SBL-SEC-10002: Cannot perform the requested operation due to an invalid security context
pplies to:
Siebel System Software - Version: 7.8.2 [19213] and later [Release: V7 and later ]
z*OBSOLETE: Microsoft Windows 2000
Product Release: V7 (Enterprise)
Version: 7.8.2 [19213]
Database: Oracle 9.2.0.6
Application Server OS: Microsoft Windows 2000 Advanced Server SP 3
Database Server OS: Sun Solaris 2.7
This document was previously published as Siebel SR 38-2616526126.
Symptoms
SBL-UIF-00278, SBL-DAT-00254, SBL-SEC-10002Dear Siebel support,
If we login to our customized Siebel 7.8.2 Sales Enterprise
application with a user name that has a space in the end – e.g. "PHIEBL ", we receive the
attached error message (NonStandardError.jpg). If we login with a wrong user name – e.g.
"PHEIBL", we receive the standard error message on the login page (see
StandardError.jpg).
I could not find any information on this issue on the support web.
Please advice how to solve the issue.
Regards, Petra Hiebl
Cause
Change Request CR# 10504442
Solution
Message 1
For the benefit of other users:
Problem:
Entering username "USER " with tailing space leads to the following non standard error:
"The Web Engine has not been initialized property. Because:
Error Message Unavailable"
Resolution:
Change Request CR# 10504442 has been logged to adreess this Product Defect.
Steps to reproduce the behavior:
- create a new named subsystem ServerDataSrcEnc
- change param DSConnectString=ORA10G for named subsystem ServerDataSrcEnc
- change param DSChartImageFormat=png for named subsystem ServerDataSrcEnc
- change param DSChartServer=localhost:8001 for named subsystem ServerDataSrcEnc
- change param DSCaseInsensitiveFlg=True for named subsystem ServerDataSrcEnc
- change param DSHashAlgorithm=SIEBELHASH for named subsystem ServerDataSrcEnc
- change param DSHashUserPwd=True for named subsystem ServerDataSrcEnc
- create a new named subsystem DBSecAdptEnc
- change param DataSourceName=ServerDataSrcEnc for named subsystem DBSecAdptEnc
- change param SecAdptName=DBSecAdptEnc for comp SCCObjMgr_enu
- create a new Database user USER identified by <hashpassword>
where hashpassword is the hashed password of USER (that can be obtained
by running the hashpwd -a SIEBELHASH <clear text password of user
USER>
- Connect to the Application and enter "USER " with tailing space as userid
Thanks and Regards,
Applies to:
Siebel System Software - Version: 7.7.2.6 [18372] and later [Release: V7 and later ]
Oracle Solaris on SPARC (64-bit)
This document was previously published as Siebel SR 38-3098870703.
Symptoms
SBL-UIF-00272, SBL-DAT-00539, SBL-DAT-00700, SBL-SEC-10018, SBL-SEC-10001, SBL-SEC-10002, SBL-SEC-10006
Hello,
We are using the LDAPSecAdpt to authenticate against an
Active Directory server. When logging in with a wrong password on the
Siebel Field Service login page, we discovered that it would kick out
users, kill their Siebel sessions and give the following error:
The
server you are trying to access is either busy or experiencing
difficulties. Please close the Web browser, open a new browser window,
and try logging in again.[16:42:21]
Normally when logging in
with the wrong password, it would display an error message stating that
your User ID or Password is incorrect and allow you to retry.
Thanks!
Solution
Message 1
For the benefit of other readers:
Customer
started getting “Server Busy” error after applying 7.7.2.6 Fix Pack on
top of 7.7.2.3 whenever users type a wrong password in the login page
while using LDAP Security Adapter on Solaris platform to authenticate
end users against Microsoft Active Directory.
The following error messages can be found in the Application Object Manager log files:
(secmgr.cpp
(2340) err=7010006 sys=0) SBL-SEC-10006: The authentication system
cannot find the user with the specified username. Please check that you
have entered the username correctly or contact your system administrator
for assistance.
Login Status: Failed
(mainlgin.cpp (1436)) SBL-UIF-00272: The user ID or password that you entered is incorrect.
Please check the spelling and try again.
ldap_result(3abd060, 3, ..., 3475fc8) returns 97.
ldap_parse_result(..,
3475fc8, 49, 3512fb0, 80090308: LdapErr: DSID-0C09030B, comment:
AcceptSecurityContext error, data 52e, v893, 0, serverctrls, 1) returns
0.
[CONT 1/3...]
Message 2
[... CONT 2/3]
We
have configured the Siebel Dedicated Web Client to use ADSI Security
Adapter, and we got the following errors in the Dedicated Client log
files:
(IADs*)1d41a0->Get('userAccountControl') returns 8000500d.
