SBL-SEC-00102: Error loading the security adapter library

Applies to:

Siebel System Software - Version 8.0.0.1 [20408] to 8.2.2.2 SIA[23016] [Release V8]
Information in this document applies to any platform.

Product Release: V8 (Enterprise)

Version: 8.0 [20405]

Database: Oracle 10.1.0.4

Application Server OS: Red Hat Linux 4.0

Database Server OS: Sun Solaris 9



This document was previously published as Siebel SR 38-3467659813.

Symptoms

Hi, we're trying to setup a PoC of Siebel 8.0 on Linux Redhat 4.0 and
had encountered issue while trying to config LDAP authentication and an
error had ocurred in the OM log file. IBM LDAP 6.0 Client is installed
and is using OID 10.1.2 as the LDAP Server.

We have repreatedly verified LDAPparameters many times and believed we have setup the right parmeters.

We got the following error in the log file:

SBL-SEC-00102 An error occurred loading the security adapter library. Please contact your system administrator for assistance.

SBL-DAT-00562 An error occurred loading the security adapter library. Please contact your system administrator for assistance


Btw, logfile and siebns are attached for your reference..

Cause

Change Request 12-1LDF7SJ

Solution

Message 1

Please assign this SR as soon as possible. This is becoming critical for the customer .

Many Thanks

Message 2

For the benefit of other readers

The customer was implementing LDAP authentication with Siebel 8.0 on Red Hat Linux 4.0 with Oracle Internet Directory.


After configuring the LDAP Adapter and restarting the Siebel Server the
Object Manager startup would fail with the following errors:


GenericLog GenericError 1 0000000646fb2542:0 2007-09-27 20:38:39
(secmgr.cpp (2407) err=4587622 sys=0) SBL-SEC-00102: An error occurred
loading the security adapter library. Please contact your system
administrator for assistance.
ObjMgrSessionLog Error 1
0000000646fb2542:0 2007-09-27 20:38:39 (physmod.cpp (9244))
SBL-DAT-00562: An error occurred loading the security adapter library.
Please contact your system administrator for assistance.

ObjMgrSessionLog Error 1 0000000646fb2542:0 2007-09-27 20:38:39
(model.cpp (5867)) SBL-DAT-00562: An error occurred loading the security
adapter library. Please contact your system administrator for
assistance.
ObjMgrCTLog Error 1 0000000646fb2542:0 2007-09-27 20:38:39 (ctxtmgr.cpp (4492)) SBL-SVC-00208: Please login first.


The customer confirmed that the IBM LDAP Client 6.0 was already
installed. After further investigation it was found that the LDAP Client
libraries needed to be added to the LD_LIBRARY_PATH set in
/siebsrvr/siebenv.sh. siebenv.sh was modified as follows:

[....]

Message 3

[....]

if [ a${LD_LIBRARY_PATH} = ${LD_LIBRARY_PATH}a ] then

LD_LIBRARY_PATH=${SIEBEL_ROOT}/lib:${SIEBEL_ROOT}/lib/odbc/merant:/opt/ibm/ldap/V6.0/lib:${MWHOME}/lib:${SQLANY}/lib:/usr/lib

else
LD_LIBRARY_PATH=${SIEBEL_ROOT}/lib:${SIEBEL_ROOT}/lib/odbc/merant:/opt/ibm/ldap/V6.0/lib:${MWHOME}/lib:${SQLANY}/lib:/usr/lib:${LD_LIBRARY_PATH}
Fi

After making this change LDAP Authentication worked correctly. Change Request 12-1LDF7SJ was logged for a documentation defect.

Applies to:

Siebel CRM - Version 7.5.3.4 [16180] and later
Information in this document applies to any platform.

*** Checked for relevance on 29-JAN-2013 ***

Symptoms

Customer is trying to implement the LDAP security adapter
(LDAPSecAdpt) for use with the Siebel application.  The application
object manager is failing to bring up a login screen and the following
error is appearing in the log file:

SBL-SEC-00102: Error loading the security adapter library. Please contact your system administrator.

The desired behavior is that the security adapter library should load successfully and a login page be presented to the user.

Cause

This behavior occurred because the server had to be physically
rebooted after the installation of the IBM LDAP Client and/or GSKit
software.

Solution

After some investigation, we determined that it is necessary to
physically reboot the server after the installation of the IBM LDAP
Client or GSKit software. Once this was done, everything worked
correctly.

This requirement is not documented in the Siebel Bookshelf documentation.


Document Enhancement Request Bug:10575898/ 12-1UX6R4P to update the Security Guide with this information.

Applies to:

Siebel Financial Services CRM - Version 8.0.0.1 [20408] to 8.1.1.2[21215] [Release V8]
Information in this document applies to any platform.

***Checked for relevance on 03-Jan-2011***

***Checked for relevance on 23-Nov-2012***

Symptoms

We are trying to implement a Custom Security Adapter to perform
application login authentication. We have downloaded the sample SDK from
support web, compiled and deployed to our testing environment. We have
also configured one of the AOM to test out the compiled security
adapter. Unfortunately, we are unable to load the application login
page. Based on the attached log file, the error message is as below:

"SBL-SEC-00102:
An error occurred loading the security adapter library. Please contact
your system administrator for assistance."

Cause

Incorrect setup/configuration on the custom security adapter named
subsystem and configuration file or security adapter library compilation
issue.

Solution

Verify the following is correct.


- Parameter setting in custom security adapter named subsystem


- Setting in the configuration file reference in ConfigFileName parameter in custom security adapter named subsystem


- LIBPATH environment variable setting

Setup the sdk custom
adapter authentication and configuration in-house and successfully
reproduce the issue when using the same compiler (g++) and makefile as
customer.


Further research on these and found the issue on the sdk compilation. The makefile from customer is like this.

libsampsdk.so: secsamp.o secutil.o
g++ secutil.o secsamp.o -o libsampsdk.so

secsamp.o: secsamp.cpp secutil.h ssecurity.h
g++ -c secsamp.cpp

secutil.o: secutil.cpp secutil.h ssecurity.h
g++ -c secutil.cpp

Note
that after compiling the secsamp.cpp and secutil.cpp with g++ -c swtich
and option, it will create the .o file. Once this dependencies
(secsamp.o and secutil.o) for the shared object secsamp.so have been
created, there is need to invoke the linker using additional switch and
option to create a dynamic library. So modify the makefile as below and
recompile the sample code.

libsampsdk.so: secsamp.o secutil.o
g++ -fPIC -shared secutil.o secsamp.o -o libsampsdk.so

secsamp.o: secsamp.cpp secutil.h ssecurity.h
g++ -c secsamp.cpp

secutil.o: secutil.cpp secutil.h ssecurity.h
g++ -c secutil.cpp

Using this newly compiled library file, object manager and application succesfully loaded and login works fine.

pplies to:

Siebel Communications Service - Version 8.0.0.2 [20412] to 8.1.1.8 SIA [23012] [Release V8]
Information in this document applies to any platform.

Symptoms

Siebel version 8.0 application does not start when the LDAP security
adaptor is configured at enterprise level, although the mandatory IBM
LDAP client version 6.0 has been installed. The following error messages
are logged as a result,


a) SBL-SEC-00102: An error occurred loading the security adapter
library. Please contact your system administrator for assistance.
b)
SBL-DAT-00562: An error occurred loading the security adapter library.
Please contact your system administrator for assistance.

Cause

The Siebel security adaptor library aka. libsscfldap.so could not be
loaded because of the installation and configuration (LD_LIBRARY_PATH)
of the 64bit libraries that are part of the IBM LDAP client software.

Solution

Ensure that the LD_LIBRARY_PATH in the siebenv.sh shell script only
references the 32-bit libraries of the IBM LDAP Client version 6.0
because this ensures that the Siebel modules, which are based on 32-bit
processing - do not conflict with the 64-bit library versions of the IBM
LDAP Client software - as documented in Siebel
Bookshelf version 8.0 > Siebel Security Guide > Security Adapter
Authentication > Installing LDAP Client Software > Configuring the
siebenv.csh and siebenv.sh Scripts for the LDAP Client - where it
states, "Siebel supports only the IBM 32-bit LDAP Client so you can use
only the 32-bit LDAP Client libraries with your Siebel applications."

Please follow the following steps, also outlined in the Siebel Bookshelf reference,
1) Navigate to the Siebel server root installation directory
2) Open a text editor on your UNIX system e.g. vi
3)
For both the shell script files; SIEBENV.SH and SIEBENV.CSH edit them
and ensure that ONLY the location to the IBM LDAP Client 32bit libraries
are referenced.

NOTE: The 64-bit libraries can be explicitly identified from the directory path naming convention - that is,
32-bit  =  /opt/IBM/ldap/V6.0/lib
64-bit  =  /optIBM/ldap/V6.0/lib64

Applies to:

Siebel CRM - Version 8.0.0.1 SIA [20408] and later
Information in this document applies to any platform.

Symptoms

Siebel Login Page fails to display



ERRORS


1) The server you are trying to access is either busy or experiencing
difficulties. Please close the Web browser, open a new browser window,
and try logging in again.[08:22:46]

2) SBL-SEC-00102: An error occurred loading the security adapter
library. Please contact your system administrator for assistance.

Cause

The IBM LDAP Client installation on UNIX defaults to /opt/ibm/ldap/V6.0.


The environment variables in the SIEBENV.SH referenced the wrong directory for the IBM LDAP libraries - namely /opt/ibm/ldap/v6.0/lib as opposed to /opt/ibm/ldap/V6.0/lib.


Because the resolution of filename paths on UNIX systems is case
sensitive the difference between v6.0 and V6.0 caused the error.


Bug 14651929
has been logged requesting that the Security Guide be updated
accordingly under Security Adapter Authentication > Process of
Installing and Configuring LDAP Client Software > Configuring the
siebenv.csh and siebenv.sh Scripts for the LDAP Client.

Solution

Modify the SIEBENV.SH to reference /V6.0/lib as opposed to /v6.0/lib

Applies to:

Siebel CRM Call Center - Version: 8.1.1.5 [21229] and later   [Release: V8 and later ]
Information in this document applies to any platform.

Symptoms

=== ODM Issue Clarification ===

This is in relation to a 8.1.1.5 siebel enterprise environment deployed on a RHEL 5.5 linux platform (64-bit).





When accessing the EAIObjMgr_enu component fails when using an external
Java based command line utility, which is accessing the EAI component
via EAI_enu SWSE web server.



Looking at the EAIObjMgr component we can see mainly authentication errors like the following error messages:

"An error occurred loading the security adapter library. Please contact
your system administrator for assistance.(SBL-DAT-00562)" and before
this error ".....err=4587622....SBL-SEC-00102..."

Cause

=== ODM Cause Determination ===



Executed: strace against start_server and EAI OM PID. There was no evidence that <custom adapter>.so lib was loaded.



Executed: file <custom adapter>.so

This showed: ELF 64-bit LSB shared object, AMD x86-64, version 1 (SYSV), not stripped



Executed: ldd -v <custom adpater>.so

This showed:

>>>

      libstdc++.so.6 => /usr/lib64/libstdc++.so.6 (0x00002b536dd51000)

      libm.so.6 => /lib64/libm.so.6 (0x00002b536e051000)

      libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00002b536e2d4000)

      libc.so.6 => /lib64/libc.so.6 (0x00002b536e4e3000)

      /lib64/ld-linux-x86-64.so.2 (0x0000003d04c00000)



      Version information:

      ./cdetsnopassword.so:

              libc.so.6 (GLIBC_2.2.5) => /lib64/libc.so.6

...

<<<

=== ODM Cause Justification ===



Looking at the file and ldd output, we can see that 64-bit libraries are used:



Siebel product is only 32-bit and will only work with 32-bit libraries.

Solution

=== ODM Solution / Action Plan ===



Compile the custom security adapter as per SDK documented compile commands.

Also ensure that modifications are implemented as per published article:
1062497.1 - Changes to Siebel Custom Security Adapter SDK in Siebel
8.1.1

Also, if on a 64-bit operation system,  ensure to modify the compiler
instructions to compile in 32-bit mode. There could be different ways
this can be done pending on the OS vendor. For any clarification please
consult with the OS vendor support.



In this specific case the following compiler instructions helped to resolve the issue.

g++ -m32 -c -fPIC secsamp.cpp

g++ -m32 -c -fPIC secutil.cpp

g++ -m32 -fPIC -shared secutil.o secsamp.o -o <custom security adapter>.so

Please note, Oracle  is providing the SDK and compiler instructions solely as a convenience to our customers and

Oracle  makes no warranties or representations of any kind regarding the

results customers may achieve by using the SDK. Siebel is not responsible

for any failure of any security adapter written using the SDK.



