Highlighted
New Member.
987 views

Unable To login to Imanager

Hi,
I'm using iManger 4.7, after the installation of Imanager i could successfully login into imanager with any created user.
However, after i reached a big number of users i was no longer able to login with newly created users.
I find out taht i reached the buffer limit. So i reduced the number of users and run a eDirectory repair (it terminated without errors).
However, this didn't solve my issue and i found this error in the trace file:
14:42:41 C1C Agent: Calling DSARead conn:0 for client .vanessa-netiq3-nds.iam.com.IDVAULT-TREE.
14:42:41 C1C Agent: Calling DSAReadObjectInfo conn:0 for client .vanessa-netiq3-nds.iam.com.IDVAULT-TREE.
14:42:41 C1C NMAS: 262193: Create thread request
14:42:41 C1C NMAS: 262193: Using thread 0x22192c30
14:42:41 C1C NMAS: 262193: Server thread started
14:42:41 C1C NMAS: 262193: Started login session
14:42:41 C1C NMAS: 262193: NCP client address type 9
14:42:41 C1C NMAS: 262193: NCP client address: 10.1.7.11:50370
14:42:41 C1C NMAS: 262193: PxySendProxyClientInfo Bad Client MAF Handle
14:42:41 14CC NMAS: 262193: Pool thread 0x22192c30 awake with new work
14:42:41 14CC Agent: Calling DS Ping conn:0 for client .vanessa-netiq3-nds.iam.com.IDVAULT-TREE.
14:42:41 14CC Agent: Calling DSAResolveName conn:0 for client .vanessa-netiq3-nds.iam.com.IDVAULT-TREE.
14:42:41 14CC Agent: Calling DSAReadObjectInfo conn:0 for client .vanessa-netiq3-nds.iam.com.IDVAULT-TREE.
14:42:41 14CC Agent: Calling DSARead conn:0 for client .vanessa-netiq3-nds.iam.com.IDVAULT-TREE.
14:42:41 14CC Agent: Calling DS Ping conn:0 for client .vanessa-netiq3-nds.iam.com.IDVAULT-TREE.
14:42:41 14CC Agent: Calling DSAResolveName conn:0 for client .vanessa-netiq3-nds.iam.com.IDVAULT-TREE.
14:42:41 14CC Agent: Calling DSAReadObjectInfo conn:0 for client .vanessa-netiq3-nds.iam.com.IDVAULT-TREE.
14:42:41 14CC Agent: Calling DSARead conn:0 for client .vanessa-netiq3-nds.iam.com.IDVAULT-TREE.
14:42:41 14CC NMAS: 262193: OEM
14:42:41 14CC NMAS: 262193: OEM Verb 1
14:42:41 14CC NMAS: 262193: OEM
14:42:41 14CC NMAS: 262193: OEM Verb 3
14:42:41 14CC NMAS: 262193: NMAS Audit with Audit PA not installed
14:42:41 14CC NMAS: 262193: CanDo
14:42:41 14CC Agent: Calling DSAReadObjectInfo conn:0 for client .vanessa-netiq3-nds.iam.com.IDVAULT-TREE.
14:42:41 14CC Agent: Calling DSARead conn:0 for client .vanessa-netiq3-nds.iam.com.IDVAULT-TREE.
14:42:41 14CC Agent: DSARead failed, no such attribute (-603).
14:42:41 14CC Agent: Calling DSARead conn:0 for client .vanessa-netiq3-nds.iam.com.IDVAULT-TREE.
14:42:41 14CC Agent: DSARead failed, no such attribute (-603).
14:42:41 14CC Agent: Calling DSARead conn:0 for client .vanessa-netiq3-nds.iam.com.IDVAULT-TREE.
14:42:41 14CC Agent: DSARead failed, no such attribute (-603).
14:42:41 14CC Agent: Calling DSARead conn:0 for client .vanessa-netiq3-nds.iam.com.IDVAULT-TREE.
14:42:41 14CC NMAS: 262193: ERROR: -1694 Account not activated
14:42:41 14CC NMAS: 262193: ERROR: -1694 Login Restrictions
14:42:41 14CC Agent: Calling DSAReadObjectInfo conn:0 for client .vanessa-netiq3-nds.iam.com.IDVAULT-TREE.
14:42:41 14CC Agent: Calling DSARead conn:0 for client .vanessa-netiq3-nds.iam.com.IDVAULT-TREE.
14:42:41 14CC Agent: DSARead failed, no such attribute (-603).
14:42:41 14CC Agent: Calling DSARead conn:0 for client .vanessa-netiq3-nds.iam.com.IDVAULT-TREE.
14:42:41 14CC Agent: DSARead failed, no such attribute (-603).
14:42:41 14CC Agent: Calling DSARead conn:0 for client .vanessa-netiq3-nds.iam.com.IDVAULT-TREE.
14:42:41 14CC Agent: DSARead failed, no such attribute (-603).
14:42:41 14CC NMAS: 262193: Failed login delay 3 seconds
14:42:44 14CC NMAS: 262193: Failed login
14:42:44 14CC NMAS: 262193: NACK
14:42:44 14CC NMAS: 262193: NMAS Audit with Audit PA not installed
14:42:44 14CC NMAS: 262193: ERROR: -1694 NMAS Manager
14:42:44 DD4 NMAS: 262193: NMAS session failed
14:42:44 DD4 NMAS: 262193: Client Session Destroy Request
14:42:44 14CC NMAS: 262193: Server thread exited
14:42:44 14CC NMAS: 262193: Pool thread 0x22192c30 work complete
14:42:44 DD4 NMAS: 262193: Local Session Cleared (Not Destroyed)
14:42:48 BFC Agent: Calling DSAGetServerNetAddress conn:16 for client .admin.sa.system.IDVAULT-TREE.
14:42:48 BFC Agent: Calling DSAGetServerNetAddress conn:16 for client .admin.sa.system.IDVAULT-TREE.
14:42:48 BFC Agent: Calling DS Ping conn:16 for client .admin.sa.system.IDVAULT-TREE.
14:42:48 BFC Agent: Calling DS Ping conn:16 for client .admin.sa.system.IDVAULT-TREE.
14:42:48 BFC Agent: Calling DSAGetServerNetAddress conn:32 for client .[Public].
14:42:48 BFC Agent: Calling DSAGetServerNetAddress conn:32 for client .[Public].

