We are trying to start the Software Update Manager (SUM) 1.0 SP20 PL4 on an Netweaver 7.02 Sandbox with Red Hat Enterprise Linux 7 and DB2 (DB6).
We extracted the SUM package to /usr/sap//SUM and started the tool via command (with root):
./STARTUP confighostagent QHR &
or
./STARTUP &
When calling the URL http://localhost:1128/lmsl/sumabap/QHR/doc/sluigui the authentication box appears where we type in the sidadm credentials. When we confirm the credentials the box appears again after 1 second. No matter if the credentials are correct (sidadm with correct password) or not (any login with any password), the authentication box appears again (see attached screenshot).
This is, what we already checked:
Restart of the SUM
Restart of SAP Host Agent
Installation of latest SAP Host Agent version
Restart of complete virtual machine
Tried Internet Explorer, Firefox, Chrome in normal mode and in
private browsing mode
Re-download / re-extract of SUM to /usr/sap//SUM
Check of file authorizations of SUM
Notes we checked:
927637 - Web service authentication in sapstartsrv as of Release 7.00
1563660 - sapcontrol, user authorization issues (SUM)
2284028 - SUM SL Common UI : Troubleshooting problems with the new
SUM UI
2426160 - DB6: Add. Info - Software Update Manager 1.0 SP20
We changed the saphostctrl tracelevel to 3 and found an error in the /usr/sap/hostctrl/work/sapstartsrv.log after trying to authenticate again:
[Thr 140134583793408] Authenticate check on cache failed
Tue Jul 11 17:21:34 2017
pam_authenticate_user -> service( sapstartsrv ) user (
qhradm )
*** ERROR => pam_authenticate ( qhradm ) failed :
Authentication failure [usercheckux. 243]
[Thr 140134583793408] helper exit with return code 251
Tue Jul 11 17:21:34 2017
pam_authenticate_user -> service( login ) user ( qhradm )
Tue Jul 11 17:21:36 2017
*** ERROR => pam_authenticate ( qhradm ) failed :
Authentication failure [usercheckux. 243]
[Thr 140134583793408] Tue Jul 11 17:21:36 2017
[Thr 140134583793408] helper exit with return code 251
[Thr 140134583793408] *** ERROR => soap_check_permission
authentication: ( qhradm, ExecutOperation ) FAILED [DefaultOpera 163]
[Thr 140134583793408] Authenticate clear cache
[Thr 140134583793408] Unauthorized (user authentication
required)
[Thr 140134583793408] *** ERROR => Authentication is
required [HTTPProxyHan 258]
[Thr 140134583793408] HTTPResponse::SendError HTTP 401:
'Unauthorized: User authentication required' send as 'Unauthorized'
SAP note 927637 says the following:
[…]
If the user/password check fails, the system generates an "Invalid Credentials" SOAP exception.
[…]
Unfortunately there are no hints what to do with the above error message.
Do you have any idea, what we can do to find/solve the problem?
regards,
Umar Abdullah
Related
I am trying to open an FTP connection over SSL in my code. I'm able to connect and list a directory using FileZilla of WinSCP. But when listing the directory through .NET code using FtpWebClient, I get the error
(425) Can't open data connection
Since I'm able to connect using FileZilla from the same computer, I'm not sure how to go about troubleshooting this.
Here's my code
public void FtpStuff()
{
string url = "ftp://my.server.com";
FtpWebRequest request = (FtpWebRequest)WebRequest.Create(url);
request.Credentials = new NetworkCredential("myname", "password");
request.EnableSsl = true;
request.Method = WebRequestMethods.Ftp.ListDirectory;
FtpWebResponse response = (FtpWebResponse)request.GetResponse();
StreamReader streamReader = new StreamReader(response.GetResponseStream());
// This is the line that throws the exception
string line = streamReader.ReadLine();
}
I also tried FluentFTP. Here's my code for that. I get the exception
Unable to build data connection: Operation not permitted.
public void FtpStuff()
{
FtpClient client = new FtpClient();
client.Host = "my.server.com";
client.Credentials = new NetworkCredential("myname", "password");
client.EncryptionMode = FtpEncryptionMode.Explicit;
client.Connect();
// This line gives me an exception.
var files = client.GetListing();
}
Here is the logging information from FluentFTP. I changed the real user name and IP, but the rest of the data (including the port) is the real data. My FTP service provider specifies that I have to connect on port 21. The problem seems to happen towards the end after the EPSV command is issued and a connection on a new port is established.
