# 5
Dear Car and forum users,
Now i am hitting with the same problem.
Users, user1 and user2 successfully login to SGD webtop( Authenticate from AD ). After login to their Webtop page, users cannot see and applications to launch.
When the problem occurred i have captured the logs.
The KERBEROS log:
-
2007/07/12 15:41:44.589(pid 3490)server/kerberos/info#1184226104589
Kerberos attempting to log in user1 in to TELBRU.COM.BN
2007/07/12 15:41:44.859(pid 3490)server/kerberos/moreinfo#1184226104859
Kerberos succeeded in authenticating user1@TELBRU.COM.BN to TELBRU.COM.BN
2007/07/12 15:41:44.981(pid 3490)server/kerberos/info#1184226104981
Kerberos attempting to log in Administrator in to
2007/07/12 15:41:45.200(pid 3490)server/kerberos/moreinfo#1184226105200
Kerberos succeeded in authenticating Administrator@TELBRU.COM.BN to TELBRU.COM.BN
SGD Server login log:
--
2007/07/12 15:41:44.562(pid 3490)server/login/moreinfo#1184226104562
Attempted login for user1
using disambiguation attributes {}.
2007/07/12 15:41:44.566(pid 3490)server/login/moreinfo#1184226104566
The login authority com.sco.tta.server.login.ens.SearchENSLoginAuthority
has found a potential login candidate
.../_ens/dc=bn/dc=com/dc=telbru/cn=users/cn=user1.
2007/07/12 15:41:44.573(pid 3490)server/login/moreinfo#1184226104573
The login authority com.sco.tta.server.login.ens.SearchENSLoginAuthority
has found a potential login candidate
.../_ens/dc=bn/dc=com/dc=telbru/cn=users/cn=user1.
2007/07/12 15:41:44.573(pid 3490)server/login/moreinfo#1184226104574
The login authority com.sco.tta.server.login.ens.SearchENSLoginAuthority
has found a potential login candidate
.../_ens/dc=bn/dc=com/dc=telbru/cn=users/cn=user2.
2007/07/12 15:41:44.926(pid 3490)server/login/info#1184226104926
Login attempt for user1.
Login successful.
2007/07/12 15:41:44.928(pid 3490)server/login/info#1184226104928
User .../_service/sco/tta/ldapcache/CN=user1,CN=Users,DC=TELBRU,DC=COM,DC=BN
logged in using profile
.../_ens/DC=BN/DC=COM/DC=TELBRU/CN=Users/CN=user1
from 172.25.11.102.
Server CONSOLE log:
--
root@portal # java.lang.IllegalArgumentException: The char '0x0' in 'javax.naming.AuthenticationException: [LDAP: error code 49 - 80090324: LdapErr: DSID-0C09043E, comment: AcceptSecurityContext error, data 576, vece]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3005)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2951)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2753)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2667)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:287)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at com.sco.tta.common.jndi.provider.ldap.LdapScopeState$doItGetContext.run(LdapSco peState.java:360)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:337)
at com.sco.tta.server.security.KerberosAuth.doAs(KerberosAuth.java:402)
at com.sco.tta.common.jndi.provider.ldap.LdapScopeState.getLdapContext(LdapScopeSt ate.java:435)
at com.sco.tta.common.jndi.provider.ldap.LdapMultiCtx.getLdapContext(LdapMultiCtx. java:768)
at com.sco.tta.common.jndi.provider.ldap.LdapMultiCtx.getAttributes(LdapMultiCtx.j ava:323)
at com.sco.jndi.toolkit.provider.BaseContext.getAttributes(BaseContext.java:1353)
at com.sco.tta.server.ldapcache.LdapCacheUserModel.lookup(LdapCacheUserModel.java: 196)
