81 02 01 01 01
    [08/Oct/2003:11:31:55] FINEST (17761): IOP5048: Authentication exception: [com.sun.enterprise.iiop.security.SecurityMechanismException: Trust evaluation failed because client does not conform to configured security policies]

    Thanx in advance.

    Regards,

    Dominic

    DB:2.54:Remote Ejb Call From Different Container And Jaas Propagation ck

    Hi all,

    I am trying to call an EJB in a S1SE container from an EJB different S1SE container. The calling works, but the security context propagation does not work. Does anyone know what I should do?

    All EJB methods are secured by roles. Login to the both EJB-Containers works through fileRealm. Lookup of both EJBs seems to work. The Exception thrown is:

    [08/Oct/2003:11:31:55] FINE (17768): Creating ContextError message: major code = 2minor code= 1
    [08/Oct/2003:11:31:55] FINE (17768):
    org.omg.CORBA.NO_PERMISSION: vmcid: 0x0 minor code: 0 completed: No
    at com.sun.enterprise.iiop.security.SecServerRequestInterceptor.receive_request(SecServerRequestInterceptor.java:449)
    at com.sun.corba.ee.internal.Interceptors.InterceptorInvoker.invokeServerInterceptorIntermediatePoint(InterceptorInvoker.java:479)
    at com.sun.corba.ee.internal.Interceptors.PIORB.invokeServerPIIntermediatePoint(PIORB.java:810)
    at com.sun.corba.ee.internal.POA.GenericPOAServerSC.internalDispatch(GenericPOAServerSC.java:207)
    at com.sun.corba.ee.internal.POA.GenericPOAServerSC.dispatch(GenericPOAServerSC.java:113)
    at com.sun.corba.ee.internal.iiop.ORB.process(ORB.java:275)
    at com.sun.corba.ee.internal.iiop.RequestProcessor.process(RequestProcessor.java:83)
    at com.iplanet.ias.corba.ee.internal.iiop.ServicableWrapper.service(ServicableWrapper.java:25)
    at com.iplanet.ias.util.threadpool.FastThreadPool$ThreadPoolThread.run(FastThreadPool.java:283)
    at java.lang.Thread.run(Thread.java:534)

    [08/Oct/2003:11:31:55] FINE (17761): No SAS context element found in service context list
    [08/Oct/2003:11:31:55] FINE (17761): Returning OID in DER format
    [08/Oct/2003:11:31:55] FINE (17761): OID = 2.23.130.1.1.1
    [08/Oct/2003:11:31:55] FINE (17761): DER OID: 06 06 67 81 02 01 01 01
    [08/Oct/2003:11:31:55] FINE (17761): Returning OID in DER format
    [08/Oct/2003:11:31:55] FINE (17761): OID = 2.23.130.1.1.1
    [08/Oct/2003:11:31:55] FINE (17761): DER OID: 06 06 67 81 02 01 01 01
    [08/Oct/2003:11:31:55] FINEST (17761): IOP5048: Authentication exception: [com.sun.enterprise.iiop.security.SecurityMechanismException: Trust evaluation failed because client does not conform to configured security policies]

    Thanx in advance.

    Regards,

    Dominic

  • RELEVANCY SCORE 2.54

    DB:2.54:Connectivity Issues Security Server Ebs 2008 37


    Hi.
    I'm running Windows Essential Business Server 2008 in my environment, and I'm experiencing some issues with my Security Server.
    The problem is that I can't ping it from any of the other servers or clients, EXCEPT from the Management Server, and this is also the only machine that successfully can establish a remote desktop connection with the security server. The Security Server
    is able to ping all the other clients on the network.
    It would seem like some kind of Firewall-issue, but I've tried disabling all the Firewalls, as well as going through the Group Policy settings to modify settings that may cause this problem, without any luck.
    The NIC config on the Security Server is ok.
    Has anyone experienced anything simirlar to this problem?

    Best regards,
    sb

    DB:2.54:Connectivity Issues Security Server Ebs 2008 37

    Hi, thanks for the response.
    I'm not to famirliar with TMG, so the Live logging didn'tcome to mind:)
    But I started a query towards the Firewall and the problem became very clear, it was in deed the TMG on the Security Server blocking the traffic. Created a new rule that allowed pretty much any traffic, and put it on top of the list, just to check if it
    was the firewalls fault. Voila, connectivity issue fixed. Had created some rules a while ago that were too strict apparently...
    Thanks for the hint Miles :)
    Best regards,
    sb

  • RELEVANCY SCORE 2.53

    DB:2.53:Seam Security Integration With Jboss Sx And Subject Propagation Pattern ? f7


    Hi,

    I am using jboss 4.2.2 with seam 2.0.1. I need to leverage org.jboss.resource.security.CallerIdentityLoginModule

    DB:2.53:Seam Security Integration With Jboss Sx And Subject Propagation Pattern ? f7

    We have an outstanding JIRA issue for better integration of Seam with container security in JBoss AS. If you could provide the details of what you did to implement this it would be greatly appreciated. Here's the link to the issue:
    JBSEAM-729

  • RELEVANCY SCORE 2.53

    DB:2.53:Jboss 6.1 - Deadlock With Transaction Propagation Over Jrmp And Hibernate aj


    I have two remote EJBs using transaction propagation over JRMP.