# Connect()
The thread 0x5514 has exited with code 0 (0x0).
The thread 0xc80 has exited with code 0 (0x0).
The thread 0x89d4 has exited with code 0 (0x0).
Status: Connecting to 123.123.123.123:21
Response: 220 FTP Server Ready
Command: AUTH TLS
Response: 234 AUTH TLS successful
Status: FTPS Authentication Successful
Status: Time to activate encryption: 0h 0m 0s. Total Seconds: 0.1339995.
Command: USER me#mysite.com
The thread 0x6ddc has exited with code 0 (0x0).
Response: 331 Password required for me#mysite.com
Status: Testing connectivity using Socket.Poll()...
Command: PASS ***
Response: 230-***************************************************************************
Response: NOTICE TO USERS
Response: This computer system is private property. It is for authorized use only.
Response: Users (authorized or unauthorized) have no explicit or implicit
Response: expectation of privacy.
Response:
Response: Any or all uses of this system and all files on this system may be
Response: intercepted, monitored, recorded, copied, audited and inspected by
Response: using this system, the user consents to such interception, monitoring,
Response: recording, copying, auditing, inspection, and disclosure at the
Response: discretion of such personnel or officials. Unauthorized or improper use
Response: of this system may result in civil and criminal penalties and
Response: administrative or disciplinary action, as appropriate. By continuing to
Response: use this system you indicate your awareness of and consent to these terms
Response: and conditions of use. LOG OFF IMMEDIATELY if you do not agree to the
Response: conditions stated in this warning.
Response: ****************************************************************************
Response: 230 User me#mysite.com logged in
Command: PBSZ 0
Response: 200 PBSZ 0 successful
Command: PROT P
Response: 200 Protection set to Private
Command: FEAT
Response: 211-Features:
Response: AUTH TLS
Response: CCC
Response: CLNT
Response: EPRT
Response: EPSV
Response: HOST
Response: MDTM
Response: MFF modify;UNIX.group;UNIX.mode;
Response: MFMT
Response: MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.groupname*;UNIX.mode*;UNIX.owner*;UNIX.ownername*;
Response: PBSZ
Response: PROT
Response: REST STREAM
Response: SIZE
Response: SSCN
Response: TVFS
Response: 211 End
Status: Text encoding: System.Text.ASCIIEncoding
Command: SYST
Response: 215 UNIX Type: L8
# GetListing(null, Auto)
# GetWorkingDirectory()
Command: PWD
Response: 257 "/" is the current directory
Command: TYPE I
Response: 200 Type set to I
# OpenPassiveDataStream(AutoPassive, "MLSD /", 0)
Command: EPSV
Response: 229 Entering Extended Passive Mode (|||50304|)
Status: Connecting to 123.123.123.123:50304
Command: MLSD /
Response: 150 Opening BINARY mode data connection for MLSD
Status: FTPS Authentication Successful
Status: Time to activate encryption: 0h 0m 0s. Total Seconds: 0.1210002.
+---------------------------------------+
-----------------------------------------
Status: Disposing FtpSocketStream...
# CloseDataStream()
Response: 425 Unable to build data connection: Operation not permitted
Status: Disposing FtpSocketStream...
Exception thrown: 'FluentFTP.FtpCommandException' in FluentFTP.dll
Here are my FileZilla logs.
Status: Resolving address of mysite.com
Status: Connecting to 123.123.123.123:21...
Status: Connection established, waiting for welcome message...
