APPLIES TO:
Siebel System Software - Version 7.7.2.2 SIA [18356] to 8.1.1.7 SIA [21238] [Release V7 to V8]Oracle Solaris on SPARC (64-bit)
Product Release: V7 (Enterprise)
Version: 7.7.2.2 [18356] Auto
Database: Oracle 9.2.0.6
***Checked for relevance on 06-16-2014***
Application Server OS: Sun Solaris 8
Database Server OS: Sun Solaris 9
This document was previously published as Siebel SR 38-3034921141.
SYMPTOMS
SBL-UIF-00272, SBL-DBC-00107, SBL-SEC-10018, SBL-SEC-10001
Question :
I am not able to log into the Siebel Web Dedicated Client.
Whenever I log in, it throws me an error message:
SBL-UIF-00272: The user ID or password that you entered is incorrect.
Please check the spelling and try again.
I am sure about the username and password, but unable to guess what is causing the error.
Checked the configuration and it looks good.
I am not able to log into the Siebel Web Dedicated Client.
Whenever I log in, it throws me an error message:
SBL-UIF-00272: The user ID or password that you entered is incorrect.
Please check the spelling and try again.
I am sure about the username and password, but unable to guess what is causing the error.
Checked the configuration and it looks good.
CAUSE
Configuration/ Setup
SOLUTION
Solution :
According to the Dedicated Client log file, the Oracle error being trapped was:
ORA-12154: TNS:could not resolve the connect identifier specified
This means that the value set on the ConnectString parameter of the CFG file could not be found in Oracle Client’s tnsnames.ora file.
However, customer’s tnsnames.ora file includes the alias being used, and the NAMES.DEFAULT_DOMAIN parameter is correctly set in sqlnet.ora file.
Customer could connect to the database using SQL*Plus, but ODBC Data Source Name was failing.
This issue occurred because customer has multiple Oracle installations on the same client machine.
He had manually uninstalled an old Oracle Home, and left the environment variables untouched.
Both the ODBC Data Source Name and the Siebel Dedicated Client were searching for the tnsnames.ora file in the wrong location.
We confirmed that the %TNS_ADMIN% environment variable was not set on this machine, and that the ORACLE_HOME key was correctly set under HKEY_LOCAL_MACHINE\Software\Oracle branch of the Windows Registry.
However, the %PATH% environment variable was showing the old %ORACLE_HOME%\bin directory ahead of the correct %ORACLE_HOME%\bin folder.
By running the following command in command console, we could confirm that the wrong binaries were being used:
C:\> tnsping <TNSNAMES_ALIAS>
Since customer had not correctly uninstalled the old Oracle Home, going to Start > Programs > Oracle Installation Products > Home Selector, he was getting a message telling that there is only one ORACLE_HOME on this machine.
In order to resolve this behavior, customer had to manually modify the %PATH% environment variable on Control Panel > System > Advanced > Environment Variables > System Variables, so that the correct %ORACLE_HOME%\bin directory appears ahead of the wrong one.
According to the Dedicated Client log file, the Oracle error being trapped was:
ORA-12154: TNS:could not resolve the connect identifier specified
This means that the value set on the ConnectString parameter of the CFG file could not be found in Oracle Client’s tnsnames.ora file.
However, customer’s tnsnames.ora file includes the alias being used, and the NAMES.DEFAULT_DOMAIN parameter is correctly set in sqlnet.ora file.
Customer could connect to the database using SQL*Plus, but ODBC Data Source Name was failing.
This issue occurred because customer has multiple Oracle installations on the same client machine.
He had manually uninstalled an old Oracle Home, and left the environment variables untouched.
Both the ODBC Data Source Name and the Siebel Dedicated Client were searching for the tnsnames.ora file in the wrong location.
We confirmed that the %TNS_ADMIN% environment variable was not set on this machine, and that the ORACLE_HOME key was correctly set under HKEY_LOCAL_MACHINE\Software\Oracle branch of the Windows Registry.
However, the %PATH% environment variable was showing the old %ORACLE_HOME%\bin directory ahead of the correct %ORACLE_HOME%\bin folder.
By running the following command in command console, we could confirm that the wrong binaries were being used:
C:\> tnsping <TNSNAMES_ALIAS>
Since customer had not correctly uninstalled the old Oracle Home, going to Start > Programs > Oracle Installation Products > Home Selector, he was getting a message telling that there is only one ORACLE_HOME on this machine.
In order to resolve this behavior, customer had to manually modify the %PATH% environment variable on Control Panel > System > Advanced > Environment Variables > System Variables, so that the correct %ORACLE_HOME%\bin directory appears ahead of the wrong one.
APPLIES TO:
Siebel CRM - Version 8.1.1.1 SIA [21211] to 8.1.1.8 SIA [23012] [Release V8]
Information in this document applies to any platform.
***Checked for relevance on 30-Jan-2013***
Information in this document applies to any platform.
***Checked for relevance on 30-Jan-2013***
GOAL
=== ODM Question ===
When user enters credentials for non-existent user that does not exist in the LDAP directory, following error is reported in the UI:
"SBL-UIF-00272: The user ID or password that you entered is incorrect. Please check the spelling and try again.".
