Can't Access Security Server - Help

jdebill

Active Member
Can\'t Access Security Server - Help

Well once again I'm hoping all the gurus here can help me solve this problem.
On a new installation of XE SP13 with MS SQLServer 2000 I'm having a huge problem. I'm very new at this CNC stuff and somewhat lost, having tried everything I can see in the SYS admin guide and other resources.
When I attempt to signon to any environment as JDE/JDE (or new user I added)the first thing that happens is a series of error dialog boxes that state
1) Failure to connect the security server
SEC00000001 - failure in connecting with Security Sever
2) Oneworld could not sign you on Error User ID Password incorrect box.

Once I click cancel or ok on the boxes I can re-enter the password and signon. The problem is that I'm not really connected right. When I try to access UTB I get the same error messages as I got at signon and can't get to UTB.

I have checked the Enterprise server database JD7333 for table F98OWSEC and there is an entry for the user I added, although there is no entry for user JDE/JDE.

I have double checked the ODBC datasources/database relationships, the security is set to SQL authentication using default sa/sa.

the JDE.INI file on the enterprise server [SECURITY] section has
SecurityServer=Name where Name = our Enterprise server.

Can anyone help solve this?

Thank You,
Bill
Windows NT, SQL 7, XE 13.0
 
Re: Can\'t Access Security Server - Help

More(exact) Info to problem.
The first message box when attempting to signin actually states " SEC0000007 - Unable to locate Security Server"
the second error is "SEC0000001 - Failure to communicate with Security Server"
The final message is the "Error: User ID - Password " error box.

Thank You,
Bill
Windows NT, SQL 7, XE 13.0
 
Re: Can\'t Access Security Server - Help

Bill,

We are using B733.2 - I assume that Xe uses similar info for Security Server.

It sounds 'Sign-on' Security is enabled on your system - OneWorld validates the Entered Username/Password against the settings within the OneWorld Security table F98OWSEC. OneWorld uses the User/Password settings found in the [SECURITY] section of the Enterprise Server JDE.INI file to access the F98OWSEC table and validate the UserID/password of the user logging into OneWorld

In our case, we created a OneWorld user 'JDESERVICE' - this is the OneWorld Account/password for use by the security server. Our Enterprise Server is 'C3PJDEAPP01'.

1. Check the settings in the Client & Enterprise Server JDE.INI files on your system.

2. check the log files generated on the Enterprise Server when you start the OneWorld Services - you should find at least 1 file that contains the following
'INITIALIZING SECURITY SERVER KERNEL'

I have included extracts from the Client & Server JDE.INI files on our system (B733.2 - I assume that Xe is similar)


************************************

** extract of Client JDE.INI file **

[SECURITY]
SecurityServer=C3PJDEAPP01
DataSource=System - B733
DefaultEnvironment=PRD733
Row Security = NO_DEFAULT


************************************

************************************

** extract of Enterprise Server JDE.INI file **

[JDENET_KERNEL_DEF4]
dispatchDLLName=jdekrnl.dll
dispatchDLLFunction=_JDEK_DispatchSecurity@28
maxNumberOfProcesses=2
beginningMsgTypeRange=551
endingMsgTypeRange=580
newProcessThresholdRequests=0
numberOfAutoStartProcesses=0

[SECURITY]
SecurityServer=C3PJDEAPP01
User=JDESERVICE
Password=(place the password for this service here)
DefaultEnvironment=PRD733
DataSource=System - B733
History=0


************************************

************************************

** data from 2 JDE_xxx.LOG files that are generated when OneWorld Services are started on the Enterprise Server **

** these are a result of the [JDE_KERNEL_DEF4] section above **
** the 'xxx' values may change each time the OneWorld Services are started **

JDE_198.LOG file contents

198/199 Sun Nov 04 20:22:13 2001 IPCPUB1921
process 198 <jdenet_k> registered in entry 10

198/199 Sun Nov 04 20:22:14 2001 jdeksec2076
INITIALIZING SECURITY SERVER KERNEL


************************************

JDE_181.LOG file contents

181/193 Sun Nov 04 20:22:14 2001 IPCPUB1921
process 181 <jdenet_k> registered in entry 12

181/193 Sun Nov 04 20:22:15 2001 jdeksec2076
INITIALIZING SECURITY SERVER KERNEL

************************************

Regards Phil Hiscock
B733.2 - SP 11.3, NT, RS6000,Oracle



B733.2 - SP11.3, NT, RS6000, Oracle
 
Re: Can\'t Access Security Server - Help

Hi Phil,
Thanks for the quick response!
I have checked my ini files and they match up with your samples and I'll include them here for you to look at.