    The first EJB is very simple and only invokes the second EJB using jndi:

    @Stateless
    public class MultiOutEJB implements IMultiOutEJB {

    public void testOut() {

    IMultiInEJB remoteEJB = getRemoteEJB();
    remoteEJB.testIn();

    ...
    }

    }

    DB:2.53:Jboss 6.1 - Deadlock With Transaction Propagation Over Jrmp And Hibernate aj

    I have two remote EJBs using transaction propagation over JRMP.

    The first EJB is very simple and only invokes the second EJB using jndi:

    @Stateless
    public class MultiOutEJB implements IMultiOutEJB {

    public void testOut() {

    IMultiInEJB remoteEJB = getRemoteEJB();
    remoteEJB.testIn();

    ...
    }

    }

  • RELEVANCY SCORE 2.53

    DB:2.53:Principal Propagation With Remote Ejb Calls c9



    Hi,I have setup CallerIdentityModule as described in this post [url]http://wiki.jboss.org/wiki/ConfigJCALoginModule, if I issue a remote call from an authentified EJB(residing in EAR1) how should the propagation work?I tried adding jboss-app fragment below to the other EAR (EAR2) hosting the target EJB:

    jboss-app
    security-domainjava:/jaas/RDMRealm/security-domain
    /jboss-app

    DB:2.53:Principal Propagation With Remote Ejb Calls c9


    Hi,I have setup CallerIdentityModule as described in this post [url]http://wiki.jboss.org/wiki/ConfigJCALoginModule, if I issue a remote call from an authentified EJB(residing in EAR1) how should the propagation work?I tried adding jboss-app fragment below to the other EAR (EAR2) hosting the target EJB:

    jboss-app
    security-domainjava:/jaas/RDMRealm/security-domain
    /jboss-app

  • RELEVANCY SCORE 2.53

    DB:2.53:Wap200 + Wet54gv2 Problem j1


    Main network with hardwired WAP200(Software Version:1.0.15-ETSI, configured as AP) is accessed from two remote computer groups using two WET54GV2(v.2.10, May 25, 2004 ETSI, infrastructure)....IP, security, etc config OK....From main net i can access/ping WAP200, both WET54GV2 and all remote computers.From remote computers(behind WET54GV2) i can access/ping main net, but not other wireless clients - connected to other WET54GV2 and WAP200.Wireless clients connected to WAP200 can access/ping main net, but not both WET54GV2 including remote computersbehind them.....any ideas how to solve my problem?????

    DB:2.53:Wap200 + Wet54gv2 Problem j1

    hi....on the WAP200 , check whether there is any option as AP Isolation under the wireless settings...it should be Off .. if it is ON , the wireless clients will form their own virtual network and won't talk to each other...apart from that , i can't think of anything else at this point...

  • RELEVANCY SCORE 2.53

    DB:2.53:Remove Stream-Replicated Site fd


    Hi,
    I need to remove a replicated site from an uOracle Stream Replication Environment/u: the configuration is an "strongHub and Spoke/strong" environment, with the primary database being the hub (let's call it "COREDB") and n secondary databases (let's call them "REMOTE1" .."REMOTEn") being the spokes.
    I've got one queue on the COREDB (called COREDB_QUEUE), popualted by a capture process (that capture dml and ddl of some tables), and n propagation processes to the n REMOTE sites; n apply processes (one for each remote site) to apply captured messages from remote sites.
    On each remote site there are one queue (called "from_coredb"), an apply process (called "Apply_from_coredb") that dequeues from the queue "from_coredb", a capture process (called "capture_remote_i") that enqueues in a queue ("captured_remotei"), and finally a propagation to the coredb ("to_coredb") that enqueues in a queue ("from_remotei") on the coredb.
    It's a classical "hub and spoke" configuration.
    I have to remove a replicated site but I didn't find any informations about doing it.
    So I tried to remove the propagation to the remote site I need to remove, then I drop the queue and the apply process (on coredb) used to apply messages originating from the remote site.
    It seems everything ok but when I select the V$buffered_subscribers, I find one line: strongsubscirber_name=null,subscriber_address="STRMADMIN"."FROM_COREDB"@REMOTEi.WORLD,protocol=0,subscriber_type=PROXY.
    /strongI tried to remove subscriber using DBMS_AQADM.REMOVE_SUBSCRIBER but the procedure raises error ora-24035 (probably becaue the subscriber hasn't got a subscriber_name).
    I need to know: is it a problem or i can continue work? I'm afarid that, having this subscriber present could cause the queue table (the queue table of the queue COREDB_QUEUE) to fill of spilled message from memory because there're not the all the n subscribers but only n-1.
    Thank you
    Massimo

    DB:2.53:Remove Stream-Replicated Site fd

    hi deluccam,

    this is easy one .. as per documentation you should use this procedure as follows:

    DBMS_AQADM.REMOVE_SUBSCRIBER (
    queue_name IN VARCHAR2,
    subscriber IN sys.aq$_agent);