Check with file and ldd command (library dependency check on Linux) to ensure no 64-bit library is being used.

For example in this case the output after compiling in 32-bit mode confirmed that there was no 64-bit library involved.

$ ldd <custom security adapter>.so

linux-gate.so.1 =>  (0xffffe000)

libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0xf7e82000)

libm.so.6 => /lib/libm.so.6 (0xf7e5b000)

libgcc_s.so.1 => /lib/libgcc_s.so.1 (0xf7e4f000)

libc.so.6 => /lib/libc.so.6 (0xf7d09000)

/lib/ld-linux.so.2 (0x00473000)



Stop the siebel application server service.

Replaced this on the siebsrvr/lib

Start the siebel application server service



Test the siebel application authentication process.

SBL-SEC-00003: An error occurred checking the checksum of the security adapter library.

Applies to:

Siebel System Software - Version 7.7.2.6 [18372] to 8.2.2.2 SIA[23016] [Release V7 to V8]
z*OBSOLETE: Microsoft Windows Server 2003

Product Release: V7 (Enterprise)

Version: 7.7.2.6 [18372]

Database: Microsoft SQL Server 2000 SP3

Application Server OS: Microsoft Windows 2003 Server

Database Server OS: Microsoft Windows 2003 Server



This document was previously published as Siebel SR 38-3377770831.

Symptoms

SBL-SEC-00003


I am having trouble with the security adapter checksum.

Background:

When
using the URL http://<siebsrvr>/service_enu I get the ‘The server
you are trying...’ message. Service_enu is using ADSI authentication.

The
resultant web server log file contains: Login failed for Login name :
GUESTCST. I have verified the GUESTCST login is working. The log file
also contains: An error occurred checking the checksum of the security
adapter. Log file is attached to this SR.

I reviewed Configuring
Checksum Validation on the Siebel support website and generated. I
updated the CRC value for the ADSISecAdpt in the Profile Configuration. I
then synchronized the Siebel components, restarted the Siebel services,
and performed an iisreset on the Siebel web server. But I am still
getting the error message.

Questions:

I used the following to generate the checksum on the apps server: checksum –f sscfldap.dll
Is
there a different dll that I should be using? Of course, I used the
returned value and not the value in the Siebel SupportWeb example.

How else can I troubleshoot this issue?

Cause

Change Request 12-1JXJI1L has been opened as Documentation Enhancement Request

Solution

Message 1

For the benefit of other readers,


Customer was
receiving the error message below in Siebel Web Server Extension and
Siebel Object Manager log files for version 7.7.x after enabling
Security Adapter Checksum (CRC):

“SBL-SEC-00003: An error
occurred checking the checksum of the security adapter library. Please
contact your system administrator for assistance.”

We were able
to confirm that above error message was related with CRC by disabling
checksum checking. This is possible by setting CRC parameter of Security
Adapter profile to 0 (zero).

The following command was being executed:

checksum –f sscfldap.dll


This behavior was resolved by using the correct Security Adapter
library. Customer was using Siebel ADSI Security Adapter, so the correct
library is sscfadsi.dll, not sscfldap.dll. Here is the correct command:

checksum –f sscfadsi.dll


Customer noticed that document Security Guide for Siebel Business
Application for version 7.7, Rev. A, chapter 6: Security Adapter
Authentication, section Security Adapter Deployment Options, under
Configuring Checksum Validation uses sscfldap.dll library, and it does
not have any reference to sscfadsi.dll library or custom library.



Change Request 12-1JXJI1L has been opened as Documentation Enhancement
Request to provide a note regarding which libraries to use based in the
Security Adapter used.


Thank you,

Applies to:

Siebel Call Center - Version: 7.7.2.6 SIA [18372] to 7.7.2.10 SIA [18385] - Release: V7 to V7
Information in this document applies to any platform.

Symptoms

When I changed Propagate Change parameters to False on the DB Security
Adapter profile and restarted a Siebel Server service, I could not login
via the Web Client and got "The server you are trying to access is
either busy or experiencing difficulties. Please close the Web browser,
open a new browser window, and try logging in again." message. This
Object Manager uses Database Authentication.

Object Manaer log file showed following errors:

2021 2011-12-17 13:05:12 2011-12-17 13:05:13
+0900 00000006 001 003f 0001 09 SCCObjMgr_jpn 19492 4960 4936
D:\sea77\siebsrvr\log\SCCObjMgr_jpn_19492.log 7.7.2.6 [18372] JPN

GenericLog
GenericError 1 0 2011-12-17 13:05:12 (secmgr.cpp (1888) err=7000003
sys=0) SBL-SEC-00003: An error occurred checking the checksum of the
security adapter library. Please contact your system administrator for
assistance.

ObjMgrSessionLog ObjMgrLogin 3 0 2011-12-17 13:05:12 Login failed for Login name : GUESTCST

ObjMgrCTLog Error 1 0 2011-12-17 13:05:13 (ctxtmgr.cpp (3298)) SBL-SVC-00208: Please login first.

Cause

The CRC(checksum) value was somehow being corrupted. Note that setting a
CRC(checksum) for the DB Security Adapter is not supported.
For more
details, please see "Security Guide for Siebel eBusiness Applications
Version 7.7, Rev. A May 2005 > Security Adapter Authentication >
Security Adapter Deployment Options > Configuring Checksum
Validation".

Solution

Please disable a CRC for the DB Security Adapter by following steps:

1. Take a backup of siebns.dat file under the <$Gateway Server>\admin.
2.
Login via the Dedicated Client and navigate to the Administration -
Server Configuration > Enterprises > Profile and query with "DB
Security Adapter".
3. On the Profile Parameters view, set Value = 0 for the CRC parameter.
4. Restart Siebel Server service.

 

 

 

Applies to:

Siebel System Software - Version 7.5.3 [100] and later
Siebel Call Center - Version 7.5.3 [100] to 8.1.1 [21112] [Release V7 to V8]
Information in this document applies to any platform.

*** Checked for relevancy 30-Jan-2013 ***

Symptoms

Customer updated their Fix Pack level and now are getting the following error in both their SWSE and AOM logs:


SBL-SEC-00003: An error occurred checking the checksum of the security
adapter library. Please contact your system administrator for
assistance.

Customer has regenerated the checksum values as required and discussed in Bookshelf.

Cause

The checksum value was somehow being corrupted through the copy and
paste process.  Manually entering in the generated value worked fine.

Solution

We found that the checksum command does not work properly when it is
copied and pasted. When we typed it in manually, the command ran
successfully and generated a new checksum value. When this checksum is
entered into the CRC parameter in the security adapter profile and the
Siebel services restarted, the application began working correctly.

Applies to:

Siebel System Software - Version 7.8.2.3 [19221] and later
z*OBSOLETE: Microsoft Windows Server 2003

Product Release: V7 (Enterprise)

Version: 7.8.2.3 [19221]

Database: Oracle 9.2.0.1

Application Server OS: Microsoft Windows 2003 Server SP1

Database Server OS: Microsoft Windows 2003 Server SP1



This document was previously published as Siebel SR 38-3114862154.



***Checked for relevance on 05-Feb-2013***

Symptoms

SBL-SVC-00208


Unable to startup new/fresh install (not an upgrade) of Siebel
7.8.2.3. I will post a follow up of this initial SR with details and
attachments of our efforts to date.

Cause

An error occurred checking the checksum of the security adapter library.

Solution

Message 1

For the benefit of others,

The Customer was unable to startup a newly installed Siebel Server 7.8.2.3

*Errors seen in Object Manager logs ('SFSObjMgr_enu_9307.log') included:

GenericLog    GenericError    1    0    2006-08-11
13:50:49    (secmgr.cpp (2278) err=7000003 sys=0) SBL-SEC-00003: An
error occurred checking the checksum of the security adapter library.
Please contact your system administrator for assistance.

ObjMgrCTLog    Error    1    0    2006-08-11 13:50:49    (ctxtmgr.cpp (3435)) SBL-SVC-00208: Please login first.

*Other errors seen in the SWE log included:

ProcessPluginRequest    ProcessPluginRequestError    1    0    2006-08-11
13:45:32     3580: [SWSE] Failed to obtain a session ID. An error
occurred checking the checksum of the security adapter library. Please
contact your system administrator for assistance.

ProcessPluginRequest    ProcessPluginRequestError    1    0    2006-08-11
13:45:32     3580: [SWSE] Set Error Response (Session: Error: 00023181
Message: SBL-SEC-00003: An error occurred checking the checksum of the
security adapter library. Please contact your system administrator for
assistance.)

ProcessPluginRequest    ProcessPluginRequestError    1    0    2006-08-11
13:45:32     3580: [SWSE] SBL-SVR-00040: Internal: Informational,
encrypted parameter.

GenericLog    GenericError    1    0    2006-08-11
13:48:14    (smconn.cpp (271) err=1801020 sys=1300230) SBL-NET-01020:
Internal: unknown hostname

Message 2

*Initial research around these error messages suggested that the
recommendations offered in following documents - published on SupportWeb
– might well apply:
(1) Siebel Error Message SBL-DAT-00563: An error
occurred checking the checksum of the security adapter library. Please
contact your system administrator for assistance
(2) 38-3097108425 - SWSE does not work after upgrade to 7.7.2.6

******Resolution******

As customer had configured DB authentication and not ADSI, the resolution entailed
re-generating
the checksum on the DLL used for DB Authentication and entering this
value into the CRC for the Enterprise Profile Configuration.

Applies to:

Siebel System Software - Version: 7.7.2.8 SIA [18379] and later   [Release: V7 and later ]
Oracle Solaris on SPARC (64-bit)

Product Release: V7 (Enterprise)

Version: 7.7.2.8 [18379] Pub Sect

Database: Oracle 9.2.0.6

Application Server OS: Sun Solaris 9

Database Server OS: Sun Solaris 9



This document was previously published as Siebel SR 38-3375904201.

Symptoms

Hello there,



The following components stopped responding unexpectedly:



Business Integration Manager                

Communications Outbound Manager

Workflow Process Manager  

Workflow Recovery Manager

Workflow Process Batch Manager



This is hampering the testing of EAI release scheduled for Production soon. Please help.



Regards,

Venkatesh

Solution

For the benefit of other users,



The customer was reporting that a number of components in their
environment were showing as Unavailable. This behavior only impacted a
single Siebel Server where these components were running.



Initial discussions highlighted the fact that the components which were
showing as Unavailable were all running on an LDAP Security Adapter. As
the customer has had problems in the past with checksum validation on
the LDAP Adapter they re-generated the checksum for the LDAP libraries
and set this on the LDAPSecAdpt security adapter profile (in
Administration - Server Configuration > Enterprises > Profile
Configuration). This still did not resolve the behavior and the
components continued to show as Unavailable following the Siebel Server
startup.



In order to investigate further the customer was directed to increase
the log levels for one of components and to then perform a
shutdown/startup of the component through the srvrmgr utility. This was
done but the component continued to show as 'Unavailable' and so the
logs were reviewed. The following errors were identified :



SecMgrLog    Debug    5    0    2007-07-20 19:01:16    SECMGR: DBSecAdpt_SecAdptDllName=sscfsadbmfcext

SecMgrLog    Debug    5    0    2007-07-20 19:01:16    stored CRC = '85600b19'

SecMgrLog    Debug    5    0    2007-07-20 19:01:16    computed CRC = '1e12de85'

GenericLog    GenericError    1    0    2007-07-20
19:01:16    (secmgr.cpp (1888) err=7000003 sys=0) SBL-SEC-00003: An
error occurred checking the checksum of the security adapter library.
Please contact your system administrator for assistance.

SecMgrLog    Debug    5    0    2007-07-20 19:01:16    SecAdptName = DBSecAdpt

SecMgrLog    Debug    5    0    2007-07-20 19:01:16    SecAdptMode = 0

SecMgrLog    Debug    5    0    2007-07-20 19:01:16    SecAdptDllName = sscfsadbmfcext

SecMgrLog    Debug    5    0    2007-07-20 19:01:16    PropagteChange = FALSE

SecMgrLog    Debug    5    0    2007-07-20 19:01:16    computed checksum of security adapter library = '1e12de85'

SecMgrLog    Debug    5    0    2007-07-20 19:01:16    HashUserPwd = FALSE

SecMgrLog    Debug    5    0    2007-07-20 19:01:16    HashDBPwd = FALSE

SecMgrLog    Debug    5    0    2007-07-20 19:01:16    HashAlgorithm = RSASHA1

SecMgrLog    Debug    5    0    2007-07-20 19:01:16    bMFCShell = TRUE

SecMgrLog    Debug    5    0    2007-07-20 19:01:16    datasourcename = ServerDataSrc

GenericLog    GenericError    1    0    2007-07-20
19:01:16    (secmgr.cpp (2209) err=7000003 sys=0) SBL-SEC-00003: An
error occurred checking the checksum of the security



This excerpt from the log file for the WfProcMgr component indicated
that the component was actually using the DBSecAdpt (database
authentication) rather than the expected LDAPSecAdpt. This was discussed
internally and confirmed to be correct by the customer.



