vkhoury
New Member.
1477 views

Unable To login to Imanager

Hi,
I'm using iManger 4.7, after the installation of Imanager i could successfully login into imanager with any created user.
However, after i reached a big number of users i was no longer able to login with newly created users.
I find out taht i reached the buffer limit. So i reduced the number of users and run a eDirectory repair (it terminated without errors).
However, this didn't solve my issue and i found this error in the trace file:
14:42:41 C1C Agent: Calling DSARead conn:0 for client .vanessa-netiq3-nds.iam.com.IDVAULT-TREE.
14:42:41 C1C Agent: Calling DSAReadObjectInfo conn:0 for client .vanessa-netiq3-nds.iam.com.IDVAULT-TREE.
14:42:41 C1C NMAS: 262193: Create thread request
14:42:41 C1C NMAS: 262193: Using thread 0x22192c30
14:42:41 C1C NMAS: 262193: Server thread started
14:42:41 C1C NMAS: 262193: Started login session
14:42:41 C1C NMAS: 262193: NCP client address type 9
14:42:41 C1C NMAS: 262193: NCP client address: 10.1.7.11:50370
14:42:41 C1C NMAS: 262193: PxySendProxyClientInfo Bad Client MAF Handle
14:42:41 14CC NMAS: 262193: Pool thread 0x22192c30 awake with new work
14:42:41 14CC Agent: Calling DS Ping conn:0 for client .vanessa-netiq3-nds.iam.com.IDVAULT-TREE.
14:42:41 14CC Agent: Calling DSAResolveName conn:0 for client .vanessa-netiq3-nds.iam.com.IDVAULT-TREE.
14:42:41 14CC Agent: Calling DSAReadObjectInfo conn:0 for client .vanessa-netiq3-nds.iam.com.IDVAULT-TREE.
14:42:41 14CC Agent: Calling DSARead conn:0 for client .vanessa-netiq3-nds.iam.com.IDVAULT-TREE.
14:42:41 14CC Agent: Calling DS Ping conn:0 for client .vanessa-netiq3-nds.iam.com.IDVAULT-TREE.
14:42:41 14CC Agent: Calling DSAResolveName conn:0 for client .vanessa-netiq3-nds.iam.com.IDVAULT-TREE.
14:42:41 14CC Agent: Calling DSAReadObjectInfo conn:0 for client .vanessa-netiq3-nds.iam.com.IDVAULT-TREE.
14:42:41 14CC Agent: Calling DSARead conn:0 for client .vanessa-netiq3-nds.iam.com.IDVAULT-TREE.
14:42:41 14CC NMAS: 262193: OEM
14:42:41 14CC NMAS: 262193: OEM Verb 1
14:42:41 14CC NMAS: 262193: OEM
14:42:41 14CC NMAS: 262193: OEM Verb 3
14:42:41 14CC NMAS: 262193: NMAS Audit with Audit PA not installed
14:42:41 14CC NMAS: 262193: CanDo
14:42:41 14CC Agent: Calling DSAReadObjectInfo conn:0 for client .vanessa-netiq3-nds.iam.com.IDVAULT-TREE.
14:42:41 14CC Agent: Calling DSARead conn:0 for client .vanessa-netiq3-nds.iam.com.IDVAULT-TREE.
14:42:41 14CC Agent: DSARead failed, no such attribute (-603).
14:42:41 14CC Agent: Calling DSARead conn:0 for client .vanessa-netiq3-nds.iam.com.IDVAULT-TREE.
14:42:41 14CC Agent: DSARead failed, no such attribute (-603).
14:42:41 14CC Agent: Calling DSARead conn:0 for client .vanessa-netiq3-nds.iam.com.IDVAULT-TREE.
14:42:41 14CC Agent: DSARead failed, no such attribute (-603).
14:42:41 14CC Agent: Calling DSARead conn:0 for client .vanessa-netiq3-nds.iam.com.IDVAULT-TREE.
14:42:41 14CC NMAS: 262193: ERROR: -1694 Account not activated
14:42:41 14CC NMAS: 262193: ERROR: -1694 Login Restrictions
14:42:41 14CC Agent: Calling DSAReadObjectInfo conn:0 for client .vanessa-netiq3-nds.iam.com.IDVAULT-TREE.
14:42:41 14CC Agent: Calling DSARead conn:0 for client .vanessa-netiq3-nds.iam.com.IDVAULT-TREE.
14:42:41 14CC Agent: DSARead failed, no such attribute (-603).
14:42:41 14CC Agent: Calling DSARead conn:0 for client .vanessa-netiq3-nds.iam.com.IDVAULT-TREE.
14:42:41 14CC Agent: DSARead failed, no such attribute (-603).
14:42:41 14CC Agent: Calling DSARead conn:0 for client .vanessa-netiq3-nds.iam.com.IDVAULT-TREE.
14:42:41 14CC Agent: DSARead failed, no such attribute (-603).
14:42:41 14CC NMAS: 262193: Failed login delay 3 seconds
14:42:44 14CC NMAS: 262193: Failed login
14:42:44 14CC NMAS: 262193: NACK
14:42:44 14CC NMAS: 262193: NMAS Audit with Audit PA not installed
14:42:44 14CC NMAS: 262193: ERROR: -1694 NMAS Manager
14:42:44 DD4 NMAS: 262193: NMAS session failed
14:42:44 DD4 NMAS: 262193: Client Session Destroy Request
14:42:44 14CC NMAS: 262193: Server thread exited
14:42:44 14CC NMAS: 262193: Pool thread 0x22192c30 work complete
14:42:44 DD4 NMAS: 262193: Local Session Cleared (Not Destroyed)
14:42:48 BFC Agent: Calling DSAGetServerNetAddress conn:16 for client .admin.sa.system.IDVAULT-TREE.
14:42:48 BFC Agent: Calling DSAGetServerNetAddress conn:16 for client .admin.sa.system.IDVAULT-TREE.
14:42:48 BFC Agent: Calling DS Ping conn:16 for client .admin.sa.system.IDVAULT-TREE.
14:42:48 BFC Agent: Calling DS Ping conn:16 for client .admin.sa.system.IDVAULT-TREE.
14:42:48 BFC Agent: Calling DSAGetServerNetAddress conn:32 for client .[Public].
14:42:48 BFC Agent: Calling DSAGetServerNetAddress conn:32 for client .[Public].

