Quantcast
Channel: Micro Focus Forums
Viewing all 11924 articles
Browse latest View live

Request from SP is from an untrusted provider

August 4, 2016, 10:07 am
$
0
0
Hello ,

We've been trying to configure SSO with NAM as IDP and another aplication using Tomcat+Shibboleth as SP.
After we see initial log screen and we try to log we see the following message in catalina.out:

<amLogEntry> 2016-08-04T13:09:25Z WARNING NIDS SAML2: Entity Provider not found with the provider id as https://embr-dev.ptcmanaged.com/WebUI/ </amLogEntry>
Warning: Invalid resource key: Request was from an untrusted provider. No prefix!

I am not a NAM specialist, but we've already checked in NAM and the entity ID is set as a trusted provider.
I suspect NAM is not being able to identify the SP when the AuthnRequest comes.

Here's the authentication request that is being sent from SP->IdP
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceURL="https://embr-dev.ptcmanaged.com/Shibboleth.sso/SAML2/POST" Destination="https://idsqas.embraer.com.br/nidp/saml2/sso" ID="_3f6ac8806d0c603d4e66e6bac7b163e8" IssueInstant="2016-08-04T13:36:42Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindi ngs:HTTP-POST" Version="2.0"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" >https://embr-dev.ptcmanaged.com/WebUI/</saml:Issuer><samlp:NameIDPolicy AllowCreate="1"/></samlp:AuthnRequest>

I wonder if the issuer element is not matching with NAM and then NAM refuses the request because does not know the issuer?
Can you please confirm where this Issuer element should be entered in NAM side?

Thanks
Search

Question about case-insensitive XPATH match

August 4, 2016, 12:08 pm
$
0
0
Is it possible to have case-insensitive XPATH selector?
Number of attribute names defined in GCV.
Policy make query to eDir and receive back doc with number of attributes.

$current-node="cn"

When I put "filter" [@attr-name="CN"] it return right value.
When I put "filter" to the variable [@attr-name=$current-node], it return nothing.

$current-node="cn" and case-sensitive matching didn't work in this case. Attribute name is CN.
For another attributes can be combination of lower and uppercase characters (depend from attribute name definition in eDir).

I'm looking for case-insensitive XPATH match, that will work (potentially) for Cn/cN/cn/CN in this case, but really can take attribute name from Var and make case-insensitive XPATH match.


Quote:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product version="?.?.?.?">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query class-name="User" dest-dn="\TREE\gc\Staff\aauser" dest-entry-id="1975319" scope="entry">
<read-attr attr-name="cn"/>
</query>
</input>
</nds>
ReportND : Query from policy result
ReportND :
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product version="?.?.?.?">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<instance class-name="User" qualified-src-dn="O=gc\OU=Staff\CN=aauser" src-dn="\TREE\gc\Staff\aauser" src-entry-id="1975319">
<attr attr-name="workforceID">
<value timestamp="1453738898#53" type="string">XXX</value>
</attr>
<attr attr-name="CN">
<value naming="true" timestamp="1453738898#9" type="string">aauser</value>
</attr>
</instance>
</output>
</nds>
ReportND : Token Value: {<value> @naming = "true" @timestamp = "1453738898#9" @type = "string"}.
ReportND : Arg Value: {<value> @naming = "true" @timestamp = "1453738898#9" @type = "string"}.
ReportND : Action: do-set-local-variable("lvCurrentValue",scope="policy",token-xpath("$lvCurrentValueNS/../value")).
ReportND : arg-string(token-xpath("$lvCurrentValueNS/../value"))
ReportND : token-xpath("$lvCurrentValueNS/../value")
ReportND : Token Value: "aauser".
ReportND : Arg Value: "aauser".
ReportND : Action: do-set-local-variable("lvCurrentValue",scope="policy",token-xpath("$lvCurrentValueNS/../../attr[@attr-name="CN"]/value")).
ReportND : arg-string(token-xpath("$lvCurrentValueNS/../../attr[@attr-name="CN"]/value"))
ReportND : token-xpath("$lvCurrentValueNS/../../attr[@attr-name="CN"]/value")
ReportND : Token Value: aauser".
ReportND : Arg Value: "aauser".
ReportND : Action: do-set-local-variable("lvCurrentValue",scope="policy",token-xpath("$lvCurrentValueNS/../../attr[@attr-name=$current-node]/value")).
ReportND : arg-string(token-xpath("$lvCurrentValueNS/../../attr[@attr-name=$current-node]/value"))
ReportND : token-xpath("$lvCurrentValueNS/../../attr[@attr-name=$current-node]/value")
ReportND : Token Value: "".
ReportND : Arg Value: "".
ReportND : Action: do-if().
ReportND : Evaluating conditions.