In the object manager log file, you will see errors in following order:
GenericLog GenericError 000000064ce4172c 1: 0 11.17.2010 19:04:51 (secmgr.cpp (2731) err = 4597526 sys = 0) SBL-SEC-10006: The authentication system cannot find the user with the username specified. Make sure you typed the user name correctly, or contact your system administrator for assistance.
ObjMgrLog 000000064ce4172c Error 1: 0 17.11.2010 19:04:51 (mainlgin.cpp (1695)) SBL-UIF-00272: The logon username / password pair entered is incorrect.
Re-enter the logon parameters.
How could we show force LDAP security adapter to display first error message SBL-SEC-10006 on the login page when non-existent user tries to login instead of last error message SBL-UIF-00272?
SOLUTION
=== ODM Answer ===
Currently, it is not possible to customize or force LDAP to return the second error message to the user. An enhancement request 12-E29NSZ was logged requesting to customize LDAP messages, however, Siebel Engineering had declined such request and it was recommended that customers write custom security adapter to trap the LDAP messages and customize it. In the vanilla product, it is not possible to customize messages. Siebel is showing message what comes out of LDAP and this is correct behavior.
In conclusion, it is not possible to modify the error messages or custom configure what comes out of the LDAP security adapter.
APPLIES TO:
Siebel System Software - Version 7.8.2.5 [19227] and later
Siebel CRM - Version 8.1.1.11 [23030] to 8.1.1.11 [23030] [Release V8]
z*OBSOLETE: Microsoft Windows Server 2003
Product Release: V7 (Enterprise)
Version: 7.8.2.5 [19227]
Database: Oracle 10.1.0.4
Application Server OS: Microsoft Windows 2003 Server SP1
Database Server OS: Sun Solaris 9
This document was previously published as Siebel SR 38-3383724421.
Siebel CRM - Version 8.1.1.11 [23030] to 8.1.1.11 [23030] [Release V8]
z*OBSOLETE: Microsoft Windows Server 2003
Product Release: V7 (Enterprise)
Version: 7.8.2.5 [19227]
Database: Oracle 10.1.0.4
Application Server OS: Microsoft Windows 2003 Server SP1
Database Server OS: Sun Solaris 9
This document was previously published as Siebel SR 38-3383724421.
SYMPTOMS
SBL-UIF-00272, SBL-SEC-10006
Hello,
We have an Active Directory Forest with the parent domain and a child domain.
We have created all Siebel staff users on the parent domain and Siebel service accounts on the child domain and are trying to use them to authenticate.
Any users from the parent domain can log into the child domain.
We can display the Graphical User Interface.
However, if you attempt to log into Siebel while integrated to the child domain, you receive the following error message:
The user ID or password that you entered is incorrect. Please check the spelling and try again.
(SBL-UIF-00272)
If you check the domain controller on the child domain, it shows that same user authenticating successfully.
Why am I not able to log into Siebel?
Thanks!
We have an Active Directory Forest with the parent domain and a child domain.
We have created all Siebel staff users on the parent domain and Siebel service accounts on the child domain and are trying to use them to authenticate.
Any users from the parent domain can log into the child domain.
We can display the Graphical User Interface.
However, if you attempt to log into Siebel while integrated to the child domain, you receive the following error message:
The user ID or password that you entered is incorrect. Please check the spelling and try again.
(SBL-UIF-00272)
If you check the domain controller on the child domain, it shows that same user authenticating successfully.
Why am I not able to log into Siebel?
Thanks!
CAUSE
Bug 10462680
SOLUTION
Message 1
For the benefit of other readers:
The current ADSI Driver developed by Siebel was not designed to support an ADSI multi-domain environment, which means that the Siebel Security Adapter architecture currently does not allow multi-domain authentication via ADSI.
This functionality is not yet incorporated within the Siebel Application.
Also, please note that the use of Global Catalogs is not supported by Siebel Technical Support, since the ADSI Security Adapter was not designed to work with GC, and has not been tested by Siebel Engineering, or certified by our Quality Assurance Team to work with a Global Catalog.
In this case, we recommend one of the following approaches, which are in agreement with how the ADSI Security Adapter is intended to work:
1. Create all Siebel users under one single domain within Microsoft Active Directory, by moving all Service Accounts from the child domain to the parent domain, for example, and then pointing parameters ServerName and BaseDN to the parent AD Server.
2. If you require to maintain Siebel users spread into two distinct domains, you can create a new Application Object Manager for each domain, through the use of distinct Named Subsystems for each AOM, each one pointing to its specific domain.
[CONT 1/2...]
The current ADSI Driver developed by Siebel was not designed to support an ADSI multi-domain environment, which means that the Siebel Security Adapter architecture currently does not allow multi-domain authentication via ADSI.
This functionality is not yet incorporated within the Siebel Application.