    SQL desc sys.aq$_agent
    Name Null? Type
    ----------------------------------------------------------------------------------- -------- --------------------------------------------------------
    NAME VARCHAR2(30 CHAR)
    ADDRESS VARCHAR2(1024 CHAR)
    PROTOCOL NUMBER

    so looking at above, in your case you should try running this:

    DECLARE
    subscriber sys.aq$_agent;
    BEGIN
    subscriber := sys.aq$_agent (null, '"STRMADMIN"."FROM_COREDB"@REMOTEi.WORLD', 0);
    DBMS_AQADM.REMOVE_SUBSCRIBER(
    queue_name = 'COREDB_QUEUE',
    subscriber = subscriber);
    END;
    /

    Let me know if this is not of a help. Jan

  • RELEVANCY SCORE 2.53

    DB:2.53:Aq Propagation Issues sj


    Hi,

    We are using AQ Oracle9i DB, to propagate messages to another DB in same network.

    We did the following steps for propagation

    1. Created Message Type, AQ Table and Queue.
    2. Created DB link for destination DB.
    3. Added the destination's AQ as subscriber, then started queue and scheduled propagation to Dest_DB.
    4. First we got
    ORA-04052: error occurred when looking up remote object user.DBMS_AQADM@Dest_DB
    ORA-00604: error occurred at recursive SQL level 4
    ORA-02085: database link String connects to String
    ORA-06512: at "SYS.DBMS_AQADM_SYS", line 1013
    ORA-06512: at "SYS.DBMS_AQADM_SYS", line 6245
    ORA-06512: at "SYS.DBMS_AQADM", line 580
    ORA-06512: at line 1

    5. Then we modified global_names using "alter system set global_names = false scope=both;"
    6. We are now able to look up dest_DB's tables, but the propagation of the messages is not happening.

    Also there is no error in the Source DB to get some clue.

    Can someone help us out from this issue?

    Thanks in Advance
    Babu

    DB:2.53:Aq Propagation Issues sj

    check in last two columns of user_queue_schedules :
    select * from user_queue_schedules

    Thanks
    Jaissy

  • RELEVANCY SCORE 2.53

    DB:2.53:Security And Build Status kc


    I have two questions:
    1) I want remote clients to have access only to my application, while local clients have access to all applications (including html db).
    2) How can I change application attribute 'Build status' from 'Run Application Only' to 'Run and Build Application' ?

    thanks in advance,
    kdarek

    DB:2.53:Security And Build Status kc

    found my answer to this in the Application Express forum ... Scott Spadafo responded to another user with this in a thread about run and build. The link takes you to instructions about exporting and importing an application you set to run only:

    WPolo - The XE forum has answers to XE questions. See Re: HTML DB application not accessible

    Farhan - The general approach is do not give individuals accounts that would give them access you don't want them to have. So end users don't get Application Express developer accounts, end users don't get database schema names/passwords or direct network access to the database, etc.

    Scott

  • RELEVANCY SCORE 2.52

    DB:2.52:Unable To Restart Propagation After Archiver Error ad


    I am unable to restart oracle streams propagation after archiver error.

    05:45:26 [ga016qad10] strmadmin@PMDBQ select capture_name, state from v$streams_capture;

    CAPTURE_NAME STATE
    ------------------------------ ----------
    PEGA_CAPTURE PAUSED FOR
    FLOW CONT
    ROL

    I followed the support note 746247.1 but still could not get the propagation started.

    DB:2.52:Unable To Restart Propagation After Archiver Error ad

    Nobody will read such a soup
    Please, use the tags CODE and /CODE to produce an readable format.

  • RELEVANCY SCORE 2.52

    DB:2.52:Pi 7.4 Single Stack Support For Principle Propagation Saml pa



    Hi Folks,

    Que: Does the single stack now support Principle Propagation using SAML?

    The posts I have read so far conclude that SAML is only supported on the dual stack, not the single stack.

    SAP Help gives steps for dual stack: Configuring Principal Propagation (SAML) - SAP Help Portal

    This post from 2013 concludes no support for SAML in the single stack: PI 7.31 AEX - Principal Propagation

    My time would better spent looking for an alternative solution for Principal Propagation rather than chasing something which is not supported (SAML on single stack).

    Any help appreciated.

    Che

    DB:2.52:Pi 7.4 Single Stack Support For Principle Propagation Saml pa


    I am closing this thread and opening in forum SAP NetWeaver Single Sign-On

    Best

    Che

  • RELEVANCY SCORE 2.52

    DB:2.52:Remote Access Vpn ap



    Hi,

    when i am trying to connect remotely from different laptops to pix, using vpn client software, able to get connections for all clients and the clients are getting different ip addresses from the pool mentioned in the pix configuration. But, all clients are getting the same mac address. is there any solution for this issue, so that the remote clients get different mac addresses like they are getting different ip addresses

    DB:2.52:Remote Access Vpn ap


    I mean when i run "ipconfig /all" on the systems which are connected through the remote access vpn, they displaying e.g.