at com.sco.tta.common.jndi.provider.customuser.InitialCustomUserContext.f_lookupLi nk(InitialCustomUserContext.java:89)
at com.sco.jndi.toolkit.provider.SimplePartialCompositeContext.pc_lookup(SimplePar tialCompositeContext.java:256)
at com.sco.jndi.toolkit.provider.PartialCompositeContext.lookup(PartialCompositeCo ntext.java:223)
at com.sco.jndi.toolkit.provider.ToolkitContext.nns_lookup(ToolkitContext.java:201 9)
at com.sco.jndi.provider.junction.JunctionContext.lookup(JunctionContext.java:154)
at com.sco.jndi.toolkit.provider.ToolkitContext.nns_lookup(ToolkitContext.java:201 9)
at com.sco.jndi.provider.junction.JunctionContext.lookup(JunctionContext.java:154)
at com.sco.jndi.toolkit.provider.BaseContext.lookup(BaseContext.java:1036)
at com.sco.tta.server.csh.ClientSessionObject.getWebtopContext(ClientSessionObject .java:3880)
at com.sco.tta.server.soapcommands.WebtopContent.doSearch(WebtopContent.java:191)
at com.sco.tta.server.soapcommands.WebtopContent.searchWebtopContent(WebtopContent .java:111)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.ja va:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.sco.tta.server.server.soap.SOAPControlledElement.invoke(SOAPControlledEleme nt.java:124)
at com.sco.tta.server.server.soap.SOAPController.invoke(SOAPController.java:203)
at com.sco.tta.server.server.soap.SOAPCalcTask.processEnvelope(SOAPCalcTask.java:2 07)
at com.sco.tta.server.server.CalcTask.runTask(CalcTask.java:125)
at com.sco.tta.server.server.Task.run(Task.java:122)
at com.sco.cid.common.WorkerPool$Worker.run(WorkerPool.java:524)
at java.lang.Thread.run(Thread.java:619)
' is not a valid XML character.
at org.apache.axis.components.encoding.UTF8Encoder.writeEncoded(UTF8Encoder.java:8 1)
at org.apache.axis.encoding.SerializationContext.writeSafeString(SerializationCont ext.java:1220)
at org.apache.axis.encoding.SerializationContext.writeDOMElement(SerializationCont ext.java:1289)
at org.apache.axis.message.SOAPFault.outputImpl(SOAPFault.java:168)
at org.apache.axis.message.MessageElement.output(MessageElement.java:1207)
at org.apache.axis.message.SOAPBody.outputImpl(SOAPBody.java:139)
at org.apache.axis.message.SOAPEnvelope.outputImpl(SOAPEnvelope.java:477)
at com.sco.tta.common.soap.SOAPSender.serializeEnvelope(SOAPSender.java:411)
at com.sco.tta.common.soap.SOAPSender.buildFault(SOAPSender.java:423)
at com.sco.tta.common.soap.SOAPSender.toByteArray(SOAPSender.java:286)
at com.sco.tta.server.server.soap.SOAPResponseMessage.<init>(SOAPResponseMes sage.java:29)
at com.sco.tta.server.server.soap.SOAPCalcTask.processEnvelope(SOAPCalcTask.java:2 54)
at com.sco.tta.server.server.CalcTask.runTask(CalcTask.java:125)
at com.sco.tta.server.server.Task.run(Task.java:122)
at com.sco.cid.common.WorkerPool$Worker.run(WorkerPool.java:524)
at java.lang.Thread.run(Thread.java:619)
Can anyone guide and tell me what has happened to my system and how to fix the problem.
Waiting for kind help.
Regards,
Mohamed Ali.
# 7
Hi Remold and Dean,
Today i had encountered the same problem again but this this even after SGD server reboot still same problem.
Again, here is what happened:
1) Type SGD URL
2) Login using username user1 and passwd( user1 and passwd is stored in AD )
3) Successfully login to user1's webtop.
4) User1 can see all the SGD demo page wording but all the application to be launch was not seen( No app name or icon to be seen ).
