AREA - ITSM 8.1 - can not make it work!
Hi all i have a clean build 8.1. i am experimenting with AREA 8.1 in its simplest form, basically trying to authenticate the support staff against their local AD... simple one might think, but no... i have been fighting with it for a week now and seem to be getting no where fast. I am going to try and list the symptoms and findings here in the hope that someone can help (why can the simplest form of AD integration not be simple a few check boxes to make work like in most apps with this feature, and bury the clever stuff that the minority might want!!) 1. I have created a test user in AD called “test user”, with a password of “Password1”, and a USERNAME=123456 2. I have created a people record called “Test User” with a ARS password of “Window5” , and a USERNAME=123456 3. Placed the AD user into the default USERS container to avoid any confusion of OU’s 4. Tested both users in their own environment to make sure they log in 5. Setup AREA form in its simplest form with - hostname = AD server - port = 389 (confirmed AD is answering on this port via telnet to that port) - bind user is my own AD account which is domain admin - userbase = CM=Users,DC=DOMAIN (note this domain has only a single extension, i.e. where BMC is bmc.com, in this domain it would just be “bmc”) - User Search Filter = userPrincipalName=%\USER$ - Group membership = None - everything else is default 6.In the EA tab:: - RPC port = 390695 - Cross ref blank pas = CHECKED - Auth string chaining = “AREA - ARS” So, what happens… - If I log into remedy using 123456 and Window5 then it logs in fine as expected - If I log into remedy using 123456 and Password1 then it will not authenticate I then tried a few of the different chaining modes to see what would happen. None work except when I set it to: - ARS – OS – AREA At this point, I can now log into Remedy using EITHER the AD password or the ARS password. First question, what is “OS” in the chaining policy? I am assuming operating system, but what settings is it using, how is it getting those details, is it from some settings in the AREA form? I ask this, as when I went into AREA form and mess-up up the search stings and what not, but the login using AD password STILL worked, so it is like it does not use AREA config for the OS chaining function. I then fixed AREA config, but changed the “User Search Filter” to use “displayName” and then tested login using “TestUser” as login name with AD password, and it failed. I tried then using the USERNAME again and it still worked! I am now very confused, as the configuration of this in 8.1 DOES on paper look simple. I turned logging of filter to finest but go nothing of i8ntrest… it is like it is just not doing anything. I am just wondering have I missed a key point… I know in 7.65 is was a lot harder, but in 8.x it is supposed to be simpler… it installs the plugin as part of install etc, so I am just wondering is something broke, or am I being an idiot (I suspect the latter unfortunately) Cheers dan ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
Re: Upgrade ITSM 7.6.04SP2 to 8.1 - Wierd error (SEVERE)
OK, back to the original issue :-) the attached logfiles fromt he post below . here is the remedy/application log from running the RIK command: [Fri Mar 08 17:44:50.874] RikMain- RIK utility version/timestamp: 8.1.00 201301251157 [Fri Mar 08 17:44:50.890] RikMain- Command = rik.exe defnimp -f e:\chg_deplapp.def -m migrate -x VBMC41-IEDRW -t 0 -u tony.reel -p *NOT_THIS_TIME* -C -l e:\riktony.log -L [Fri Mar 08 17:44:51.015] RikMain- ARInitialization Complete [Fri Mar 08 17:44:51.030] SetOverlayGroup- Set Session Configuration for design and runtime overlay group (base[-1]) succeeded [Fri Mar 08 17:44:51.108] VerifyControl- AR User is valid [Fri Mar 08 17:44:51.124] RikMain- Calling the subcommand: defnimp [Fri Mar 08 17:44:51.124] DefnImport- Begin import file e:\chg_deplapp.def, mode 0x2, mask 0x19051 [Fri Mar 08 17:44:51.202] ImportFileNode- Calling ARImport() in migr mode for "chg_deplapp.def", mask 0x19051. "Timeout = 120 