    Connection-specific DNS Suffix . :

    Description . . . . . . . . . . . : Cisco Systems VPN Adapter

    Physical Address. . . . . . . . . : 00-05-9A-3C-78-00

    Dhcp Enabled. . . . . . . . . . . : No

    IP Address. . . . . . . . . . . . : 192.168.168.10

    Subnet Mask . . . . . . . . . . . : 255.255.255.0

    Default Gateway . . . . . . . . . :

    All systems are getting different ip addresses but same physical address.

  • RELEVANCY SCORE 2.52

    DB:2.52:Queue Propagation Problem zx


    Hi all!

    I have a problem with queue propagation...

    Propagation between local queues works fine but for remote queue (through dblink) the message stay in the queue with 'Ready state' sometimes over 20 seconds!!!...., and then propagated by not immediately.

    I set propagaton_schedule with latency='0'
    and parameters in file init.ora:

    job_queue_processes = 10
    aq_tm_processes = 5

    Release 9.2.0.7.0

    Please help me!
    Regards.
    Mara

    DB:2.52:Queue Propagation Problem zx

    Hello Maria,

    I've the same problem... did you solve the problem ?? Tell me please!?

    Thank you!

    Nuno Snica.

  • RELEVANCY SCORE 2.52

    DB:2.52:Dfsr Propagation Test z7


    I have two fileservers running Windows Storage Server 2008 R2 Standard with service pack 1. One is in our office building and being used as our primary fileserver. The other is in a secure data center for backup purposes. There is a vpn
    tunnel connecting our office to the data center. I have setup a DFS with two way replication and it is working both ways however when I attempt to use the diagnostic report wizard to perform a propagation test I get an error on the Start new propagation
    test. step. The error is below.
    Replication group Public Folder, replicated folder Public on member BUFFALO1.Nashville.int:A new propagation test file cannot be created. No mapping between account names and security IDs was done.
    I believe I have figured out what the problem was. I was running this report from the fileserver while logged into the local admin account. When I run the report from my computer logged in as me I get a successfull result.

    DB:2.52:Dfsr Propagation Test z7

    Hello,
    Generally, DFS Replication is a service that runs under the local system account, so you do not need to log in as administrator to replicate. However, you must be a domain administrator or local administrator of the affected file servers to make changes
    to the DFS Replication configuration.
    Note: Domain Admins group in the domain where the replication group is configured, or the creator of the replication group canAdminister a replication group.
    I suggest you checkDFS Replication security requirements and delegationDelegate the Ability to Manage DFS Replication
    Regards, Ravikumar P

  • RELEVANCY SCORE 2.52

    DB:2.52:Static Ip Remote Clients 87



    hi all,

    i am using cisco 2911 router , i configured remote client in that

    i need to provide the static ip to the remote users instead of providing from the dhcp pool.

    is it possible? if it is how we can do that.

    thanks

    cyril

    DB:2.52:Static Ip Remote Clients 87


    That's fine, I just wanted to confirm with someone else. Thanks.

  • RELEVANCY SCORE 2.52

    DB:2.52:Block Hosts In The Same Subnet z3



    Hi All,

    we have a client who are using WLC WiSM and APs. he wants the wireless clients only allow to access to the internet and not be able to see each other. the reason for blocking traffic between host is for virus propagation. I couldn't find any solution to block hosts from each other in the same subnet. any suggestion would be very appreciated.

    Thanks

    Alex

    DB:2.52:Block Hosts In The Same Subnet z3


    Pavel is correct, PVLANs is not the correct soultion to this. PVLANs are a wired solution, not wireless. Sorry about that.

  • RELEVANCY SCORE 2.52

    DB:2.52:Security Context Propagation Between Managed Servers 3p



    I'm using WLS 8.1 SP2. I have one domain, two managed servers, each on a separate
    hardware server. Each managed server hosts a different web application. I want
    to authenticate to Web App "A" and be able to invoke Web App "B" (from "A") without
    having to re-authenticate. Is this possible via configuration and, if so, how?

    Thanks.

    DB:2.52:Security Context Propagation Between Managed Servers 3p


    I'm using WLS 8.1 SP2. I have one domain, two managed servers, each on a separate
    hardware server. Each managed server hosts a different web application. I want
    to authenticate to Web App "A" and be able to invoke Web App "B" (from "A") without
    having to re-authenticate. Is this possible via configuration and, if so, how?

    Thanks.

  • RELEVANCY SCORE 2.52

    DB:2.52:Impossible To Redirect Traffic From Outside To Intranet j7



    Hi,

    I use Annyconnect to permit connection of remote clients

    to Inside network.

    Pool for remote clients 192.168.10.1-100

    internal network 192.6.0.0

    Anyconnect works fine to access the internal network but now the customer would like that the remote clients

    with an IP address in 192.168.10.x could access directly equipements

    on the distant site (Subnet 172.16.10.0)  through the Intranet interface (no VPN on Intranet interface, connected to MPLS)

    Intranet interface has an IP address in 192.168.1.0.