As the error messages indicated that the checksum being used on the
profile was incorrect the customer regenerated this using the following
command and set it on the DBSecAdpt profile :

checksum -f libsscfsadb.so

Note : Setting a checksum against for the DBSecAdpt is not supported as per the information in the Siebel Security Guide.

The checksum was generated against the sscfsadb.dll as this was the
library which had been set against the 'Security Adapter Dll Name'
parameter on the profile, however the above command returned the CRC
value '85600b19'. This was the value reported in the log file as already
being stored on the DBSecAdpt profile.



Closer inspection of the trace excerpt confirmed that whilst the profile
was showing sscfsadb.dll as the Security Adapter dll, the log file was
showing sscfsadbmfcext.dll as the library being used. In view of this
the customer performed a checksum generation against this file instead
(as library names are converted on UNIX) :

checksum -f libsscfsadbmfcext.so



This returned the value '1e12de85' which was being reported as the computed CRC in the log file.



The customer therefore set this as the CRC value on the DBSecAdpt
profile, restarted the Siebel Server, and all of the previously
unavailable components started correctly.



Three new Change Requests were raised as a result of this investigation :

CR #10528106    Documentation for the bMFCShell parameter

CR #10528107    Errata in Security Guide regarding UNIX libraries

CR #10528108    Implementing checksum validation for DBSecAdpt

SBL-SEC-00002: An error occurred loading the security adapter library;

Applies to:

Siebel Sales - Version 7.5.3.5 [16183] and later
Information in this document applies to any platform.

*** Checked for Relevancy 27-Feb-2013 ***

Symptoms

When starting an application object manager (AOM) that uses the
Siebel standard LDAP Security Adapter (LDAPSecAdpt), the process fails
with the following error in the log file:


SBL-SEC-00002: An error occurred loading the security adapter library. Please contact your system administrator for assistance.


This is applicable for Siebel versions 7.3.5 and higher.

Cause

This error pattern is typically the result of the required IBM LDAP
client software not being installed on the Siebel server(s).  The Siebel
standard LDAP Security Adapter (LDAPSecAdpt) relies on code libraries
provided by the IBM software.  This is true regardless of what external
LDAP directory the adapter will be connecting to.


This requirement is documented in the Security Guide's section on External Security Adapter Authentication.

Solution

To resolve this behavior, please install the appropriate version of the IBM LDAP Client software:

• Siebel 7.5, 7.7, and 7.8 requires the IBM 5.1 LDAP Client.


• Siebel 8 requires the IBM 6.0 LDAP Client.

The software is provided free of charge in the Server Ancillary
Programs folder of the Siebel installation media.  It will also be
created if the appropriate option is checked when extracting an
installation image from http://edelivery.oracle.com.


Instructions for installing and configuring the IBM software can be
found in the Security Guide on the appropriate Siebel Bookshelf.

Applies to:

Siebel System Software - Version: 7.8.2 [19213] and later   [Release: V7 and later ]
Oracle Solaris on SPARC (64-bit)

Product Release: V7 (Professional)

Version: 7.8.2 [19213]

Database: Oracle 9.2.0.4

Application Server OS: Sun Solaris 9

Database Server OS: Sun Solaris 9



This document was previously published as Siebel SR 38-3009105001.

Symptoms

SBL-SEC-00002, SBL-SEC-00001We have set up a vanilla 7.8 environment in which to test our custom security adapter originally
built for Siebel 7.5. We have built and deployed the library (DLL), but continue to receive
"SBL-SEC-00002: An error occurred loading the security adapter library" in both the OM and SWSE
logs. We need assistance troubleshooting this error.

Cause

Change request 12-1E3A060

Solution

Message 1

The customer had compiled a custom security adapter using the security
adapter SDK found in Technical Note 415: “Siebel Security Adapter
Software Developers Kit for Siebel Versions 7.5, 7.7 and 7.8”. This
custom security adapter was working as expected in Siebel version 7.5 on
the Solaris platform.   The customer is upgrading to Siebel version 7.8
on the Solaris platform.



Beginning in Siebel version 7.7, the security adapter enterprise profile
was introduced to move the security adapter parameters into the named
subsystem in the Gateway server instead of the Object Manager
config(.cfg) file.



To troubleshoot this behavior, security adapter logging was enabled
following the information in FAQ 2168. Since the actual code in a custom
security adapter is beyond the scope of Siebel technical support and
requires assistance from other resources like Siebel Expert or
Professional Services, the troubleshooting approach was simplified by
compiling the sample security adapter that is contained in the security
adapter SDK. This sample security adapter has very little infrastructure
dependencies and does not require entities such as a LDAP directory in
order to function.  

<continued>

Message 2

The sample security adapter successfully loaded in Siebel version 7.5
with the Object Manager .cfg file security adapter configuration. The
secsamp.so was then moved to the Siebel version 7.8 siebsrvr/lib
directory and the following setup was configured:



OM component parameters

Security Adapter Name : SampleSec

Security Adapter Mode: CUSTOM





New SampleSec(alias) Enterprise Profile(subsystem type: InfraSecAdpt_Custom)

CustomSecAdpt_CRC = <checksum value>           

CustomSecAdpt_SecAdptDllName =    secsamp

ConfigFileName =                 /vol1/public2/siebsrvr/bin/enu/sample.cfg

ConfigSectionName =               Sample



sample.cfg(located in siebsrvr/bin/enu/) :

[Sample]

dbUsername = sadmin

dbPassword = sadmin

<continued>

Message 3

The following error occurred:



n++1021 2006-05-01 09:58:09 2006-05-01 09:58:10 -0600 00000011 001 003f
0001 09 SSEObjMgr_enu 4143 5047 13 /vol1/public2/siebsrvr/

enterprises/public2/pubapp01/log/SSEObjMgr_enu_4143.log 7.8.2 [19213] ENU

GenericLog      GenericError    1       0       2006-05-01
09:58:09     (secmgr.cpp (1587) err=7000002 sys=0) SBL-SEC-00002: An
error occurred loading the security adapter library. Please contact your
system administrator for assistance.

SecMgrLog       Debug   5       0       2006-05-01 09:58:09     SecAdptName = SampleSec

SecMgrLog       Debug   5       0       2006-05-01 09:58:09     SecAdptMode = 3

SecMgrLog       Debug   5       0       2006-05-01 09:58:09     SecAdptDllName = secsamp

SecMgrLog       Debug   5       0       2006-05-01 09:58:09     PropagteChange = FALSE

SecMgrLog       Debug   5       0       2006-05-01 09:58:09     computed checksum of security adapter library = ''

SecMgrLog       Debug   5       0       2006-05-01 09:58:09     HashUserPwd = FALSE

SecMgrLog       Debug   5       0       2006-05-01 09:58:09     HashDBPwd = FALSE

SecMgrLog       Debug   5       0       2006-05-01 09:58:09     HashAlgorithm = RSASHA1

SecMgrLog       Debug   5       0       2006-05-01 09:58:09     bMFCShell = TRUE

SecMgrLog       Debug   5       0

SecMgrLog       Debug   5       0       2006-05-01 09:58:09     dbusername = sadmin

<continued>

Message 4

SecMgrLog       Debug   5       0       2006-05-01 09:58:09     singlesignon = FALSE

SecMgrLog       Debug   5       0       2006-05-01 09:58:09     dbpassword = sadmin

SecMgrLog       Debug   5       0       2006-05-01 09:58:09     useadapterusername = FALSE

GenericLog      GenericError    1       0       2006-05-01
09:58:09     (secmgr.cpp (2278) err=7000002 sys=0) SBL-SEC-00002: An e

ror occurred loading the security adapter library. Please contact your system administrator for assistance.



The above indicated that parameters for the security adapter was loading but the adapter itself failed to load.



This behavior was resolved by changing the settings:

CustomSecAdpt_CRC = 0          

CustomSecAdpt_SecAdptDllName =    /vol1/public2/siebsrvr/lib/secsamp.so

ConfigFileName =                 /vol1/public2/siebsrvr/bin/enu/sample.cfg



Various combinations of the above parameters were attempted and it was
found that CustomSecAdpt_CRC = 0 (disabled) and
CustomSecAdpt_SecAdptDllName needed to be set to the full path of the
security adapter including the .so extension.



<continued>

Message 5

Change request 12-1E3A060 “secsamp.so(Sample security adapter) does not
load in 7.8 but works in 7.5” was entered as a product defect as all the
features of the custom profile were not available on the Solaris
platform  



Change request 12-1E6ZJ83 “More logging information for SBL-SEC-00002
error when loading a security adapter” was entered as a product
enhancement for detail on why the security adapter itself does not
load(examples: permissions, .dlopen() call etc..)

Applies to:

Siebel Finance Sales - Version 7.5.3.15 SIA [16279] and later
Information in this document applies to any platform.

*** Checked for relevancy 21-Feb-2013 ***

Goal

Will a custom security adapter developed for Siebel 7.5 and using the
interface defined in Note 476962.1 work unchanged with version 8?

Fix

Since the software developer kit (SDK) discussed in Note 476962.1
creates custom software, Oracle cannot provide you with a definitive
answer to this question.  As stated in Note 476962.1, neither the use of
the SDK or adapters created with it are supported by Oracle Global
Customer Support.  Furthermore, Oracle cannot guarantee compatibility
with future releases of the product. That being said, we can provide
some general observations that may be of use to you.

First of
all, the SDK itself has not changed between 7.5 and the current 8.0.0.x
releases. So at the very least the basic code libraries should be
compatible.

There have been, however, significant changes in how
the Siebel application interacts with security adapters between 7.5,
7.7/7.8, and 8.x. The changes that are the most probable to have
potential impacts are the ones that happened between 7.5 and 7.7. This
is the point at which security adapter parameters were moved out of the
individual application configuration files (for example siebel.cfg,
uagent.cfg, etc.) and into named enterprise profiles within the Siebel
Enterprise Backing Store (LDAPSecAdpt, ADSISecAdptADSISecAdpt,
etc.). The second major change is that Windows Integrated
Authentication (WIA) based web single sign-on (SSO) became a standard
feature in 7.7 no longer requiring the use of a custom security adapter
as described in Note 477108.1. Finally, Siebel 7.7 no longer supported
Siebel password hashing and required the use of SHA-1 hashing.

Between
7.7/7.8 and 8.0, there was the introduction of a more robust
LDAPSecAdpt that was capable of communicating with Active Directory
servers on all supported platforms. This was due to the change from
underlying IBM 5.0 LDAP Client libraries to the IBM 6.0 LDAP Client
libraries. Obviously if your customer adapter utilizes the shipped LDAP
security adapter functionality and libraries, it will probably require
updating to work with Siebel 8.0.

Oracle Support's experience
with these types of issues has been that most of the custom security
adapters work after some relatively minor tweaking of the configuration
(as opposed to the code).  In some cases, however, the specific
functionality being invoked by the custom adapter were not compatible
and the alternative solutions had to be found or designed. The only way
you will know for sure is to thoroughly test your custom security
adapter in a development Siebel 8 environment prior to rolling it out to
production.

There are a variety of Metalink notes available on
custom security adapters and the SDK. You may find the following to be
particularly useful: 478022.1, 484645.1, 497314.1, and 529726.1.

SBL-SEC-00001: An error occurred loading the Siebel authentication

Applies to:

Siebel System Software - Version 7.7.2.7 SIA [18376] and later
z*OBSOLETE: Microsoft Windows 2000

Product Release: V7 (Enterprise)

Version: 7.7.2.7 [18376] Life Sci

Database: Oracle 9.2.0.1



*** Checked for relevance on 29-JAN-2013 ***

Application Server OS: Microsoft Windows 2000 Server SP 4

Database Server OS: Microsoft Windows 2000 Server SP 4



This document was previously published as Siebel SR 38-3478930713.

Symptoms

Hi,

we are in the process of implementing single sign on
using custom adapter. We have a dll which gets the domain\login id and
sends the login id to authentication manager.