seconds. [ERROR][Fri Mar 08 17:47:36.796] ImportFileNode- ARImport() for "chg_deplapp.def" returned non-zero return code 2 [ERROR][Fri Mar 08 17:47:36.796] ImportFileNode- 314 Field does not exist on current form CHG:ChangeRiskDerivedTemplateFieldSelectionLookup : <10> [ERROR][Fri Mar 08 17:47:36.796] ImportFileNode- 314 Field does not exist on current form CHG:ChangeRiskDerivedFactorsTemplateLookup : <300207500> [ERROR][Fri Mar 08 17:47:36.796] ImportFileNode- 392 Field/VUI name must be unique for the form -- there is already a field or VUI using this name Column [WARNING][Fri Mar 08 17:47:36.796] ImportFileNode- 55 The following item was not imported CHG:ChangeImpactedAreaCIAssociation_Join [WARNING][Fri Mar 08 17:47:36.796] ImportFileNode- 55 The following item was not imported CHG:Change-ImpactedAreasCIAssociation_outer_ApproverLookup [WARNING][Fri Mar 08 17:47:36.796] ImportFileNode- 55 The following item was not imported CHG:ChangeRelationshipInterface [WARNING][Fri Mar 08 17:47:36.796] ImportFileNode- 55 The following item was not imported CHG:ChangeImpctAreaApproverLookup [WARNING][Fri Mar 08 17:47:36.796] ImportFileNode- 55 The following item was not imported CHG:ChangeApproverLookup [WARNING][Fri Mar 08 17:47:36.796] ImportFileNode- 55 The following item was not imported CHG:Change-ImpactedAreas_outer_CIAssociation_outerJoin [WARNING][Fri Mar 08 17:47:36.796] ImportFileNode- 55 The following item was not imported CHG:Association_ID01_02Join [WARNING][Fri Mar 08 17:47:36.796] ImportFileNode- 55 The following item was not imported CHG:TemplateQueryInterface [WARNING][Fri Mar 08 17:47:36.796] ImportFileNode- 55 The following item was not imported CHG:Infrastructure Change Classic [WARNING][Fri Mar 08 17:47:36.796] ImportFileNode- 55 The following item was not imported CHG:InfrastructureChangeAPDetail [WARNING][Fri Mar 08 17:47:36.796] ImportFileNode- 55 The following item was not imported CHG:Chg Search-Worklog [WARNING][Fri Mar 08 17:47:36.796] ImportFileNode- 55 The following item was not imported CHG:Chg Search-Associations [WARNING][Fri Mar 08 17:47:36.796] ImportFileNode- 55 The following item was not imported CHG:ChangeSelfJoin [WARNING][Fri Mar 08 17:47:36.796] ImportFileNode- 55 The following item was not imported CHG:ChangeRiskDerivedTemplateSelectionDerivedFactorsLookup [WARNING][Fri Mar 08 17:47:36.796] ImportFileNode- 55 The following item was not imported CHG:ChangeROIConfig_Join [WARNING][Fri Mar 08 17:47:36.796] ImportFileNode- 55 The following item was not imported CHG:ChangeInterface [WARNING][Fri Mar 08 17:47:36.796] ImportFileNode- 55 The following item was not imported CHG:ChangeAssocJoinCRQ [WARNING][Fri Mar 08 17:47:36.796] ImportFileNode- 55 The following item was not imported CHG:ChangeAPDetailSignature [WARNING][Fri Mar 08 17:47:36.796] ImportFileNode- 55 The following item was not imported CHG:Change-ImpctArea [WARNING][Fri Mar 08 17:47:36.796] ImportFileNode- 55 The following item was not imported CHG:Change-ImpactedAreas_outerJoin [WARNING][Fri Mar 08 17:47:36.796] ImportFileNode- 55 The following item was not imported CHG:Change-ImpactedAreasJoin [WARNING][Fri Mar 08 17:47:36.796] ImportFileNode- 55 The following item was not imported CHG:CHGNGC:ChangeAssociatedRecords_Join [WARNING][Fri Mar 08 17:47:36.796] ImportFileNode- 55 The following item was not imported CHG:Association_ID02Join [WARNING][Fri Mar 08 17:47:36.796] ImportFileNode- 55 The following item was not imported CHG:Association_ID01Join [WARNING][Fri Mar 08 17:47:36.796] ImportFileNode- 55 The following item was not imported CHG:TemplateSPGAssocLookup [WARNING][Fri Mar 08 17:47:36.796] ImportFileNode- 55 The following item was not imported CHG:ProcessFlow_TemplateSPGLookup [WARNING][Fri Mar 08 17:47:36.796] ImportFileNode- 55 The following item was not imported CHG:ChangeRiskFactorQuestionLookup [WARNING][Fri Mar 08 17:47:36.796] ImportFileNode- 55 The following item was not imported CHG:ChangeRiskDerivedTemplateFieldSelectionLookup [WAR
Re: Upgrade ITSM 7.6.04SP2 to 8.1 - Wierd error (SEVERE)
