Hi SGD forum users,
Today i had encountered the same problem again but this this even after
SGD server reboot still same problem.
Again, here is what happened:
1) Type SGD URL
2) Login using username user1 and passwd( user1 and passwd is stored in AD )
3) Successfully login to user1's webtop.
4) User1 can see all the SGD demo page wording but all the application
to be launch was not seen( No app name or icon to be seen ).
Note: I login to SGD by username administrator( local /etc/passwd ), i
can successfully login and can see and launch any applications.
Here are the log files:
Webtop log
--------------
2007/07/23 16:14:12.559 (pid 2752) server/webtop/info #1185178452559
Successfully loaded webtop model bean:
./com.sco.tta.server.webtop.multi.ClassicAppFinder.properties.
2007/07/23 16:14:12.565 (pid 2752) server/webtop/info #1185178452565
Successfully loaded webtop model bean:
./com.sco.tta.server.webtop.multi.LDAPAppFinder.properties.
Kerberos log
-----------------
2007/07/23 16:15:46.280 (pid 2752) server/kerberos/info #1185178546280
Kerberos attempting to log in user1 in to TELBRU.COM.BN
2007/07/23 16:15:47.192 (pid 2752) server/kerberos/moreinfo #1185178547192
Kerberos succeeded in authenticating [EMAIL PROTECTED] to TELBRU.COM.BN
2007/07/23 16:15:47.342 (pid 2752) server/kerberos/info #1185178547342
Kerberos attempting to log in Administrator in to
2007/07/23 16:15:47.855 (pid 2752) server/kerberos/moreinfo #1185178547855
Kerberos succeeded in authenticating [EMAIL PROTECTED] to
TELBRU.COM.BN
2007/07/23 16:15:47.920 (pid 2752) server/kerberos/info #1185178547920
Kerberos attempting to log in Administrator in to
2007/07/23 16:15:48.258 (pid 2752) server/kerberos/moreinfo #1185178548258
Kerberos succeeded in authenticating [EMAIL PROTECTED] to
TELBRU.COM.BN
Server Login log
----------------------
2007/07/23 16:12:15.009 (pid 858) server/login/info #1185178335009
User .../_ens/o=Tarantella System Objects/cn=Administrator logged out.
2007/07/23 16:14:02.138 (pid 2752) server/login/moreinfo #1185178442138
Loaded class com.sco.tta.server.login.ens.SimpleCandidateAuthority: {
version=4.31.905
}
(instead of
.../_beans/com.sco.tta.server.login.ens.SimpleCandidateAuthority)
for verifying passwords for
class com.sco.tta.server.login.ens.SearchENSLoginAuthority: {
ENSSearchRoot=.../_ens
accountEnabledChecked=false
ambigNotSupported=false
candidateAuthority=./com.sco.tta.server.login.ens.SimpleCandidateAuthority.prop
erties
name=com.sco.tta.server.login.ens.SearchENSLoginAuthority
passwordEquivalentAuthority=.../_beans/com.sco.tta.server.login.ens.AttributePa
sswordEquivalentAuthority
passwordLoginAuthority=.../_beans/com.sco.tta.server.login.UserLoginAuthority
propAccEnabled=scottaaccountenabled
resourceBundleName=com.sco.tta.server.login.LoginMessage
searchAttributes[0]=cn
searchAttributes[1]=uid
searchAttributes[2]=mail
searchAttributes[3]=userPrincipalName
searchFilter=(&({0}={1}))
version=4.31.905
}
.
2007/07/23 16:14:02.180 (pid 2752) server/login/moreinfo #1185178442180
Loaded com.sco.tta.server.login.ens.SimplePasswordEquivalentAuthority
(instead of
.../_beans/com.sco.tta.server.login.ens.AttributePasswordEquivalentAuthority)
for verifying passwords for
class com.sco.tta.server.login.ens.SearchENSLoginAuthority: {
ENSSearchRoot=.../_ens
accountEnabledChecked=false
ambigNotSupported=false
candidateAuthority=./com.sco.tta.server.login.ens.SimpleCandidateAuthority.prop
erties
name=com.sco.tta.server.login.ens.SearchENSLoginAuthority
passwordEquivalentAuthority=.../_service/sco/tta/config/beans/com.sco.tta.serve
r.login.ens.SimplePasswordEquivalentAuthority.properties
passwordLoginAuthority=.../_beans/com.sco.tta.server.login.UserLoginAuthority
propAccEnabled=scottaaccountenabled
resourceBundleName=com.sco.tta.server.login.LoginMessage
searchAttributes[0]=cn
searchAttributes[1]=uid
searchAttributes[2]=mail
searchAttributes[3]=userPrincipalName
searchFilter=(&({0}={1}))
version=4.31.905
}
.