We have configured the following for enabling single sign on

1. made the marketing_enu virtual directory as windows integrated authentication in IIS
2. updated eapps.cfg with following parameter
[defaults]
EncryptedPassword = FALSE

[/marketing_enu]
AnonUserName = sadmin
AnonPassword = sadmin
WebUpdatePassword = support
SingleSignOn = TRUE
TrustToken = LFSToken
UserSpec = REMOTE_USER
UserSpecSource = Server
ProtectedVirtualDirectory = /marketing_enu

3. updated market.cfg with the following parameter
[InfraSecMgr]
SecAdptName = MSEDLL
SecAdptMode = CUSTOM

[MSEDLL]
SecAdptDllName        = WinIntSec
DllName            = WinIntSec
SingleSignOn        = TRUE
TrustToken            = LFSToken
DbUsername            = SADMIN
dbPassword            = SADMIN
UseAdapterUsername    = TRUE
Connectstring        = MKTOLTPD
Provider            = MSDAORA.1
Tableowner            = Siebel

4. created a named sub system "CustomSecAdpt" using Sub System Type "InfraSecAdpt_Custom"

5. updated the profile parameters for the named sub system
"CustomSecAdpt". See attached Profile Parameters.xls for list of
parameters


We are getting error stating "An error occurred
loading the Siebel authentication subsystem configuration parameters
from the configuration store. Please contact your system administrator
to check parameter CustomSecAdpt::singlesignon."

Please find attached log file for sweapp and siebsrvr

Please let us know the cause for this error so that we will be able to correct the same.

Cause

Configuration/ Setup

Solution

Message 1

For the benefit of others:

Description:

Customer is
trying to implement Single Sign On using the Custom Security Adapter.
When they trying to launch Siebel Marketing Application, which is
configured to use Customer Security Adapter, they are getting “Server
Busy....” error. The Object Manager log file shows the below error:


GenericLog    GenericError    1    0    2007-10-10
17:05:10    (secmgr.cpp (2278) err=7000001 sys=0) SBL-SEC-00001: An
error occurred loading the Siebel authentication subsystem configuration
parameters from the configuration store. Please contact your system
administrator to check parameter CustomSecAdpt::singlesignon.

Resolution/Workaround:


We have checked the Application.cfg file (market.cfg) and suggested
them to set the Single Sign On and the Trust Token parameters only in
the enterprise profile (i.e. CustomSecAdpt) where they typically belong,
and remove the below from the application configuration file.

Hence, market.cfg file has been modified as below:

[InfraSecMgr]
SecAdptName = CustomSecAdpt
SecAdptMode = CUSTOM

[MSEDLL]
DllName            = WinIntSec
DbUsername            = SADMIN
dbPassword            = SADMIN
UseAdapterUsername    = TRUE
Connectstring        = MKTOLTPD
Provider            = MSDAORA.1
Tableowner            = Siebel
[Continued]

Message 2

[Continued]
After making the above changes, the customer
restarted the Siebel server and tried opening the application again.
This time they encountered a crash, however, this is related to the
Custom Security Adapter Dll used. After they recompiled to create the
dll, the issue got resolved.

Hence, when implementing SSO using
Custom Security Adapter, as the enterprise profile is new since 7.7, we
can set the Single Sign On and the Trust Token parameters only in the
enterprise profile where they typically belong, and remove them from the
application configuration file.

Thank you,

Applies to:

Siebel System Software - Version 7.5.3.12 [16272] to 8.1.1.8 [23012] [Release V7 to V8]
z*OBSOLETE: Microsoft Windows 2000

Product Release: V7 (Enterprise)

Version: 7.5.3.12 [16272]

Database: Oracle 9.2.0.6

Application Server OS: Microsoft Windows 2000 Advanced Server SP 2

Database Server OS: HP-UX 11i



***Checked for relevance on 01-Feb-2013***

Symptoms

We have just upgraded from Siebel 7.5.3.12 to Siebel 7.8. In our
previous Siebel version we had a Custom Security Adapter functional in
eService for SSO. After the upgrade to Siebel 7.8, we attempted to setup
the Custom Security Adapter with the parameters and recieve errors when
accessing eService SSO.

We have attached a copy of the SWSE log.

Cause

Configuration/ Setup

Solution

The customer has upgraded from Siebel version 7.5.3.12 to Siebel
version 7.8 and was interested in using the existing custom security
adapter from 7.5.3.12 environment for SSO in Siebel version 7.8.
Starting in Siebel version 7.7 and higher, the security adapter
parameters are now stored in a security adapter enterprise profile. The
rest of the SSO configuration including the Siebel web server
Extension(SWSE) remains basically the same as it was in the pre-7.7
versions.

The original error the customer was receiving in the SWSE log file is as follows:



ProcessPluginRequest    ProcessPluginRequestError    1    0    2006-04-18
07:19:39     6488: [SWSE] Failed to obtain a session ID. An error
occurred loading the Siebel authentication subsystem configuration from
the configuration store. More specifically, %1
Please contact your system administrator for assistance.


ProcessPluginRequest    ProcessPluginRequestError    1    0    2006-04-18
07:19:39     6488: [SWSE] Set Error Response (Session: Error: 00023179
Message: SBL-SEC-00001: An error occurred loading the Siebel
authentication subsystem configuration parameters from the configuration
store. Please contact your system administrator to check parameter
(null).)

This error indicates that the security adapter
enterprise profile was unable to load due to a missing parameter in its
configuration. The error does not indicate which parameter is missing.

The customer was asked to use How
Can You Enable Event Logging for the Siebel ADSI/LDAP/DB Security
Adapter with Siebel eBusiness Applications Release 7.7, 7.8 and 8.0?
(Doc ID 477959.1) to increase security adapter logging. This logging is done in the Object Manager log file on the Siebel server.

After increasing the log levels, the Object Manager .Log file contained the following error:

GenericLog    GenericError    1    0    2006-04-19
06:16:18    (secmgr.cpp (1398) err=7000001 sys=0) SBL-SEC-00001: An
error occurred loading the Siebel authentication subsystem configuration
parameters from the configuration store. Please contact your system
administrator to check parameter CUSTOMSecAdpt::Config Section Name.

This error indicated that the custom security adapter enterprise profile parameter Config Section Name was missing.


We then focused on the translation of the security adapter parameters
in the Siebel version 7.5 Object Manager .cfg file to the Siebel version
7.8 enterprise profile.

Here is the 7.5 section from the 7.5 Object Manager .cfg file

[FileSecurityAdapter]
DllName      = <security adapter .dll name>
FileName     = <path to an .ini file that was used by the security adapter>
SingleSignOn = TRUE
TrustToken   = <TrustToken value>
SharedCredentialsDN = dbshared

A custom security adapter enterprise profile(Sub System Type = InfraSecAdpt_Custom) was created.  

The Object Manager component parameters were set to use this profile with these parameters:
Security Adapter Mode: CUSTOM
Security Adapter Name: <The enterprise profile alias name = CustomSecAdpt in this case).

In the CustomSecAdpt profile the following parameters were set:


Security Adapter Dll Name(CustomSecAdpt_SecAdptDllName ) = <security
adapter .dll name> (Assumes that the security adapter is copied to
the Siebsrvr\bin directory on the Siebel server)
Single Sign On(CustomSecAdpt_SingleSignOn) = TRUE
Trust Token(CustomSecAdpt_TrustToken) = <TrustToken value>

This left us with the following remaining parameters from the 7.5 environment:

FileName     = <path to an .ini file that was used by the security adapter>
SharedCredentialsDN = dbshared


For parameters that are used by the custom security adapter not listed
in the profile itself, the Custom security adapter enterprise profile
provides the following required parameters:

Config File Name (ConfigFileName) = <Set to the path of a .cfg file for the additional parameters>


Config Section Name(ConfigSectionName) = < The name of the bracketed
section in this file that contains these parameters>

The customer in this case created a section in the Object manager .cfg file as follows:

[ CustomParameters]
FileName     = <path to an .ini file that was used by the security adapter>
SharedCredentialsDN = dbshared

In the enterprise profile, the following parameters were set:

Config File Name (ConfigFileName) = <Set to the path of a Object Manager .cfg file > parameters>
Config Section Name(ConfigSectionName) = CustomParameters

The Siebel server was restarted so these changes took effect and this resolved the behavior.

SBL-SEC-00102: An error occurred loading the security adapter.

Applies to:

Siebel System Software - Version 8.0.0.1 [20408] to 8.2.2.2 SIA[23016] [Release V8]
Information in this document applies to any platform.

Product Release: V8 (Enterprise)

Version: 8.0 [20405]

Database: Oracle 10.1.0.4

Application Server OS: Red Hat Linux 4.0

Database Server OS: Sun Solaris 9



This document was previously published as Siebel SR 38-3467659813.

Symptoms

Hi, we're trying to setup a PoC of Siebel 8.0 on Linux Redhat 4.0 and
had encountered issue while trying to config LDAP authentication and an
error had ocurred in the OM log file. IBM LDAP 6.0 Client is installed
and is using OID 10.1.2 as the LDAP Server.

We have repreatedly verified LDAPparameters many times and believed we have setup the right parmeters.

We got the following error in the log file:

SBL-SEC-00102 An error occurred loading the security adapter library. Please contact your system administrator for assistance.

SBL-DAT-00562 An error occurred loading the security adapter library. Please contact your system administrator for assistance


Btw, logfile and siebns are attached for your reference..

Cause

Change Request 12-1LDF7SJ

Solution

Message 1

Please assign this SR as soon as possible. This is becoming critical for the customer .

Many Thanks

Message 2

For the benefit of other readers

The customer was implementing LDAP authentication with Siebel 8.0 on Red Hat Linux 4.0 with Oracle Internet Directory.


After configuring the LDAP Adapter and restarting the Siebel Server the
Object Manager startup would fail with the following errors:


GenericLog GenericError 1 0000000646fb2542:0 2007-09-27 20:38:39
(secmgr.cpp (2407) err=4587622 sys=0) SBL-SEC-00102: An error occurred
loading the security adapter library. Please contact your system
administrator for assistance.
ObjMgrSessionLog Error 1
0000000646fb2542:0 2007-09-27 20:38:39 (physmod.cpp (9244))
SBL-DAT-00562: An error occurred loading the security adapter library.
Please contact your system administrator for assistance.

ObjMgrSessionLog Error 1 0000000646fb2542:0 2007-09-27 20:38:39
(model.cpp (5867)) SBL-DAT-00562: An error occurred loading the security
adapter library. Please contact your system administrator for
assistance.
ObjMgrCTLog Error 1 0000000646fb2542:0 2007-09-27 20:38:39 (ctxtmgr.cpp (4492)) SBL-SVC-00208: Please login first.


The customer confirmed that the IBM LDAP Client 6.0 was already
installed. After further investigation it was found that the LDAP Client
libraries needed to be added to the LD_LIBRARY_PATH set in
/siebsrvr/siebenv.sh. siebenv.sh was modified as follows:

[....]

Message 3

[....]

if [ a${LD_LIBRARY_PATH} = ${LD_LIBRARY_PATH}a ] then

LD_LIBRARY_PATH=${SIEBEL_ROOT}/lib:${SIEBEL_ROOT}/lib/odbc/merant:/opt/ibm/ldap/V6.0/lib:${MWHOME}/lib:${SQLANY}/lib:/usr/lib

else
LD_LIBRARY_PATH=${SIEBEL_ROOT}/lib:${SIEBEL_ROOT}/lib/odbc/merant:/opt/ibm/ldap/V6.0/lib:${MWHOME}/lib:${SQLANY}/lib:/usr/lib:${LD_LIBRARY_PATH}
Fi

After making this change LDAP Authentication worked correctly. Change Request 12-1LDF7SJ was logged for a documentation defect.

Applies to:

Siebel CRM - Version 7.5.3.4 [16180] and later
Information in this document applies to any platform.

*** Checked for relevance on 29-JAN-2013 ***

Symptoms

Customer is trying to implement the LDAP security adapter
(LDAPSecAdpt) for use with the Siebel application.  The application
object manager is failing to bring up a login screen and the following
error is appearing in the log file:

SBL-SEC-00102: Error loading the security adapter library. Please contact your system administrator.

The desired behavior is that the security adapter library should load successfully and a login page be presented to the user.

Cause

This behavior occurred because the server had to be physically
rebooted after the installation of the IBM LDAP Client and/or GSKit
software.

Solution

After some investigation, we determined that it is necessary to
physically reboot the server after the installation of the IBM LDAP
Client or GSKit software. Once this was done, everything worked
correctly.

This requirement is not documented in the Siebel Bookshelf documentation.


Document Enhancement Request Bug:10575898/ 12-1UX6R4P to update the Security Guide with this information.

