Description

Before you start using the wizard, you should create a service user and configure the SPNego specific settings in the UME.

In the first step of the wizard you should confirm this with checking two checkboxes and providing the mapping attribute if you are using SUN Java Virtual Machine (JVM).

Solution

Demonstrate that you have created a service user and UME configurations by checking these checkboxes and type the mapping attribute if there is such a text field displayed.

Description

Kerberos Realm field is not filled.

Solution

Type the name of Kerberos Realm in the field.

Description

There are no entries for the Kerberos Distribution Center (KDC) host/port in the KDC table. You should add at least one KDC host/port entry.

Solution

Add at least one KDC host in the table.

Description

The name of the service user is not entered in the corresponding field.

Solution

Enter service user name in the provided field.

Description

The password of the service user is not provided.

Solution

You should type the service user password.

Description

The Kerberos Principal Name of the J2EE Engine is not entered.

Solution

Enter the Kerberos principal name for the J2EE Engine in the provided field.

Description

The password for the service user to retrieve the KPN of the J2EE Engine is missing.

Solution

Enter the password in the provided field.

Description

Required data to complete the configuration is not entered.

Solution

Fill all text fields marked with asterisk.

Description

The Kerberos Realm part of the Principal name is different from the Kerberos Realm name provided for the Kerberos realm configuration.

Solution

Check that the names of the Kerberos Realm (or Windows Domain) are identical for the Kerberos Realm configuration and for the provided Kerberos Principal name of the J2EE Engine.

Description

It was not able to connect to LDAP server.

Solution

Double check the connection properties for your LDAP server. Make sure the LDAP server is able to accept connection requests.

Description

The account of j2ee-<SID> is disabled.

Solution

Enable the account or use a different service user.

Description

The password of j2ee-<SID> must be reset.

Solution

Reset the password or use a different service user.

Description

The password of j2ee-<SID> has expired.

Solution

Change the service user password and repeat the step.

Description

The name or the password of the service user is wrong.

Solution

Check if the service user and its password are typed correctly.

Description

The account of j2ee-<SID> has expired.

Solution

Change the expiration date or make the account to not expire.

Description

Service user j2ee-<SID> is not permitted to logon at this time.

Solution

Check the log on configuration for the service user.

Description

LDAP user is not found - Kerberos Realm is wrong or there is no such Service User.

Solution

Check if the Kerberos realm and service user name are correct.

Description

Host or port is not correct.

Solution

Check LDAP host and port.

Description

Problem occurs during a search in LDAP.

Solution

Check the LDAP server configuration.

Description

The format for the entered principal is not correct.

Solution

The format of the entered service user must be as follows: <samaccountname>@<DOMAIN>,  for example j2ee-<SID>@IT.CUSTOMER.DE

Description

When you are using ADS for a user data source data, the reason can be one of the following:

●      Service user s not under the configured User Path in UME

●      The mapping attribute does not exist in the UME data source

●      The UME attribute is mapped to wrong physical attribute

In case you are using DB for a user data source the reason can be one of the following:

●      Service user is not replicated (manually)

●      Mapping attribute is not added or is set to wrong value

Solution

Check listed reasons for the problem.

Description

No Service Principal Name (SPN) is registered.

Solution

From a command line, enter the following command to register service principal names (SPNs) for the J2EE Engine host name and alias and map them to the service user j2ee-<SID>: 

setspn –A HTTP/portal.saplabs.sofia j2ee-<SID>

Description

Multiple users found with the same SPN attribute as the service user j2ee-<SID>.

Solution

Remove duplicated SPNs. First, you should find the SPNs that are mapped to the user:

ldifde -r (samaccountname=j2ee-<SID>) -f out.ldf

For every ServicePrincipalName attribute that is listed in the result of previous operation (out.ldf), you should check which users have it:

ldifde -r (serviceprincipalname=HTTP/<DNS_of_J2EE_Engine>) -f usr.ldf

If the SPN is mapped to more that one user than all these users is listed in the usr.ldf file.

After you have found which is the SPN that raises the problem you can delete it from the user, which is not appropriate to have it:

setspn -d HTTP/<DNS_of_J2EE_Engine> j2ee-TEST

Description

There is more than one user with such a sAMAccountName attribute.

Solution

Delete the accounts with a duplicate sAMAccountName attribute or create a new service user with a different sAMAccountName attribute.

Description

There are two or more user accounts to correspond to the provided user ID.

Solution

In the user data source, remove the account(s) with duplicate user ID.

Description

UME cannot resolve user for the provided user ID.

Solution

Check resolution mode and UME configuration.

Description

UME cannot resolve provided user. The reason for this is the selected resolution mode.

Solution

Check the attributes of selected resolution mode are correctly typed and mapped to physical attribute.

Description

Failed to create krb5.conf file. Probable cause is I/O error.

Solution

Apply Note 982127 and create CSN Message in BC-JAS-SEC.

Description

Failed to set JGSS Accept policy configuration.

Solution

Apply Note 982127 and create CSN Message in BC-JAS-SEC.

Description

Failed to create keytab file. Probable cause is I/O error.

Solution

Apply Note 982127 and create CSN Message in BC-JAS-SEC.

Description

Failed to save policy configuration ticket.

Solution

Apply Note 982127 and create CSN Message in BC-JAS-SEC.

Description

Failed to set JVM Parameters

Solution

Apply Note 982127 and create CSN Message in BC-JAS-SEC.

Description

The wizard failed to adjust the configuration for required login modules in the user data store.

Solution

Apply Note 982127 and create CSN Message in BC-JAS-SEC.

Description

Unexpected error has occurred.

Solution

Apply Note 982127 and create CSN Message in BC-JAS-SEC.

Description

Unexpected error has occurred.

Solution

Apply Note 982127 and create CSN Message in BC-JAS-SEC.