LOL.. good job it is not internet facing and not my own password!!! sorry tony :-) ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
Re: Upgrade ITSM 7.6.04SP2 to 8.1 - Wierd error (SEVERE)
arrghhh you are right there... i better find Daniel to get that post removed!!! where the heck is that damn post-edit button!!! ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
Re: Upgrade ITSM 7.6.04SP2 to 8.1 - Wierd error (SEVERE)
Hi all we are still here plugging away... befroe i give another update, can i just ask if anyone has successfully upgraded a 7.6.04Sp2 ITSM direct to 8.1 yet? just checking :-) update on issue (by the way, this has gone to BMC support, they said they were reviewing logs, but no reply yet) From looking in the log files we could see these errors which show that there was problem migrating these forms during the upgrade. [ERROR][Fri Mar 08 11:26:25.161] ImportFileNode- ARImport() for "chg_deplapp.def" returned non-zero return code 2 [ERROR][Fri Mar 08 11:26:25.161] ImportFileNode- 314 Field does not exist on current form CHG:ChangeInterface : <103216> [ERROR][Fri Mar 08 11:26:25.161] ImportFileNode- 314 Field does not exist on current form CHG:ChangeSelfJoin : <112> [ERROR][Fri Mar 08 11:26:25.161] ImportFileNode- 314 Field does not exist on current form CHG:ChangeRiskDerivedTemplateFieldSelectionLookup : <10> [ERROR][Fri Mar 08 11:26:25.161] ImportFileNode- 314 Field does not exist on current form CHG:ChangeRiskDerivedFactorsTemplateLookup : <300207500> [ERROR][Fri Mar 08 11:26:25.167] ImportFileNode- 392 Field/VUI name must be unique for the form -- there is already a field or VUI using this name Column I looked at the CHG:ChangeSelfJoin form. In a clean 7.6.04 SP2 install the 112 field is not present. In a clean install of 8.1 the 112 field is present. So using the Dev studio I exported the CHG:ChangeSelfJoin form from a clean install and imported it to the pre ITSM upgrade server and got no errors. It then tried the same action on CHG:ChangeRiskDerivedTemplateFieldSelectionLookup & CHG:ChangeRiskDerivedFactorsTemplateLookup forms but got the message saying "314 Field does not exist on current form CHG:ChangeRiskDerivedFactorsTemplateLookup : <300207500>" I ran the RIK command rik.exe defnimp -f e:\chg_deplapp.def -m migrate -x VBMC41-IEDRW -t 0 -u tony.reel -p BTsu99ort# -C -l e:\riktony.log -L –v and the resulting logs are attached but they give the same error messages. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
Re: Upgrade ITSM 7.6.04SP2 to 8.1 - Wierd error (SEVERE)
thank you for the update and help, that is very helpful... i wonder what caused it... anyway, the log fiels have now been sent to BMC for review as a full pack.. we are also working int he back ground to try and work out what is going on under the hood happy Fridays!!! ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
Re: Upgrade ITSM 7.6.04SP2 to 8.1 - Wierd error (SEVERE)
Hi there that BMCRemedyChangeManagement.log has some good info in... i took a full zip off the server before reverting-to-snapshot. we have looked at the contents now and are not really any fiurther, though we can see the .def file the upgrade is trying to import, and what fields it is having trouble with... but how do we correlate that with relaity, i.e. work out what the issue is... section of BMCRemedyChangeManagement.log below: [Fri Mar 08 11:23:07.383] RikMain- RIK utility version/timestamp: 8.1.00 201301251157 [Fri Mar 08 11:23:07.383] RikMain- Command = C:\Users\ADMINI~1\AppData\Local\Temp\Utilities\rik\rik.exe loadapp -f e:\Program Files\BMC Software\BMCRemedyITSMSuite\Workflow\install\8.1.00_overlay_install\systems\chg\workflow\en\adf_chg.xml -m nosamp -x VBMC41-IEDRW -t 0 -u Action Request Installer Account -p ** -l e:\Program Files\BMC Software\BMCRemedyITSMSuite -n BMCRemedyChangeManagement -L [Fri Mar 08 11:23:07.385] RikMain- ARInitialization Complete [Fri Mar 08 11:23:07.388] SetOverlayGroup- Set Session Configuration for design and runtime overlay group (base[-1]) succeeded [Fri Mar 08 11:23:07.388] SetSessionTimeouts- Using 7200 seconds for the