יום שישי, 5 באוקטובר 2012

SBL-SEC-10007: The password you have entered is not correct.





Applies to:


Siebel Tools - Version: 7.7.1 [18306] to 8.1 SIA [21039] - Release: V7 to V8
Information in this document applies to any platform.

""Checked for Relevance on 16/06/2010""



Symptoms


Attempting to use COM Siebel Data Control to connect to an Object Manager that is SSO enabled does not work.


Cause


The normal process to invoke the Object Manager is through SWSE (Web
Server) using the Siebel Web Client (thin client).  The SSO process of
translating the SSO credentials to the Siebel Credentials is handled in
the SWSE portion of the process. When logging into the OM through COM or
Java Data Bean, the SWSE (Web Server) step is bypassed, and therefore
the conversion does not take place.


Solution


The recommendation to resolve this is to create another OM that is not SSO enabled, and direct your COM or JDB login to that OM










Applies to:


Siebel System Software - Version 8.0 [20405] and later
Information in this document applies to any platform.

***Checked for relevance on27-SEP-2012***


Symptoms


With EncryptPassword = True in the eapps.cfg file, the authentication of the anonymous user is failing with the following error:


SBL-SEC-10007: The password you have entered is not correct. Please enter your password again.



If EncryptPassword is set to False in the eapps.cfg file and the
AnonUserPassword parameter switched to the plain text value, then
authentication works properly.



Cause


This behavior is being caused by an incorrect or incorrectly encrypted password for the anonymous user in eapps.cfg.



Solution


The test with the plain text password shows that there is an issue
with the encrypted AnonUserPassword in the eapps.cfg file. Assuming that
you do not want to leave this as a plain text value (which I would not
recommend), please follow these steps to re-encrypt the known good plain
text password.



1. On the Siebel server, login to the console and navigate to:



[install path]/siebsrvr



2. Source in your Siebel environmental variables:



. ./siebenv.sh



3. Change directory to bin:



cd bin



4. Type the following command where XXXXX is the plain text password for
your anonymous user as currently set in the eapps.cfg file:



./encryptstring XXXXX > ./string.txt



5. The file [install path]/siebsrvr/bin/string.txt now contains an updated encrypted password for the anonymous user.



6. On your web server navigate to the [install directory]/SWEAPP/bin directory.



7. Open the eapps.cfg file for editing with vi or the text editor of your choice.



8. In the [Defaults] section change the following parameters where XXXXX is the encrypted password from the string.txt file:



EncryptedPassword = TRUE

AnonPassword = XXXXX



9. Save the eapps.cfg file and exit the text editor.



10. Repeat steps 6 - 9 on all your Siebel web servers (if applicable).



11. Stop and restart the web publishing service(s).



12. Test the functionality.


References



 



 




Applies to:


Siebel Product Configurator - Version 7.8.2 [19213] to 8.1.1.4 [21225] [Release V7 to V8]
Siebel eConfigurator - Version 7.8.2 [19213] to 8.1.1.4 [21225] [Release V7 to V8]
Information in this document applies to any platform.



Symptoms




Customer changed "SADMIN" password. When the users are trying to login
to remote eConfigurator the below error message is thrown:



Cfg Server Manager error: unable to connect to server abc for product
1-1HRUCXD using connect string
siebel.TCPIP.None.NONE://abc:2321/abc78/eProdCfgObjMgr_ENU

Reason: SBL-SEC-10007: The password you have entered is not correct. Please enter your password again.


Users are not able to start an eConfigurator session.



Cause


Following OS parameters were not set:

1) CFG_USERNAME

2) CFG_PASSWORD



These parameters are not documented in Siebel bookshelf 7.8



Solution


Please goto all servers and create following 2 environment variables:




CFG_PASSWORD

Login password used in remote service. When remote Siebel Configurator
is used, set this variable on the operating system of the Application
Object Manager. It is used by the remote proxy.



CFG_USERNAME

Login user name used in remote service. When remote Siebel Configurator
is used, set this variable on the operating system of the Application
Object Manager. It is used by the remote proxy


Parameters are described with Siebel bookshelf 8.0 and higher.










Applies to:


Siebel eCommunications - Version: 8.0 [20405] to 8.1.1 [21112] - Release: V8 to V8
Information in this document applies to any platform.