Note: I login to SGD by username administrator( local /etc/passwd ), i can successfully login and can see and launch any applications.
Here are the log files:
Webtop log
--
2007/07/23 16:14:12.559(pid 2752)server/webtop/info#1185178452559
Successfully loaded webtop model bean: ./com.sco.tta.server.webtop.multi.ClassicAppFinder.properties.
2007/07/23 16:14:12.565(pid 2752)server/webtop/info#1185178452565
Successfully loaded webtop model bean: ./com.sco.tta.server.webtop.multi.LDAPAppFinder.properties.
Kerberos log
--
2007/07/23 16:15:46.280(pid 2752)server/kerberos/info#1185178546280
Kerberos attempting to log in user1 in to TELBRU.COM.BN
2007/07/23 16:15:47.192(pid 2752)server/kerberos/moreinfo#1185178547192
Kerberos succeeded in authenticating user1@TELBRU.COM.BN to TELBRU.COM.BN
2007/07/23 16:15:47.342(pid 2752)server/kerberos/info#1185178547342
Kerberos attempting to log in Administrator in to
2007/07/23 16:15:47.855(pid 2752)server/kerberos/moreinfo#1185178547855
Kerberos succeeded in authenticating Administrator@TELBRU.COM.BN to TELBRU.COM.BN
2007/07/23 16:15:47.920(pid 2752)server/kerberos/info#1185178547920
Kerberos attempting to log in Administrator in to
2007/07/23 16:15:48.258(pid 2752)server/kerberos/moreinfo#1185178548258
Kerberos succeeded in authenticating Administrator@TELBRU.COM.BN to TELBRU.COM.BN
Server Login log
-
2007/07/23 16:12:15.009(pid 858)server/login/info#1185178335009
User .../_ens/o=Tarantella System Objects/cn=Administrator logged out.
2007/07/23 16:14:02.138(pid 2752)server/login/moreinfo#1185178442138
Loaded class com.sco.tta.server.login.ens.SimpleCandidateAuthority: {
version=4.31.905
}
(instead of .../_beans/com.sco.tta.server.login.ens.SimpleCandidateAuthority)
for verifying passwords for
class com.sco.tta.server.login.ens.SearchENSLoginAuthority: {
ENSSearchRoot=.../_ens
accountEnabledChecked=false
ambigNotSupported=false
candidateAuthority=./com.sco.tta.server.login.ens.SimpleCandidateAuthority.prop erties
name=com.sco.tta.server.login.ens.SearchENSLoginAuthority
passwordEquivalentAuthority=.../_beans/com.sco.tta.server.login.ens.AttributePa sswordEquivalentAuthority
passwordLoginAuthority=.../_beans/com.sco.tta.server.login.UserLoginAuthority
propAccEnabled=scottaaccountenabled
resourceBundleName=com.sco.tta.server.login.LoginMessage
searchAttributes[0]=cn
searchAttributes[1]=uid
searchAttributes[2]=mail
searchAttributes[3]=userPrincipalName
searchFilter=(&({0}={1}))
version=4.31.905
}
.
2007/07/23 16:14:02.180(pid 2752)server/login/moreinfo#1185178442180
Loaded com.sco.tta.server.login.ens.SimplePasswordEquivalentAuthority
(instead of .../_beans/com.sco.tta.server.login.ens.AttributePasswordEquivalentAuthority)
for verifying passwords for
class com.sco.tta.server.login.ens.SearchENSLoginAuthority: {
ENSSearchRoot=.../_ens
accountEnabledChecked=false
ambigNotSupported=false
candidateAuthority=./com.sco.tta.server.login.ens.SimpleCandidateAuthority.prop erties
name=com.sco.tta.server.login.ens.SearchENSLoginAuthority
passwordEquivalentAuthority=.../_service/sco/tta/config/beans/com.sco.tta.serve r.login.ens.SimplePasswordEquivalentAuthority.properties
passwordLoginAuthority=.../_beans/com.sco.tta.server.login.UserLoginAuthority
propAccEnabled=scottaaccountenabled
resourceBundleName=com.sco.tta.server.login.LoginMessage
searchAttributes[0]=cn
searchAttributes[1]=uid
searchAttributes[2]=mail
searchAttributes[3]=userPrincipalName
searchFilter=(&({0}={1}))
version=4.31.905
}
.