Normal timeout [Fri Mar 08 11:23:07.388] SetSessionTimeouts- Using 14400 seconds for the Long timeout [Fri Mar 08 11:23:07.388] SetSessionTimeouts- Using 21600 seconds for the Extra Long timeout [Fri Mar 08 11:23:07.400] VerifyControl- AR User is valid [Fri Mar 08 11:23:07.402] RikMain- Calling the subcommand: loadapp [Fri Mar 08 11:23:07.407] LoadApp- Application "chg" has 4 file(s): 4 definition file(s), 0 configuration data file(s), 0 sample data file(s) [Fri Mar 08 11:23:07.407] ProcessCommandsOfComponent- Commands List is empty . No Commands to execute [Fri Mar 08 11:23:07.407] LoadComponent- ** [Fri Mar 08 11:23:07.441] LoadComponent- Processing component: chg [Fri Mar 08 11:23:07.441] LoadComponent- Loading component chg [Fri Mar 08 11:23:07.441] LoadComponent- Specified mask (0x01801021) overrides all other ARImport settings! [Fri Mar 08 11:23:07.441] LoadComponent- Starting Definition Import for e:\Program Files\BMC Software\BMCRemedyITSMSuite\Workflow\install\8.1.00_overlay_install\systems\chg\workflow\en\.\chg_deplapp.def [Fri Mar 08 11:23:07.528] ImportFileNode- Calling ARImport() in arimport_forced_mask mode for "chg_deplapp.def", mask 0x1801021. "Timeout = 7200 seconds. [ERROR][Fri Mar 08 11:26:25.161] ImportFileNode- ARImport() for "chg_deplapp.def" returned non-zero return code 2 [ERROR][Fri Mar 08 11:26:25.161] ImportFileNode- 314 Field does not exist on current form CHG:ChangeInterface : <103216> [ERROR][Fri Mar 08 11:26:25.161] ImportFileNode- 314 Field does not exist on current form CHG:ChangeSelfJoin : <112> [ERROR][Fri Mar 08 11:26:25.161] ImportFileNode- 314 Field does not exist on current form CHG:ChangeRiskDerivedTemplateFieldSelectionLookup : <10> [ERROR][Fri Mar 08 11:26:25.161] ImportFileNode- 314 Field does not exist on current form CHG:ChangeRiskDerivedFactorsTemplateLookup : <300207500> [ERROR][Fri Mar 08 11:26:25.167] ImportFileNode- 392 Field/VUI name must be unique for the form -- there is already a field or VUI using this name Column [WARNING][Fri Mar 08 11:26:25.167] ImportFileNode- 55 The following item was not imported CHG:ChangeImpactedAreaCIAssociation_Join [WARNING][Fri Mar 08 11:26:25.167] ImportFileNode- 55 The following item was not imported CHG:ChangeRelationshipInterface [WARNING][Fri Mar 08 11:26:25.167] ImportFileNode- 55 The following item was not imported CHG:ChangeImpctAreaApproverLookup [WARNING][Fri Mar 08 11:26:25.190] ImportFileNode- 55 The following item was not imported CHG:ChangeApproverLookup [WARNING][Fri Mar 08 11:26:25.190] ImportFileNode- 55 The following item was not imported CHG:Association_ID01_02Join [WARNING][Fri Mar 08 11:26:25.190] ImportFileNode- 55 The following item was not imported CHG:TemplateQueryInterface [WARNING][Fri Mar 08 11:26:25.190] ImportFileNode- 55 The following item was not imported CHG:Infrastructure Change Classic [WARNING][Fri Mar 08 11:26:25.190] ImportFileNode- 55 The following item was not imported CHG:InfrastructureChangeAPDetail [WARNING][Fri Mar 08 11:26:25.214] ImportFileNode- 55 The following item was not imported CHG:Chg Search-Worklog [WARNING][Fri Mar 08 11:26:25.214] ImportFileNode- 55 The following item was not imported CHG:Chg Search-Associations [WARNING][Fri Mar 08 11:26:25.214] ImportFileNode- 55 The following item was not imported CHG:ChangeSelfJoin [WARNING][Fri Mar 08 11:26:25.214] ImportFileNode- 55 The following item was not imported CHG:ChangeRiskDerivedTemplateSelectionDerivedFactorsLookup [WARNING][Fri Mar 08 11:26:25.214] ImportFileNode- 55 The following item was not imported CHG:ChangeROIConfig_Join [WARNING][Fri Mar 08 11:26:25.243] ImportFileNode- 55 The following item was not imported CHG:ChangeInterface [WARNING][Fri
Re: Upgrade ITSM 7.6.04SP2 to 8.1 - Wierd error (SEVERE)
thank you for the help.. we are thinking a test will be to just to remove the overlay from the change form and see if the install runs. as a side note, would you say it would be OK to just re-run the ITSM installed again on the FAILED install, or would you say that it would be better to revert to snapshot from before the failed ITSM upgrade and re-run clean, or might it be quicker to re-runt he ITSM installer over the top of the failed install (after removing the overlay of course)? cheers dan ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