Symptoms




A new Siebel server installation does not start up. The services gets
started and stop within two minutes. Siebel gateway services can be
started fine.



ERROR:

------

No error is displayed for the Administration/user



Following errors are found in the log files:

NameSrvr.log

SBL-SEC-10018: [DataDirect][ODBC Oracle driver][Oracle]ORA-12154: TNS:could not resolve the connect identifier specified

SBL-SEC-10007: The password you have entered is not correct. Please enter your password again



SiebSrvr.log



SBL-SCM-00018: Could not open connection to Siebel Gateway configuration store

SBL-SVR-00005: Stale or invalid Task handleScfEventLog

SCFMessageFacility::s_pSCFMsgFacLock is null and hence the SCFMessageFacility cannot be initializedIPCLog

SBL-SCM-00018: Could not open connection to Siebel Gateway configuration store



ENVIRONMENT:

------------

Siebel application version 8.1.1 on Windows 2003, Oracle Database



STEPS:

------

starts the gateway service

starts the siebel service




Cause




The issue is caused by the following setup:

- there was two Oracle clients installed on the server machine : Oracle 10.2.0 and Oracle 10.1.10

- tns entries was incorrect setup




Solution


For the benefit of other readers:


To implement the solution follow the steps:



1) if you have more than one Oracle client installed, check that the
Oracle environment variables is pointing to the Oracle client that you
want to use

2) for this Oracle client, check on tnsnames.ora for the tns alias

3) ensure that you can connect fine using sql*plus through this tns alias

4) if not, work with your dba to be able to connect fine

5) once you can connect from tns alias, check that Siebel ODBC also
works fine. For this go to ODBC Data Source, System DSN tab, double
click on the odbc created by the Siebel installation



In this case, after adjusting the tns alias from tnsnames.ora Siebel Server came up fine.














Applies to:


Siebel CRM - Version: 8.0 SIA [20405] and later   [Release: V8 and later ]
Information in this document applies to any platform.

Microsoft Active Directory 2003



Goal


When logging in to the Siebel application with a registered user whose
corresponding Display Name attribute on the Active Directory is longer
than 256 characters in length - the authentication fails with the Siebel
error code SBL-SEC-10007. Why?


Solution


Active Directory does not support Display Names with a character string longer than 256 characters as documented on Microsoft Technet Website













Applies to:


Siebel System Software - Version 7.7.2 [18325] to 8.0.0.5 [20420] - DO NOT USE [Release V7 to V8]
All Platforms

This document was previously published as Siebel SR 38-1715068851.









Symptoms


Customer was implementing Password Hashing, and after changing
parameter DSHashUserPwd in Server Data Source named subsystem to “TRUE”
and restarting the Siebel environment, the following components did not
start:



PDbXtract/DbXtract

SSEObjMgr_enu

WfProcBatchMgr

WfProcMgr

WfRecvMgr



WfRecvMgr, WfProcMgr, and WfProcBatchMgr had the following error messages:





SBL-SEC-10007: The password you have entered is not correct. Please enter your password again. (0x5a94))

SBL-SEC-10018: You have entered an invalid set of logon parameters. Please type in your logon parameters again.(SBL-DAT-00446)



SBL-SVR-00040: Internal: Informational, encrypted parameter. (0x5a8f))



SBL-OMS-00107: Object manager error: ([2] SBL-SVR-00040: Internal: Informational, encrypted parameter. (0x5a8f))

SBL-OMS-00107: Object manager error: ([1] SBL-SEC-10018: You have
entered an invalid set of logon parameters. Please type in your logon
parameters again.(SBL-DAT-00446)

ORA-01017: invalid username/password; logon denied



SBL-OMS-00107: Object manager error: ([0] SBL-SEC-10007: The password
you have entered is not correct. Please enter your password again.
(0x5a94))

SBL-OMS-00102: Error 23188 logging in to the application




SSEObjMgr had the following error messages:



SBL-DAT-00446: You have entered an invalid set of logon parameters. Please type in your logon parameters again.

SBL-SEC-10018: You have entered an invalid set of logon parameters. Please type in your logon parameters again.(SBL-DAT-00446)

ORA-01017: invalid username/password; logon denied





Components PDbXtract (during server startup) and DbXtract (at component task start) had the following error message:



SBL-GEN-04031: Internal: Error occurred during base64 decoding.