2007/07/23 16:14:02.194(pid 2752)server/login/moreinfo#1185178442194
Loaded class com.sco.tta.server.login.ens.SimplePasswordLoginAuthority: {
accountEnabledChecked=false
name=com.sco.tta.server.login.ens.SimplePasswordLoginAuthority
propAccEnabled=scottaaccountenabled
version=4.31.905
}
(instead of .../_beans/com.sco.tta.server.login.UserLoginAuthority)
for verifying passwords for
class com.sco.tta.server.login.ens.SearchENSLoginAuthority: {
ENSSearchRoot=.../_ens
accountEnabledChecked=false
ambigNotSupported=false
candidateAuthority=./com.sco.tta.server.login.ens.SimpleCandidateAuthority.prop erties
name=com.sco.tta.server.login.ens.SearchENSLoginAuthority
passwordEquivalentAuthority=.../_service/sco/tta/config/beans/com.sco.tta.serve r.login.ens.SimplePasswordEquivalentAuthority.properties
passwordLoginAuthority=.../_service/sco/tta/config/beans/com.sco.tta.server.log in.ens.SimplePasswordLoginAuthority.properties
propAccEnabled=scottaaccountenabled
resourceBundleName=com.sco.tta.server.login.LoginMessage
searchAttributes[0]=cn
searchAttributes[1]=uid
searchAttributes[2]=mail
searchAttributes[3]=userPrincipalName
searchFilter=(&({0}={1}))
version=4.31.905
}
.
2007/07/23 16:14:02.223(pid 2752)server/login/moreinfo#1185178442223
Loaded com.sco.tta.server.login.ens.LdapProfileCandidateAuthority
(instead of .../_beans/com.sco.tta.server.login.ens.SimpleCandidateAuthority)
for verifying passwords for
class com.sco.tta.server.login.ens.SearchENSLoginAuthority: {
ENSSearchRoot=.../_ldapmulti/forest/
accountEnabledChecked=false
ambigNotSupported=false
candidateAuthority=.../_service/sco/tta/config/beans/webauthldapcandidate.prope rties
name=com.sco.tta.server.login.ens.SearchENSLoginAuthority
passwordEquivalentAuthority=.../_beans/com.sco.tta.server.login.ens.AttributePa sswordEquivalentAuthority
passwordLoginAuthority=.../_beans/com.sco.tta.server.login.UserLoginAuthority
propAccEnabled=scottaaccountenabled
resourceBundleName=com.sco.tta.server.login.LoginMessage
searchAttributes[0]=cn
searchAttributes[1]=uid
searchAttributes[2]=mail
searchAttributes[3]=userPrincipalName
searchFilter=(&({0}={1}))
version=4.31.905
}
.
2007/07/23 16:14:02.231(pid 2752)server/login/moreinfo#1185178442231
Loaded com.sco.tta.server.login.ens.SimplePasswordEquivalentAuthority
(instead of .../_beans/com.sco.tta.server.login.ens.AttributePasswordEquivalentAuthority)
for verifying passwords for
class com.sco.tta.server.login.ens.SearchENSLoginAuthority: {
ENSSearchRoot=.../_ldapmulti/forest/
accountEnabledChecked=false
ambigNotSupported=false
candidateAuthority=.../_service/sco/tta/config/beans/webauthldapcandidate.prope rties
name=com.sco.tta.server.login.ens.SearchENSLoginAuthority
passwordEquivalentAuthority=.../_service/sco/tta/config/beans/com.sco.tta.serve r.login.ens.SimplePasswordEquivalentAuthority.properties
passwordLoginAuthority=.../_beans/com.sco.tta.server.login.UserLoginAuthority
propAccEnabled=scottaaccountenabled
resourceBundleName=com.sco.tta.server.login.LoginMessage
searchAttributes[0]=cn
searchAttributes[1]=uid
searchAttributes[2]=mail
searchAttributes[3]=userPrincipalName
searchFilter=(&({0}={1}))
version=4.31.905
}
.