How can i solve this issue?
Labels (1)
0 Likes
6 Replies
Knowledge Partner
Knowledge Partner

Re: Unable To login to Imanager

On 11/23/2018 2:14 AM, vkhoury wrote:
> 14:42:41 14CC Agent: DSARead failed, no such attribute (-603).
> 14:42:41 14CC Agent: Calling DSARead conn:0 for client
> .vanessa-netiq3-nds.iam.com.IDVAULT-TREE.


I think you are chasing the wrong error.

The insufficient buffers does not mean to many users or too many logins.
(That number is way higher than any chance you have of hitting it.
Billons of users and tens of thousands of logins based on real world
systems).

The error i think you are looking at is cosmetic.

On login, many things are checked: Do you have a custom password policy?
How? By reading nspmAssignedPOlicy, oh 603 attribute does not have a
value on that user.

Do you have a custom NMAS Method? How? (I forget the attribute) Look up
some attr value that is empty, get a 603.
In this context these are not errors.

These:

> 14:42:41 14CC NMAS: 262193: ERROR: -1694 Account not activated
> 14:42:41 14CC NMAS: 262193: ERROR: -1694 Login Restrictions


https://www.novell.com/documentation/nwec/?page=/documentation/nwec/nwec/data/al3r5be.html

"The account has been created but the date and time that the account
will be activated has not been reached. "

I know there is Login Expiration Time, but I cannot think of what an
Activation time might be. Perhaps the Login Allowed Time Map has been set?
0 Likes
vkhoury
New Member.

Re: Unable To login to Imanager

geoffc;2491408 wrote:
On 11/23/2018 2:14 AM, vkhoury wrote:
> 14:42:41 14CC Agent: DSARead failed, no such attribute (-603).
> 14:42:41 14CC Agent: Calling DSARead conn:0 for client
> .vanessa-netiq3-nds.iam.com.IDVAULT-TREE.


I think you are chasing the wrong error.

The insufficient buffers does not mean to many users or too many logins.
(That number is way higher than any chance you have of hitting it.
Billons of users and tens of thousands of logins based on real world
systems).