    Here is the path for the traffic:

    Annyconnect clients 192.168.10.1-100 -- Outside  'FW'   Intranet --  Distant network 172.16.10.0

    # Security-levels on the ASA 5510 cluster at rel 8.4.7

    Inside 100

    Outside 0

    Intranet 50

    Since we don't have the same security level for Intranet and Outside

    i have first proposed to create an access-list which permit ip from 192.168.10.1-100 to 172.16.10.0

    applied Outbound on the Intranet interface  but it doesn't work

    Then i have tried to apply the same access-list Inbound on the outside interface but same issue.

    I would like if there is something special to do.

    We don't apply NAT on Intranet interface, the remote ASA firewall has been configured to see as Source IP

    the anyconnect IP address 192.168.10.1-100

     

    Best regards.

    A-Even

     

     

     

     

     

     

    DB:2.52:Impossible To Redirect Traffic From Outside To Intranet j7


    Hello,

    First of all traffic from the clients going to the Distant network will not need any sort of FW Access-List due to the sysopt connection permit-vpn.

     

    What you will need to do is:

    -If using any sort of split-tunneling make sure you allow the traffic to the distant network.

    -Make sure the devices behind the MPLS network know that in order for reach that VPN Anyconnect Pool of addresses they need to send the traffic to the ASA.

    -Make sure the NoNat Rule on the ASA includes traffic from the distant Interface to the VPN Anyconnect Pool.

    -If any ACL on the Intranet interface, allow the traffic that will be generated from the distant network.

     

    Does it make sense?

     

    Jcarvaja,

    Remember to rate all of the helpful posts!!!!

  • RELEVANCY SCORE 2.51

    DB:2.51:Server 2012 Remote Desktop Error When Certain Thin Clients Connect To Server 2012 Rds: The Windows Schannel Error State Is 10. 3k



    We have a RDS server running Server 2012 Standard, with approx 40 thin clients that connect to it to run a legacy 32-bit line of business application.

    Now, some of the thin clients receive an error when they connect Remote Desktop disconnectedbecauseof a securityerror. The client cannot to the remote computer. verify you are logged on the network and try connecting again

    The serer also logs A fatal alert was generated and sent to the remote endpoint. This may result in termination of theconnection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

    History:
    The server was deployed around April 1, and the thin clients (all makes and models) have been connecting successfully since then.

    When the server was deployed, it did not have a license server activated, nor were RDS cals installed. We werereceiving the balloon error message No Remote Desktop license server is specified..Remote Desktop Services will stopworking
    in xx days if a license server is not specified.... This was expected.

    On April 24, we went to the Server Manager-Remote Desktop Services and added the RD Licensing Role to the RDS serveritself. We then installed 55 RDS cals via volume license.

    Until Apr 27, I don't think any clients disconnected and reconnected. On April 27, when an thin client disconnectedand reconnected, they received Remote Desktop disconnected becuase of a security error. The client cannot to theremote
    computer. verify you are logged on the network and try connecting again

    Details:
    Wyse C10LE WTOS, which uses Winterm O/S, WILL connect
    HP T5520CE, which uses WinCE, WILL NOT connect
    Wyse X150SE, which uses WinCE, WILL NOT connect
    Wyse WT3125SE, which uses WinCE, WILL NOT connect
    Windows 7 clients, Windows 8 clients, and a test Windows XP client WILL connect.

    We don't use an RD Gateway server.

    What we've tried:

    On System Properties-Remote Tab, we have un-checked the Allow connections only from computers running Remote Desktopwith Network Level Authentication (recommended). Problem continues.

    At Server Manager\Remote Desktop Services\Collections\[server]\Properties-Tasks-Edit Properties, we set the SecurityLayer to RDP Security Layer, instead of Negotiate (to try and remove TLS/SSL from the environment) Problem continued.

    DB:2.51:Server 2012 Remote Desktop Error When Certain Thin Clients Connect To Server 2012 Rds: The Windows Schannel Error State Is 10. 3k

    Microsoft confirmed that only RDP 6 and later is supported with Server 2012.

    RDP 5.x clients cannot connect, except as follows:

    RDP 5.x clients CAN connect if no license server is activated. In this case, Server 2012 RDS does not issue any license to the client, and allows the client to connect at a low encryption level, 512 bits.

    However, when a RDS license server is activated, a higher level of encryption is required (2048 bits) and RDP 5.x cannot support this level of encryption. Therefore, the RDP 5.x client can no longer connect.

    We paid for a support call and confirmed this with the tech.

  • RELEVANCY SCORE 2.51

    DB:2.51:Unexpected Security Identity Propagation Switch jf



    Environment:JBoss 4.0.2Problem Definition:I have a web application utilizing JAAS (form based authentication, DatabaseServerLoginModule), Struts, Session Beans and Entity Beans. This configuration is working successfully, but I have noticed an unexpected switch in the Principal that is associated with the EJB invocation layer when more than one call to a session bean is made from the web tier (Struts Action) within one request.Permissions Security IdentityWeb Tier - User Credentials
    - id=joe- password=pw- role=administratorRole

