2009

1/27/09   80075 379 – getting “CTGDIK450E Unable to interface with the TAM server. The following unknown message type was retrieved by TAM while processing an exception thrown by TAM: The server could not locate the session for the client” when enabling autoprov for TAM Combo.  see pmrs 65458.379, 36116.379, and 15034,379

Requesting APAR to implement pooling contexts as TAM documentation dictates as shown in this article             http://www-01.ibm.com/support/docview.wss?uid=swg1IZ00350

– TDI group – Hemric  /Lak Sri

– opened the tamAdd.xml in IDI, created a new connector called TAMpool, enabled pooling with the default settings and max size of 5, changed the AL to inherit from TAMpool, and enabled Use connector from pool.

– Brian’s example worked (tam_context-example.xml) when removed all but description from connector attributes

– closed b/c ssltimeout=1200 worked

2/10/09  82353 379 – CTGDIS181E Error while evaluating single attribute map tamUserIter.initialize_fail.

com.ibm.jscript.parser.ParseException

– tried itamprofile.jar from 11/11/08, same

– tried TAMComboUtils.jar v4.6.5, TamLdapReconFactory’ not found

– reverted TAMComboUtils.jar, tried itamprofile-orig.jar from 11/7/08, worked

– tried 4.6.5 profile, worked, closed

4/16/09 16861 379 – Trying to create an LDAP account with custom adapter profile,

sn and cn are not getting passed to work object

– they are in trace.log, not ibmdi.log

– Charles Schultz

At first when we deleted the provisioning policy, service, accounts, object classes to prepare to re-import the profile, the import errored out.  I found that the provisioning policy delete had hung, aborted it, restarted WAS, and retried the import.  We then got Null Pointer Exceptions and IIOP errors.  There were some old object classes (erLdapUserAccount, erSunLdapUserAccount) so I deleted those, and then when I imported the profile the errors went away, but we don’t have object classes and ALs.

– rebuilt profile from scratch

– service name object class was misspelled, corrected

– object class viols when creating an account, noticed objectclass did not contain erCompanyIntLdapUser

– added objectclass to the account attribs in ADT, re-exported jar, imported into ITIM, same error

– changed object class in Output map to “companyInternalPerson”

– or you can add this to the service.def

<dispatcherParameter>

<default>inetorgperson organizationalperson person top</default>

Objectclass to be used for user entries

</dispatcherParameter>

– closed

5/5/09 19501 379 – IndexOutOfBoundsException when disabling/enabling/Creating any provisioning policies.

– It runs for about a half hour and then throws that error

– any prov policy causes the error not just the custom LDAP profile (erCompanyIntLdapUser)

– problem was strange foreign characters in the CN of 220 person records

– fixed in IF66 (FP 79)

– deleted people, worked, closed

5/29/09 78488 7TD –  – Failures in ITIM console but changes actually succeed

–             CTGIMO014E Communication Failure. The directory server is not available.

Error: [LDAP: error code 2 – Protocol Error])

– Juan Acosta/Austin/IBM: the minimum requirement is 6.1 fp2 –  you should install FP2 or newer     http://www.ibm.com/support/docview.wss?uid=swg27010306#ver50

also, I found that TDS introduced an attribute to confiture the time out on SSL

here is the tech note for extending the SSL time out    http://www.ibm.com/support/docview.wss?uid=swg21233758

I suggest you first install the TDS fixpack, since the base TDS image has known problems. then, if you don’t see any resolution with the fixpack, set the SSL attribute to a higher value

– installed fp2

– changed ibmslapd.conf to add ssl_timeout:5000 and oc_handlers:15

– worked, closed

6/3/09 79236 7TD  – Account ACI’s stopped working after accounts and service deleted

– Create Service Group ACI with filter

– APAR IZ52841

– was already in ITIM 5.0 FP5/IF26 (APAR #IZ43723)

– upgraded, followed Grey’s word doc (filed under ), worked, closed

6/3/09 79237 7TD – CTGIMO036E An error occurred while processing an ecryption request. Given final block not properly padded