Upgrade ITSM 7.6.04SP2 to 8.1 - Wierd error (SEVERE)
Hi all,
i hope you are well everyone... we are currently testing upgrades from 7.6 to
8.1. we have done a tons of testing but specifically on the ITSM upgrade, we
are getting an error after about 6-8 hours of install.
Environment:
2 x AR servers in an SG (though for the purpose of upgrade testing, we have
taken out the SG config and it is a standalone server)
Operating system throughout is 64 bit windows 2008 server R2
all servers are VMware VMs (exce0pt the database)
Backend DB is SQL Server 20078 64bit
this platform was built from t he bottom up as a 7.6.04SP2 install , with some
ticket and user data migrated across from a previous 7.6.04SP1 install
We have several customisation on the incidents and change forms but i will
leave the detail of this to my colleague Tony to add as we are working together
on this and he is the dev guy :-)
the error is below. this was after successful ARsystem upgrade, successful
Atrium core and integrator upgrades... this error happens after the ITSM
completes with failure.
--
Mar 08 2013 07:23:01 AM
--
SEVERE
--
com.bmc.install.product.bmcremedyitsmsuite.overlays.BMCRemedyChangeManagement
--
THROWABLE EVENT {Description=[Program execution failed due to return code
392],Detail=[Program not completed]}
--
Throwable=[com.bmc.install.utility.language.syntax.statement.extension.StatementDelegateReturnCodeException:
com.bmc.install.utility.language.syntax.statement.extension.StatementDelegate.handleReturnCode(StatementDelegate.java:897)
com.bmc.install.product.rik.statement.RIKLoadApplicationStatement.execute(RIKLoadApplicationStatement.java:214)
com.bmc.install.utility.language.syntax.statement.extension.ExtensionStatement.execute(ExtensionStatement.java:289)
com.bmc.install.utility.language.syntax.statement.Block.execute(Block.java:72)
com.bmc.install.utility.language.syntax.statement.IfStatement.execute(IfStatement.java:145)
com.bmc.install.utility.language.syntax.Program.execute(Program.java:75)
com.bmc.install.utility.language.runner.ProgramRunner.executeProgram(ProgramRunner.java:229)
com.bmc.install.product.base.language.ProgramRunnerValidationTask.executeProgram(ProgramRunnerValidationTask.java:312)
com.bmc.install.utility.language.runner.ProgramRunnerStatement.execute(ProgramRunnerStatement.java:153)
com.bmc.install.utility.language.syntax.statement.extension.ExtensionStatement.execute(ExtensionStatement.java:289)
com.bmc.install.utility.language.syntax.statement.Block.execute(Block.java:72)
com.bmc.install.utility.language.syntax.statement.EnhancedForStatement.handleArray(EnhancedForStatement.java:374)
com.bmc.install.utility.language.syntax.statement.EnhancedForStatement.execute(EnhancedForStatement.java:190)
com.bmc.install.utility.language.syntax.statement.Block.execute(Block.java:72)
com.bmc.install.utility.language.syntax.statement.IfStatement.execute(IfStatement.java:145)
com.bmc.install.utility.language.syntax.statement.Block.execute(Block.java:72)
com.bmc.install.utility.language.syntax.statement.IfStatement.execute(IfStatement.java:145)
com.bmc.install.utility.language.syntax.statement.Block.execute(Block.java:72)
com.bmc.install.utility.language.syntax.Program.execute(Program.java:75)
com.bmc.install.utility.language.runner.ProgramRunner.executeProgram(ProgramRunner.java:229)
com.bmc.install.product.base.language.ProgramRunnerValidationTask.executeProgram(ProgramRunnerValidationTask.java:312)
com.bmc.install.product.base.language.ProgramRunnerValidationTask.performValidation(ProgramRunnerValidationTask.java:97)
com.bmc.install.task.ValidationTask.execute(ValidationTask.java:54)
com.bmc.install.task.InstallationTask.run(InstallationTask.java:93)
java.lang.Thread.run(Unknown Source)]
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
"Where the Answers Are, and have been for 20 years"
Re: WWRUG13?