    DB:2.51:Unexpected Security Identity Propagation Switch jf


    Hi,I have a similar problem with jboss-4.0.5.GA: Calling stateless session bean 2 from stateless session bean 1 using 'runAs' makes me loose the caller principal. It changes to 'anonymous'.I filed the follwing bug report http://jira.jboss.com/jira/browse/JBAS-3945 which contains a test case to re-produce the error.Regards,Stefan

  • RELEVANCY SCORE 2.51

    DB:2.51:Root Ntfs Permission Modification : Dfs-R Is Very Slow k3


    Hello,
    I change ntfs file permission in a whole share (very big one) with permission propagation, but the security replication is very slow and i got a very big holding queue.
    Is there a way to get better performance, as we only change the file attribute, and it could be dynamically change by destination as the security inherit from the parent folder

    DB:2.51:Root Ntfs Permission Modification : Dfs-R Is Very Slow k3

    See this article:
    http://technet.microsoft.com/en-us/library/cc773238(WS.10).aspx#BKMK_074
    Does DFS Replication replicate updated permissions on a file or folder?

    Yes. DFS Replication replicates permission changes for files and folders. Only the part of the file associated with the Access Control List (ACL) is replicated, although
    DFS Replication must still read the entire file into the staging area.
    Note:
    Changing ACLs on a large number of files can have an impact on replication performance. However, when using RDC, the amount of data transferred is proportionate to the size of the ACLs, not the size of the entire file. The amount of disk traffic is still proportional
    to the size of the files because the files must be read to and from the staging folder.
    So it is a designed behaviour. You can test to workaround this with using a script running on each server when changing permissions on a large number of files, or change the root folder first, and check the inherit on each server to avoid repication.TechNet Subscriber Support in forum |If you have any feedback on our support, please contact tnmff@microsoft.com.

  • RELEVANCY SCORE 2.51

    DB:2.51:Remedy Incidents Are Not Generated By Propagating A Ibrsd From Bem? zj



    Requires the ability to automatically generate Remedy Incidents from BEM, but after x time for different platforms, for which they set up a timer, which when the time comes Sets a variable to YES, which functions normally, updating the variable to YES then x seconds, after which it must generate the incident, but the incident is never generated.

    I tested Remote Policy Action (Trigger Remedy), with propagation to IBRSD Policy, and propagation rules, but the impact is not generated.

    In the case where the ticket is sent manually works perfectly, and the automatic generation sent to both receive the event (without Timer), also generates the incident normally.

    Requires the ability to automatically generate Remedy Incidents from BEM, but after x time for different platforms, for which they set up a timer, which when the time comes Sets a variable to YES, which functions normally, updating the variable to YES then x seconds, after which it must generate the incident, but the incident is never generated.I tested Remote Policy Action (Trigger Remedy), with propagation to IBRSD Policy, and propagation rules, but the impact is not generated.In the case where the ticket is sent manually works perfectly, and the automatic generation sent to both receive the event (without Timer), also generates the incident normally.

    DB:2.51:Remedy Incidents Are Not Generated By Propagating A Ibrsd From Bem? zj


    Another option is to create "daytime" and "nighttime" timeframes, and use the tf_active() primitive to evaluate which timeframe is active.

    A simple if statement or an extra line in the ECF for the propagation rule will ensure that you only propagate the events to IBRSD if the correct timeframe is active.

    For example:

    propagate send_to_remedy: EVENT ($EV)

    where [$EV.status outside [CLOSED, BLACKOUT] AND

    tf_active(daytime) ]

    to IBRSD when $EV.variable == YESEND

    (In this case, I'm looking for the daytime timeframe to be active)

    Carlos

  • RELEVANCY SCORE 2.51

    DB:2.51:Security Propagation From Servlet To Ejb ss



    Hi,

    I tried security propagation from a Servlet to an EJB. The bean is injected, the call to the EJB works. The servlet is secured, request.getRemoteUser() gives the correct user.

    But in the EJB I get

    callerPrincipal: anonymous

    Corresponding to the Java EE 6 tutorial, the user should be propagated by default:

    "By default, the identity of the caller of the intermediate component is propagated to the target enterprise bean"

    http://docs.oracle.com/javaee/6/tutorial/doc/bnbyl.html#bnbyr

    How do you make that work with JBoss 7.1 ?

    Thanks,

    Juergen

    DB:2.51:Security Propagation From Servlet To Ejb ss


    The bean method is secured, with @RolesAllowed

    Also the bean has a

    jboss-ejb3.xml

    with

    assembly-descriptor

    sec:security

    ejb-name*/ejb-name

    sec:security-domainother/sec:security-domain

    /sec:security

    /assembly-descriptor

  • RELEVANCY SCORE 2.51

    DB:2.51:Exception Propagation Using Http Servlet Transport On 1.4.4 fs



    There's a bug in ServletServerInvoker in 1.4.4 version of remoting.'processRequest' methods do not support propagation of exceptions to remote clients.This code:

    try
    {
    // call transport on the subclass, get the result to handback
    invocationResponse = invoke(invocationRequest);
    }
    catch(Throwable ex)
    {
    log.debug("Error thrown calling invoke on server invoker.", ex);
    invocationResponse = ex;
    isError = true;
    }

