Error In Vnd.nds.stream
governance, and more. Learn more about Identity & Access Management Solution Brief: Identity Powered Security Give users quick and secure access to the resources they need Make passwords secure and simple to remember Make it easy to control access to IT resources Control access for IT regulatory compliance Control and monitor privileged users Give secure access to BYOD users SecurityManagement Detect and respond to all potential threats quickly and decisively. By monitoring user activities, security events, and critical systems, we provide actionable security intelligence to reduce the risk of data breach. Learn more about Security Management Solution Brief: Identity Powered Security Detect and disrupt security threats quickly Get compliant, stay compliant Configure systems to protect against threats Protect sensitive data Monitor the activity of privileged users Sustainable Compliance: How to align compliance, security and business goalsRead the paper The complete guide to log and event managementRead the paper IT OperationsManagement Get a holistic view of your IT environment and business services. We integrate service management, application management and systems management, to help you improve performance and availability. Learn more about IT Operations Management Understand how IT events impact business Troubleshoot and fix IT problems faster Free IT staff from routine, mundane tasks Consolidate IT tools into a master view Keep IT issues from disrupting service Creating end-to-end IT service monitoring and business service management (BSM).Read the paper AppManager meets operations center: delivering "always on" IT servicesWatch now DisasterRecovery Get affordable, high-performance disaster recovery. Our disaster recovery solutions offer warm-backup recovery speeds similar to mirroring, but at low costs similar to tape backup. Learn more about Disaster Recovery Recover workloads reliably after an outage Get back to business after an outage Protect from site-wide outages Protect both physical and virtual servers High-performance disaster recovery: Beat your RPO/RTO targets for lessWatch now Server consolidation and disaster recovery in the trenches: Real-world solutions to everyday challengesWatch now WorkloadMigration Migrate workloads and consolidate servers quickly. We provide upfront analysis and planning, and deliver automatic, unattended high-speed Physical-to-Virtual (P2V) or anywhere-to-anywhere workload migrations. Learn more about Workload Migration Migrate workloads to new server hardware Virtualize and migrate servers Move a data center while it's still running Plan ef
Favorite Rating: Error -9131 when synchronizing groups from ADThis document (3138393) is provided subject to the disclaimer at the end of this document. Environment Novell Identity Manager Identity Manager 3.0Novell Identity Manager Driver- Active Directory Driver Situation Implemented the AD driver using the sample pre-config that comes with IDM 3.0.1 and group synchronization.Groups synchronize fine to eDirectory, but they don't synchronize back from AD.An IDM trace shows the following error message:DirXML Log Event ------------------- Driver: \NTS-LAB-TREE\NOVELL\DRIVERSET\Active Directory sample driver Channel: Publisher Object: CN=Test Group,OU=Groups,DC=lab,DC=com https://forums.netiq.com/showthread.php?42706-Getting-Code-(-9145)-Error-in-vnd-nds-stream (NOVELL\Groups\Test Group) Status: Error Message: Code(-9131) Error in vnd.nds.stream://NTS-LAB-TREE/NOVELL/DRIVERSET/Active Directory sample driver/Publisher/Command Transform#XmlData:88 : Error evaluating XPATH expression'token-xpath("query:readObject($destQueryProcessor, "", $memberDN,"", "")[not(association/text())]")' : com.novell.xml.xpath.XPathEvaluationException: function'query:readObject' not found.If the trace level is 3 or above, its possible to see that this happens in the 'Publisher' channel, within the 'Command Transformation policy set', in the 'Command Transform' policy, rule'Prevent unassociated users from being removed from groups'Search: http://www.novell.com/support/kb/doc.php?id=3138393 9131 Resolution This is being caused by the policy itself missing a namespace declaration, that need to be added to the element.Steps to fix: 01. Go to iManager 02. Click on 'Identity Manager', then 'Identity Manager Overview' 03. Click the Magnifing glass icon, browse to and select the driver set container 04. Hit the 'Search' button 05. Click on the icon for the Active Directory Driver 06. When the page ' Identity Manager Driver Overview' finish loading, click on the Publisher's 'Command Transformation Policies'07. In the pop-up window, select the 'Command Transform' and click Edit 08. Another pop-up window will open. Click on the 'Edit XML' link on the top of the page 09. Select the check box 'Enable XML Editing' 10. Replace the first line shown there with the one in step 11. The original line is:
Favorite Rating: Code(-9202) followed by Unable to generate password: 9699 UNKNOWN ERRORThis document (7014667) is provided subject to the disclaimer at https://www.novell.com/support/kb/doc.php?id=7014667 the end of this document. Environment NetIQ Identity Manager Engine Functionality Situation After installing eDirectory 887 patch 5 or 888 patch 1, in IDM the following error happens when using the https://www.novell.com/support/kb/doc.php?id=7008878 random password generator noun in a policy. Message: Code(-9202) Error in vnd.nds.stream(Driver name ....)-pub-cp-PublisherCreate#XmlData:32 : Unable to generate password: 9699 UNKNOWN ERROR DirXML Log Event ------------------- Driver: (Driver name....) Channel: Subscriber error in Status: Error Message: Code(-9202) Error in vnd.nds.stream:(Driver name....)/Subscriber/PasswordHandler#XmlData:237 : Unable to generate password: 9699 UNKNOWN ERROR Resolution In order for the random password noun in a policy to handle more complex password policies, it now looks at the entire policy rather than only parts of it. This works unless you have a password policy that does not allow for passwords based error in vnd.nds.stream on a items that would require the user to already exist. For example excluding passwords in a password history. The user does not yet exist so the error happens. To overcome this problem do the following: 1) Create a new password policy which should be same as the existing password policy, excluding the rules that require a user lookup.2) Do not assign this new password policy to the user container, rather use it only to generate the random password for users during the user add from IDM policies. Additional Information NOTE: Be careful of the option to Use Microsoft Complexibility because by default that checks users information. Following is the definition of w2k8 password policy (See: https://www.netiq.com/documentation/password_management33/pwm_administration/data/an4bun5.html) 1. 6 <= password length <= 512 2. At least one character from three of the five types of characters, uppercase, lowercase, numeric, non-alphanumeric characters, and other characters (unicode) 3. password can't contain full name or CN of user 4. password can't contain any of excluded passwords Excluding checks for user specific attributes, this is almost equivalent to the following XML password policy (npsmComplexityRules attrib
Favorite Rating: Action Start Workflow fails with error Code(-9194)This document (7008878) is provided subject to the disclaimer at the end of this document. Environment Novell Identity Manager 3.6.1Novell Roles Based Provisioning Module 3.7 Situation Trying to start a workflow from an IDM driver fails with error code -9194. Complete error stack:DirXML Log Event ------------------- Driver: \NTSLAB078-TREE\NTS\Services\DriverSet\DupIssue Channel: Subscriber Status: Error Message: Code(-9194) Error in vnd.nds.stream://NTSLAB078-TREE/NTS/Services/DriverSet/DupIssue/Subscriber/Initiate+workflow#XmlData:182 : Couldn't start workflow 'cn=LabUserAccountEntitlement,cn=RequestDefs,cn=AppConfig,cn=UserApplication,cn=DriverSet,ou=services,o=nts' for recipient 'CN=testuser001,ou=users,o=nts': java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target Resolution Key issue here is pointed by the error "unable to find valid certification path to requested target". This indicates that RBPM is running with an URL like https://nts078.lab.novell.com:8080/IDMProv (using SSL over HTTP) and that the Java Virtual Machine used by IDM does not have the trusted root certificate necessary to accept the server's certificate.First step to solve this issue is to export the trusted root certificate from the Certificate Authority that signed the server's SSL certificate. Next we need to import the certificate into IDM's JVM keystore. To perform the import we can use the Java tool 'keytool'. On the example commands below replace the text "/path_to_certificate/trusted_root_certificate_file" by the actual filesystem path and name of the .pem or .b64 file with the trusted root certificate.On x32 bits Linux the command would be:/opt/novell/eDirectory/lib/nds-modules/jre/bin/keytool -importcert -file /path_to_certificate/trusted_root_certificate_file -keystore /opt/novell/eDirectory/lib/nds-modules/jre/lib/security/cacerts -storepass changeitOn x64 bits Linux the command would be:/opt/novell/eDirectory/lib64/nds-modules/jre/bin/keytool -importcert -file /path_to_certificate/trusted_root_certificate_file -keystore /opt/novell/eDirectory/lib64/nds-modules/jre/lib/security/cacerts -storepass changeitOn Windows 2008/2008R2 the command would be:C:\Novell\NDS\jre\bin\keytool.exe -importcert -file C:\path_to_certificate\trusted_root_certificate_file -keystore C:\Novell\NDS\jre\lib\security\cacerts -storepass changeitOf course if eDirectory is not in the default loc