2007/07/23 16:14:02.255(pid 2752)server/login/moreinfo#1185178442255
Loaded class com.sco.tta.server.login.LdapLoginAuthority: {
LDAPRoot=.../_ldapmulti/forest/
accountEnabledChecked=false
anonLogin=false
attemptPasswordChange=true
generalLdapProfileName=.../_ens/o=Tarantella System Objects/cn=LDAP Profile
mustChangePasswordResult[0]=LDAP: error code 49 - 80090308: LdapErr: DSID-0C090290, comment: AcceptSecurityContext error, data 701
mustChangePasswordResult[1]=LDAP: error code 49 - 80090308: LdapErr: DSID-0C090290, comment: AcceptSecurityContext error, data 773
mustChangePasswordResult[2]=LDAP: error code 49 - 80090308: LdapErr: DSID-0C09030F, comment: AcceptSecurityContext error, data 773
mustChangePasswordResult[3]=LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 773
name=com.sco.tta.server.login.LdapLoginAuthority
propAccEnabled=scottaaccountenabled
userMustChangePasswordResult=LDAP: error code 49 - 80090308: LdapErr: DSID-0C090290, comment: AcceptSecurityContext error, data 773
userPasswordExpiredResult=LDAP: error code 49 - 80090308: LdapErr: DSID-0C090290, comment: AcceptSecurityContext error, data 701
version=4.31.905
}
(instead of .../_beans/com.sco.tta.server.login.UserLoginAuthority)
for verifying passwords for
class com.sco.tta.server.login.ens.SearchENSLoginAuthority: {
ENSSearchRoot=.../_ldapmulti/forest/
accountEnabledChecked=false
ambigNotSupported=false
candidateAuthority=.../_service/sco/tta/config/beans/webauthldapcandidate.prope rties
name=com.sco.tta.server.login.ens.SearchENSLoginAuthority
passwordEquivalentAuthority=.../_service/sco/tta/config/beans/com.sco.tta.serve r.login.ens.SimplePasswordEquivalentAuthority.properties
passwordLoginAuthority=./ldapla.properties
propAccEnabled=scottaaccountenabled
resourceBundleName=com.sco.tta.server.login.LoginMessage
searchAttributes[0]=cn
searchAttributes[1]=uid
searchAttributes[2]=mail
searchAttributes[3]=userPrincipalName
searchAttributes[4]=sAMAccountName
searchFilter=(&({0}={1}))
version=4.31.905
}
.
Stderrout log
2007/07/23 15:14:03.926(pid 1623)proxy/server#0
Sun Secure Global Desktop Software (4.31) FATAL ERROR:
The program has encountered an error that means it cannot continue.
It will now exit. A technical description is given below to help
establish the cause.
Bind failed because bind(5,*:5427): (125) Address already in use.
The server cannot accept connections.
Free the port, or configure the server to bind to another port.
2007/07/23 15:14:03.926(pid 1623)proxy/server#2
Sun Secure Global Desktop Software (4.31) FATAL ERROR:
The program has encountered an error that means it cannot continue.
It will now exit. A technical description is given below to help
establish the cause.
Couldn't start Secure Global Desktop services: unable to bind to port 5427.
Either the Secure Global Desktop server is already running (use
"tarantella status" to check), or a non-Secure Global Desktop process is using this port (use
tools like "netstat" and "lsof" to determine which process).