Applies to:

Siebel Financial Services CRM - Version 8.0.0.1 [20408] to 8.1.1.2[21215] [Release V8]
Information in this document applies to any platform.

***Checked for relevance on 03-Jan-2011***

***Checked for relevance on 23-Nov-2012***

Symptoms

We are trying to implement a Custom Security Adapter to perform
application login authentication. We have downloaded the sample SDK from
support web, compiled and deployed to our testing environment. We have
also configured one of the AOM to test out the compiled security
adapter. Unfortunately, we are unable to load the application login
page. Based on the attached log file, the error message is as below:

"SBL-SEC-00102:
An error occurred loading the security adapter library. Please contact
your system administrator for assistance."

Cause

Incorrect setup/configuration on the custom security adapter named
subsystem and configuration file or security adapter library compilation
issue.

Solution

Verify the following is correct.


- Parameter setting in custom security adapter named subsystem


- Setting in the configuration file reference in ConfigFileName parameter in custom security adapter named subsystem


- LIBPATH environment variable setting

Setup the sdk custom
adapter authentication and configuration in-house and successfully
reproduce the issue when using the same compiler (g++) and makefile as
customer.


Further research on these and found the issue on the sdk compilation. The makefile from customer is like this.

libsampsdk.so: secsamp.o secutil.o
g++ secutil.o secsamp.o -o libsampsdk.so

secsamp.o: secsamp.cpp secutil.h ssecurity.h
g++ -c secsamp.cpp

secutil.o: secutil.cpp secutil.h ssecurity.h
g++ -c secutil.cpp

Note
that after compiling the secsamp.cpp and secutil.cpp with g++ -c swtich
and option, it will create the .o file. Once this dependencies
(secsamp.o and secutil.o) for the shared object secsamp.so have been
created, there is need to invoke the linker using additional switch and
option to create a dynamic library. So modify the makefile as below and
recompile the sample code.

libsampsdk.so: secsamp.o secutil.o
g++ -fPIC -shared secutil.o secsamp.o -o libsampsdk.so

secsamp.o: secsamp.cpp secutil.h ssecurity.h
g++ -c secsamp.cpp

secutil.o: secutil.cpp secutil.h ssecurity.h
g++ -c secutil.cpp

Using this newly compiled library file, object manager and application succesfully loaded and login works fine.

Applies to:

Siebel Communications Service - Version 8.0.0.2 [20412] to 8.1.1.8 SIA [23012] [Release V8]
Information in this document applies to any platform.

Symptoms

Siebel version 8.0 application does not start when the LDAP security
adaptor is configured at enterprise level, although the mandatory IBM
LDAP client version 6.0 has been installed. The following error messages
are logged as a result,


a) SBL-SEC-00102: An error occurred loading the security adapter
library. Please contact your system administrator for assistance.
b)
SBL-DAT-00562: An error occurred loading the security adapter library.
Please contact your system administrator for assistance.

Cause

The Siebel security adaptor library aka. libsscfldap.so could not be
loaded because of the installation and configuration (LD_LIBRARY_PATH)
of the 64bit libraries that are part of the IBM LDAP client software.

Solution

Ensure that the LD_LIBRARY_PATH in the siebenv.sh shell script only
references the 32-bit libraries of the IBM LDAP Client version 6.0
because this ensures that the Siebel modules, which are based on 32-bit
processing - do not conflict with the 64-bit library versions of the IBM
LDAP Client software - as documented in Siebel
Bookshelf version 8.0 > Siebel Security Guide > Security Adapter
Authentication > Installing LDAP Client Software > Configuring the
siebenv.csh and siebenv.sh Scripts for the LDAP Client - where it
states, "Siebel supports only the IBM 32-bit LDAP Client so you can use
only the 32-bit LDAP Client libraries with your Siebel applications."

Please follow the following steps, also outlined in the Siebel Bookshelf reference,
1) Navigate to the Siebel server root installation directory
2) Open a text editor on your UNIX system e.g. vi
3)
For both the shell script files; SIEBENV.SH and SIEBENV.CSH edit them
and ensure that ONLY the location to the IBM LDAP Client 32bit libraries
are referenced.

NOTE: The 64-bit libraries can be explicitly identified from the directory path naming convention - that is,
32-bit  =  /opt/IBM/ldap/V6.0/lib
64-bit  =  /optIBM/ldap/V6.0/lib64

Applies to:

Siebel CRM - Version 8.0.0.1 SIA [20408] and later
Information in this document applies to any platform.

Symptoms

Siebel Login Page fails to display



ERRORS


1) The server you are trying to access is either busy or experiencing
difficulties. Please close the Web browser, open a new browser window,
and try logging in again.[08:22:46]

2) SBL-SEC-00102: An error occurred loading the security adapter
library. Please contact your system administrator for assistance.

Cause

The IBM LDAP Client installation on UNIX defaults to /opt/ibm/ldap/V6.0.


The environment variables in the SIEBENV.SH referenced the wrong directory for the IBM LDAP libraries - namely /opt/ibm/ldap/v6.0/lib as opposed to /opt/ibm/ldap/V6.0/lib.


Because the resolution of filename paths on UNIX systems is case
sensitive the difference between v6.0 and V6.0 caused the error.


Bug 14651929
has been logged requesting that the Security Guide be updated
accordingly under Security Adapter Authentication > Process of
Installing and Configuring LDAP Client Software > Configuring the
siebenv.csh and siebenv.sh Scripts for the LDAP Client.

Solution

Modify the SIEBENV.SH to reference /V6.0/lib as opposed to /v6.0/lib

Applies to:

Siebel CRM Call Center - Version: 8.1.1.5 [21229] and later   [Release: V8 and later ]
Information in this document applies to any platform.

Symptoms

=== ODM Issue Clarification ===

This is in relation to a 8.1.1.5 siebel enterprise environment deployed on a RHEL 5.5 linux platform (64-bit).





When accessing the EAIObjMgr_enu component fails when using an external
Java based command line utility, which is accessing the EAI component
via EAI_enu SWSE web server.



Looking at the EAIObjMgr component we can see mainly authentication errors like the following error messages:

"An error occurred loading the security adapter library. Please contact
your system administrator for assistance.(SBL-DAT-00562)" and before
this error ".....err=4587622....SBL-SEC-00102..."

Cause

=== ODM Cause Determination ===



Executed: strace against start_server and EAI OM PID. There was no evidence that <custom adapter>.so lib was loaded.



Executed: file <custom adapter>.so

This showed: ELF 64-bit LSB shared object, AMD x86-64, version 1 (SYSV), not stripped



Executed: ldd -v <custom adpater>.so

This showed:

>>>

      libstdc++.so.6 => /usr/lib64/libstdc++.so.6 (0x00002b536dd51000)

      libm.so.6 => /lib64/libm.so.6 (0x00002b536e051000)

      libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00002b536e2d4000)

      libc.so.6 => /lib64/libc.so.6 (0x00002b536e4e3000)

      /lib64/ld-linux-x86-64.so.2 (0x0000003d04c00000)



      Version information:

      ./cdetsnopassword.so:

              libc.so.6 (GLIBC_2.2.5) => /lib64/libc.so.6

...

<<<

=== ODM Cause Justification ===



Looking at the file and ldd output, we can see that 64-bit libraries are used:



Siebel product is only 32-bit and will only work with 32-bit libraries.

Solution

=== ODM Solution / Action Plan ===



Compile the custom security adapter as per SDK documented compile commands.

Also ensure that modifications are implemented as per published article:
1062497.1 - Changes to Siebel Custom Security Adapter SDK in Siebel
8.1.1

Also, if on a 64-bit operation system,  ensure to modify the compiler
instructions to compile in 32-bit mode. There could be different ways
this can be done pending on the OS vendor. For any clarification please
consult with the OS vendor support.



In this specific case the following compiler instructions helped to resolve the issue.

g++ -m32 -c -fPIC secsamp.cpp

g++ -m32 -c -fPIC secutil.cpp

g++ -m32 -fPIC -shared secutil.o secsamp.o -o <custom security adapter>.so

Please note, Oracle  is providing the SDK and compiler instructions solely as a convenience to our customers and

Oracle  makes no warranties or representations of any kind regarding the

results customers may achieve by using the SDK. Siebel is not responsible

for any failure of any security adapter written using the SDK.



Check with file and ldd command (library dependency check on Linux) to ensure no 64-bit library is being used.

For example in this case the output after compiling in 32-bit mode confirmed that there was no 64-bit library involved.

$ ldd <custom security adapter>.so

linux-gate.so.1 =>  (0xffffe000)

libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0xf7e82000)

libm.so.6 => /lib/libm.so.6 (0xf7e5b000)

libgcc_s.so.1 => /lib/libgcc_s.so.1 (0xf7e4f000)

libc.so.6 => /lib/libc.so.6 (0xf7d09000)

/lib/ld-linux.so.2 (0x00473000)



Stop the siebel application server service.

Replaced this on the siebsrvr/lib

Start the siebel application server service



Test the siebel application authentication process.

SBL-SEC-10018: An Oracle database error has occurred.

Applies to:

Siebel System Software - Version 7.7 [18026] BETA and later

Information in this document applies to any platform.

Reviewed for Currency 13-NOV-2009

***Checked for relevance on 27-SEP-2012***

Symptoms

When attempting a password change from the Siebel application via the
LDAP Security Adapter (LDAPSecAdpt), the user is presented with the
following error:

"SBL-SEC-10018: Insufficient access error"

This occurs if the PropagateChange parameter is set to true and in both administration and customer facing screens.

If security adapter logging is set to 5 for the impacted  application
object manager (AOM), the following information will be noted:

EventContext EvtCtxApplet 4 0 2008-01-28 15:19:11 Change Password Applet (SWE) (WritePassword)

SecAdptLog API Trace 4 0 2008-01-28 15:19:11 LDAP SecuritySetUserInfo8,
Security User=116cef88, username=USER1, Security User Info=116785d0.

SecAdptLog API Trace 4 0 2008-01-28 15:19:11 Security Adapter User Set User Info. User name=USER1, User Info=116785d0.

SecAdptLog API Trace 4 0 2008-01-28 15:19:11 Security Adapter User ChangePassword() user=USER1

SecAdptLog API Trace 4 0 2008-01-28 15:19:11 Bind to LDAP server
LDAPServer10 with dn=uid=appuser,ou=people,dc=domain1,dc=intranet.

SecAdptLog API Trace 4 0 2008-01-28 15:19:11 Ldap Utility: GetLdapHandle

SecAdptLog 3rdpartyTrace 3 0 2008-01-28 15:19:11 ldap_init(srvti110, 389) returns c24bf8.

SecAdptLog API Trace 4 0 2008-01-28 15:19:11 Ldap Utility: GetLdapHandle returns 0

SecAdptLog API Trace 4 0 2008-01-28 15:19:11 Ldap Utility: BindAsAppUser

SecAdptLog 3rdpartyTrace 3 0 2008-01-28 15:19:11
ldap_simple_bind_s(c24bf8, uid=appuser,ou=people,dc=domain1,dc=intranet,
*) returns 0

SecAdptLog API Trace 4 0 2008-01-28 15:19:11 Ldap Utility: BindAsAppUser succeeded,

SecAdptLog API Trace 4 0 2008-01-28 15:19:11 Ldap Utility: GetUserDn.
Username=USER1, Attribute=uid, BaseDN=ou=people,dc=domain1,dc=intranet

SecAdptLog 3rdpartyTrace 3 0 2008-01-28 15:19:11 ldap_search_s(c24bf8,
ou=people,dc=domain1,dc=intranet, LDAP_SCOPE_BASE, (uid=USER1), ...)
returns 0.

SecAdptLog 3rdpartyTrace 3 0 2008-01-28 15:19:11 ldap_count_entries(c24bf8, c27958) returns 1.

SecAdptLog 3rdpartyTrace 3 0 2008-01-28 15:19:11 ldap_first_entry(c24bf8, c27958) returns c27958.

SecAdptLog 3rdpartyTrace 3 0 2008-01-28 15:19:11 ldap_get_dn(c24bf8,
c27958) returns uid=USER1,ou=People,dc=domain1,dc=intranet.

SecAdptLog 3rdpartyTrace 3 0 2008-01-28 15:19:11 ldap_memfree (c27cf8)

SecAdptLog 3rdpartyTrace 3 0 2008-01-28 15:19:11 ldap_msgfree (c27958)

SecAdptLog API Trace 4 0 2008-01-28 15:19:11 Ldap Utility: UpdatePassword

SecAdptLog API Trace 4 0 2008-01-28 15:19:11 Ldap Utility: SetSunOnePassword

SecAdptLog API Trace 4 0 2008-01-28 15:19:11 Ldap Utility: SetUserAttr

SecAdptLog 3rdpartyTrace 3 0 2008-01-28 15:19:11
ldap_search_ext_s(c24bf8, uid=USER1,ou=People,dc=domain1,dc=intranet,
LDAP_SCOPE_BASE, (objectclass=*), ..., c27920) returns 0.