Any reason to keep any of the GroupWise objects in iManager?

August 4, 2016, 2:35 pm
$
0
0
Is there any reason to keep any of the GroupWise that show up in iManager if we've moved to GroupWise 2014?
In particular, distribution list objects and resource objects.

Although we use LDAP synchronization for users, none of our eDirectory network groups have a counterpart in GroupWise.

Custom banner images not showing up in Chrome

August 4, 2016, 4:45 pm
$
0
0
We upgraded to ver 7.2 and uploaded new custom images for our banners. The images show up perfectly in all browsers (Firefox, IE, Safari) except for Chrome. The login page image shows up for Chrome, but nothing else after you login. Has anyone else seen this? Any suggestions? We've done all the obvious things - clear cache, new profile, etc.

Regards,
Aaron.

Can i assign restrict size for multiple folders?

August 5, 2016, 12:52 am
$
0
0
Hi,

I have migrated files and folders from NetWare6.5 to OES11 SP2 and I have to change restrict size on folder from 300 MB to 2 GB for all users, But in iManager I cant select and edit multiple folders. Can i edit multiple folders?

BTW, How can i attach pictures?

iPrint Appliance iPrint 2.1 - Printer Profiles not working

August 5, 2016, 6:24 am
$
0
0
I upgraded from iPrint 2.0 to iPrint 2.1 and had also recently changed out some older copier/mfp's that require print profiles to help the end user setup. The first thing I noticed is that the older profiles are not listed on the driver page for the print drivers. No big deal at first since I was going to recreate the profile for the new Kyocera MFP anyway. I went through the process of configuring the Profile, it even stated it was created successfully. Yet the profile never shows up. This would be for Windows 7 x64 and Windows 8/8.1/10.

I am guessing that I have a config file stuck or something that might be easily fixed. Anyone have an idea what I might check to get this working?

Thanks

Richard

Mobile Printing - Pending-Hold?

August 5, 2016, 6:30 am
$
0
0
I am setting up the mobile printing for iPrint 2.1 and am finding that the print job from my iPhone reaches the print queue from the app but sits in the queue for about 30 seconds with the status of Pending-Hold then is removed. The test job never reaches the printer. I don't have the walkup print function configured so don't think it is that. Am I missing a setting that is preventing the print job from processing?

Richard

ERROR "web.xml inconsistent" after upgrade to SP4

August 8, 2016, 1:55 am
$
0
0
Hi!
ZCM 11.3.2 VA upgrade to SP4 (~ 11.4.2). Two separate systems. One primary. On one upgraded 11.3.2 to 11.4.0 and then to 11.4.1 and then to 11.4.2. More-less ok. On another had a few difficulties, described https://forums.novell.com/showthread...server-restart and https://forums.novell.com/showthread...rver-not-found. But, both system is up and running and ... seems to be ok. Did run ZDC and on both systems I see in "systemfiles report" exactly same ERROR ...

File '/opt/novell/zenworks/share/tomcat/conf/web.xml' is inconsistent!!!
Size: expected = 168230, actual = 167663
Checksum: expected = 3f733eeb, actual = 3416a3d6
NoSpaceChecksum: expected = 3a1d232, actual = a712398d
Owner: expected = zenworks, actual = zenworks
Group: expected = zenworks, actual = zenworks
Package name: expected = novell-zenworks-tomcat-7.0.68-1, actual = novell-zenworks-tomcat-7.0.68-1

No other errors.
Something I should be worried about?
More thanks, Alar.
Search

ZCC - Administrators - Report Rights Missing

August 8, 2016, 5:10 am
$
0
0
Hi everybody,
we decided to reduce the number of Super Admins in our Zenworks Environment and give them only the rights they need.
Now one of them wanted to create a Report, so I would give him the rights.
But I can't give it to him, because the option for Reports is completely missing!!