Terminate that process and try again. Always use "tarantella stop" or
"tarantella stop --kill" to stop Secure Global Desktop services.
java.lang.IllegalArgumentException: The char '0x0' in 'javax.naming.AuthenticationException: [LDAP: error code 49 - 80090324: LdapErr: DSID-0C09043E, comment: AcceptSecurityContext error, data 576, vece
Jserver_error log
-
-2007/07/23 15:31:55.311(pid 834)server/ldap/error#1185175915311
Sun Secure Global Desktop Software (4.31) ERROR:
Active Directory service discovery failed: Failed to find any valid Site objects.
Looking up Global Catalog DNS name: _gc._tcp.TELBRU.COM.BN. - HIT
Looking for GC on server: Active Directory:ts1.telbru.com.bn:/172.25.11.96:3268:Up - HIT
Checking for CN=Configuration: DC=telbru,DC=com,DC=bn - MISS
Checking for CN=Configuration: CN=Configuration,DC=telbru,DC=com,DC=bn - HIT
Looking up domain root context: DC=telbru,DC=com,DC=bn - HIT
Looking up site context: CN=Sites,CN=Configuration
Searching for sites: (&(objectClass=site)(siteObjectBL=*)) - HIT
Looking up addresses for peer DNS: portal.telbru.com.bn - HIT
Failed to discover Active Directory Site, Domain and server data.
This might mean LDAP users cannot log in.
Make sure the DNS server contains the Active Directory service
records for the forest. Make sure a Global Catalog server is available.
2007/07/23 15:31:55.335(pid 834)server/csh/error#1185175915335
Sun Secure Global Desktop Software (4.31) ERROR:
Failed to add naming listener for event type EmulatorSession for portal.telbru.com.bn:1185175734946:740191782665445541.
Exception was : com.sco.tta.server.csh.CSHException: ERR_ADD_NAMINGLISTENER
at com.sco.tta.server.csh.CSHWebtopEventHandler.addNamingListener(CSHWebtopEventHa ndler.java:101)
at com.sco.tta.server.csh.CSHEventAdaptor.handleEventRegistration(CSHEventAdaptor. java:514)
at com.sco.tta.server.csh.CSHEventManager.addEventListener(CSHEventManager.java:11 5)
2007/07/23 15:31:56.061(pid 834)server/ldap/error#1185175916061
Sun Secure Global Desktop Software (4.31) ERROR:
Active Directory service discovery failed: Failed to find any valid Site objects.
Looking up Global Catalog DNS name: _gc._tcp.TELBRU.COM.BN. - HIT
Looking for GC on server: Active Directory:ts1.telbru.com.bn:/172.25.11.96:3268:Up - HIT
Checking for CN=Configuration: DC=telbru,DC=com,DC=bn - MISS
Checking for CN=Configuration: CN=Configuration,DC=telbru,DC=com,DC=bn - HIT
Looking up domain root context: DC=telbru,DC=com,DC=bn - HIT
Looking up site context: CN=Sites,CN=Configuration
Searching for sites: (&(objectClass=site)(siteObjectBL=*)) - HIT
Looking up addresses for peer DNS: portal.telbru.com.bn - HIT
Failed to discover Active Directory Site, Domain and server data.
This might mean LDAP users cannot log in.
Make sure the DNS server contains the Active Directory service
records for the forest. Make sure a Global Catalog server is available.
2007/07/23 15:31:56.084(pid 834)server/csh/error#1185175916084
Sun Secure Global Desktop Software (4.31) ERROR:
Unable to search for print jobs for .../_service/sco/tta/ldapcache/CN=user1,CN=Users,DC=TELBRU,DC=COM,DC=BN.
Exception was : javax.naming.AuthenticationException: [LDAP: error code 49 - 80090324: LdapErr: DSID-0C09043E, comment: AcceptSecurityContext error, data 576, vece
Please let me know if you require more info on this.
Thanks in advance.