SecAdptLog 3rdpartyTrace 3 0 2008-01-28 15:19:11
ldap_modify_ext_s(c24bf8, uid=USER1,ou=People,dc=domain1,dc=intranet,
d4ed0c0, NULL, NULL) returns 50.

SecAdptLog 3rdpartyTrace 3 0 2008-01-28 15:19:11 mods d4ed0c0:

SecAdptLog 3rdpartyTrace 3 0 2008-01-28 15:19:11 mods[0]:

SecAdptLog 3rdpartyTrace 3 0 2008-01-28 15:19:11 type=userPassword

SecAdptLog 3rdpartyTrace 3 0 2008-01-28 15:19:11 op=2

SecAdptLog 3rdpartyTrace 3 0 2008-01-28 15:19:11 values=

SecAdptLog 3rdpartyTrace 3 0 2008-01-28 15:19:11 *

SecAdptLog API Trace 4 0 2008-01-28 15:19:11 Ldap Utility: GetSunOneUpdatePasswordErr

SecAdptLog API Trace 4 0 2008-01-28 15:19:11 Ldap Utility: GetSunOneUserPwdPolicy

SecAdptLog API Trace 4 0 2008-01-28 15:19:11 Ldap Utility: GetUserAttr

SecAdptLog 3rdpartyTrace 3 0 2008-01-28 15:19:11
ldap_search_ext_s(c24bf8, uid=USER1,ou=People,dc=domain1,dc=intranet,
LDAP_SCOPE_BASE, (objectclass=*), ..., c28570) returns 0.

SecAdptLog 3rdpartyTrace 3 0 2008-01-28 15:19:11 ldap_first_entry(c24bf8, c28570) returns c28570.

SecAdptLog 3rdpartyTrace 3 0 2008-01-28 15:19:11 ldap_get_values(c24bf8, c28570, passwordpolicysubentry) returns 0.

SecAdptLog 3rdpartyTrace 3 0 2008-01-28 15:19:11 ldap_msgfree (c28570)

SecAdptLog API Trace 4 0 2008-01-28 15:19:11 Ldap Utility: GetUserAttr

SecAdptLog 3rdpartyTrace 3 0 2008-01-28 15:19:11
ldap_search_ext_s(c24bf8, cn=Password Policy,cn=config, LDAP_SCOPE_BASE,
(objectclass=*), ..., c28770) returns 32.

SecAdptLog 3rdpartyTrace 3 0 2008-01-28 15:19:11 ldap_msgfree (c28770)

SecAdptLog API Trace 4 0 2008-01-28 15:19:11 Ldap Utility: GetUserAttr

SecAdptLog 3rdpartyTrace 3 0 2008-01-28 15:19:11
ldap_search_ext_s(c24bf8, cn=config, LDAP_SCOPE_BASE, (objectclass=*),
..., c28770) returns 0.

SecAdptLog 3rdpartyTrace 3 0 2008-01-28 15:19:11 ldap_first_entry(c24bf8, c28770) returns 0.

SecAdptLog 3rdpartyTrace 3 0 2008-01-28 15:19:11 ldap_msgfree (c28770)

SecAdptLog API Trace 4 0 2008-01-28 15:19:11 Unbind from LDAP server.

SecAdptLog 3rdpartyTrace 3 0 2008-01-28 15:19:11 ldap_unbind(c24bf8) returns 0.

SecAdptLog Memory Mgmt Trace 5 0 2008-01-28 15:19:11 LDAP SecurityFreeErrMessage8, ErrMessage=11677400.

GenericLog GenericError 1 0 2008-01-28 15:19:11 (secmgr.cpp (3825) err=7010018 sys=0) SBL-SEC-10018: Insufficient access

USER1 is the user whose password you are trying to change.  The "SBL-SEC-10018: Insufficient access"

message is clearly visible at the end of the log segment.

Cause

As the error indicates, the problem is being caused by a user having
insufficient access rights in the LDAP directory to change a user's
password.  The user in question will generally be the ApplicationUser
specified in the LDAPSecAdpt profile, but can be confirmed by scanning
up from the error to the first "ldap_simple_bind" statement you
encounter.  This is the userID that is binding to the LDAP directory and
the one which needs the correct privileges to process the password
change.  In our example, it is
"uid=appuser,ou=people,dc=domain1,dc=intranet" (the ApplicationUser from
the LDAPSecAdpt profile).

Since insufficient access type errors can have multiple causes, it is
also helpful to note the specific LDAP return code on the following
line:

ldap_modify_ext_s(c24bf8, uid=USER1,ou=People,dc=domain1,dc=intranet, d4ed0c0, NULL, NULL) returns 50.

The "50" is a generic LDAP standard message for insufficient access privileges.

Solution

The solution to this error is to make sure that the bind user
specified (generally the ApplicationUser from the LDAPSecAdpt profile)
has been granted adequate privileges to the specific container or BaseDN
where the user whose password you are changing resides in the LDAP
directory.  For specific instructions on how to do this, please consult
the documentation for the LDAP directory server software you are using.

Applies to:

Siebel CRM - Version: 7.8.2.10 SIA [19241] to 8.0.0.2 SIA [20412] - Release: V7 to V8

Siebel Call Center - Version: 7.8.2.10 SIA [19241] to 8.0.0.2 [20412]   [Release: V7 to V8]

z*OBSOLETE: Microsoft Windows Server 2003 R2 (32-bit)

Symptoms

Statement of what the issue is

I understand you are having a problem where users accessing the application via the web client can't log in.

Problem was :'The server you are trying to access is either busy or
experiencing difficulties. Please close the Web browser, open a new
browser window, and try logging in again.[05:25:20] '.

We are not having any issue on web server, gateway server and
siebel servers. we bounced all ther servers but despite the application
is not coming up.

customer was using LDAP

Changes

No changes made

Cause

cause determination

cause was determined as directory search from
BaseDN causing the administratie locks on the userid. which caused the
whole production to go down

cause justification

the log file capture ERMAdminObjMgr_enu_14657.log has the folllowing



SecAdptLog Debug 5 0 2008-10-03 11:10:33 LDAP SecurityLogin8 step 1: initialize ldap server connection

SecAdptLog 3rdpartyTrace 3 0 2008-10-03 11:10:33 ldap_init(ldap.cisco.com, 389) returns d24be0

SecAdptLog Debug 5 0 2008-10-03 11:10:33 LDAP SecurityLogin8 step 2: initial bind to ldap server

SecAdptLog
3rdpartyTrace 3 0 2008-10-03 11:10:34 ldap_simple_bind_s(d24be0,
uid=HRSiebelLogin,ou=applications,o=cisco.com, *) returns 0

SecAdptLog Debug 5 0 2008-10-03 11:10:34 LDAP SecurityLogin8 step 3: check for single sign on

SecAdptLog Debug 5 0 2008-10-03 11:10:34 LDAP SecurityLogin8 step 4: check for trust token if SSO is on.

SecAdptLog Debug 5 0 2008-10-03 11:10:34 LDAP SecurityLogin8 step 5: set siebeUsername/siebelUserDn

SecAdptLog
API Trace 4 0 2008-10-03 11:10:34 Ldap Utility: Get User DN.
Username=HRSiebelLogin, Attribute=uid, BaseDN=o=cisco.com

SecAdptLog
3rdpartyTrace 3 0 2008-10-03 11:10:36 ldap_search_s(d24be0, o=cisco.com,
LDAP_SCOPE_SUBTREE, (uid=HRSiebelLogin), 244e080, 1) returns 11.

SecAdptLog Memory Mgmt Trace 5 0 2008-10-03 11:10:36 LDAP SecurityFreeErrMessage8, ErrMessage=6e92fc0.

GenericLog
GenericError 1 0 2008-10-03 11:10:36 (secmgr.cpp (2357) err=7010018
sys=0) SBL-SEC-10018: Administration limit exceeded

GenericLog
GenericError 1 0 2008-10-03 11:10:36 (secmgr.cpp (2429) err=7010001
sys=0) SBL-SEC-10001: An internal error has occurred within the
authentication subsystem for the Siebel application. Please contact your
system administrator for assistance.

ObjMgrCTLog Error 1 0 2008-10-03 11:10:36 (ctxtmgr.cpp (3435)) SBL-SVC-00208: Please login first.

Solution

Solution

our suggestion is not to have any restrictions at BaseDN
level atleast. anything below, you can have the limits based on your
testing and results.



but any specific number or anything related
to limitation, has to be done by you . it is beyond the scope of Siebel
TS to say anyspecific limit or setup because the hit from userbase is
not well known or well defined at one point of time. it will keep
changing

Applies to:

Siebel System Software - Version 8.0 [20405] and later

Information in this document applies to any platform.

***Checked for relevance on 27-SEP-2012***

Symptoms

When using the LDAPSecAdpt to authenticate against an Active
Directory server with the BaseDN set to the root level, the Siebel
application will not come up.  Examination of the Security Adapter logs
shows an error pattern similar to the following when trying to search
for the UserDN:

SecAdptLog API Trace 4 000000084a7719a0:0 2009-08-03 16:38:07 Ldap
Utility: GetUserDn. Username=ANONUSER, Attribute=sAMAccountName,
BaseDN=DC=xxxx,DC=xxxx

SecAdptLog 3rdpartyTrace 3 000000084a7719a0:0 2009-08-03 16:38:08
ldap_search_s(1094aa0, DC=thcg,DC=net, LDAP_SCOPE_BASE,
(sAMAccountName=ANONUSER), ...) returns 1.

SecAdptLog 3rdpartyTrace 3 000000084a7719a0:0 2009-08-03 16:38:08 ldap_msgfree (10957f8)

SecAdptLog 3rdpartyTrace 3 000000084a7719a0:0 2009-08-03 16:38:08 ldap_unbind(1094aa0) returns 0.

SecAdptLog Memory Mgmt Trace 5 000000084a7719a0:0 2009-08-03 16:38:08 LDAP SecurityFreeErrMessage8, ErrMessage=c822828.

GenericLog GenericError 1 000000084a7719a0:0 2009-08-03 16:38:08
(secmgr.cpp (2486) err=4597538 sys=0) SBL-SEC-10018: Operations error

GenericLog GenericError 1 000000084a7719a0:0 2009-08-03 16:38:08
(secmgr.cpp (2558) err=4597521 sys=0) SBL-SEC-10001: An internal error
has occurred within the authentication subsystem for the Siebel
application. Please contact your system administrator for assistance.

ObjMgrSessionLog Error 1 000000084a7719a0:0 2009-08-03 16:38:08
(physmod.cpp (9244)) SBL-DAT-00565: An internal error has occurred
within the authentication subsystem for the Siebel application. Please
contact your system administrator for assistance.

ObjMgrSessionLog Error 1 000000084a7719a0:0 2009-08-03 16:38:08
(model.cpp (5886)) SBL-DAT-00565: An internal error has occurred within
the authentication subsystem for the Siebel application. Please contact
your system administrator for assistance.

ObjMgrCTLog Error 1 000000084a7719a0:0 2009-08-03 16:38:08 (ctxtmgr.cpp (4493)) SBL-SVC-00208: Please login first.

Cause

This behavior is being caused by how the LDAPSecAdpt, IBM LDAP Client
libraries, and the Windows 2003 based Active Directory are interracting
when the BaseDN is set to the root level. The fundamental issue is that
Windows 2003 introduced stricter authentication/authorization
requirements when attempting to access certain parts of the overall
schema and resources.



When you do an LDAP search from the root of the Active Directory, you
are searching everything under the root. This includes not only things
like Organizational Units, Computers, etc.; but also fundamental
configuration and schema entities such as:



DC=Configuration,DC=domain,DC=net

DC=DomainDnsZones,DC=domain,DC=net



It is the fact that the application user does not have adequate access to these types of entities that is causing the behavior.

Solution

This behavior is due to the fact that the LDAPSecAdpt is attempting
to search hidden/system containers to which it does not have access.
Since you are not using PropagateChange=True to make changes to the AD
from the Siebel application and the Active Directory in question has
Global Catalog functionality enabled, the best workaround at this time
is to point the LDAPSecAdpt to the Global Catalog port of 3268.



1. Login to an employee facing, high interactivity Siebel application (e.g. Sales, Call Center, etc.) as an administrator.