Response: 220 FTP Server Ready
Command: AUTH TLS
Response: 234 AUTH TLS successful
Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS connection established.
Command: USER me#mysite.com
Response: 331 Password required for me#mysite.com
Command: PASS ************
Response: 230-***************************************************************************
Response: NOTICE TO USERS
Response: This computer system is private property. It is for authorized use only.
Response: Users (authorized or unauthorized) have no explicit or implicit
Response: expectation of privacy.
Response:
Response: Any or all uses of this system and all files on this system may be
Response: intercepted, monitored, recorded, copied, audited and inspected by
Response: using this system, the user consents to such interception, monitoring,
Response: recording, copying, auditing, inspection, and disclosure at the
Response: discretion of such personnel or officials. Unauthorized or improper use
Response: of this system may result in civil and criminal penalties and
Response: administrative or disciplinary action, as appropriate. By continuing to
Response: use this system you indicate your awareness of and consent to these terms
Response: and conditions of use. LOG OFF IMMEDIATELY if you do not agree to the
Response: conditions stated in this warning.
Response: ****************************************************************************
Response: 230 User me#mysite.com logged in
Command: SYST
Response: 215 UNIX Type: L8
Command: FEAT
Response: 211-Features:
Response: AUTH TLS
Response: CCC
Response: CLNT
Response: EPRT
Response: EPSV
Response: HOST
Response: MDTM
Response: MFF modify;UNIX.group;UNIX.mode;
Response: MFMT
Response: MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.groupname*;UNIX.mode*;UNIX.owner*;UNIX.ownername*;
Response: PBSZ
Response: PROT
Response: REST STREAM
Response: SIZE
Response: SSCN
Response: TVFS
Response: 211 End
Status: Server does not support non-ASCII characters.
Command: PBSZ 0
Response: 200 PBSZ 0 successful
Command: PROT P
Response: 200 Protection set to Private
Status: Logged in
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is the current directory
Command: TYPE I
Response: 200 Type set to I
Command: PASV
Response: 227 Entering Passive Mode (123,123,123,123,197,68).
Command: MLSD
Response: 150 Opening BINARY mode data connection for MLSD
Response: 226 Transfer complete
Status: Directory listing of "/" successful
I can also connect using WinSCP. As suggested in comments, I did check if TLS/SSL session ID is reused when opening the data connection. It seems that it is.
227 Entering Passive Mode (???)
MLSD
Connecting to ??? ...
Connection pending
Data connection opened
Trying reuse main TLS session ID
Session ID reused
150 Opening data channel for directory listing of "/"
.NET framework does not support TLS/SSL session reuse. If your server requires it (what it looks it does and what is quite common nowadays and what is good thing for security), you cannot use FtpWebRequest nor FluentFTP. Both use the .NET implementation of TLS/SSL.
You will have to use FTP library that uses own TLS/SSL implementation.
You can use my WinSCP .NET assembly. Though contrary to FluentFTP, it's not a native .NET library, it has dependencies on an external binary. But that's what makes it working.
Some references:
https://github.com/robinrodricks/FluentFTP/issues/347
https://github.com/dotnet/runtime/issues/27916
"Authentication failed because the remote party has closed the transport stream" when transferring to/from FTP server over TLS/SSL using FluentFTP
Upload file to implicit FTPS server in C# with TLS session reuse
Suddenly getting "150 Opening Data channel for file download from server" after the FTP downloads was working for years – According to this post and other references elsewhere, the TLS/SSL session reuse was supported earlier with .NET Framework, but some update broke it. In .NET Core it was never working (see also the dotnet GitHub link above).