How can i solve this issue?
Labels (1)
0 Likes
9 Replies
Highlighted
Knowledge Partner
Knowledge Partner

On 11/21/2018 06:04 AM, vkhoury wrote:
>


This sounds like an eDirectory, or maybe iManager issue; I'd probably post
to the eDirectory or NMAS forum specifically as I doubt this is directly
because of Identity Manager (IDM) as it seems to only be
authentication-related.

With that in mind, I cannot find much on -1694 anywhere.

> I'm using iManger 4.7, after the installation of Imanager i could
> successfully login into imanager with any created user.
> However, after i reached a big number of users i was no longer able to
> login with newly created users.


How many users did you create?

How did you create them?

Do the original users still work?

How many users do NOT work, and at what point did they stop working?

> I find out taht i reached the buffer limit. So i reduced the number of


I'm not sure what you mean by this, but it seems unlikely you've reached
any limits other than what your hardware can support; maybe the creates
are still running so you are working with not-yet-complete objects, or
something.

> users and run a eDirectory repair (it terminated without errors).


A repair wouldn't help any buffer issues at all.

> However, this didn't solve my issue and i found this error in the trace
> file:


Which error are you trying to point out? This looks like you have the
default DSA filter on, which shows "errors" all the time which are not
really errors at all, but are just too-detailed notes about the internal
workings of eDirectory. The -1694 in here looks odd to me, but you do not
even seem to have AUTH enabled, so I think we have a few things left to
try, but probably not in this particular forum.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
Highlighted
New Member.

How many users did you create?

How did you create them?

Do the original users still work?

How many users do NOT work, and at what point did they stop working?

I created 80 Users. Users are being synced from Postgres DB to the vault via postgresql driver.
Some of the old users are still working. I've reduced the number of users to 30. When the number of users reached 77 users it stopped working.
I'm not sure what you mean by this, but it seems unlikely you've reached
any limits other than what your hardware can support; maybe the creates
are still running so you are working with not-yet-complete objects, or
something.