2007/07/23 16:14:02.194 (pid 2752) server/login/moreinfo #1185178442194
Loaded class com.sco.tta.server.login.ens.SimplePasswordLoginAuthority: {
accountEnabledChecked=false
name=com.sco.tta.server.login.ens.SimplePasswordLoginAuthority
propAccEnabled=scottaaccountenabled
version=4.31.905
}
(instead of .../_beans/com.sco.tta.server.login.UserLoginAuthority)
for verifying passwords for
class com.sco.tta.server.login.ens.SearchENSLoginAuthority: {
ENSSearchRoot=.../_ens
accountEnabledChecked=false
ambigNotSupported=false
candidateAuthority=./com.sco.tta.server.login.ens.SimpleCandidateAuthority.prop
erties
name=com.sco.tta.server.login.ens.SearchENSLoginAuthority
passwordEquivalentAuthority=.../_service/sco/tta/config/beans/com.sco.tta.serve
r.login.ens.SimplePasswordEquivalentAuthority.properties
passwordLoginAuthority=.../_service/sco/tta/config/beans/com.sco.tta.server.log
in.ens.SimplePasswordLoginAuthority.properties
propAccEnabled=scottaaccountenabled
resourceBundleName=com.sco.tta.server.login.LoginMessage
searchAttributes[0]=cn
searchAttributes[1]=uid
searchAttributes[2]=mail
searchAttributes[3]=userPrincipalName
searchFilter=(&({0}={1}))
version=4.31.905
}
.
2007/07/23 16:14:02.223 (pid 2752) server/login/moreinfo #1185178442223
Loaded com.sco.tta.server.login.ens.LdapProfileCandidateAuthority
(instead of
.../_beans/com.sco.tta.server.login.ens.SimpleCandidateAuthority)
for verifying passwords for
class com.sco.tta.server.login.ens.SearchENSLoginAuthority: {
ENSSearchRoot=.../_ldapmulti/forest/
accountEnabledChecked=false
ambigNotSupported=false
candidateAuthority=.../_service/sco/tta/config/beans/webauthldapcandidate.prope
rties
name=com.sco.tta.server.login.ens.SearchENSLoginAuthority
passwordEquivalentAuthority=.../_beans/com.sco.tta.server.login.ens.AttributePa
sswordEquivalentAuthority
passwordLoginAuthority=.../_beans/com.sco.tta.server.login.UserLoginAuthority
propAccEnabled=scottaaccountenabled
resourceBundleName=com.sco.tta.server.login.LoginMessage
searchAttributes[0]=cn
searchAttributes[1]=uid
searchAttributes[2]=mail
searchAttributes[3]=userPrincipalName
searchFilter=(&({0}={1}))
version=4.31.905
}
.
2007/07/23 16:14:02.231 (pid 2752) server/login/moreinfo #1185178442231
Loaded com.sco.tta.server.login.ens.SimplePasswordEquivalentAuthority
(instead of
.../_beans/com.sco.tta.server.login.ens.AttributePasswordEquivalentAuthority)
for verifying passwords for
class com.sco.tta.server.login.ens.SearchENSLoginAuthority: {
ENSSearchRoot=.../_ldapmulti/forest/
accountEnabledChecked=false
ambigNotSupported=false
candidateAuthority=.../_service/sco/tta/config/beans/webauthldapcandidate.prope
rties
name=com.sco.tta.server.login.ens.SearchENSLoginAuthority
passwordEquivalentAuthority=.../_service/sco/tta/config/beans/com.sco.tta.serve
r.login.ens.SimplePasswordEquivalentAuthority.properties
passwordLoginAuthority=.../_beans/com.sco.tta.server.login.UserLoginAuthority
propAccEnabled=scottaaccountenabled
resourceBundleName=com.sco.tta.server.login.LoginMessage
searchAttributes[0]=cn
searchAttributes[1]=uid
searchAttributes[2]=mail
searchAttributes[3]=userPrincipalName
searchFilter=(&({0}={1}))
version=4.31.905
}
.