So I've installed SendGrid on GoogleCE with Centos base following the documented instruction from Google:
[https://cloud.google.com/compute/docs/tutorials/sending-mail/using-sendgrid#before-you-begin][1]
Using the test from the command line (various accounts):
echo 'MESSAGE' | mail -s 'SUBJECT' GJ******#gmail.com
the /var/log/maillog says with several lines of 50 or so attempts in 1 second:
postfix/error[32324]: A293210062D7: to=<GJ********#gmail.com>, relay=none, delay=145998, delays=145997/1.2/0/0, dsn=4.0.0, status=deferred (delivery temporarily suspended: SASL authentication failed; server smtp.sendgrid.net[167.89.115.53] said: 535 Authentication failed: The provided authorization grant is invalid, expired, or revoked)
And the message is queued up and retried every few hours. Now, messing around, I could change the port setting from 2525 to one of the regular ports that isn't blocked by google and the email gets bounced right away to the user account in the mail test message.
I made sure to use the api key generated, the SendGrid system say no attempt have been made or bounced or whatever.
There were other errors in the maillog, actually as it tries every second, pages of them, but I change the perms in that directory so no longer, but maybe gives a clue to how it's misconfigured?
Oct 31 19:04:14 beadc postfix/pickup[15119]: fatal: chdir("/var/spool/postfix"): Permission denied
Oct 31 19:04:15 beadc postfix/master[1264]: warning: process /usr/libexec/postfix/qmgr pid 15118 exit status 1
Oct 31 19:04:15 beadc postfix/master[1264]: warning: /usr/libexec/postfix/qmgr: bad command startup -- throttling
Oct 31 19:04:15 beadc postfix/master[1264]: warning: process /usr/libexec/postfix/pickup pid 15119 exit status 1
Oct 31 19:04:15 beadc postfix/master[1264]: warning: /usr/libexec/postfix/pickup: bad command startup -- throttling
The only info I can find searching about the error is that it means a SendGrid misconfiguration.
Any ideas as to what the misconfiguration might be?
I've determined the 535 error was a port/firewall issue. Which means that the 550 error I had on the other port still exists.
Check your firewall settings on 535
[https://cloud.google.com/compute/docs/tutorials/sending-mail/][1]
After deploying a brand new Google Compute Engine instance with full API access and installing the Stackdriver agent, the Monitoring is not showing any metrics from the agent.
According to the Install Agent manual no further settings (like manually configurating an API key) should be required.
The agent service status also shows the following error:
$ systemctl status stackdriver-agent
Jul 13 10:14:00 host stackdriver-agent[21203]: [ OK ]
Jul 13 10:14:00 host systemd[1]: Started LSB: start and stop Stackdriver Agent.
Jul 13 10:14:00 host collectd[21226]: Initialization complete, entering read-loop.
Jul 13 10:14:00 host collectd[21226]: match_throttle_metadata_keys: 1 history entries, 1 distinct keys, 46 bytes server memory.
Jul 13 10:14:00 host collectd[21226]: tcpconns plugin: Reading from netlink succeeded. Will use the netlink method from now on.
Jul 13 10:14:00 host collectd[21226]: write_gcm: Asking metadata server for auth token
Jul 13 10:14:01 host collectd[21226]: write_gcm: Unsuccessful HTTP request 403: {
"error": {
"code": 403,...
Jul 13 10:14:01 host collectd[21226]: write_gcm: Error talking to the endpoint.
Jul 13 10:14:01 host collectd[21226]: write_gcm: wg_transmit_unique_segment failed.
Jul 13 10:14:01 host collectd[21226]: write_gcm: wg_transmit_unique_segments failed. Flushing.
Google Cloud Console shows the instance having:
Cloud API access scopes
This instance has full API access to all Google Cloud services.
and running the following command inside the instance shows:
$ curl --silent -f -H "Metadata-Flavor: Google" http://169.254.169.254/computeMetadata/v1/instance/service-accounts/default/scopes
https://www.googleapis.com/auth/cloud-platform
Any thoughts on what is going wrong?
I figured it out:
You have to enable the Google Monitoring API in the API Manager, which is not enabled by default. No need to specify an API key, the default application credentials are picked up.
Interestingly, I have two projects which also use Stackdriver Monitoring since early this year and those do not require the Google Monitoring API to be enabled.
I setup 'ice' on my mac as per instruction in Bluemix docs.