i vote to move the WWRUG to Ireland, move it to March and you can all enjoy St Patricks day :-) ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
Re: OT - Twinkies! Oh No!
i actually kept a few twinkies from this years RUG and brought them back to Ireland... i will have to stash them away for next time.. assuming the kids did not find them and think they were edible! ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
Re: 2 Reporting questions
the key with FCR is defining exactly what it is you want to measure. we have been discussing it ffor some time internally, and it changes anually. we now have 2 measures, FCR and FLR. FLR is much easier in remedy as it basicaly means the ticket never left the first line... but FCR is where the caller never left the first phone call... ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
Re: Mid Tier and Potential Proxy Issues
what version of mid-tier are you riunning (and overall remedy for that matter) we used to get this issue all the tiume, we called it grey screen of death. we service-packed mid-tier and it went away, SP2 i think for 7.6.04 we had tried everything but could not get it working, and it was random. we even got the desktop estate upgraded as we thought it was performance... (which was not a bad idea anyway to be honest) ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
Re: RUGs = 1
Thanks Dave! much appreciated! while i have your attention, what governs the Friday morning repeat sessions? i have a bunch of sessions i would like to attend, but they conflict with each other, so just wondering how you decide which ones are repeated? cheers dan ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
Re: RUGs = 1
I am so excited to be here, hoping the company will let me come again next year but they can be an awkwad bunch when it comes to financial approval...needs some techies in the finance team who understand that software moves on in 12 months... :-) ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
Re: RUGs = 1
ROTFLMAO!! i literally laughed out loud while sitting in the quiet hotel bar... how embarrassing LOL ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
RUGs = 1
Hi people... we have arrived at the conference and i can see remedy lovers all over the hotel sporting their orange badge holders and cool ruck sacks. Looking forward to meeting some of you at the welcome evening tonight... but if anyone finds them self at a loose end due to not attending ay pre-conference sessions, say hi to a lonely first-timer in the bar, easy to spot with the "RUGs=1" badge of shame :-) good luck all and have a good week! D. ps.. has anyone worked out how to clone themself so they can attend 2 presentations at the same time? :-) ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
Re: ADV: Re: [arslist] Results of a application pen-test - need to close holes
Hi there something weird is going on with this list, as there were more replies yesterday before the system went a bit weird last night.. The last post was about getting together at WWRUG12 for a get together to chat about exposing SRM to the public internet... I remember as someone offered to buy the first round :-) my colleague and I will be arriving tomorrow for Fairmont, and staying for the week for the conference... if we were to try and get everyone who cares about such a thing together, how would one go about that? this is our first ever WWRUG, so we are more likely to be the 2 people in the corner hiding and hoping someone talks to us :-) cheers dan ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
Re: Data Management Tool in version 8 replaced by Atrium Integrator
sorry to hijack, but does anyone know is the integrator module is now supported in server group envirnment? i am pretty sure it was ont he proposed list for v8 great that DMT from 7604 will still work though ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
Re: Results of a application pen-test - need to close holes
hi John so if i open up login.jsp on each of my mid-tiers, and i modiofy the code on lines 4 and 8, to include "autocomplete="off"" you think i will get what i need? i am not a coder, so the fact this is JSP, does that matter? 1 2 3 <%=MessageTranslation.getLocalizedText(locale,"User Name")%> 4 5 6 7 <%=MessageTranslation.getLocalizedText(locale,"Password")%> 8 9 10 11 <%=MessageTranslation.getLocalizedText(locale,"Authentication")%> 12 13 14 15 " onClick="doLogin();"> 16 " onClick="clearLogin();"> 17 18 19 20 21 22 23 24 25 ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
Re: Results of a application pen-test - need to close holes
Hi John
For the session timeout, i found the setting under web, in user preferences.
looks like some people had no timeout setting at all, some had 5 hours. I have
logged an internal RFC to globally reset everyone’s to one hour, and also to
set mid-tier webserver timeout to the same to cover all bases.