2. Navigate to Site Map > Administration - Server Configuration > Enterprises > Profile Configuration.



3. Make sure the correct Siebel Enterprise is selected in the top applet.



4. In the middle applet query for LDAPSecAdpt (or whatever name you have given your LDAP Security Adapter).



5. In the bottom applet find the Port parameter and change it to 3268.



6. Step off to save the change and logout of the Siebel application.



7. Stop and restart the Siebel Server service(s) and the Siebel Gateway service.



There are limitations when using the Global Catalog with Siebel. In
summary, you have to set the PropagateChange parameter on the
LDAPSecAdpt to False. This means you will not be able to update anything
in the Active Directory (for example passwords) from the Siebel
application. For more in-depth information, please see the following on
My Oracle Support:



"ADSI Authentication Using Global Catalog Port 3268 (Doc ID 517259.1)"



"With Windows Integrated Authentication based SSO, can we have users from multiple domains? (Doc ID 834759.1)"



If you require PropagateChange = True in your implementation, then
the Global Catalog workaround above will not work.  There are several
options in this case:

1. If your Siebel application servers are running on a Windows operating system, you could switch to the ADSISecAdpt.
   
   
   
   


2. Drop the BaseDN down one level.  It is important that all the Siebel
   users (including the anonymous user in eapps.cfg) be in or under the
   BaseDN your specify.
   
   
   
   


3. Make the application user specified in the LDAPSecAdpt's
   ApplicationUser parameter a Domain Administrator within the Active
   Directory.

Applies to:

Siebel CRM - Version 8.1.1 SIA [21111] and later

Generic Linux

Generic UNIX

Affected Database: Oracle



""Checked for Relevance on 11-09-2012""

Symptoms

start_server script (for staring Siebel Server) or srvrmgr command
may fail and the error message in NameSrvr.log file indicates "
SBL-SEC-10007: The password you have entered is not correct. Please
enter your password again." while the same user/password combination
works on SQLPlus.

Cause

In Siebel 8.1.x, Siebel Gateway Server (GtwySrvr) authenticates the
user who attempts to connect to GtwySrvr. In standard setting, GtwySrvr
performs database authentication against the user. Using Oracle
database, $ORACLE_HOME/lib (or $ORACLE_HOME/lib32 when Oracle Database
Server is 64 bit) must be part of the shared libraries for GtwySrvr
process (siebsvc). If it is not set correctly, starting Siebel Server
(start_server script) or launching srvrmgr will fail with following
errors..



1) start_server

- On terminal window, it does not show any error but list_server scripts reveals it is stopped in a few seconds.



- SiebSrvr.log under siebsrvr/log directory shows following error.

SBL-SCC-00005: Internal:No more items found.

SBL-SVR-01045: No components are configured.

SBL-SVR-00005: Stale or invalid Task handle

scfEventFac::s_pEvtFacLock is NULL and hence SCF event facility cannot be initialised

SBL-SVR-09149: Could not initialize the event facility.

SCFMessageFacility::s_pSCFMsgFacLock is null and hence the SCFMessageFacility cannot be initialized

ipcFacility GetInstance called before initialization - object is null

SBL-SVR-00029: Internal: Shared memory has not been initialized.



- NameSrvr.log under gtwysrvr/log directory shows following error.

SBL-SEC-10018: 523 80

SBL-SEC-10007: The password you have entered is not correct. Please enter your password again.





2) srvrmgr command

- On terminal windows, error message "Fatal error (2555922): Could not
open connection to Siebel Gateway configuration store" is shown.



- srvrmgr.log under siebsrvr/log directory shows following error.

NSS - ErrCode 4597527 SysErr 0

SBL-SCM-00018: Could not open connection to Siebel Gateway configuration store (GATEWAY SERVER HOST:GATEWAY SERVER PORT).

GATEWAY SERVER HOST = Host name for Siebel Gateway Server

GATEWAY SERVER PORT = Port number to connect to Siebel gateway Server



- NameSrvr.log under gtwysrvr/log directory shows following error.

SBL-SEC-10018: 523 80

SBL-SEC-10007: The password you have entered is not correct. Please enter your password again.



** Please note key messages is "SBL-SEC-10018: 523 80" in NameSrvr.log.
If this error is NOT recorded, this is really password problem.

Solution

Please make sure to set $ORACLE_HOME/lib in LIBPATH (AIX), SHLIB_PATH
(HP-UX), or LD_LIBRARY_PATH (Linux, Solaris) variables before start_ns
is run.

Applies to:

Siebel CRM - Version: 8.1.1 [21112] and later   [Release: V8 and later ]

Information in this document applies to any platform.

Symptoms

Customer is unable to see the login screen and the following errors are found in the OM log:

SecAdptLog API Trace 4 000000034d3520f3:0 2011-01-18 15:11:32 DB SecurityLogin with username=SADMIN, parameters=3ae0e00.

SecAdptLog Debug 5 000000034d3520f3:0 2011-01-18 15:11:32 DB security adapter: Load data source configuration

ObjMgrDBConnLog
Create 5 000000034d3520f3:0 2011-01-18 15:11:33 DataBase Connection
Object was created at 3cdeb90; DB User: 'SADMIN'

ObjMgrLog Error 1
000000034d3520f3:0 2011-01-18 15:11:33 (oracon.cpp (3122))
SBL-DBC-00107: An Oracle database error has occurred.

Please continue or ask your systems administrator to check your application configuration if the problem persists.

SecAdptLog
API Trace 4 000000034d3520f3:0 2011-01-18 15:11:33 Security DB user
connect to DB CRM with username=SADMIN returns err 65535 and connection
3cdeb90.

SecAdptLog API Trace 4 000000034d3520f3:0 2011-01-18 15:11:33 Security DB user delete DB connectoin 3cdeb90

ObjMgrDBConnLog Delete 5 000000034d3520f3:0 2011-01-18 15:11:33 DataBase Connection was deleted at 3cdeb90

GenericLog
GenericError 1 000000034d3520f3:0 2011-01-18 15:11:33 (secmgr.cpp
(2676) err=4597538 sys=0) SBL-SEC-10018: An Oracle database error has
occurred.

Please continue or ask your systems administrator to check
your application configuration if the problem persists.(SBL-DBC-00107)



SecAdptLog Memory Mgmt Trace 5 000000034d3520f3:0 2011-01-18 15:11:33 DB SecurityFreeErrMessage, message=<?INT?>.

GenericLog
GenericError 1 000000034d3520f3:0 2011-01-18 15:11:33 (secmgr.cpp
(2750) err=4597521 sys=0) SBL-SEC-10001: An internal error has occurred
within the authentication subsystem for the Siebel application. Please
contact your system administrator for assistance.

ObjMgrSessionLog
Error 1 000000034d3520f3:0 2011-01-18 15:11:33 (physmod.cpp (9330))
SBL-DAT-00565: An internal error has occurred within the authentication
subsystem for the Siebel application. Please contact your system
administrator for assistance.

ObjMgrSessionLog Error 1
000000034d3520f3:0 2011-01-18 15:11:33 (model.cpp (5890)) SBL-DAT-00565:
An internal error has occurred within the authentication subsystem for
the Siebel application. Please contact your system administrator for
assistance.

ObjMgrSessionLog ObjMgrLogin 3 000000034d3520f3:0 2011-01-18 15:11:33 Login failed for Login name : SADMIN

Cause

During the investigation, the customer confirmed that they are able to
connect using sqlplus and odbcsql with the SADMIN credentials. However,
the login page does not appear.



Subsequent investigation reveals
that customer has installed an Oracle DatavaseInstant Client instead of a
full version of the Oracle database client software.

Solution

1. Request customer to download the 'Oracle Database 11g Release 2 Client (11.2.0.1.0) for HP-UX Itanium

hpia64_11gR2_client32.zip (32-bit)' from
http://www.oracle.com/technetwork/database/enterprise-edition/downloads/112010-hpisoft-097214.html



2. Install the Oracle client package and set the SHLIB_PATH before restarting the Siebel Services

References

NOTE:476703.1
- What Are the Steps To Troubleshoot the Error Message: The Server You
Are Accessing is Either Busy or Experiencing Difficulties...in a Siebel
Web Client User Browser?

NOTE:1085793.1
- Servers won't start; gateway throws error: "Fatal error (2555922):
Could not open connection to Siebel Gateway configuration store"

Applies to:

Siebel System Software - Version 7.7.2.6 [18372] and later

z*OBSOLETE: Microsoft Windows Server 2003

Product Release: V7 (Professional)

Version: 7.7.2.6 [18372]

Database: Microsoft SQL Server 2000 SP4

Application Server OS: Microsoft Windows 2003 Server SP1

Database Server OS: Microsoft Windows 2003 Server SP1



This document was previously published as Siebel SR 38-3402328041.

Symptoms

Inbound HTTP requests are received to create Activities for Service
Requests.  This works as expected in test environments, but fails in
production.

The error message received from external application is :-



"The server you are trying to access is either busy or
experiencing difficulties. Please close the Web browser, open a new
browser window, and try logging in again"



The error in the EAIObjMgr log :-



GenericLog GenericError 1 0 2007-07-16 15:59:57 (secmgr.cpp (2288)
err=7010018 sys=0) SBL-SEC-10018: You have entered an invalid set of
logon parameters. Please type in your logon parameters
again.(SBL-DAT-00446)



GenericLog GenericError 1 0 2007-07-16 15:59:57 (secmgr.cpp (2344)
err=7010007 sys=0) SBL-SEC-10007: The password you have entered is not
correct. Please enter your password again.

Corresponding error in the SWSE log :-

SisnTcpIp SisnSockError 1 0
2007-07-16 15:59:57 1968: [TCPIP-client] recv() failed for sd=2308
(err=10054 | An existing connection was forcibly closed by the remote
host (peer).)



GenericLog GenericError 1 0 2007-07-16 15:59:57 (smconn.cpp (430) err=1801023 sys=0) SBL-NET-01023: Peer disconnected



ObjMgrSessionLog Error 1 0 2007-07-16 15:59:58 Login failed for Login name : pse



ProcessPluginState ProcessPluginStateError 1 0 2007-07-16 15:59:58 1968:
[SWSE] Open Session failed (0x5a94) after 0.0602 seconds.



ProcessPluginRequest ProcessPluginRequestError 1 0 2007-07-16
15:59:58 1968: [SWSE] Failed to obtain a session ID. The password you
have entered is not correct. Please enter your password again.



ProcessPluginRequest ProcessPluginRequestError 1 0 2007-07-16
15:59:58 1968: [SWSE] Set Error Response (Session: Error: 00023188
Message: The password you have entered is not correct. Please enter your
password again.)

Cause

The issue was with the password. There was a $ sign in the password
and XML was not reading the password correctly (the $ was being
escaped).

Solution

Customer changed the password and the inbound requests worked as expected.

Applies to:

Siebel System Software - Version: 8.1.1.2 and later   [Release: V8 and later ]

Information in this document applies to any platform.

Symptoms

Customer has enabled SSL between a LDAPSecAdpt OM and Active Directory
server. However, they encountered the following errors when they perform
a password change and the password contains a special character (e.g.
@) at the end of the new password:

SecAdptLog 3rdpartyTrace 3
000001bb4d0b3e01:0 2010-12-17 21:46:46 ldap_modify_ext_s(a0836c8,
CN=user1,OU=App ID,DC=siebdev,DC=hq, ec4fa88c, NULL, NULL) returns 19.

..

GenericLog
GenericError 1 000001bb4d0b3e01:0 2010-12-17 21:46:46 (secmgr.cpp
(4635) err=4597538 sys=0) SBL-SEC-10018: Constraint violation

GenericLog
GenericError 1 000001bb4d0b3e01:0 2010-12-17 21:46:46 (secmgr.cpp
(4699) err=4597530 sys=0) SBL-SEC-10010: The requested password does not
conform to our password policy. Please review password requirements and
select a new password.



The customer verified that they are able
to change the user's password directly in the Active Directory when
using the same new password.

Cause

Oracle Technical Support is able to reproduce the same behavior in house
when using a LDAPSecAdpt enabled OM. However, if a ADSISecAdpt enabled
OM is used, the password change is successful.



After discussion with internal resources, this is determined to be a limitation on the IBM LDAP Client.

Solution

 In this case, the customer is advised to prevent the usage of special characters in their password.

Applies to:

Siebel System Software - Version: 7.7.2.7 SIA [18376] to 8.1.1 [21112] - Release: V7 to V8

Information in this document applies to any platform.