Our environment:
ZCM 11.4.2 on four primaries (Win2k8 R2)
External SQL DB
No Reporting Server!!

Has anyone an idea to get the option?!

BR

Migrate GW 14 on SLES to Windows Server

August 8, 2016, 7:19 am
$
0
0
Hi All
I am planning to migrate my current install of Groupwise 2014 running on SLES to Windows server 2012. (And upgrade to R2 with Mobility at the same time)
I cannot find any documentation, procedures or best practices for migrating GW to Windows from SLES

This is a new system/environment for me -- I have inherited this system and I'm very much of a beginner with SLES/GW.
This is a small install with <50 users and a single GW server.

If someone could point me in the right direction to find resources on this, I'd be grateful. If someone has done a similar migration and could provide a basic roadmap and any tips/tricks you learned, that would be great as well!

Regards,
Jim

Silly Question?

August 8, 2016, 12:38 pm
$
0
0
The Novell patch site for GroupWise is confusing. I have GroupWise 2014 R2 HP1 installed. I notice that on the patch site that this version is also listed in parentheses as 14.2.0.1 and that there are also patches available for 14.2.0 and 14.2.1 (GroupWise 2014 R2 SP1). My assumption is that the normal progression of versions for GroupWise 2014 R2 was 14.2.0 to 14.2.0.1 (GW2014 R2 HP1) to 14.2.1 (GW2014 R2 SP1). If you look at the patch pages, it does not indicate that 14.2.0.1 supercedes 14.2.0 or is superceded by 14.2.1 - am I missing something?

thanks
-L

Client for OES 2 SP4 (IR3) Certificate Silent Install Issue

August 9, 2016, 2:56 am
$
0
0
Hi,

I want to upgrade to the new Client for OES 2 SP4 (IR3). Usually I import the Novell certificate (now Microfocus certificate) to "Trusted Publishers" and set up the client for a silent install, but the OES client doesn't install silently as it requires someone to check a box to allow the installation (security warning for opening the C:\Setup\novell_client\acu.exe). I installed the hotfix from here https://support.microsoft.com/en-us/kb/2921916, but it still doesn't install silently.


This is my Install.ini:
; Novell Client Install INI File
;
; VeRsIoN=v2.0 Novell Client Install - Control INI
; CoPyRiGhT=Copyright 2009, by Novell, Inc. All rights reserved.

[NovellClient]
MajorInternalVersion=
MinorInternalVersion=
NovellClientPropertiesFile=NovellClientProperties. txt

[Setup]
DisplayLanguageSelection=No
DefaultLanguageSelection=WINDOWS
DisplayLicenseAgreement=No
DisplayInitialDialog=No
DisplayBackground=No
CreateSystemRestorePoint=No
InstallNMAS=Yes
InstallNICI=Yes
ForceReboot=No
DisplayRebootDialog=No

[ACU]
DisplayUpgradeDialog=No
Message=

[UpdateAgent]
Disabled=No
DisplayUpdateDialog=No
DisplayUpdateLocation=No
ApplyNovellClientPropertiesFile=Yes
Message=