> users and run a eDirectory repair (it terminated without errors).

A repair wouldn't help any buffer issues at all.

I've seen this error in the log file: WPutEntryAttrs failed, insufficient buffer (-649).

I think we have a few things left to
try, but probably not in this particular forum.

Which one do you suggest?
0 Likes
Highlighted
Outstanding Contributor.
Outstanding Contributor.

Did you try to login with the full distinguished name , like john.users.data.idvault ?
0 Likes
Highlighted
New Member.

yes i'm logging using the DN .
0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

On 11/21/2018 07:14 AM, vkhoury wrote:
>
>> How many users did you create?
>>
>> How did you create them?
>>
>> Do the original users still work?
>>
>> How many users do NOT work, and at what point did they stop working?

> I created 80 Users. Users are being synced from Postgres DB to the vault
> via postgresql driver.
> Some of the old users are still working. I've reduced the number of
> users to 30. When the number of users reached 77 users it stopped
> working.


Either your tree has a serious, fundamental problem, or else the count
does not really matter. Seventy-seven (77) users is \less than 1/10000
what I put in my trees when just building a test tree (a tree with fewer
than a million objects is just too small for any real testing) and IDM
should be able to create those users in just a few seconds.

> I've seen this error in the log file: WPutEntryAttrs failed,
> insufficient buffer (-649).


Insufficient buffer errors are runtime errors, not something wrong with
the DIB. ndsrepair is made to fix problems with the DIB primarily, not
runtime errors.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
Highlighted
New Member.

ab;2491312 wrote:
On 11/21/2018 07:14 AM, vkhoury wrote:
>
>> How many users did you create?
>>
>> How did you create them?
>>
>> Do the original users still work?
>>
>> How many users do NOT work, and at what point did they stop working?

> I created 80 Users. Users are being synced from Postgres DB to the vault
> via postgresql driver.
> Some of the old users are still working. I've reduced the number of
> users to 30. When the number of users reached 77 users it stopped
> working.


Either your tree has a serious, fundamental problem, or else the count
does not really matter. Seventy-seven (77) users is \less than 1/10000
what I put in my trees when just building a test tree (a tree with fewer
than a million objects is just too small for any real testing) and IDM
should be able to create those users in just a few seconds.

> I've seen this error in the log file: WPutEntryAttrs failed,
> insufficient buffer (-649).


Insufficient buffer errors are runtime errors, not something wrong with
the DIB. ndsrepair is made to fix problems with the DIB primarily, not
runtime errors.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.


I've checked eDirectory and it seems to be running fine. Is there a way to troubleshoot the following error: Error 632 Unexpected results have Occurred ?
0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

> I've checked eDirectory and it seems to be running fine. Is there a way
> to troubleshoot the following error: Error 632 Unexpected results have
> Occurred ?


Where do you see the -632? Also have you tried reproducing the issue with
other ways of creating users (e.g. via LDAP) or in another environment
with an IDM driver? None of this is very normal; something at a low level
may be wrong with this environment, maybe even lower than eDirectory
itself (OS, anti-virus software, filesystem, disk).

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
Highlighted
New Member.

ab;2491300 wrote:
On 11/21/2018 06:04 AM, vkhoury wrote:
>

The -1694 in here looks odd to me, but you do not
even seem to have AUTH enabled, so I think we have a few things left to
try, but probably not in this particular forum.


I've searched for -1694 error but I didn't find anything related to this error.
I also made sure that users are all activated. I really have no clue why the trace file mentioned that user is inactivated.
0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

On 11/23/2018 2:06 AM, vkhoury wrote:
>
> ab;2491300 Wrote:
>> On 11/21/2018 06:04 AM, vkhoury wrote:
>>>

>> The -1694 in here looks odd to me, but you do not
>> even seem to have AUTH enabled, so I think we have a few things left to
>> try, but probably not in this particular forum.
>>

>
> I've searched for -1694 error but I didn't find anything related to this
> error.
> I also made sure that users are all activated. I really have no clue why
> the trace file mentioned that user is inactivated.


Perhaps an LDIF export of the users attributes might help at this point.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.