Symptoms

Customer is trying to bind to an Active Directory server using the ADSISecAdpt and is getting the following errors:



SBL-SEC-10018: Unable to bind to the ADSI object 'LDAP://bose.com/DC=bose,DC=com'.(SBL-DAT-00705)





SBL-SEC-10001:
An internal error has occurred within the authentication subsystem for
the Siebel application. Please contact your system administrator for
assistance.





SBL-SVC-00208: Please login first.



Review of the ADSI return code shows a return of 8007052e.

Cause

The application user password specified in the ADSISecAdptADSISecAdpt profile is incorrect.



Specific observations made in this case that support this finding were:



1. The return error code 8007052e is an invalid user DN or password error.



2. All other relevant parameters in the ADSISecAdptADSISecAdpt match between a working environment and the non-working environment.



3.
The encrypted values of the application user password parameter are
different in the two environments.  This can be checked by reviewing the
siebns.dat file in a text editor and searching for ADSISecAdptADSISecAdpt and finding the password parameter.

Solution

This behavior can be corrected by fixing the application user password in the ADSISecAdpt profile.  To do this:



1. Login to an employee facing application as SADMIN or another user with administrative responsibilities.



2. Navigate to Site Map > Administration - Server Configuration > Enterprises > Profile Configuration



3. Locate the ADSISecAdpt profile.



4. Locate the Application User Password parameter.



5. Carefully re-enter the password for the application user in plain text (the system will automatically encrypt it).



6. Save the record.



Then
close out of all browser windows (to make sure you get a clean object
manager task) and retest the behavior. If it still gives the error, you
may want to stop and restart the Siebel Server and Gateway services to
make sure the new values loaded properly.

Applies to:

Siebel CRM - Version: 8.1.1.4 SIA [21225] and later   [Release: V8 and later ]

Information in this document applies to any platform.

Symptoms

Customer is attempting to implement a web single sign-on (SSO) solution
using the standard LDAPSecAdpt in Siebel 8.1.1.4. The SSO system is
providing the Siebel login via an HTTP header variable in a supported
manner. The process is not successful and the following is showing up
in the application object manager log:



SBL-SEC-10018: Trust token mismatch



Customer has verified and re-entered the TrustToken parameter in both
the security adapter profile and the appropriate virtual directory entry
in the eapps.cfg file. Also the EncryptPassword parameter in eapps.cfg
is set to FALSE.



Desired behavior is that the user should successfully authenticate into Siebel via the SSO system.

Cause

Behavior was caused by the presence of multiple
ProtectedVirtualDirectory parameter entries in the eapps.cfg file
pointed to the same location. As a result the process was going to the
wrong location in the eapps.cfg file and pulled back an invalid
TrustToken.

Solution

This issue was resolved by making sure that no more than one
ProtectedVirtualDirectory parameter in the eapps.cfg and/or
eapps_sia.cfg files were pointed to the same virtual directory (for
example:  [/sales_enu]).



After making changes to the eapps.cfg or
eapps_sia.cfg file, make sure to stop and restart the web services so
that the changes are fully implemented.

Applies to:

Siebel CRM - Version: 8.1.1.1 [21211] and later   [Release: V8 and later ]

Information in this document applies to any platform.

Symptoms

Siebel server is not getting started and gateway server is already
started. While checing the namesrvr.log found the error below.



1
000000024f061e2c:0 2012-01-06 11:24:26 (secmgr.cpp (2679) err=4597538
sys=0) SBL-SEC-10018: data source connect string or table owner is
empty.



GenericLog GenericError 1 000000024f061e2c:0 2012-01-06
11:24:26 (secmgr.cpp (2751) err=4597521 sys=0) SBL-SEC-10001: An
internal error has occurred within the authentication subsystem for the
Siebel application. Please contact yo

Cause

After further investigation found that, gateway service file got
corrupted and below are the entries in svc.gtwyns and here gatewya.cfg
file is missing in below line.

siebsvc -s gtwyns -a "/f /siebel/gtwysrvr/sys/siebns.dat /t 2320 "

Solution

Recreate gateway service file again with the below command.

1. Stop Gateway server.

2.siebctl -S gtwyns -a -g "/f /siebel/gtwysrvr/sys/siebns.dat /t 2320 /c /siebel/gtwysrvr/bin/gateway.cfg"

3. Restart the gateway server and siebel server services.

Applies to:

Siebel Public Sector Service - Version 8.1.1.4 SIA [21225] and later

IBM AIX on POWER Systems (64-bit)

Symptoms

Customer Environment:

8.1.1.4 SIA [21225], IBM AIX on POWER Systems (64-bit) 6.1 and DB on DB2



Unable access URL after completing installation

------------------------------------------------------

1. After successful completion of installation and configuration, user not able to access URL

2. Its throwing error "The server you are trying to access is either busy or experiencing difficulties."



"The server you are trying to access is either busy or experiencing difficulties."

SBL-GEN-02500,SBL-SEC-10018

Cause

===Cause Determination ===



1. Incorrect ODBC Datasource name for server configuration, configured
server host name under datasource parameter in profile configuration

2. Incorrect LIB path version settings ( 64 bit instead of 32- bit ) where siebel supports only 32-bit library paths





===Cause Justification ===



1. Exact error with caused issue:

SecAdptLog Debug 5 000000104dd600f0:0 2011-05-20 11:31:45 DB security
adapter: Could not load or initialize data source ServerDataSrc,
err=65535.

SecAdptLog API Trace 4 000000104dd600f0:0 2011-05-20 11:31:45 Security DB user delete DB connectoin 0

GenericLog GenericError 1 000000104dd600f0:0 2011-05-20 11:31:45
(secmgr.cpp (2679) err=4597538 sys=0) SBL-SEC-10018: Can't load
sscddcli(SBL-GEN-02500)



2. Defined the same LIB support for Siebel application in a 32 Bit
Libraries Are Not Installed With Oracle11g (11.1.0.6) On HP-UX Itanium
(Doc ID 471476.1) , but as verified users environment found few other
configuration issues which need to be corrected

Solution

1. EDIT LIBPATH and add 32-bit LIB path where database client installed

2. login to apps via dedicated client and change Data source Connect
String parameter from server name to real data source under profile
configuration which specified in .odbc.ini file  parameter will end with
_DSN.

3. Recycle Siebel enterprise

4. Launch application and check for URL status

Applies to:

Siebel System Software - Version 7.7.2 [18325] to 8.0.0.5 [20420] - DO NOT USE [Release V7 to V8]

All Platforms

This document was previously published as Siebel SR 38-1715068851.

Symptoms

Customer was implementing Password Hashing, and after changing
parameter DSHashUserPwd in Server Data Source named subsystem to “TRUE”
and restarting the Siebel environment, the following components did not
start:



PDbXtract/DbXtract

SSEObjMgr_enu

WfProcBatchMgr

WfProcMgr

WfRecvMgr



WfRecvMgr, WfProcMgr, and WfProcBatchMgr had the following error messages:





SBL-SEC-10007: The password you have entered is not correct. Please enter your password again. (0x5a94))

SBL-SEC-10018: You have entered an invalid set of logon parameters. Please type in your logon parameters again.(SBL-DAT-00446)



SBL-SVR-00040: Internal: Informational, encrypted parameter. (0x5a8f))



SBL-OMS-00107: Object manager error: ([2] SBL-SVR-00040: Internal: Informational, encrypted parameter. (0x5a8f))

SBL-OMS-00107: Object manager error: ([1] SBL-SEC-10018: You have
entered an invalid set of logon parameters. Please type in your logon
parameters again.(SBL-DAT-00446)

ORA-01017: invalid username/password; logon denied



SBL-OMS-00107: Object manager error: ([0] SBL-SEC-10007: The password
you have entered is not correct. Please enter your password again.
(0x5a94))

SBL-OMS-00102: Error 23188 logging in to the application



SSEObjMgr had the following error messages:



SBL-DAT-00446: You have entered an invalid set of logon parameters. Please type in your logon parameters again.

SBL-SEC-10018: You have entered an invalid set of logon parameters. Please type in your logon parameters again.(SBL-DAT-00446)

ORA-01017: invalid username/password; logon denied





Components PDbXtract (during server startup) and DbXtract (at component task start) had the following error message:



SBL-GEN-04031: Internal: Error occurred during base64 decoding.

Cause

1.  Password parameter for the above components should be set to
unhashed password as per Siebel Bookshelf > Security Guide >
Security Adapter Authentication > Configuring Password Hashing.



2.  Error message SBL-GEN-04031 in PDbXtract and DbXtract log files
occur because the password length is greater than 21 characters. If
SADMIN password has more than 21 characters, PDbXtract and DbXtract
components will fail with the error message.



The SADMIN password was hashed using the RSA SHA-1 encryption algorithm.
When using SADMIN as password in test environment, the hashed password
contained 28 characters.  Since "SADMIN" is a fairly simple and short
password, we would expect that most good passwords would result in RSA
SHA-1 values that are too long.

 .

Solution

1. Set the Password parameter for each component to the unhashed password for the SADMIN user and restart the environment.

2.  The workaround is to change the Hashing algorithm to use Siebel Hash
instead of RSA SHA-1. Siebel Hash will encrypt passwords with a length
smaller than RSA SHA-1 algorithm.  Please refer to the Security Guide
for more information about how to change encryption algorithm.

Applies to:

Siebel Server Manager - Version 8.1.1.2 SIA[21215] and later

Information in this document applies to any platform.

Symptoms

EAI OM, Loyalty Engine Component Failure occur multiple times.



(oracon.cpp (3246)) SBL-DBC-00107: An Oracle database error has occurred.

Please continue or ask your systems administrator to check your application configuration if the problem persists.



(secmgr.cpp (2679) err=4597538 sys=0) SBL-SEC-10018: An Oracle database
error has occurred. Please continue or ask your systems administrator to
check your application configuration if the problem persists.



(SBL-DBC-00107)ORA-00257: archiver error. Connect internal only, until freed.

Cause

Siebel component shows error:



(SBL-DBC-00107)ORA-00257: archiver error. Connect internal only, until freed.





The error is caused by the fact that the archiver process is unable to
archive the current online redolog due to lack of space in the
destination for the archivelogs.

Solution

The error is caused by the fact that the archiver process is unable to
archive the current online redolog due to lack of space in the
destination for the archivelogs.



- Best option is to make more space available in the archive log destination (log_archive_dest_n).



- Increased frequency of log purges.

  Work with your DBA to address the above.



- Restart Siebel servers.

Applies to:

Siebel Remote - Version: 8.0.0.1 SIA [20408] and later   [Release: V8 and later ]

Information in this document applies to any platform.

Symptoms

When they are trying to set up using DBF initialized in other machine, they cannot login. Log files shows the following errors:

"An internal error has occurred within the
authentication subsystem for the Siebel application. Please contact your
system administrator for assistance.(SBL-DAT-00565)"

SBL-DAT-00522: A Siebel local database error has occurred. Possibly the database name is invalid.

SBL-SEC-10018: A Siebel local database error has occurred. Possibly the database name is invalid.

Please
continue or ask your systems administrator to check your application
configuration if the problem persists.(SBL-DAT-00522)

Incorrect or missing encryption key

Cause

First of all you have to ensure you have entered the correct
encryption key, by running the following query against the server
database:

SELECT PREF_CD, VAL, s2.name FROM S_NODE_PREF s1, S_NODE s2 WHERE s1.PREF_CD ='RemLocSec:PlainKey'
AND s1.NODE_ID = s2.ROW_ID AND s2.NAME='<CLIENT NAME>';

Once you get the encryption key, you have to set it in the ODBC properties.



If
you still get the "Incorrect or missing encryption key" message after
setting the correct encryption key, then the cause is you're missing the
MWC_STORAGE.CFG file in the BIN directory.

Documentation "How to Backup Tools/Local databases with Siebel 8
(Doc ID 738286.1)" explains that copying mwc_storage.cfg is a required
step to use a database previously initialized.

Solution

Technical Support Response

-------------------------------------



As per our phone conversation, I understand you ran the following query against the server database :



SELECT PREF_CD, VAL, s2.name FROM S_NODE_PREF s1, S_NODE s2 WHERE s1.PREF_CD ='RemLocSec:PlainKey'

AND s1.NODE_ID = s2.ROW_ID AND s2.NAME='';



and it returned the encryption key that you then set in the ODBC properties in the client machine.



Please,
after doing that also copy the mwc_storage.cfg file located in the BIN
folder in the client where you initialized the DB.



Also ensure the following parameters are set in the Tools configuration file ( *.CFG ):



DSDockEncryptDB=TRUE

DSHashUserPwd=TRUE

DSHashAlgorithm=RSASHA1