And this is my NovellClientProperties.txt:
[Novell_Client_Install_Manager]
Novell_Client=VISTA
Version=5.1.3
[NovellLoginProfiles]
!Profile_List1=Default
!Profile_List_Distribute=Replace
!LoginProfilesDWOff0="Default","Save On Exit"
!LoginProfilesSZ0="Default","Tab","Credentials"
!LoginProfilesDWOn0="Default","Password Enable"
!LoginProfilesSZ1="Default\Tab1","Tab","NDS"
!LoginProfilesSZ2="Default\Tab1","Server","f11-lmuf11-1.fak11.lmu.de"
!LoginProfilesSZ3="Default\Tab1","Context","USERS. FAK11"
!LoginProfilesSZ4="Default\Tab1","Tree","LMU-F11"
!LoginProfilesDWOff1="Default\Tab1","Use DHCP Tree"
!LoginProfilesDWOff2="Default\Tab1","Use DHCP Context"
!LoginProfilesDWOff3="Default\Tab1","Use DHCP Server"
!LoginProfilesDWOff4="Default\Tab1","Clear Connections"
!LoginProfilesSZ5="Default\Tab2","Tab","Script"
!LoginProfilesDWOn1="Default\Tab2","Login Script"
!LoginProfilesDWOn2="Default\Tab2","Display Results"
!LoginProfilesDWOn3="Default\Tab2","Close Results"
!LoginProfilesSZ6="Default\Tab3","Tab","Windows"
!LoginProfilesSZ7="Default\Tab4","Tab","NMAS"
!LoginProfilesDWOff5="Default\Tab4","Display Clearance"
!LoginProfilesSZ8="Default\Tab5","Tab","EAP"
!LoginProfilesDWOff6="Default\Tab5","Enable EAP"
!LoginProfilesDWOff7="Default\Tab5","InitialLogonO nlyAuth"
!LoginProfilesDWOff8="Default\Tab5","AppenDomainTo User"
!LoginProfilesCount=9,4,9
[NovellClientParameters]
!Computer_Only_Logon_Default=Never
!Computer_Only_Logon_Default_Distribute=Always
!CompatibleRUPSecurity=YES
!CompatibleRUPSecurity_Distribute=Always
!Dots_in_Name=YES
!Dots_in_Name_Distribute=Always
!Show_Forgotten_Password_Prompt=NO
!Show_Forgotten_Password_Prompt_Distribute=Always
!Default_Tile_Bitmap="C:\windows\lmu.bmp"
!Default_Tile_Bitmap_Distribute=Always
!Login_Banner_Bitmap="C:\windows\lmu.bmp"
!Login_Banner_Bitmap_Distribute=Always
!Use_NMAS_for_Windows_Logon_Default=Always
!Use_NMAS_for_Windows_Logon_Default_Distribute=Alw ays
!Change_Password=OFF
!Change_Password_Distribute=Always


Can somebody help me please?


Thank you in advance!

Tobias

Eclipse: Connection to Sentinel Error: Class not found

August 9, 2016, 4:05 am
$
0
0
Hi,
Just want to add the connection from Eclipse 4.6 to the sentinelserver 7.4.2.
Added all passwords into the field and proceed.
All jars are ok, but the test of the connection fails:

[scp] Receiving file: /var/opt/novell/sentinel/3rdparty/jetty/webapps/ROOT/siemdownloads/auth.login
[scp] Receiving: auth.login : 779
[scp] File transfer time: 0,01 Average Rate: 77.900,0 B/s
[scp] done
[echo] Performing connection test...please wait...
[echo] (This test will take approximately 1 minute... But may take up to 5 minutes if the test fails with a connection timeout.)
[java] Java Result: 1
[echo] Fehler: Hauptklasse com.novell.reports.jasper.data.event.ConnectionChe ck konnte nicht gefunden oder geladen werden
[echo] ERROR: Unable to successfully create a connection to 10.128.36.43. Return code: 1

The class " com.novell.reports.jasper.data.event.ConnectionChe ck " could not be found.
How to add and fix this?

GMS attachments - relocate to new volume

August 9, 2016, 4:30 am
$
0
0
We are running out of disk space. The server is a virtual and we can add disk with vsphere easy enough, but re-sizing the existing volume is not working. the volume is "busy" - - it is the only volume.

Is there any way to move (relocate) the attachments to a new volume ?

Problems with sample script REQUIRE LOGIN PASSWORD

August 9, 2016, 6:40 am
$
0
0
Hi there,
I am using this script with de command su and su - , the problem is that even if I write a wrong password, the command su runs, and give me the root session, can u help me?

Thanks
Search

c022 error in POA for userxxx.db

August 9, 2016, 6:48 am
$
0
0
I have a user for about two weeks now has had intermittent issues with her mailbox.