SBL-DAT-00700: Unable to check flag 'Password never expires'.
User password status is 0.
SecurityLogin() return 3.
(secmgr.cpp (2288) err=7010018 sys=127) SBL-SEC-10018: Unable to check flag 'Password never expires'.(SBL-DAT-00700)
SecurityFreeCredentials(<?INT?>)
(secmgr.cpp
(2360) err=7010001 sys=0) SBL-SEC-10001: An internal error has occurred
within the authentication subsystem for the Siebel application. Please
contact your system administrator for assistance.
(secclnt.cpp (256)
err=7010002 sys=0) SBL-SEC-10002: Cannot perform the requested operation
due to an invalid security context. If you have already logged in,
please try to log in again or contact your system administrator for
assistance.
We found that this behavior was occurring because the
Application User did not have the required permissions on the directory
specified by Base DN parameter, as described in Bookshelf Version 7.7,
Rev. A (May 2005) > Security Guide for Siebel eBusiness Applications
> Chapter 6 – Security Adapter Authentication > Section Security
Adapter Deployment Options > Item Configuring the Application User.
[CONT 2/3...]
Message 3
[... CONT 3/3]
In
order to grant the necessary permissions, please have your AD
Administrator open Active Directory Users and Computers, right-click the
container specified by BaseDN parameter, and choose Delegate Control.
Add
the Application User, check name, and delegate at least “Create,
delete, and manage user accounts”, “Reset passwords on user accounts”
and “Read all user information” tasks.
In fact, if you right-click
the container, choose Properties, go to Security tab and click Advanced,
you should see the Application User with at least “Read All
Properties”, “Write All Properties”, “Create User Objects” and “Delete
User Objects” rights applied onto “This object and all its child
objects”.
The Security tab is only shown if you enable menu View > Advanced Features.
Application
Object Manager crashes have also been observed on other customers using
Group Policies on the Active Directory Server, after applying 7.7.2.6
Fix Pack on Solaris platform.
Please note that when running Siebel on
Solaris and using the LDAP Security Adapter to authenticate against
Microsoft Active Directory, account policies such as password expiration
are not supported.
For further details, please refer to Technical
Note 596: Configuring Siebel Applications on Solaris Implementations To
Authenticate Against Microsoft Active Directory.
In this case, please ensure Password Never Expires is set for all users on ADS.
Thank you,
Applies to:
Siebel System Software - Version: 7.7.2 [18325] and later [Release: V7 and later ]
z*OBSOLETE: Microsoft Windows Server 2003
Product Release: V7 (Enterprise)
Version: 7.7.2 [18325]
Database: IBM DB2 7.1 FixPack 5se
Application Server OS: Microsoft Windows 2003 Server
Database Server OS: IBM AIX 5L 5.2
This document was previously published as Siebel SR 38-1874173270.
Symptoms
SBL-DAT-00446, SBL-DAT-00468Hi,
I have successfully ran the Siebel 77 Db Install and found no errors in the log files,
but I can not access the application with the Siebel 77 client or Siebel 77 tools.
When I
start tools I get the error message:
-No records exist for the current
query.(SBL-DAT-00468)
The fat Client returns -. The user ID or password that you entered
is incorrect. Please check the spelling and try again.
I can connect fine using DB2 CAE or
WINSQL.
I will attach the Install logs ... when I get some time.
Cause
Configuration/ Setup
Solution
Message 1
For the benefit of others:
Description:
New 7.7 database server was installed but neither Tools nor Dedicated Client can login.
Accessing Tools displays the message:
No records exist for the current query.(SBL-DAT-00468)
In the \web client\log\siebel.log we see the following errors:
7.7.2 [18325] ENU
GenericLog GenericError 1 0 2005-03-30
09:21:08 (secclnt.cpp (256) err=7010002 sys=0) SBL-SEC-10002: Cannot
perform the requested operation due to an invalid security context. If
you have already logged in, please try to log in again or contact your
system administrator for assistance.
DBCLog DBCLogError 1 0 2005-03-30 09:21:08 SQLDriverConnect: DSN=kagpro, UID=sadmin
ObjMgrLog Error 1 0 2005-03-30 09:21:08 (clicon.cpp
(3383)) SBL-DAT-00446: You have entered an invalid set of logon
parameters. Please type in your logon parameters again.