Cause


1.  Password parameter for the above components should be set to
unhashed password as per Siebel Bookshelf > Security Guide >
Security Adapter Authentication > Configuring Password Hashing.



2.  Error message SBL-GEN-04031 in PDbXtract and DbXtract log files
occur because the password length is greater than 21 characters. If
SADMIN password has more than 21 characters, PDbXtract and DbXtract
components will fail with the error message.



The SADMIN password was hashed using the RSA SHA-1 encryption algorithm.
When using SADMIN as password in test environment, the hashed password
contained 28 characters.  Since "SADMIN" is a fairly simple and short
password, we would expect that most good passwords would result in RSA
SHA-1 values that are too long.


 .



Solution


1. Set the Password parameter for each component to the unhashed password for the SADMIN user and restart the environment.

2.  The workaround is to change the Hashing algorithm to use Siebel Hash
instead of RSA SHA-1. Siebel Hash will encrypt passwords with a length
smaller than RSA SHA-1 algorithm.  Please refer to the Security Guide
for more information about how to change encryption algorithm.








Applies to:


Siebel Financial Services CRM - Version: 8.1 [21039] to 8.1.1.4 [21225] - Release: V8 to V8
Information in this document applies to any platform.

***Checked for relevance on 14-Jan-2011***



Goal


Customer use database encryption for passwords in version 7.5 and the
algorithm used for 7.5 is SIEBELHASH. After upgraded to 8.1.1, the
password hashing default algorithm is RSA-SHA1. In order to use
SIEBELHASH algorithm, the following need to be set.

For the database security adapter (typically, DBSecAdpt):
- Set the DataSourceName parameter to the name of the applicable data source (for
example, ServerDataSrc).
- For the applicable data source (ServerDataSrc), set the following.
--> DSHashUserPwd parameter to TRUE.
--> DSHashAlgorithm parameter to SIEBELHASH


Note: For SRBroker and SRProc component that connect to DB directly
without referring ServerDataSrc, set the hashed password at the server
component level.  This may be done with the following commands in the
server manager utility:

srvrmgr> change param password="hashed password value for SADMIN" for comp SRBroker
srvrmgr> change param password="hashed password value for SADMIN" for comp SRProc


After the above change and server restarted, customer successful in
bringing up all the components and were able to login to the
application with the non-encrypted password. However the server manager
component is failing and they are unable to use srvrmgr command and
Server-Admin screen in the GUI. ServerMgr log reported logon error as
below and setting ServerMgr component password to either plain text and
encrypted both does not help.

DBCLog DBCLogError 1
000000084a3f121c:0 2009-06-22 06:24:32 [DataDirect][ODBC Oracle
driver][Oracle]ORA-01017: invalid username/password; logon denied

GenericLog
GenericError 1 000000084a3f121c:0 2009-06-22 06:24:32 (secmgr.cpp
(2679) err=4597538 sys=127) SBL-SEC-10018: [DataDirect][ODBC Oracle
driver][Oracle]ORA-01017: invalid username/password; logon denied

GenericLog
GenericError 1 000000084a3f121c:0 2009-06-22 06:24:32 (secmgr.cpp
(2735) err=4597527 sys=0) SBL-SEC-10007: The password you have entered
is not correct. Please enter your password again.



Solution


After further investigation and in-house testing, it was found that
the issue is related to the new Gateway Name Server authentication
feature introduce in version 8.1.1.

To rectify the issue of using srvrmgr and server administration screen, the following is performed.

1)
Locate the file gateway.cfg in gtwysrvr\bin directory and add the
following two entries under [ServerDataSrc] section then save the file.

DSHashUserPwd = TRUE
DSHashAlgorithm = SIEBELHASH

2)
Set the following parameter setting on Gateway Datasource. You can
perform this either using srvrmgr command or navigate to Administrator –
Server Configuration > Enterprise Servers > Profile Configuration
> Look for Gateway Datasource and on bottom screen Profile
Parameters, set the following parameter.

User Password Algorithm (DSHashAlgorithm) -> SIEBELHASH
Hash User Password (DSHashUserPwd) -> True
Default username password (DSPassword) -> <sadmin plain text password>
Data source default user name (DSUsername) -> sadmin

3)
Ensure that the “-ep” (password to authenticate to gateway) in
execution path of Siebel Server service is using the enterprise level
password parameter setting from siebns.dat.