I can successfully run 'ice login':
API endpoint: https://api.ng.bluemix.net
Username> XXXXXX#XXX.XXX
Password>
Authenticating...
OK
API endpoint: https://api.ng.bluemix.net (API version: 2.23.0)
User: XXXXXX#XXX.XXX
Org: XXXXXX#XXX.XXX
Space: dev
Authentication with container cloud service at https://api-ice.ng.bluemix.net/v2/containers completed successfully
You can issue commands now to the container service
Proceeding to authenticate with the container cloud registry at registry-ice.ng.bluemix.net
WARNING: login credentials saved in /Users/giovanni/.dockercfg.
Login Succeeded
but when I issue any other 'ice' command I receive an error.
E.g. 'ice images':
Refreshing cf tokens
Unauthorized failure
Any advice on where to look for logs or what's the issue?
Cheers, Giovanni
Per your comment, the issue appears to be one of not being authorized to access the beta IBM Containers offering. We have just enabled all users queued from yesterday for the beta, so you should be authorized to access the beta service now.
Yep, I confirm that after trying to create a container using Bluemix UI (website) and once received a confirmation email that I was authorised to use Container, 'ice' commands started working.
e.g.
$ ice images
Image Id Created Image Name
d0feae99-b91d-4ce3-bcb4-6128886f6968 Mar 24 03:44:59 2015 registry-ice.ng.bluemix.net/ibmliberty:latest
74831680-1c9c-424e-b8ea-ceede4aa0e40 Mar 24 03:41:24 2015 registry-ice.ng.bluemix.net/ibmnode:latest
Cheers, Giovanni
Try to setup bugzilla on linux, below are the setup configuration:
CentOS v6.4 32bit
Bugzilla v4.2.5
Installation seem ok and bugzilla working, but when configuring bugzilla to send email whenever bug reported/edited, bugzilla just not sending any email out. Below is the configuration on bugzilla administrator > Parameters > Email:
mail_delivery_method : SMTP
mailfrom : [valid email address]
smtpserver : [valid email domain name]
smtp_username : [valid email address]
smtp_password : [valid email password]
The smtp server is microsoft exchange server. Whenever I file a new bug, there's a error log created at /var/log/httpd/error_log
[Tue Apr 30 15:25:25 2013] [error] [client x.x.x.x] [Tue Apr 30
15:25:25 2013] post_bug.cgi: Use of uninitialized value
$ENV{"FLOCK_FORKING_USE"} in string eq at lib/File/Flock/Forking.pm
line 13., referer: http://x.x.x.x/bugzilla/enter_bug.cgi?product=Test
No email received at all.
Wonder what's went wrong...
This issue was being solved by my helpful colleague, thanks to him.
Bugzilla come with a mail queuing service call "jobqueue.pl", this service installed automatically during installing the missing components (I believe as I never install this jobqueue.pl manually).
There will be a service installed by bugzilla as well at /etc/init.d/bugzilla.queue.
"jobqueue.pl" and "bugzilla.queue" actually the same thing.
In the bugzilla installation and configuration guide, never mention about this. I didn't check if either service has chkconfig on when start up as I didn't reboot my bugzilla server after installed. So I "chkconfig bugzilla-queue on" manually.
If you configured email settings on bugzilla web-admin and tried submitted new bug, then email is created at mysql DB "bugs" > table "ts_job". So first you have to clear out this table first as those data may be not valid.
DELETE FROM ts_job;
Configure administrator > Parameters > Email settings correctly.
Run or restart it if already running.
/etc/init.d/bugzilla-queue start
File a new bug will see email send out. But some how still see the error log created at /var/log/httpd/error_log
[Wed May 08 10:19:31 2013] [error] [client x.x.x.x] [Wed May 8 10:19:31 2013] post_bug.cgi: Use of uninitialized value $ENV{"FLOCK_FORKING_USE"} in string eq at lib/File/Flock/Forking.pm line 13., referer: http://x.x.x.x/bugzilla/enter_bug.cgi
Email can be received finally with the error log above still appear.