2007/07/23 16:14:02.255 (pid 2752) server/login/moreinfo #1185178442255
Loaded class com.sco.tta.server.login.LdapLoginAuthority: {
LDAPRoot=.../_ldapmulti/forest/
accountEnabledChecked=false
anonLogin=false
attemptPasswordChange=true
generalLdapProfileName=.../_ens/o=Tarantella System Objects/cn=LDAP Profile
mustChangePasswordResult[0]=LDAP: error code 49 - 80090308: LdapErr:
DSID-0C090290, comment: AcceptSecurityContext error, data 701
mustChangePasswordResult[1]=LDAP: error code 49 - 80090308: LdapErr:
DSID-0C090290, comment: AcceptSecurityContext error, data 773
mustChangePasswordResult[2]=LDAP: error code 49 - 80090308: LdapErr:
DSID-0C09030F, comment: AcceptSecurityContext error, data 773
mustChangePasswordResult[3]=LDAP: error code 49 - 80090308: LdapErr:
DSID-0C090334, comment: AcceptSecurityContext error, data 773
name=com.sco.tta.server.login.LdapLoginAuthority
propAccEnabled=scottaaccountenabled
userMustChangePasswordResult=LDAP: error code 49 - 80090308: LdapErr:
DSID-0C090290, comment: AcceptSecurityContext error, data 773
userPasswordExpiredResult=LDAP: error code 49 - 80090308: LdapErr:
DSID-0C090290, comment: AcceptSecurityContext error, data 701
version=4.31.905
}
(instead of .../_beans/com.sco.tta.server.login.UserLoginAuthority)
for verifying passwords for
class com.sco.tta.server.login.ens.SearchENSLoginAuthority: {
ENSSearchRoot=.../_ldapmulti/forest/
accountEnabledChecked=false
ambigNotSupported=false
candidateAuthority=.../_service/sco/tta/config/beans/webauthldapcandidate.prope
rties
name=com.sco.tta.server.login.ens.SearchENSLoginAuthority
passwordEquivalentAuthority=.../_service/sco/tta/config/beans/com.sco.tta.serve
r.login.ens.SimplePasswordEquivalentAuthority.properties
passwordLoginAuthority=./ldapla.properties
propAccEnabled=scottaaccountenabled
resourceBundleName=com.sco.tta.server.login.LoginMessage
searchAttributes[0]=cn
searchAttributes[1]=uid
searchAttributes[2]=mail
searchAttributes[3]=userPrincipalName
searchAttributes[4]=sAMAccountName
searchFilter=(&({0}={1}))
version=4.31.905
}
.
Stderrout log
---------------
2007/07/23 15:14:03.926 (pid 1623) proxy/server #0
Sun Secure Global Desktop Software (4.31) FATAL ERROR:
The program has encountered an error that means it cannot continue.
It will now exit. A technical description is given below to help
establish the cause.
Bind failed because bind(5,*:5427): (125) Address already in use.
The server cannot accept connections.
Free the port, or configure the server to bind to another port.
2007/07/23 15:14:03.926 (pid 1623) proxy/server #2
Sun Secure Global Desktop Software (4.31) FATAL ERROR:
The program has encountered an error that means it cannot continue.
It will now exit. A technical description is given below to help
establish the cause.
Couldn't start Secure Global Desktop services: unable to bind to port 5427.
Either the Secure Global Desktop server is already running (use
"tarantella status" to check), or a non-Secure Global Desktop process is
using this port (use
tools like "netstat" and "lsof" to determine which process).
Terminate that process and try again. Always use "tarantella stop" or
"tarantella stop --kill" to stop Secure Global Desktop services.
java.lang.IllegalArgumentException: The char '0x0' in
'javax.naming.AuthenticationException: [LDAP: error code 49 - 80090324:
LdapErr: DSID-0C09043E, comment: AcceptSecurityContext error, data 576, vece
Jserver_error log
-------------------
----2007/07/23 15:31:55.311 (pid 834) server/ldap/error #1185175915311
Sun Secure Global Desktop Software (4.31) ERROR:
Active Directory service discovery failed: Failed to find any valid Site
objects.