The error i think you are looking at is cosmetic.

On login, many things are checked: Do you have a custom password policy?
How? By reading nspmAssignedPOlicy, oh 603 attribute does not have a
value on that user.

Do you have a custom NMAS Method? How? (I forget the attribute) Look up
some attr value that is empty, get a 603.
In this context these are not errors.

These:

> 14:42:41 14CC NMAS: 262193: ERROR: -1694 Account not activated
> 14:42:41 14CC NMAS: 262193: ERROR: -1694 Login Restrictions


https://www.novell.com/documentation/nwec/?page=/documentation/nwec/nwec/data/al3r5be.html

"The account has been created but the date and time that the account
will be activated has not been reached. "

I know there is Login Expiration Time, but I cannot think of what an
Activation time might be. Perhaps the Login Allowed Time Map has been set?


yes that's right i just figured out the error, the date of activation wasn't reached yet.
Thanks.
0 Likes
Knowledge Partner
Knowledge Partner

Re: Unable To login to Imanager

On 11/23/2018 7:36 AM, vkhoury wrote:
>
> geoffc;2491408 Wrote:
>> On 11/23/2018 2:14 AM, vkhoury wrote:
>>> 14:42:41 14CC Agent: DSARead failed, no such attribute (-603).
>>> 14:42:41 14CC Agent: Calling DSARead conn:0 for client
>>> .vanessa-netiq3-nds.iam.com.IDVAULT-TREE.

>>
>> I think you are chasing the wrong error.
>>
>> The insufficient buffers does not mean to many users or too many
>> logins.
>> (That number is way higher than any chance you have of hitting it.
>> Billons of users and tens of thousands of logins based on real world
>> systems).
>>
>> The error i think you are looking at is cosmetic.
>>
>> On login, many things are checked: Do you have a custom password
>> policy?
>> How? By reading nspmAssignedPOlicy, oh 603 attribute does not have a
>> value on that user.
>>
>> Do you have a custom NMAS Method? How? (I forget the attribute) Look up
>> some attr value that is empty, get a 603.
>> In this context these are not errors.
>>
>> These:
>>
>>> 14:42:41 14CC NMAS: 262193: ERROR: -1694 Account not activated
>>> 14:42:41 14CC NMAS: 262193: ERROR: -1694 Login Restrictions

>>
>> https://www.novell.com/documentation/nwec/?page=/documentation/nwec/nwec/data/al3r5be.html
>>
>> "The account has been created but the date and time that the account
>> will be activated has not been reached. "
>>
>> I know there is Login Expiration Time, but I cannot think of what an
>> Activation time might be. Perhaps the Login Allowed Time Map has been
>> set?

>
> yes that's right i just figured out the error, the date of activation
> wasn't reached yet.


Did you figure out what attr data it is using to determine activation
date? I cannot think of the actual schema attr it would read.

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Unable To login to Imanager

Geoffrey Carman,


>> yes that's right i just figured out the error, the date of activation
>> wasn't reached yet.

>
> Did you figure out what attr data it is using to determine activation
> date?  I cannot think of the actual schema attr it would read.
>


There's an attribute, at least in my (IDM 4.6 + eDir 9.04) system called
loginActivationTime.


HTH

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Unable To login to Imanager

Geoffrey,

>> yes that's right i just figured out the error, the date of activation
>> wasn't reached yet.

>
> Did you figure out what attr data it is using to determine activation

date? I cannot think of the actual schema attr it would read.
>


There's an attribute in my system (IDM 4.6 + eDir 9.04) called
loginActivationTime, though I have never used it


HTH

0 Likes
Knowledge Partner
Knowledge Partner

Re: Unable To login to Imanager

On 12/5/2018 2:30 PM, 6423241 wrote:
> Geoffrey,
>
> >> yes that's right i just figured out the error, the date of activation
> >> wasn't reached yet.

> >
> > Did you figure out what attr data it is using to determine activation

> date?  I cannot think of the actual schema attr it would read.
> >

>
> There's an attribute in my system (IDM 4.6 + eDir 9.04) called
> loginActivationTime, though I have never used it


I thought there was such an attribute but I think the Designenr projects
whose tree schema I was looking was goofed up.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.