    //Start with response code of 204 (no content), then if is a return from handler, change to 200 (ok)
    int status = 204;
    if(invocationResponse != null)
    {
    if(isError)
    {
    response.sendError(500, "Error occurred processing invocation request. ");
    }
    else
    {
    status = 200;
    }
    }

    DB:2.51:Exception Propagation Using Http Servlet Transport On 1.4.4 fs

    mbean code="org.jboss.remoting.transport.Connector"
    name="jboss.remoting:type=Connector,name=DefaultEjb3Connector,handler=ejb3"
    dependsjboss.aop:service=AspectDeployer/depends
    !--attribute name="InvokerLocator"
    servlet://${http.rmi.host}:${http.rmi.port}/servlet-invoker/ServerInvokerServlet
    /attribute--

    attribute name="Configuration"
    config

    invoker transport="servlet"
    attribute name="serverBindAddress"${http.rmi.host}/attribute
    attribute name="serverBindPort"${http.rmi.port}/attribute
    attribute name="path"servlet-invoker/ServerInvokerServlet/attribute
    attribute name="return-exception" isParam="true"true/attribute
    /invoker
    handlers
    handler subsystem="AOP"org.jboss.aspects.remoting.AOPRemotingInvocationHandler/handler
    /handlers
    /config
    /attribute
    /mbean

  • RELEVANCY SCORE 2.51

    DB:2.51:Status Change Propagation Between Mcells 7k



    Hi all, I am new to this communities. I have a question about status change propagation between mcells.

    I know there are some parms to control the propagation of mcells (like MessageBufferKeepWait and MessageBufferResendCount), I would like to know if the status propagation could be controlled by those parms.

    I have experienced a case like this,

    Event A was propagated from cell 1 to cell 2. Cell 2 was down when I close the event on cell1, it seems to me that the status propagation could not be propagated to cell 2 after it is up.

    Thanks in advance.

    DB:2.51:Status Change Propagation Between Mcells 7k


    Hi Steve, thanks for your advance, I would try it on our UAT environement. Thanks!

  • RELEVANCY SCORE 2.51

    DB:2.51:Queue_To_Queue Propagation 89


    Hi all,

    I read about Oracle recommendation to use queue_to_queue propagation from 10g R2 up. I use 10.2.0.3 no other patch.

    When I use DBMS_STREAMS_ADM.add_global_propagation_rules to create my propagation rule with queue_to_queue = TRUE, the propagation that gets creates appears with QUEUE_TO_QUEUE = 'FALSE' in DBA_PROPAGATION.

    Does anybody has seen this and have a clue of how to fix it?

    Regards,
    Jocelyn

    DB:2.51:Queue_To_Queue Propagation 89

    Hello Jocelyn,

    This could be bug +5116197+.

    Metalink Note: 363496.1

    Regards, Shiju

  • RELEVANCY SCORE 2.50

    DB:2.50:[Er] Partial Submit (Ppr) Propagation From Region To Parent kj


    Hi!

    I would suggest to enable propagation of partial submits (PPR trigers) from Regions to parent page. New Parent Action element in taskflows enables propagation of navigation actions so similar propagation of PPR should be very neat feature.

    Regards,

    PaKo

    DB:2.50:[Er] Partial Submit (Ppr) Propagation From Region To Parent kj

    Pako,

    I agree that the event subscription mechanism should be improved and simplified and I already spoke with the developers about that.

    We cannot fully automate this because regions (or the taskflows herein) are independent containers that cannot be bound to the parent page. On the other side though we should be able to solve the complexity

    Frank

  • RELEVANCY SCORE 2.50

    DB:2.50:Mailservice Open For Remote Clients pc



    Hi,is it possible for remote clients to use the mailservice as configured in Jboss ? I don't find a way to make the mailservice available via jndi. It only works for clients inside JBoss.Is it maybe a security issue ?Thanks,Henk

    DB:2.50:Mailservice Open For Remote Clients pc


    Hi,is it possible for remote clients to use the mailservice as configured in Jboss ? I don't find a way to make the mailservice available via jndi. It only works for clients inside JBoss.Is it maybe a security issue ?Thanks,Henk

  • RELEVANCY SCORE 2.50

    DB:2.50:Java/Wls Security Context Propagation 8c


    Does anyone know of some good documentation on Java/WLS security context propagation between different JVMs?

    --
    p
    Hussein Badakhchani/br
    London Middleware
    /p

    --
    Edited by hoos at 01/04/2007 9:01 AM

    DB:2.50:Java/Wls Security Context Propagation 8c

    Raja,

    To be a bit more specific, I want to know if it is possible to disable/configure security context propagation to different remote JVMs and if it is possible some examples of how it is done.

    --
    p
    Hussein Badakhchani
    London Middleware
    /p

  • RELEVANCY SCORE 2.50

    DB:2.50:Remote Wireless Clients - Local Network Communication 8a



    I have several Cisco 1130ag AP's at remote offices and a 4402 controller at our Corporate location. Does anyone know what happens to the wireless clients when connectivity between the two sites is down? Do the wireless clients get a local IP address instead of a IP address from our Corporate DHCP server. Non wireless clients at our remote offices currently use DHCP.