– ldap encryption problem, not SSL

– ran runConfig, turned off encryption in Security tab

– checked these settings for the correct passwords

enRole.properties

enrole.appServer.systemUser.credentials

enrole.appServer.ejbuser.credentials

enrole.encryption.password

enRoleDatabase.properties

enRoleLDAPConnection.properties

– no errors in trace.log, so re-enabled encrypted passwords with runConfig

– no errors, restarted, got errors again

6/4/09 79356 7TD – Cannot create mailboxes – error IID_IMailRecipient failed Error 0x80004002

– had 32bit version of adapter installed

– installed 64 bit v5.0.6

– Changed service account to use dev\iam_dev, worked, closed

6/8/09 79799 7TD – Upgrading AD adapter from win2003 64-bit 5.0.4 to 5.0.6 creates dup service

– was trying to upgrade from 32 bit adapter

– got object class violations when importing jar w/ custom attributes

– you have to use “ADprofile” exactly as the directory you jar up – was using “ADprofile2”

– jar can be named anything

– Dan Barto making doc apar

– APAR IZ56415

6/9/09 – custom person object attributes not showing up in report schema available

– inetorgperson was not superior object class

– changed v3.modifiedschema, restarted ids, was, ran data sync, upgraded to 5.0 fp5 + if27, worked

6/22/09 86806 7TD – In * Test *, IDI HR feed hangs, LDAP server connection problem

upped the WAS JVM to 1024 Mb Initial, 2048 Max, and set the Min and Max connections in enrole.properties to 5 and 10

Then found that transactions were stuck in WAS and would just retry each time I started WAS without restarting the bulkload.              hung transactions in WAS when doing bulkload (ldap server unavailable)

– I deleted all people entry except ITIM Manager

– Stopped WAS

– Deleted log1 & log2 from <WAS_Home>\profiles\AppSrv01\tranlog\dix-t-iamwas-01Node01Cell\dix-t-iamwap-01Node01\server1\transaction\partnerlog

and ….tranlog

– Started WAS

— Transactions were still there

– Stopped WAS

– Ran DBConfig, dropping tables

– Deleted tranlogs again as above

– Started WAS, came up clean

– Bulkload still causes ldap server unavailable

6/23/09 – Last name/Full name gone from Manage Users and cannot search on them

– possible affecting change was changing Person to use inetOrgPerson as superior object class

– also affecting ACIs – options are Person and inetOrgPerson for Person ACIs

– was result of changing Person to subordinate of inetOrgPerson

– need to delete dup attribs from Person

6/24/09  87056 7TD – Lifecycle rule not attempting to run when scheduled

– was running even though no entries were in view requests, closed

6/30/09  87798 7TD – Passport Advantage doesn’t have 5.0 AIX and AS/400 adapters

– Mike C. uploaded to ftp, closed

7/1/09 88022 7TD – AD adapter page size – recons take over 6 hours,

– adapter reads in all 16,000 objects before passing to ITIM

9/10/09   COMPANY:  Got error when accessing ITIM console page:

CTGIMU509E  An error occurred while determining if support is enabled for forgotten passwords. CTGIMO018E The following directory server error occurred. Error: usqaitim02:389; socket closed

– restarted WAS, could logon

9/15/09  –  In SystemOut:

J2CA0056I: The Connection Manager received a fatal connection error from the Resource Adapter for resource itimBusDataSource. A communication error has been detected. Communication protocol being used: TCP/IP.

Communication API being used: SOCKETS.  Location where the error was detected: Reply.fill().

Communication function detecting the error: InputStream.read().  Protocol specific error codes Insufficient data, * , 0.

In trace.log when trying to logon:

CTGIMU509E An error occurred while determining if support is enabled for forgotten passwords.  CTGIMO018E The following directory server error occurred.