For the concurrent users, i confirmed that as long as the user does not have a
fixed-license, + admin role, then they can not log in concurrently from
multiple machines, so that one is closed.
As for the auto-complete one, the specific comments from the pen-tester was as
follows. he was not actually scanning cookies by the looks of it, more viewing
the screen in front of him. he provided a screen show showing the web-browser
offering the last 3 usernames used on that browser. it should be possible to
stop browsers remembering a field value,. like online baking sites where no
matter what the browser is set to, you can nOT remember the last value of the
field from the last visit:
"Web applications allows user to store the password in the browser ("remember
password"
function). If auto complete feature is ON and an attacker gains access to the
browser cache,
can easily obtain the password in clear text and list down the complete user
id’s present on
particular application."
cheers
dan
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
Re: ADV: Re: [arslist] Results of a application pen-test - need to close holes
hi John are you going to be a WWRUG this year? ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
Results of a application pen-test - need to close holes
Hi forum, I hope you can help, and I am sorry in advance for the long post, but I am trying to get all this into one post, hoping that someone has gone through this exercise before. So basically, we had an application pen-test before releasing our remedy platform to the public internet. We got 7 things that we need to fix, some of them before we can go live, others that can wait a while. Summary: 1. Privilege Escalation 2. Improper Error Handling 3. No session time out 4. Concurrent User Sessions 5. Forced Browsing 6. Autocomplete feature 7. Banner Grabbing Below I have described them a little more with description, recommendation, but also the problem I have in getting them implemented. We are 18 months into our first ever Remedy journey, so security is something we have not really considered. Can you please help? 1. Privilege Escalation -- Description: - Privilege escalation in Remedy application allows a user to gain elevated access to resources that are meant a privileged user. It was observed that in Remedy a user can view / read other user’s Service catalogue and preference details. The privilege values should be checked from the database and not be stored in a client side cookie. Vulnerable Urls: https:///arsys/forms//SRS%3ACFGApplicationPreferences/Dialog+Console/?cacheid=aeabdc61&format=html https:// /arsys/forms//SRS%3AServiceRequestConsole/enduser/?cacheid=1bc6c61&format=html https:// /arsys/atrium/ServiceCatalog.swf this means the user can get more rights than they are entitled too. In this case a test user was able to see other users preferences, this may need to go back to BMC if T&T are unable to resolve as it may be an application fault. Recommended fix is to enable server side authentication and not client side which is currently in place. Recommendation: - It is strongly recommended to check the privilege values from the database before granting access to secured recourses applications. Problem: How do I even start with this one…. Is there something I am not doing in terms of application lock down? Is it something to do with object-list within mid-tier so URLs can be directly browsed to? 2. Improper Error Handling --- Description --- If a web application encounters an error condition it may need to display an appropriate error message. Sometimes these messages can be detailed enough to give away crucial information about the application. This information may include database schema/table names, user names, platform specific information etc. Applications giving out detailed error messages run the risk of exposing crucial information which can be used later to launch further attacks. Our Remedy installation seems to have been configured in an insecure way. Whenever the application encounters any kind of error condition (such as failed execution of an SQL query), an error message of failure SQL operation is sent back to the user’s browser. Example typical error: “The SQL database operation failed. : The data types text and varchar are incompatible in the equal to operator. (SQL Server 402) (ARERR 552)” Recommendation: In a live environment, application error messages should be kept as short as possible. Hence it is advisable that the error messages emanating from certain scripts be restricted. Only custom HTTP error messages should be displayed instead of the detailed ones. Problem: Again, not sure what to do here. I have not enabled anything special as far as I can see. I think we did set something to make the error appear in the bar rather than popping up, but other than that, can I disable error messages altogether for user-level remedy users? 3. No session time out Description: this means the application session will never time out, in the case where a user was using a shared PC a session could be hi-jacked or stolen. Recommendation: Session timeout should be enabled. For web facing system session timeout should be 20/30 minutes, to protect customers. Problem: I am pretty sure this is a setting on a user by user basis. Is there a way to globally push a new timeout setting to all of the currently configured users? There is a session timeout in mid-tier but I don’t think that actually logs people out of remedy… 4. Concurrent User Sessions Description: Concurrent login sessions allow multiple users to log into the application using a single user ID. This makes it difficult for the web application to maintain traceability of user activity. If concurrent sessions are allowed, there is a possibility that users may access the same account in parallel and a legitimate user might not be able to identify that his a