4) Restart Gateway and Siebel Server services.

After
the above, server and component all up and running and customer can
connect using srvrmgr command and access server administration screen
with web client successfully.



References


NOTE:520560.1 - Components fail to start after configuring password hashing


 


 


 



Applies to:


Siebel Financial Services CRM - Version: 8.1 [21039] to 8.1.1.4 [21225] - Release: V8 to V8
Information in this document applies to any platform.

***Checked for relevance on 14-Jan-2011***



Goal


Customer use database encryption for passwords in version 7.5 and the
algorithm used for 7.5 is SIEBELHASH. After upgraded to 8.1.1, the
password hashing default algorithm is RSA-SHA1. In order to use
SIEBELHASH algorithm, the following need to be set.

For the database security adapter (typically, DBSecAdpt):
- Set the DataSourceName parameter to the name of the applicable data source (for
example, ServerDataSrc).
- For the applicable data source (ServerDataSrc), set the following.
--> DSHashUserPwd parameter to TRUE.
--> DSHashAlgorithm parameter to SIEBELHASH


Note: For SRBroker and SRProc component that connect to DB directly
without referring ServerDataSrc, set the hashed password at the server
component level.  This may be done with the following commands in the
server manager utility:

srvrmgr> change param password="hashed password value for SADMIN" for comp SRBroker
srvrmgr> change param password="hashed password value for SADMIN" for comp SRProc


After the above change and server restarted, customer successful in
bringing up all the components and were able to login to the
application with the non-encrypted password. However the server manager
component is failing and they are unable to use srvrmgr command and
Server-Admin screen in the GUI. ServerMgr log reported logon error as
below and setting ServerMgr component password to either plain text and
encrypted both does not help.

DBCLog DBCLogError 1
000000084a3f121c:0 2009-06-22 06:24:32 [DataDirect][ODBC Oracle
driver][Oracle]ORA-01017: invalid username/password; logon denied

GenericLog
GenericError 1 000000084a3f121c:0 2009-06-22 06:24:32 (secmgr.cpp
(2679) err=4597538 sys=127) SBL-SEC-10018: [DataDirect][ODBC Oracle
driver][Oracle]ORA-01017: invalid username/password; logon denied

GenericLog
GenericError 1 000000084a3f121c:0 2009-06-22 06:24:32 (secmgr.cpp
(2735) err=4597527 sys=0) SBL-SEC-10007: The password you have entered
is not correct. Please enter your password again.



Solution


After further investigation and in-house testing, it was found that
the issue is related to the new Gateway Name Server authentication
feature introduce in version 8.1.1.

To rectify the issue of using srvrmgr and server administration screen, the following is performed.

1)
Locate the file gateway.cfg in gtwysrvr\bin directory and add the
following two entries under [ServerDataSrc] section then save the file.

DSHashUserPwd = TRUE
DSHashAlgorithm = SIEBELHASH

2)
Set the following parameter setting on Gateway Datasource. You can
perform this either using srvrmgr command or navigate to Administrator –
Server Configuration > Enterprise Servers > Profile Configuration
> Look for Gateway Datasource and on bottom screen Profile
Parameters, set the following parameter.

User Password Algorithm (DSHashAlgorithm) -> SIEBELHASH
Hash User Password (DSHashUserPwd) -> True
Default username password (DSPassword) -> <sadmin plain text password>
Data source default user name (DSUsername) -> sadmin

3)
Ensure that the “-ep” (password to authenticate to gateway) in
execution path of Siebel Server service is using the enterprise level
password parameter setting from siebns.dat.

4) Restart Gateway and Siebel Server services.

After
the above, server and component all up and running and customer can
connect using srvrmgr command and access server administration screen
with web client successfully.



References


NOTE:520560.1 - Components fail to start after configuring password hashing


 


 


 


 



Applies to:


Siebel CRM - Version: 8.0 [20405] to 8.1 [21039] - Release: V8 to V8
Information in this document applies to any platform.

*** Checked for relevance 16 Feb 2012 ***



Symptoms


Customer was not able to startup the siebel server and connect to the gateway, which was returning this error message:



Servers won't start; gateway throws error: "Fatal
error (2555922): Could not open connection to Siebel Gateway
configuration store (%1:%2)., exiting..."