Looking up Global Catalog DNS name: _gc._tcp.TELBRU.COM.BN. - HIT
Looking for GC on server: Active
Directory:ts1.telbru.com.bn:/172.25.11.96:3268:Up - HIT
Checking for CN=Configuration: DC=telbru,DC=com,DC=bn - MISS
Checking for CN=Configuration: CN=Configuration,DC=telbru,DC=com,DC=bn - HIT
Looking up domain root context: DC=telbru,DC=com,DC=bn - HIT
Looking up site context: CN=Sites,CN=Configuration
Searching for sites: (&(objectClass=site)(siteObjectBL=*)) - HIT
Looking up addresses for peer DNS: portal.telbru.com.bn - HIT
Failed to discover Active Directory Site, Domain and server data.
This might mean LDAP users cannot log in.
Make sure the DNS server contains the Active Directory service
records for the forest. Make sure a Global Catalog server is available.
2007/07/23 15:31:55.335 (pid 834) server/csh/error #1185175915335
Sun Secure Global Desktop Software (4.31) ERROR:
Failed to add naming listener for event type EmulatorSession for
portal.telbru.com.bn:1185175734946:740191782665445541.
Exception was : com.sco.tta.server.csh.CSHException: ERR_ADD_NAMINGLISTENER
at
com.sco.tta.server.csh.CSHWebtopEventHandler.addNamingListener(CSHWebtopEventHa
ndler.java:101)
at
com.sco.tta.server.csh.CSHEventAdaptor.handleEventRegistration(CSHEventAdaptor.
java:514)
at
com.sco.tta.server.csh.CSHEventManager.addEventListener(CSHEventManager.java:11
5)
2007/07/23 15:31:56.061 (pid 834) server/ldap/error #1185175916061
Sun Secure Global Desktop Software (4.31) ERROR:
Active Directory service discovery failed: Failed to find any valid Site
objects.
Looking up Global Catalog DNS name: _gc._tcp.TELBRU.COM.BN. - HIT
Looking for GC on server: Active
Directory:ts1.telbru.com.bn:/172.25.11.96:3268:Up - HIT
Checking for CN=Configuration: DC=telbru,DC=com,DC=bn - MISS
Checking for CN=Configuration: CN=Configuration,DC=telbru,DC=com,DC=bn - HIT
Looking up domain root context: DC=telbru,DC=com,DC=bn - HIT
Looking up site context: CN=Sites,CN=Configuration
Searching for sites: (&(objectClass=site)(siteObjectBL=*)) - HIT
Looking up addresses for peer DNS: portal.telbru.com.bn - HIT
Failed to discover Active Directory Site, Domain and server data.
This might mean LDAP users cannot log in.
Make sure the DNS server contains the Active Directory service
records for the forest. Make sure a Global Catalog server is available.
2007/07/23 15:31:56.084 (pid 834) server/csh/error #1185175916084
Sun Secure Global Desktop Software (4.31) ERROR:
Unable to search for print jobs for
.../_service/sco/tta/ldapcache/CN=user1,CN=Users,DC=TELBRU,DC=COM,DC=BN.
Exception was : javax.naming.AuthenticationException: [LDAP: error code
49 - 80090324: LdapErr: DSID-0C09043E, comment: AcceptSecurityContext
error, data 576, vece
Please let me know if you require more info on this.
Thanks in advance.
--
# Yours Sincerely,
# Mohamed Ali Bin Abdullah.
Alisampras Wrote:
Dear forum user,
I have installed SGD 4.31 in my Solaris 10 11/06 OS. I also have
integrate SGD with AD.
I had tested the integration by login to SGD using AD username and
password and it was a success. Few days using SGD with good result.
But today, i login using AD username user1 and login successfully but i
cannot see any application to launch, its blank.
The error i saw in console is " java.lang.IllegalArgumentException: The
char '0x0' in 'javax.naming.AuthenticationException:
[LDAP: error code 49 - 80090324: LdapErr: "
Any help or input given is appreciated.
Thanks.
Regards,
Mohamed Ali.
carmelomtta Wrote:
SGD AD and LDAP logins report standard LDAP errors. Error 49 is
http://www.directory-info.com/LDAP/LDAPErrorCodes.html
LDAP_INVALID_CREDENTIALS: Indicates that during a bind operation one of
the following occurred:
* The client passed either an incorrect DN or password.
* The password is incorrect because it has expired, intruder detection
has locked the account, or some other similar reason.
Has your proxy user (user in Array Manger) been compromised or has the
password been expired or changed?
Alisampras Wrote:
Hi Carmelomtta,
Thank you for your reply.
The proxy user that you mean is the AD login authority username and
password ?
Yesterday, my customer has changed the AD Administrator password. So, i
also did changed the AD login authority Administrator password and it
works. Currently the AD Administrator password has not been changed.