Re: SLM Milestone Actions keep repeating, Deleted SVTs keep attaching, SLM 7604Sp2 and 2 other issues
thank you Christopher for your help. do you know what the table is that I need to audit to check for the link between the filters and the SVT? what i currently am able to do, is list ALL filters in dev studio, and find the ones that have the SVT_ID in the title of the filter, which implies they are related, I then disable them. i actually managed to get the SVT to stop attaching today by going into the SLM_Category table, and changing the unique-identifier of that SVT and clicking SAVE. it was the only operation that was able to succeed on that data record in the table, so it must have got corrupted somehow, and it could no longer be indexed or something. I am hoping i have not broken something by doing this, i.e. do I now have orphaned components of an SVT due to me changing the unique ID of the SVT... (it is the ID that looks like "SLGAA5V0GH222ALYZQRGACAY6JBP43") I feel like I have been in Remedy hell all weekend on this, or at least SLM hell. In my server group configuration, i have 2 servers. one is completely out of the server group and does not even exist in the server-rankings table. the other server holds ALL the roles in the ranking table as it is currently the only SG member. do you think i need to disable the SLM function from one of these servers? what if i delete the SLM role from the SG, does that mean No server will run them in the SG, leaving the admin server to run them that is NOT in the SG? How do I disable the SLM process running on one of the server? Is it just by the rankings role? cheers dan ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
SLM Milestone Actions keep repeating, Deleted SVTs keep attaching, SLM 7604Sp2 and 2 other issues
Hi forum I have 3 fairly major issues in SLM, and I am hoping you can help. I thought about logging 3 discussions but I thought I would start withon, and then split if need be. Remedy version: 7.6.04 SP2 Platform: Windows 2008 R2 64bit DB: SQL Server 2008 R2 64bit 1. I have some SVTs that are set to disabled and then deleted from SLM console, but they keep attaching to new incidents. they were imported previously and had index problems when trying to modify them in any way at all (classic 302 error). These SVTs were imported and have caused all manor of problems every since. I would love to Kill them with a control+D in the SLM tables, but I know that will cause hell in the hpd:helpdesk form for incidents that reference them, so how can I force them out of the system when they can not be built due to index and unique identifier errors? 2. have a milestone with action to fire an email when incident is logged. it fires when the incident is logged, but then it fires again every one hour also, every time it fires twice :-~. The milestone is very simple. I only have email engine running on one server in the server group. Any thoughts on this? It runs literally every hour. I have not tried any other actions yet, so I am not sure if it just fires every time a breach escalation fires (i.e. 25%, 50% which happen to run very hour as it is a 4 hour fi SVT) 3. I have a problem that there is a known defect for). When you add a new Cheers Dan ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
Re: SLM import issues - hiddem SVTS
Hi Raj I found an article where someone had a diferent problem, but it highlighted the table SLM Catagory, which lists the conpiled SVTs. i found a bunch in there that were indeed set for NO to "show in table" i changed them all, and they all became visible. I still seem to have a problem where i Delete an SVT, but can never use the same name again... does the Delete SVT remain in the system forever? or does it eventually get purged? can i force the delete out of the back end? thank you all for your help... regards dan ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
SLM import issues - hiddem SVTS
all, any idea how i find SVTs that do not display in the SLM management console, but they are in the back ground somewhere? i did an export from production, and imported to a new production replacement. there were lots of missing SVTs, so i started rebuilding them. i then tested one, and found that multiple SVTs are attaching to incidents. when i go search for it, it is not there, so it must be in the back ground forms that the SLM module does not let you see I can actually see some of the hidden SVTs when i create a new agreement, and go to the SVT search tool to attach those SVTs to the agreement. so i know they are there, but i can not work out the table i go to, to delete them. better way would be to identify the link that brings them to the main console. any ideas? it is a total nightmare, and putting a halt to my project :-( cheers all for any help you can give me. Dan ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
