Symantec Access Management

  • 1.  Cannot connect to SQL User Store

    Posted Oct 03, 2014 10:19 AM

    Hi,

     

    I am using SQL as the user store. After configuring the user store using an ODBC namespace and giving the correct DSN name, I am seeing the following error in the logs when I do view contents.

     

    We created the DSN using odbcad32.exe found under C:\Windows\SysWOW64.

     

    [2072/3216][Fri Oct 03 2014 10:12:00][SmDsOdbcProvider.cpp:644][ERROR][sm-Odbc-00210] Failed to connect to any of the following data sources: 'PPMCAUsers32'.

    [2072/3216][Fri Oct 03 2014 10:12:02][SmDsOdbcProvider.cpp:643][ERROR][sm-Server-02740] Unexpected error in database interface. Error code -1063

    [2072/3216][Fri Oct 03 2014 10:12:02][SmDsOdbcProvider.cpp:644][ERROR][sm-Odbc-00210] Failed to connect to any of the following data sources: 'PPMCAUsers32'.

    [2072/4168][Fri Oct 03 2014 10:12:07][CSmDbUtilities.cpp:567][ERROR][sm-Odbc-00070] Error Code is 0 message is 'State = 08003 Internal Code = 0 - [Microsoft][ODBC Driver Manager] Connection not open'.

    [2072/1840][Fri Oct 03 2014 10:12:08][CSmDbUtilities.cpp:567][ERROR][sm-Odbc-00070] Error Code is 0 message is 'State = 08003 Internal Code = 0 - [Microsoft][ODBC Driver Manager] Connection not open'.

     

    Anyone has seen this error before ?



  • 2.  Re: Cannot connect to SQL User Store

    Posted Oct 27, 2015 02:10 AM

    Yes, I have a similar issue. Everything was working fine. But now all of a sudden when I am trying to login to the admin UI. It's not working. An error message : " Error: Unable to process logins. Please contact your administrator. "

    I checked into the webagent Trace file and found the same error message.

    So what I conclude is, the thread connecting the user store has been removed/corrupted. So it's unable to check whether any user exists in the directory or not.

     

    Can someone pls. help fix this?

     

    Here in my case I am using Oracle as the user store.

     

    EDIT : Here I see that, I can add the data sources via the ODBD Data Source Administrator


    1.PNG

     

     

    Then I checked into the option to add a datasource, but what I found is only the SQLServer is available as a data source. Could you pls. help me know, why don't I see the Oracle datasource here?

     

    add datasource.PNG



  • 3.  Re: Cannot connect to SQL User Store

    Posted Oct 28, 2015 08:35 AM

    HubertDennis pls help.



  • 4.  Re: Cannot connect to SQL User Store

    Posted Oct 28, 2015 09:43 AM

    itzAmlan

     

    Two Things..........

     

     

     

    1. Use this Path and Exe.

     

     

    2015-10-28 09_36_41-SysWOW64.png

     

     

     

     

    2. Next use SYSTEM DSN TAB, not USER DSN TAB.

     

    2015-10-28 09_41_45-mRemoteNG - confCons.xml.png

     

     

    Regards

     

    Hubert



  • 5.  Re: Cannot connect to SQL User Store

    Broadcom Employee
    Posted Oct 28, 2015 10:27 AM

    Indeed should be System DSN.



  • 6.  Re: Cannot connect to SQL User Store

    Posted Oct 29, 2015 01:01 AM

    Thanks HubertDennis

    But, the issue seems to be with the APS, we have it like the password has to be changed once in every three days. Now when trying to test the connection, we are getting this message :

     

    1.PNG

     

    How could we proceed to resolve this?



  • 7.  Re: Cannot connect to SQL User Store

    Posted Oct 29, 2015 01:55 AM

    Hi itzAmlan

     

    The warning message was thrown by Oracle due to the password setting. It shouldn't prevent the Siteminder from connect to the user store.

     

    You can check the ORA-28002 from following link:

    ORA-28002 tips

     

    You can contact the DBA to change the setting on database side.

    Did smps log still thrown an error for the database?

     

    Regards,

    Kar Meng



  • 8.  Re: Cannot connect to SQL User Store

    Posted Oct 29, 2015 06:24 AM

    Karmeng

    Yes, I understand. The warning is thrown by Oracle due to the password settings. But, it's preventing the siteminder from connecting to the user store.



  • 9.  Re: Cannot connect to SQL User Store

    Posted Oct 29, 2015 09:23 AM

    itzAmlan

     

    APS? Remember CA SSO (a.k.a) has a feature called as APS (Advanced Password Services). Hence please take care when using similar terms as they cause confusion. Nevertheless, if CA SSO APS feature was being referenced here, then I don't see how APS can affect a DB User.

     

    More so it has been mentioned that "Reset Password once in every three days". Is this again via CA SSO APS feature; if YES then it has no bearing on DB User used for a connection. We are mixing a DB User with Users created within a DB instance. CA SSO APS feature applies only to Users created within a DB Instance. DB User is a SQL / Oracle level User and DB Users access policies are governed by SQL / Oracle access Configuration's which would have configured when the DB User was setup by a SQL / Oracle administrator. So please take CA SSO APS out of here as this would simply cause confusion, as CA SSO APS has nothing to do with DB level User.

     

     

     

     

    Now coming to the key question, why would you keep resetting a DB Level User password every three days? This is an undesirable overhead. This means any system that connects to the DB has to keep updating the password every three days. In all my years of experience this far I have never seen such a scenario at any Customer.

     

    Hence my question back to you is "Can you ask your DB Admin to set the DB Level User's Password to 'Never Expire'?". Otherwise am sorry there is nothing in the product that could help here. This way too much overhead resetting DB Level User password every three days, especially when it is used to connect two systems.

     

     

     

    Regards

     

    Hubert



  • 10.  Re: Cannot connect to SQL User Store

    Posted Oct 29, 2015 10:55 PM

    Hi,

     

    In addition what Hubert mentioned to set the password to 'Never Expire', this will help us to isolate the problem if there is something on DB side that prevent the connection OR policy server is having problem to connect to the DB.

    I presume the policy server should be able to connect to the DB once the password stuff fix at DB side.

     

    Regards,

    Kar Meng



  • 11.  Re: Cannot connect to SQL User Store

    Posted Oct 28, 2015 09:47 AM

    vinpa02 Vinu

     

    Where you able to resolve this issue?

     

    • Version of SQL?
    • Version of CA SSO?

     

     

    Regards

     

    Hubert