When trying to send to the user, the recipient gets a bounce back

Database error on dictionary access
Error = D004

The POA logs it shows this:
09:15:47 A40B The database function 53 reported error [C022] on user2o8.db
09:15:47 A40B Error: Data in the database is invalid [C022] User:hyxxxx (hyxxx)
09:15:47 A40B The database function 57 reported error [C022] on user2o8.db
09:15:47 9AC6 Database rebuild caused by error: [C022]
09:15:57 A40B The database function 53 reported error [C022] on user2o8.db
09:15:57 A40B Error: Data in the database is invalid [C022] User:hyxxx (hyxxx)
09:15:57 A40B The database function 57 reported error [C022] on user2o8.db
09:16:02 9AC6 Database rebuild caused by error: [C022]

I ran a gwcheck structure/index and contents. There were so many rebuild attempts I had to clear out all the old .dbX files out before it would run.
This is the what i am seeing in the contents:

Problem 34- Unrecognized record type 1547 in record 243
CODE DESCRIPTION COUNT
---- -------------------------------------------------- -----
34 User database records found with unknown types..... 1

After running the gwchecks, I can send to this user again without the bounce backs.

But seeing as it happened a week ago (and I had to do a structural rebuild to get it working again) - I am assuming there is some sort of corruption in her db - any ideas what the best way is to fix this?

Offline or Synced Item Report

August 9, 2016, 10:36 am
$
0
0
Is there a place to find what files users have made available offline or have synced with their devices and if necessary unsync the file/folders?

What is happening is that I am suspecting rogue applications in my environment which seemingly at random cause various employee's Filr clients to start downloading random folders to their local machine. Since to the user it is appearing that they aren't doing anything, they aren't much help in identifying what program(s) are triggering Filr to download content, so I'm trying to figure out a way to figure out what might be causing this huge number of random files across the network to want to download so I can add it to the exclude list.

Thanks for any advice.

Setting up Service Desk with HTTPS

August 9, 2016, 10:47 am
$
0
0
I am currently setting up Micro Focus Service Desk 7.2 and so far, everything is going smoothly except for setting up HTTPS connections. I have only been able to find 2 sites with instructions on how to do this:

https://www.novell.com/communities/c...SL_Windows.pdf
https://jgiffard.wordpress.com/2012/...esk-installer/

I have never used the keytool before and both the articles are not 100% the same, as one mentions adding in a KeystorePass in the server.xml file and the other doesn't mention a password in the server.xml file. I just need to know how to allow Service Desk to accept HTTPS connections.

Force a hotfix to be installed

August 9, 2016, 11:15 am
$
0
0
I need to push out KB2921916 (always trust publisher) fix, before rolling out the latest Micro Focus client. Whats everyone's favorite method for forcing/ensuring a bundle gets installed ASAP? I plan on using the login script to run acu.exe to upgrade the client, though I guess I could use zenworks as well.

My plan is to run "wusa c:\hotfix-trustpub\windows6.1-kb2921916-x64.msu /norestart /quiet" (obviously changing C to something on the network). The hotfix requires a restart to work properly, but don't want to force users to restart immediately.

Using IdT?

August 9, 2016, 3:21 pm
$
0
0
If you're using IdT with the solution pack, here's something you'll want to consider.

The "Recent Activity" report covers a 2 week period which uses a RDD for getting it's information.

The problem is that, by default, the evt_rpt_xxx table is not partitioned. As a result, this table size can grow quite significantly. We had 200GB+ sizes just for this table even though I was manually vacuuming it every few weeks. The table doesn't appear to be captured in the automatic vacuum process that occurs within Sentinel.

This is caused by the way PostgreSQL uses the file system....it writes data which takes disk space, when it deletes data it doesn't release the space unless vacuum is run.

By Edit'ing the "RDD: [sentinel.identity.rdd] Identity Recent Activity" Data Synchronisation policy and enabling "Partition table:", when the data is no longer used it is actually deleted from disk. We now have 16 tables (1 table per day / 2 weeks + template table + 1 extra day) with a total size of 157GB with no vacuuming required.

NOTE: To enable Partitioning, the table has to be truncated, so you will loose the last 2 weeks until the table(s) is repopulated.
Viewing all 11924 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>