DBCLog DBCLogError 1 0 2005-03-30 09:21:08 SQLError:
sqlstate 08001: [IBM][CLI Driver] SQL30082N Attempt to establish
connection failed with security reason "24" ("USERNAME AND/OR PASSWORD
INVALID"). SQLSTATE=08001
GenericLog GenericError 1 0 2005-03-30
09:21:08 (secmgr.cpp (2265) err=7010018 sys=0) SBL-SEC-10018: You
have entered an invalid set of logon parameters. Please type in your
logon parameters again.(SBL-DAT-00446)
[IBM][CLI Driver] SQL30082N Attempt to establish connection failed with
security reason "24" ("USERNAME AND/OR PASSWORD INVALID").
SQLSTATE=08001
(cont)
Message 2
(cont)
Resolution:
Customer realized the pre-installation task of running GRANTUSR.SQL had not been run prior.
Applies to:
Siebel Workflow - Version: 7.7.1 [18306] to 8.1.1 [21112] - Release: V7 to V8
z*OBSOLETE: Microsoft Windows Server 2003
Product Release: V7 (Enterprise)
This document was previously published as Siebel SR 38-1436351351.
Symptoms
Customer would like to use the Workflow Simulator, when I press the start button (in tools) I get the following message:
"Failed to start debug client Siebel.exe!"
However, when I press F5 the application does start. Changing the
application from field service to call center does not resolve the
issue. I have made changes to the configuration in order to ensure that
the page tabs are added to the application and that the tasks applet
that is shown in the call center application is also shown in the field
service home page, all without any result.
In the tools logs there is no reference to this behaviour. In the client
log directory the following entries are made in the files siebel.log
and twsiebellog.txt:
Siebel.log:
2021 2004-08-09 14:57:39 2004-08-09 16:58:12 +0200 00000007 001 003f
0001 09 siebel 1148 1192 C:\sea77\webclient\log\siebel.log 7.7.1 [18306]
ENU
ObjMgrLog Error 1 0 2004-08-09
14:57:39 (cthd.cpp (3017)) SBL-UIF-00335: We are unable to process
your request. This is most likely because you used the browser BACK or
REFRESH button to get to this point.
GenericLog GenericError 1 0 2004-08-09
15:12:09 (secclnt.cpp (256) err=7010002 sys=2) SBL-SEC-10002: Cannot
perform the requested operation due to an invalid security context. If
you have already logged in, please try to log in again or contact your
system administrator for assistance.
ObjMgrMiscLog Error 1 0 2004-08-09
15:16:19 (busobj.cpp (1304)) SBL-DAT-00222: An error has occurred
creating business component 'Admin SEA Application' used by business
object 'View Access'.
Please ask your systems administrator to check your application configuration.
Cause
Problem was solved by putting C:\sea77\web client\BIN\siebel.exe in the
View -> Options -> Debug tab in Siebel Tools instead of only
siebel.exe as it is default.
Solution
From twsiebellog.txt:
16:58:05 New session 73 from 172.18.30.66.
16:58:05 Session 65 closed by client.
16:58:05 Session 67 closed by client.
16:58:05 Session 69 closed by client.
16:58:05 Session 70 closed by client.
16:58:05 Session 71 closed by client.
16:58:05 Session 72 closed by client.
16:58:05 Request 73-1 POST "/start.swe" status 200.
16:58:09 Request 73-2 GET "/start.swe" status 200.
16:58:09 Session 73 closed by client.
16:58:10 Shutdown at Mon, 09 Aug 2004.
Here are the steps to simulate from Siebel Tools:
- Set up Debug environment to connect to Call Center as SADMIN with
ServerDataSrc. For more information on setting up Debug environment for
Siebel Tools, refer to "Tutorial: Using Process Designer in Siebel
Tools"Siebel Business Process Framework: Workflow Guide.
- Choose the workflow process, right click and choose Simulate.
- Click on Start button, which starts the Call Center application and
navigate to 'Workflow Simulator Wait View'. And it is waiting.
- Go back to Tools, it already moved from Start step to the next step which is highlighted, meaning it is the current step.
- Right click and choose Watch Window to see Process Properties in detail.
- Click on Next step button which moves to the End step, Watch Window shows the current step is End step.
- Click on Next step again, gets a pop-up saying the "Simulation
Terminated! Please check watch window for detail." Click on OK. This
terminates the application.
- The Simulator is still in effect, to stop it right click and choose Stop which terminates the Simulator completely.
After this, relogin to Call Center, and navigate to "Administration -
Business Process" > Workflow Instance Monitor. Over there, every
Simulator session creates one record.
Please refer -
Siebel Business Process Framework: Workflow Guide > Architecture of a
Workflow Process > About the Architecture of a Workflow Process >Simulation Architecture of a Workflow Process
תגובות
הוסף רשומת תגובה