I'm not sure, but I don't even think the Security server(the ENT server, as it has the F98OWSEC table)is getting reached, unless the messages boxes are not to be believed.
The first message box that pops up states " SEC0000007 - Unable to locate security server" THEN
next box states " SEC0000001 - Failure in communicating with Security Server"

Another thing is I can't seem to find the JDE_nnn.LOG files on the ENT server. Is there a setting I must make in the ini file to get them or is this a clue to the problem?

I have also printed the section Understanding Windows NT Enterprise Server jde.ini Settings from the System Administration Guide and gone over each section and they appear ok.

Listed below are the ENT and Client ini file sections.

[JDENET_KERNEL_DEF4]
krnlName=SECURITY KERNEL
dispatchDLLName=jdekrnl.dll
dispatchDLLFunction=_JDEK_DispatchSecurity@28
maxNumberOfProcesses=1
beginningMsgTypeRange=551
endingMsgTypeRange=580
numberOfAutoStartProcesses=0

[SECURITY]
SecurityServer=BIGTARPON
User=JDE
Password=JDE
DefaultEnvironment=PD7333
DataSource=System - B7333
History=0
[Bsfn Builder]
BuildArea=\jdedwardsoneworld\ddp\b7333

The client ini

[SECURITY]
SecurityServer=BIGTARPON
User=JDE
Password=JDE
DefaultEnvironment=PD7333
DataSource=System - B7333
History=0



Thank You,
Bill
Windows NT, SQL 7, XE 13.0
 
RE: Can\'t Access Security Server - Help

Hi Bill,

Question......does your log file show any select statements being passed?
It almost appears like you aren't even able to log into the database to pull
out the information you need to log in to JDE......Make sure the user name
you are using has a valid sign-on into your SQL Server database. However,
if you are using group security on your database (very common and normally
recommended), make sure the group name defined in JDE has a sign-on to the
database.

Good luck,

Kevin
 
RE: Can\'t Access Security Server - Help

Bill,
I am on a 400 for my enterprise server so I am not sure where the log
files are stored, but when I was getting the security server error it
was because my OW services were not started. Is this a specific user or
all users? If it is a specific user, have you setup the security piece
under user security? There is a place for the system user and password.
I am just throwing out ideas so I am sorry if you've already tried
these. Good luck.

Joanna
CNC Admin
OW XE svc pk 16
Co-existent
As/400 Cume12/X3
 
Re: Can\'t Access Security Server - Help

Bill,

I am on a 400 for my enterprise server so I am not sure where the log files are stored, but when I was getting the security server error it was because my OW services were not started. Is this a specific user or all users? If it is a specific user, have you setup the security piece under user security? There is a place for the system user and password. I am just throwing out ideas so I am sorry if you’ve already tried these. Good luck.
Joanna
CNC Admin
OW XE svc pk 16
Co-existent
As/400 Cume12/X3
 
Re: Can\'t Access Security Server - Help

Bill,

1. For B733.2, (I assume Xe is similar) - location of the Server log files is controlled in the Server JDE.INI file as follows


[DEBUG]
LogErrors=1
OUTPUT=NONE
;Output=file
Trace=FALSE
DebugFile=D:\B733logs\jdedebug.log
JobFile=D:\B733logs\jde.log (we changed location of log files)
;DebugFile=E:\jdedwardsoneworld\ddp\B7332\log\jdedebug.log (default value)
;JobFile=E:\jdedwardsoneworld\ddp\B7332\log\jde.log (default value)


2. If you don't have these log files, then OneWorld Services may not be starting correctly.

On B733.2, we start OneWorld Services manually, and check the log files after starting each of the Services.

- the JDE "Network" service is started first - this generates 2 log files - one of these is for the Scheduler)

- the JDE "Queue" service is then started - this generates several more lof files, including the 'Security' JDExxx.LOG file.

3. on B733.2 we have noticed that on occassions, some of the JDExxx processes (aas viewed on the NT Task Manager screen)on the NT Enterprise Server, may continue running after OneWorld Services are stoppped. This will then cause errors in the Log files when starting OneWorld Services and OneWorld does not start cleanly.

We always Monitor the JDE processes when stopping OneWorld Services.
Any that do not die within 2~3 minutes are manually ended.

4. I am surprised that you have a User & Password in the Client JDE.INI file - this may be a potential security risk as users may have access to this file.