Also, please note that the use of Global Catalogs is not supported by Siebel Technical Support, since the ADSI Security Adapter was not designed to work with GC, and has not been tested by Siebel Engineering, or certified by our Quality Assurance Team to work with a Global Catalog.
In this case, we recommend one of the following approaches, which are in agreement with how the ADSI Security Adapter is intended to work:
1. Create all Siebel users under one single domain within Microsoft Active Directory, by moving all Service Accounts from the child domain to the parent domain, for example, and then pointing parameters ServerName and BaseDN to the parent AD Server.
2. If you require to maintain Siebel users spread into two distinct domains, you can create a new Application Object Manager for each domain, through the use of distinct Named Subsystems for each AOM, each one pointing to its specific domain.
[CONT 1/2...]
Message 2
[... CONT 2/2]
For further details on the use of multiple domains on ADSI, please refer to the following SupportWeb postings:
- Multiple Activer Directory Servers (Doc ID 528364.1)
- ADSI Authentication Using Global Catalog Port 3268 (Doc ID 517259.1)
Bug 10462680 was previously logged to address this Enhancement Request, but they have not been implemented yet.
The information above is still true for Siebel Version 7.8 and 8.x.
For further details on the use of multiple domains on ADSI, please refer to the following SupportWeb postings:
- Multiple Activer Directory Servers (Doc ID 528364.1)
- ADSI Authentication Using Global Catalog Port 3268 (Doc ID 517259.1)
Bug 10462680 was previously logged to address this Enhancement Request, but they have not been implemented yet.
The information above is still true for Siebel Version 7.8 and 8.x.
APPLIES TO:
Siebel System Software - Version 8.1.1.2 to 8.1.1.3 SIA[21219] [Release V8]
Information in this document applies to any platform.
Information in this document applies to any platform.
SYMPTOMS
ENVIRONMENTSiebel 8.1.1.2 / Windows 2003
STEPS
Siebel registered users are not able to modify their passwords once expired in Siebel Financial Services application version 8.1.1.2 being authenticated by a Custom Security Adapter on Windows. Rather than being presented with a Siebel screen view to modify the password, an error is presented to the user [1]. The Siebel application object manager (AOM) logfiles clearly indicate that the password for the Siebel user has expired. In the Siebel Dedicated Client the behavior is different - for user accounts with expired passwords - a popup dialog box is presented allowing the Siebel registered user to modify the password.
EXPECTED BEHAVIOR
It is expected that the user is automatically directed to the Siebel View "Change Password View (SWE)". This behavior is controlled by the application object manager hidden parameter ChangePasswordView, which is set to "Change Password View (SWE)" by default.
ERROR MESSAGES
1) SBL-UIF-00272: The user ID or password that you entered is incorrect. Please check the spelling and try again.
2) SBL-SEC-10018: SecurityLogin(): AuthenticationClient Error: 80050010 : AuthenticationService::ExpiredCredentials.
3) SBL-SEC-10005: Your password has expired. Please change your password.
4) SBL-UIF-00425: Your password has expired, please change it to enter the system.
STEPS
Siebel registered users are not able to modify their passwords once expired in Siebel Financial Services application version 8.1.1.2 being authenticated by a Custom Security Adapter on Windows. Rather than being presented with a Siebel screen view to modify the password, an error is presented to the user [1]. The Siebel application object manager (AOM) logfiles clearly indicate that the password for the Siebel user has expired. In the Siebel Dedicated Client the behavior is different - for user accounts with expired passwords - a popup dialog box is presented allowing the Siebel registered user to modify the password.
EXPECTED BEHAVIOR
It is expected that the user is automatically directed to the Siebel View "Change Password View (SWE)". This behavior is controlled by the application object manager hidden parameter ChangePasswordView, which is set to "Change Password View (SWE)" by default.
ERROR MESSAGES
1) SBL-UIF-00272: The user ID or password that you entered is incorrect. Please check the spelling and try again.
2) SBL-SEC-10018: SecurityLogin(): AuthenticationClient Error: 80050010 : AuthenticationService::ExpiredCredentials.
3) SBL-SEC-10005: Your password has expired. Please change your password.
4) SBL-UIF-00425: Your password has expired, please change it to enter the system.
CAUSE
Bug 10512510 (Change Request 12-1T2II25) was logged to address a Product Defect where no error or warning was displayed when an account password had expired in an external directory. This is specific to database authentication and not external authentication.
Bug 12820579 has been logged to address an additional Product Defect specific to external authentication.
Bug 12820579 has been logged to address an additional Product Defect specific to external authentication.
SOLUTION
Bug 10512510 (Change Request 12-1T2II25) has been fixed in Siebel 8.1.1.1 [21211] QF0154 as part of Fix Request 12-1WF6XDZ. This Quick Fix has since been accumulated into Siebel Fix Pack 8.1.1.3 as per the latest Maintenance Release Guide and available for download under Patch Number 9882361.
NOTE: Only applicable for DB authentication (DB2)
Bug 12820579 is still open for external authentication.
NOTE: Only applicable for DB authentication (DB2)
Bug 12820579 is still open for external authentication.
No comments:
Post a Comment