In NameSrvr.log, this error message was found:




SBL-SEC-10018:GenericLog GenericError 1
000000024b4371f4:0 2010-01-05 20:57:26 (secmgr.cpp (2735) err=4597527
sys=0) SBL-SEC-10007: The password you have entered is not correct.
Please enter your password again,=.





Cause


The issue was caused by an incorrect entry in .odbc.ini file.

The
customer may have modified the entry while restored the disk, since
hard disk space capacity problems were a consideration in this
environment.


In the gateway server name file, siebns.dat, the parameters for the server data source connect string were set as follows:


[/enterprises/SiebelProd/named subsystems/ServerDataSrc/parameters/DSConnectString]
Persistence=full
Type=string
Value="PFFA"
Length=




In the $SIEBEL_ROOT/gtwysrvr/sys/.odbc.ini,
file, the parameter "ServerName" contained a different value than that
of the corresponding "ServerDataSrc-DSConnectString" parameter in the siebns.dat file.


Solution


After setting the ServerName parameter in the .odbc.ini file to the corresponding value of the "ServerDataSrv-DSConnectString" value in the siebns.dat
file, the gateway and siebel servers were restarted and the issue was
resolved. Customers were able to access the application in the usual
manner.






















 



Applies to:


Siebel Finance - Version: 8.1.1.1 SIA [21211] and later   [Release: V8 and later ]
Information in this document applies to any platform.



Symptoms



Following error returned when attempt to start Siebel Server.

Windows
could not start the Siebel Server [siebelprod_prod1] on Local Computer.
For more information, review the System Event Log. If this is a
non-Microsoft service, contact the service vendor, and refer to
service-specific error code 2555922.

Invoking srvrmgr command line return: Fatal Error (2555922)

nameserver_audit.log:

Timestamp Record Type Host Name ProcId Client Name User Name Key Name Value
2011-02-07 16:37:42 FailedLogin melycrm2 1104 java.exe Oceania\siebelws

NameSrvr.log:

GenericLog
GenericError 1 000000024d4f1318:0 2011-02-07 16:37:42 (secmgr.cpp
(2735) err=4597527 sys=127) SBL-SEC-10007: The password you have entered
is not correct. Please enter your password again.




Changes


The gateway cluster working fine before and issue occurs after database
change (change from one DB server to another) and customer attempt to
perform steps as per "The Siebel Server does not start when moving the
Gateway Server to different cluster node [ID 985591.1]".


Cause


It was determined that the problem was caused by incorrect ODBC connect string in gateway.cfg.

Setting
system environment variable SIEBEL_LOG_EVENTS to 5 on gateway and
service restarted, NameSrvr.log reported following indicated it is
trying to locate and connect to ODBC name 'siebelprod_1_DSN' and could
not find it.

SecAdptLog Debug 5 000000034d4f17f8:0 2011-02-07
19:22:36 ODBC security adapter configured:
connectstring='siebelprod_1_DSN', tableowner='dbo'.
..
SQLTraceAll SQLTraceAll 4 000000034d4f17f8:0 2011-02-07 19:22:36 No DNS found
SecAdptLog Debug 5 000000034d4f17f8:0 2011-02-07 19:22:36 username=SADMIN : authentication failed for unknown reasons

This ODBC configuration was loaded from gateway.cfg, which contain the following.

[ServerDataSrc]
Docked = TRUE
ConnectString = siebelprod_1_DSN



Solution



Correct the ConnectString setting in gateway.cfg to match with the
System DSN created/configured on gateway server, restart the gateway and
Siebel servers and the problem has been resolved.

Notes of configuration / setting to verify when DB change.

- ServerDataSrc named subsystem parameter, DSConnectString
- Enterprise parameter, Connect
-
System DSN (Data Source (ODBC)) of each gateway nodes and Siebel
Servers should have correct data source name as per the above two
parameters and is correctly pointing to the new SQL / DB Server with
correct database name and running the connectivity test to ensure it is
connected and authenticated successfully.


References


NOTE:985591.1 - The Siebel Server does not start when moving the Gateway Server to different cluster node












 




 




אין תגובות:

הוסף רשומת תגובה