    DB:2.50:Remote Wireless Clients - Local Network Communication 8a


    If connectivity back to the controller is down, then the AP's would also be down.

    If you use H-REAP, then you would have the ability to configure a local SSID and specify a local DHCP server to use locally until the connection was again brought back up. Then the AP would automatically see the controller and switch back to using the controller and it's settings.

    Doc on H-REAP: http://www.cisco.com/en/US/products/ps6521/products_tech_note09186a0080736123.shtml

  • RELEVANCY SCORE 2.50

    DB:2.50:Transactions Over Iiop? da


    Hi,

    I read in the e-docs that WLE does not support transactions over IIOP,
    because "the requirement for transaction propagation from the client is
    in question".

    There is the OTS (currently, we are talking about version 1.2) out for
    quite a while. Why exactly are transactions not supported? Will there be
    an OTS conformant implementation in WLE in the near future?

    My source is
    http://e-docs.bea.com/wls/docs61/rmi_iiop/API_rmi_iiop.html#1050737

    It says: "While RMI over IIOP does allow CORBA/IDL clients to access
    EJBeans, the following services will not be available:
    * EJB transaction services
    * EJB security services"

    Cheers,
    Marcus

    DB:2.50:Transactions Over Iiop? da

    Marcus Wittig marcus@xtradyne.de writes:

    I read in the e-docs that WLE does not support transactions over IIOP,
    because "the requirement for transaction propagation from the client
    is in question".

    There is the OTS (currently, we are talking about version 1.2) out for
    quite a while. Why exactly are transactions not supported? Will there
    be an OTS conformant implementation in WLE in the near future?You are referencing the WLS docs but refer to WLE, which is it you
    want?

    OTS will be supported in WLS 7.0. However, the JDK client does not
    support OTS, so client-demarcated transactions (as opposed to
    server-server) will still be problematic. We will almost certainly
    provide the explict OTS bindings for clients so that it can be used
    from C++ clients, however this is somewhat cumbersome for J2EE
    clients.

    andy

  • RELEVANCY SCORE 2.50

    DB:2.50:Ws-Security Propagation Between Two Composites. cd


    I'm using Oracle SOA Suite 11.1.1.4 and JDeveloper 11.1.1.4. I'm using BPEL 2.0 specification.

    I have composite A and composite B which are protected using wss_username_token_policy. In composite A I have BPEL component and external reference (Web Service Binding) to composite B. From BPEL in composite A I invoke composite B.

    How can I propagate security credentials from composite A to composite B? Any help is appreciated.

    DB:2.50:Ws-Security Propagation Between Two Composites. cd

    Thank you very much. Your link did not help. But SAML tokens - this is what I need.

  • RELEVANCY SCORE 2.50

    DB:2.50:Messages Not Cleared When Propagtion Is To Remote Queue c9


    When we setup propagation from a queue in one db to a queue in another messages are being propagated OK but they are not being removed from the source queue. If we change the propagation to the same DB and keep everything else the same it works fine. Anyone seen this before.

    DB:2.50:Messages Not Cleared When Propagtion Is To Remote Queue c9

    I have the same problem. The message is being moved to the destination database but the message is not visible for dequeing.

    When I enqueue a message locally, this is dequeued but the messages were propagated remain in READY state.

    I propagating from 8.1.7 to 9.2.0.1.

    This configuration worked for couple days but then I defined other queues and it stopped working.

    The message is being removed from the Source Database. The process is commiting the transaction in the source database.

    Any Ideas?

  • RELEVANCY SCORE 2.50

    DB:2.50:Aq Propagation zs


    Hello,

    We have the following situation :
    1- A message is put on queue A located in schema X by a third party application
    2- This message is propagated to queue B in schema Y in the same database. We defined the subscriber B on queue A and started the schedule propagation.
    3- The message needs then to be automatically propagated to queue C in schema Z on a remote database. We defined the subscriber C on queue B and scheduled the propagation.

    We want to avoid the fact that information is send directly from queue A to queue C.

    Point 1 and 2 are working fine but the messages are not propagated to queue C.
    However if we put a message on queue B manually it is send to queue C.

    Does anybody have a clue what's going wrong ?

    DB:2.50:Aq Propagation zs

    While propagating,

    1. The schema in the remote database should be added as a subscriber.

    BEGIN
    DBMS_AQADM.ADD_SUBSCRIBER(QUEUE_NAME = 'source_schema.source_queue',
    SUBSCRIBER = SYS.AQ$_AGENT('SOURCE_SCHEMA',
    remote_db_schema.destination_queue@database_link', NULL),
    QUEUE_TO_QUEUE = TRUE);
    END;

    2. If propagation is to a remote database, 'DESTINATION' parameter should be specified with the remote database link.

    BEGIN
    DBMS_AQADM.SCHEDULE_PROPAGATION
    (QUEUE_NAME = 'schema.source_queue',
    DESTINATION = 'remote_database_link',
    START_TIME = SYSDATE,
    LATENCY = 0,
    DESTINATION_QUEUE = 'remote_database_schema.destination queue');
    END;

    Merz.

    Let me know if you need any clarification.