Hope this helps -

Regards Phil H.
B733.2 SP11.3, NT, RS6000, Oracle, Citrix

B733.2 - SP11.3, NT, RS6000, Oracle
 
Re: Can\'t Access Security Server - Help

Phil,
Thanks. I had turned debug on on the workstation but not the server. From your earlier post I was thinking the log files were "autoMAGICally" written to at the server level. I turned them on and found that when I started the network services I got the same errors as I was getting starting One World at the workstation:
370/183 Tue Nov 06 17:55:56 2001 jdeksec2747
INITIALIZING SECURITY SERVER KERNEL

370/183 Tue Nov 06 17:55:56 2001 jdbodbc717
ODB0000045 - SQLDriverConnect failed. DSN: BIGTARPON - B7333 Server Map

370/183 Tue Nov 06 17:55:56 2001 jdbodbc718
[Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified - SQLSTATE: IM002

370/183 Tue Nov 06 17:55:56 2001 JDB_OMP11123
JDB9900240 - Failed to open F986101

I then went and checked the ODBC driver for the data source and it is correct (per the install guide). So I went to Access and linked to the F986101 table using ODBC and it worked fine(good news, bad news).

I'm going to try some more "stuff" in the morning.

Any additional ideas anyone has would be much appreciated.

Thanks to everyone!


Thank You,
Bill
Windows NT, SQL 7, XE 13.0
 
RE: Can\'t Access Security Server - Help

Bill,
Did you check your TNSNAMES.ORA file?

Lisa G. Stinebuck
Senior Service Delivery Technician
Logical eBoc
US Logical
311 Elm Street, Suite 150
Cincinnati, OH 45202
(513) 412-3400 Office
(513)378-2832 Cell
[email protected]
www.us.logical.com <http://www.us.logical.com/>
 
Re: Can\'t Access Security Server - Help

We came across a different problem, same symptoms on our AS/400, V4R4.

In them mornings, we ENDNET/ENDTCP to run backups, then STRTCP/STRNET
afterwards. We would *always* get "can't access security server" -
END/STRNET once more and all would be right with the world.

We discovered that if we end subsystem QSERVER before bringing TCPIP back
up, JDE starts first time every time.

Go figure.

Maurice
 
Re: Can\'t Access Security Server - SUCCESS!

Well am I happy! (see icon)
First I would like to thank everyone, especially Phil, who took the time to offer suggestions and help. It was all appreciated!

The problem did turn out to be the services not starting correctly. I had a heck of a time figuring out how to get them to start good and still am a little puzzled on why the solution worked.

I'll explain:
On the properties of the services there is an option Log On As
and the choices are System Account or This Account (you enter someone defined to the domain with administrator privledges)

The first issue was the System Account was selected. The Installation Guide does tell you to use the This Account option. I changed it to be This Account and entered the domain\JDE and password (we have a user, JDE, assigned to our Administrators group).

Well this still didn't work, so I changed the This Account to the domain\Administrator and password and VIOLA! Why JDE wouldn't work is still a mystery, since it does have administrator rights.

I ran PORTTEST and it completed successfully! I also signed on to an environment using a userid I had setup yesterday and it worked great. I have since added some additional Groups and users and they all appear able to signon fine.

So Again, THANKS TO ALL

Thank You,
Bill
Windows NT, SQL 7, XE 13.0
 
RE: Can\'t Access Security Server - SUCCESS!

jdebill,
There is a script that you can run once you have ended OneWorld called
rmics.sh - this script will clean up anything left hanging after
bringing OneWorld down. It won't hurt to run it more than once. The
rmics.sh is called in the EndOneWorld.sh as well as (I believe) at the
beginning of the RunOneWorld.sh script (depending on your version)
however we have found it beneficial to run it by itself (especially if
you are supporting older OneWorld versions).
Cheers,

Lisa G. Stinebuck
Senior Service Delivery Technician
Logical eBoc
US Logical
311 Elm Street, Suite 150
Cincinnati, OH 45202
(513) 412-3400 Office
(513)378-2832 Cell
[email protected]
www.us.logical.com <http://www.us.logical.com/>
 
Re: Can\'t Access Security Server - Help

Well, we had this problem after the Xe SP13 install. Everything was working fine except for the security as you de[censored].

We spent weeks and weeks with consultants and JDE tech support, and in the end we don't know exactly what fixed the problem. One day I tried 4 different things and then it started working. Then I started undoing those 4 things one by one to find the one that broke it, and none of them made it quit working. (One of them was deleting and re-adding the user profile for JDE, which of course couldn't be undone and tested.)

Quite bizarre, isn't it?

---------------------------------
OneWorld Xe SP15
Clustered Windows 2000 + SQL 2000
 
Back
Top