User can login to SGD page using user1 and user2 login and password but
the Webtop page does not appears properly and users can't see any apps
to launch.
Please let me know if you need further information.
Thanks.
Mohamed Ali.
remold Wrote:
It should be wise to look at the logging of the webtop to see what is
going on. To enable logging for webtop inormation add the following
logfilter:
server/webtop/*:webtop%%PID%%.log
server/webtop/*:webtop%%PID%%.jsl
If you can't read the log file, share it with us.
More information about logfilters:
http://docs.sun.com/source/819-6255/jserver_logging.html
- Remold | Everett
Alisampras Wrote:
Hi Carmelomtta,
FYI, i have rebooted my SGD and AD server.
Now, user1 and user2 login successfully to SGD webtop and also users can
see their application and can launch it.
Why now after reboot the problem solved( maybe solve for now ).
Regards,
Mohamed Ali.
Alisampras Wrote:
Dear Car and forum users,
Now i am hitting with the same problem.
Users, user1 and user2 successfully login to SGD webtop( Authenticate
from AD ). After login to their Webtop page, users cannot see and
applications to launch.
When the problem occurred i have captured the logs.
The KERBEROS log:
----------------------------
2007/07/12 15:41:44.589 (pid 3490) server/kerberos/info #1184226104589
Kerberos attempting to log in user1 in to TELBRU.COM.BN
2007/07/12 15:41:44.859 (pid 3490) server/kerberos/moreinfo #1184226104859
Kerberos succeeded in authenticating [EMAIL PROTECTED] to TELBRU.COM.BN
2007/07/12 15:41:44.981 (pid 3490) server/kerberos/info #1184226104981
Kerberos attempting to log in Administrator in to
2007/07/12 15:41:45.200 (pid 3490) server/kerberos/moreinfo #1184226105200
Kerberos succeeded in authenticating [EMAIL PROTECTED] to
TELBRU.COM.BN
SGD Server login log:
-----------------------------
2007/07/12 15:41:44.562 (pid 3490) server/login/moreinfo #1184226104562
Attempted login for user1
using disambiguation attributes {}.
2007/07/12 15:41:44.566 (pid 3490) server/login/moreinfo #1184226104566
The login authority com.sco.tta.server.login.ens.SearchENSLoginAuthority
has found a potential login candidate
.../_ens/dc=bn/dc=com/dc=telbru/cn=users/cn=user1.
2007/07/12 15:41:44.573 (pid 3490) server/login/moreinfo #1184226104573
The login authority com.sco.tta.server.login.ens.SearchENSLoginAuthority
has found a potential login candidate
.../_ens/dc=bn/dc=com/dc=telbru/cn=users/cn=user1.
2007/07/12 15:41:44.573 (pid 3490) server/login/moreinfo #1184226104574
The login authority com.sco.tta.server.login.ens.SearchENSLoginAuthority
has found a potential login candidate
.../_ens/dc=bn/dc=com/dc=telbru/cn=users/cn=user2.
2007/07/12 15:41:44.926 (pid 3490) server/login/info #1184226104926
Login attempt for user1.
Login successful.
2007/07/12 15:41:44.928 (pid 3490) server/login/info #1184226104928
User
.../_service/sco/tta/ldapcache/CN=user1,CN=Users,DC=TELBRU,DC=COM,DC=BN
logged in using profile
.../_ens/DC=BN/DC=COM/DC=TELBRU/CN=Users/CN=user1
from 172.25.11.102.
Server CONSOLE log:
-----------------------------
[EMAIL PROTECTED] # java.lang.IllegalArgumentException: The char '0x0' in
'javax.naming.AuthenticationException: [LDAP: error code 49 - 80090324:
LdapErr: DSID-0C09043E, comment: AcceptSecurityContext error, data 576,
vece]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3005)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2951)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2753)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2667)
Can anyone guide and tell me what has happened to my system and how to
fix the problem.
Waiting for kind help.
Regards,
Mohamed Ali.
deanydean_sgd Wrote:
Hi Alisampras,
From the stack trace you've provided, it is clear the error is in the
webtop generation part of the login process. As advised in a previous
reply, i also recommend turning on the webtop log filter and posting the
output here.
Example logfilter:
server/webtop/*:webtop%%PID%%.log
server/webtop/*:webtop%%PID%%.jsl
Thanks,
DD
_______________________________________________
SGD-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sgd-users