Error: usqaitim02:389; socket closed

– IDS was down.  The password expired, set to never expire, worked

9/15/09 – When searching for jago3129

com.ibm.itim.apps.ApplicationException: CTGIMF007E The specified object cannot be found in the directory server. The object might have been moved or deleted before your request completed. The following information was returned from the directory server: The erglobalid=2223415282824235364,ou=0,ou=people,erglobalid=00000000000000000000,ou=COMPANY,dc=company object cannot be found. The following error occurred. Error: [LDAP: error code 32 – No Such Object].

CTGIMF007E  The specified object cannot be found in the directory server. The object might have been moved or deleted  before your request completed. The following information was returned from the directory server: The erglobalid=2223415282824235364,ou=0,ou=people,erglobalid=00000000000000000000,ou=COMPANY,dc=company object cannot be found. The following error occurred. Error: [LDAP: error code 32 – No Such Object].

– deleted orphans, worked

9/17/09 – AD service crashing

5.0.1018 version installed on uspritim03 – 32bit

– installed 5.0.7, no crashes as of 9/28

9/22/09 13124 7TD – When trying to create an AD account for a user

CTGIMU556E An error has occurred. If the problem persists, contact your system administrator

com.ibm.ejs.container.UnknownLocalException:  Caused by: java.lang.NullPointerException

– because prov pol populated groups that do not exist

9/24/09 13375 7TD – Trace.log growing too large

– known issue with restarting itim from was console

http://www.ibm.com/support/docview.wss?&uid=swg21367007

– The issue is similar to PMR 51850,550,000

– FITS # MR0930093933

10/2/09 – getting errors when creating AD Exch 2007 mailbox

BSE:09/10/02 10:06:39 Attribute erademailboxstore Condition code 5 (Unable to move mailbox.  Not a mailbox enabled user.)

BSE:09/10/02 10:06:39 Attribute eradealias Condition code 5 (Error from Exchange command invoker: 0x80070002)

11/12/09 03459 379 – When searching for ACIs

CTGIMU208E  A communication error occurred while searching on access control items.

CNTR0020E: EJB threw an unexpected (non-declared) exception during invocation of method “getCategory” on bean “BeanId(ITIM#api_ejb.jar#enroleejb.ACIManagerHome, null)”. Exception data: java.lang.NullPointerException

11/13/09 03754 379 – Getting error when restoring TAM account:

CTGIMU007E  An error occurred while trying to restore an account.

CTGIME012E  The password does not meet the requirements of the password rule. The

following error occurred. Error: CTGIMH020E The new password cannot be the same as any previously used passwords.

11/30/09 10547 379 – Report sync failing

DB2 SQL Error: SQLCODE=-601, SQLSTATE=42710, SQLERRMC=ENROLE.SYSTEMROLE;TABLE, DRIVER=3.50.152

– told to run:

db2 list tables schema enrole

drop tables not in <itim_home>/config/rdbms/db2/enrole.ddl

update <owner>.ENTITY_COLUMN set AVAILABLE_FOR_REPORTING = ‘table_dropped’

commit

– reran data sync

– then was error on ORGANIZATIONALCONT_DESCRIPTION, ORGANIZATIONALCONT0, ITIMACCOUNT_OWNER, ITIMACCOUNT,

SYSTEMROLE, ACCOUNT_ERSPONSOR

– found all tables were not dropped

– issue was “>” in table name – error on drop script

– dropped all tables

– reran data sync

– then was error on ENROLE_DATA (SQLCODE=-289, SQLSTATE=57011, SQLERRMC=ENROLE_DATA)

ORGANIZATIONALCONT_ERADMINISTRATOR, ORGANIZATIONALCONT_DESCRIPTION, ORGANIZATIONALCONT0,

ITIMACCOUNT_OWNER, ITIMACCOUNT, SYSTEMROLE, ACCOUNT_ERSPONSOR

– tablespace was full

– db2 “alter tablespace enrole_data extend (all 40000)”

– sync completed with 7 non-fatal exceptions

– still had same errors in logs

– will have dba’s check config, closed

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s


%d bloggers like this: