cancel
Showing results for 
Search instead for 
Did you mean: 

Connection Problem with SAP LogonHelp

0 Kudos

Hi IdM Experts,

I have a problem with the new IdM's SAP LogonHelp.

The Tool was implemented as documentation available on SAP website, but when I input the user's login and click to go to the next screen, on LogonHelp I receive the follow message:

"Could Not Connect to the IDM Server"

I check all connection between Client and Server and the Client can reach sucessfully the IdM Server on HTTPS port.

I install a Network Sniffer on my Server and I can see the packeds flowing well.

Below the TraceFile..

=========================================================================================================

<?xml version="1.0" encoding="utf-8"?>

<?xml-stylesheet type="text/xsl" href="sectrace.xsl"?>

<LogFile>

<logentry><app>LogonUI</app><mod>CSapLowProvider::CSapLowProvider()</mod><sid>2</sid><pid>1052</pid><tid>2964</tid><time>20130910111359.813</time><lvl>3</lvl><msg>  InitGlobalConfig</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowProvider::CSapLowProvider()</mod><sid>2</sid><pid>1052</pid><tid>2964</tid><time>20130910111359.813</time><lvl>3</lvl><msg>  new CResourceHandler()</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowProvider::CSapLowProvider()</mod><sid>2</sid><pid>1052</pid><tid>2964</tid><time>20130910111359.813</time><lvl>3</lvl><msg>  SetResourceInstance()</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowProvider::CSapLowProvider()</mod><sid>2</sid><pid>1052</pid><tid>2964</tid><time>20130910111359.813</time><lvl>3</lvl><msg>  InitResourceString()</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCredential::~CSapLowCredential()</mod><sid>2</sid><pid>1052</pid><tid>2964</tid><time>20130910111407.601</time><lvl>3</lvl><msg>  delete m_pRegAccess</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCredential::~CSapLowCredential()</mod><sid>2</sid><pid>1052</pid><tid>2964</tid><time>20130910111407.601</time><lvl>3</lvl><msg>  delete m_pResourceHandler</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowProvider::CSapLowProvider()</mod><sid>1</sid><pid>1876</pid><tid>720</tid><time>20130910111407.867</time><lvl>3</lvl><msg>  InitGlobalConfig</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowProvider::CSapLowProvider()</mod><sid>1</sid><pid>1876</pid><tid>720</tid><time>20130910111407.867</time><lvl>3</lvl><msg>  new CResourceHandler()</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowProvider::CSapLowProvider()</mod><sid>1</sid><pid>1876</pid><tid>720</tid><time>20130910111407.867</time><lvl>3</lvl><msg>  SetResourceInstance()</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowProvider::CSapLowProvider()</mod><sid>1</sid><pid>1876</pid><tid>720</tid><time>20130910111407.867</time><lvl>3</lvl><msg>  InitResourceString()</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowProvider::SetUsageScenario</mod><sid>1</sid><pid>1876</pid><tid>720</tid><time>20130910111408.038</time><lvl>3</lvl><msg>  EnumerateProviders()</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowProvider::SetUsageScenario</mod><sid>1</sid><pid>1876</pid><tid>720</tid><time>20130910111408.038</time><lvl>3</lvl><msg>  SetUsageScenario()</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmProv::SetUsageScenario</mod><sid>1</sid><pid>1876</pid><tid>720</tid><time>20130910111408.038</time><lvl>3</lvl><msg>  EnumerateCredentialWorkflow(TRUE)</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred::CSapLowCrpIdmCred</mod><sid>1</sid><pid>1876</pid><tid>720</tid><time>20130910111408.038</time><lvl>3</lvl><msg>      InitGlobalConfig()</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred::SetRegAccess</mod><sid>1</sid><pid>1876</pid><tid>720</tid><time>20130910111408.038</time><lvl>3</lvl><msg>      GetNumberOfQuestionPerPage()=3</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred::SetRegAccess</mod><sid>1</sid><pid>1876</pid><tid>720</tid><time>20130910111408.038</time><lvl>3</lvl><msg>      GetSapLowIdmServerUrl()</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowProvider::UnAdvise</mod><sid>1</sid><pid>1876</pid><tid>720</tid><time>20130910111408.069</time><lvl>3</lvl><msg>  EnumerateCredentials()</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCredential::SetCredential()</mod><sid>1</sid><pid>1876</pid><tid>720</tid><time>20130910111408.069</time><lvl>3</lvl><msg>      m_pWorkFlow-&gt;Advise()</msg></logentry><logentry><app>LogonUI</app><mod>SetInitialize</mod><sid>1</sid><pid>1876</pid><tid>720</tid><time>20130910111408.069</time><lvl>3</lvl><msg>    SetScreen_EnterUsername()</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCredential::SetSelected</mod><sid>1</sid><pid>1876</pid><tid>720</tid><time>20130910111409.676</time><lvl>3</lvl><msg>  m_pWorkFlow-&gt;Start()</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred::Start</mod><sid>1</sid><pid>1876</pid><tid>720</tid><time>20130910111409.676</time><lvl>3</lvl><msg>    CreateThread(&amp;Workflow)</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCredential::SetSelected</mod><sid>1</sid><pid>1876</pid><tid>720</tid><time>20130910111409.676</time><lvl>3</lvl><msg>  WaitForWorkFlow()</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred::Workflow</mod><sid>1</sid><pid>1876</pid><tid>844</tid><time>20130910111409.676</time><lvl>3</lvl><msg>  Process_StartLogonHelp()</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred::Process_StartLogonHelp</mod><sid>1</sid><pid>1876</pid><tid>844</tid><time>20130910111409.676</time><lvl>3</lvl><msg>    SetScreen_EnterUsername()</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred::Process_StartLogonHelp</mod><sid>1</sid><pid>1876</pid><tid>844</tid><time>20130910111412.110</time><lvl>3</lvl><msg>    GetQuestionList()</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred::GetQuestionList</mod><sid>1</sid><pid>1876</pid><tid>844</tid><time>20130910111412.110</time><lvl>3</lvl><msg>      P–  </msg></logentry><logentry><app>LogonUI</app><mod>CWinHttpHelper::SendRequest</mod><sid>1</sid><pid>1876</pid><tid>844</tid><time>20130910111427.179</time><lvl>1</lvl><msg>      Error 12175 has occurred.

</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred::GetQuestionList</mod><sid>1</sid><pid>1876</pid><tid>844</tid><time>20130910111427.179</time><lvl>3</lvl><msg>      The retrieving of the sequrity questions for user 'glima' returned empty response or the execution of one of the methods - CWinHttpHelper::SendRequest or CLowCommon::ConvertAsciiToUnicode returned error.</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred::Process_StartLogonHelp</mod><sid>1</sid><pid>1876</pid><tid>844</tid><time>20130910111427.179</time><lvl>3</lvl><msg>    GetQuestionList() = S_FALSE</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred::Workflow</mod><sid>1</sid><pid>1876</pid><tid>844</tid><time>20130910111427.179</time><lvl>3</lvl><msg>  Process_StartLogonHelp()</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred::Process_StartLogonHelp</mod><sid>1</sid><pid>1876</pid><tid>844</tid><time>20130910111427.179</time><lvl>3</lvl><msg>    SetScreen_EnterUsername()</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCredential::SetDeselected</mod><sid>1</sid><pid>1876</pid><tid>720</tid><time>20130910111429.317</time><lvl>3</lvl><msg>  m_pWorkFlow-&gt;Stop()</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred::Stop</mod><sid>1</sid><pid>1876</pid><tid>720</tid><time>20130910111429.317</time><lvl>3</lvl><msg>    m_pCallback-&gt;CB_ReleaseGUI()</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred::Stop</mod><sid>1</sid><pid>1876</pid><tid>720</tid><time>20130910111429.317</time><lvl>3</lvl><msg>    WaitForSingleObject()</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred::Workflow</mod><sid>1</sid><pid>1876</pid><tid>844</tid><time>20130910111429.317</time><lvl>3</lvl><msg>  SetEvent()</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred::Stop</mod><sid>1</sid><pid>1876</pid><tid>720</tid><time>20130910111429.317</time><lvl>3</lvl><msg>    CloseHandle(m_hExitEvent)</msg></logentry></LogFile>

=========================================================================================================

Has anyone sucessfully implemented this New LogonHelp tool?

Thanks...

Accepted Solutions (0)

Answers (3)

Answers (3)

0 Kudos

Hi Experts,

I have a new LogFile... Follow below:

==========================================================================

<?xml version="1.0" encoding="utf-8"?>

<?xml-stylesheet type="text/xsl" href="sectrace.xsl"?>

<LogFile>

<logentry><app>LogonUI</app><mod>CSapLowProvider</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145014.652</time><lvl>4</lvl><msg>{ CSapLowProvider::CSapLowProvider()</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowProvider::CSapLowProvider()</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145014.652</time><lvl>3</lvl><msg>  InitGlobalConfig</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowProvider::CSapLowProvider()</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145014.652</time><lvl>3</lvl><msg>  new CResourceHandler()</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowProvider::CSapLowProvider()</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145014.652</time><lvl>3</lvl><msg>  SetResourceInstance()</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowProvider::CSapLowProvider()</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145014.652</time><lvl>3</lvl><msg>  InitResourceString()</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowProvider</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145014.652</time><lvl>4</lvl><msg>}</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowProvider</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145016.730</time><lvl>4</lvl><msg>{ CSapLowProvider::SetUsageScenario</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowProvider::SetUsageScenario</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145016.730</time><lvl>3</lvl><msg>  EnumerateProviders()</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowProvider</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145016.730</time><lvl>4</lvl><msg>  { CSapLowProvider::EnumerateProviders</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowProvider</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145016.730</time><lvl>4</lvl><msg>  } 0</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowProvider::SetUsageScenario</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145016.730</time><lvl>3</lvl><msg>  SetUsageScenario()</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmProv</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145016.730</time><lvl>4</lvl><msg>{ CSapLowCrpIdmProv::SetUsageScenario</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmProv::SetUsageScenario</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145016.730</time><lvl>3</lvl><msg>  EnumerateCredentialWorkflow(TRUE)</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmProv</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145016.730</time><lvl>4</lvl><msg>  { CSapLowCrpIdmProv::EnumerateCredentialWorkflow</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmProv</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145016.730</time><lvl>4</lvl><msg>    { CSapLowCrpIdmCred::CSapLowCrpIdmCred</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred::CSapLowCrpIdmCred</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145016.730</time><lvl>3</lvl><msg>      InitGlobalConfig()</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmProv</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145016.730</time><lvl>4</lvl><msg>    }</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145016.730</time><lvl>4</lvl><msg>    { CSapLowCrpIdmCred::SetRegAccess</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred::SetRegAccess</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145016.730</time><lvl>3</lvl><msg>      GetNumberOfQuestionPerPage()=3</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred::SetRegAccess</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145016.730</time><lvl>3</lvl><msg>      GetSapLowIdmServerUrl()</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145016.730</time><lvl>4</lvl><msg>    }</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145016.730</time><lvl>4</lvl><msg>  } 0</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowProvider</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145016.730</time><lvl>4</lvl><msg>}</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowProvider</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145016.745</time><lvl>4</lvl><msg>{ CSapLowProvider::GetCredentialCount</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowProvider::UnAdvise</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145016.745</time><lvl>3</lvl><msg>  EnumerateCredentials()</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowProvider</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145016.745</time><lvl>4</lvl><msg>  { CSapLowProvider::EnumerateCredentials</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowProvider</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145016.745</time><lvl>4</lvl><msg>    { CSapLowCredential::CSapLowCredential()</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowProvider</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145016.745</time><lvl>4</lvl><msg>    }</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowProvider</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145016.745</time><lvl>4</lvl><msg>    { CSapLowCredential::Initialize</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowProvider</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145016.745</time><lvl>4</lvl><msg>    } 0</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowProvider</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145016.745</time><lvl>4</lvl><msg>    { CSapLowCredential::SetCredential()</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCredential::SetCredential()</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145016.745</time><lvl>3</lvl><msg>      m_pWorkFlow-&gt;Advise()</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowProvider</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145016.745</time><lvl>4</lvl><msg>    } 0</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145016.745</time><lvl>4</lvl><msg>  { CSapLowCrpIdmCred::SetInitialize</msg></logentry><logentry><app>LogonUI</app><mod>SetInitialize</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145016.745</time><lvl>3</lvl><msg>    SetScreen_EnterUsername()</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145016.745</time><lvl>4</lvl><msg>    { CSapLowCrpIdmCred::SetScreen_EnterUsername</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145016.745</time><lvl>4</lvl><msg>    } 0</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145016.745</time><lvl>4</lvl><msg>  } 0</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowProvider</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145016.745</time><lvl>4</lvl><msg>  } 0</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowProvider</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145016.745</time><lvl>4</lvl><msg>} 0</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowProvider</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145017.730</time><lvl>4</lvl><msg>{ CSapLowCredential::SetSelected</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCredential::SetSelected</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145017.730</time><lvl>3</lvl><msg>  m_pWorkFlow-&gt;Start()</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145017.730</time><lvl>4</lvl><msg>  { CSapLowCrpIdmCred::Start</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred::Start</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145017.730</time><lvl>3</lvl><msg>    CreateThread(&amp;Workflow)</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145017.730</time><lvl>4</lvl><msg>  }</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCredential::SetSelected</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145017.730</time><lvl>3</lvl><msg>  WaitForWorkFlow()</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred</mod><sid>3</sid><pid>2192</pid><tid>216</tid><time>20130927145017.730</time><lvl>4</lvl><msg>{ CSapLowCrpIdmCred::Workflow()</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred::Workflow</mod><sid>3</sid><pid>2192</pid><tid>216</tid><time>20130927145017.730</time><lvl>3</lvl><msg>  Process_StartLogonHelp()</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred</mod><sid>3</sid><pid>2192</pid><tid>216</tid><time>20130927145017.730</time><lvl>4</lvl><msg>  { CSapLowCrpIdmCred::Process_StartLogonHelp</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred::Process_StartLogonHelp</mod><sid>3</sid><pid>2192</pid><tid>216</tid><time>20130927145017.730</time><lvl>3</lvl><msg>    SetScreen_EnterUsername()</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred</mod><sid>3</sid><pid>2192</pid><tid>216</tid><time>20130927145017.730</time><lvl>4</lvl><msg>    { CSapLowCrpIdmCred::SetScreen_EnterUsername</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred</mod><sid>3</sid><pid>2192</pid><tid>216</tid><time>20130927145017.730</time><lvl>4</lvl><msg>    } 0</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowProvider</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145017.730</time><lvl>4</lvl><msg>} 0</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred::Process_StartLogonHelp</mod><sid>3</sid><pid>2192</pid><tid>216</tid><time>20130927145022.136</time><lvl>3</lvl><msg>    GetQuestionList()</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred</mod><sid>3</sid><pid>2192</pid><tid>216</tid><time>20130927145022.136</time><lvl>4</lvl><msg>    { CSapLowCrpIdmCred::GetQuestionList</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred::GetQuestionList</mod><sid>3</sid><pid>2192</pid><tid>216</tid><time>20130927145022.136</time><lvl>3</lvl><msg>      `–Ó </msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred::GetQuestionList</mod><sid>3</sid><pid>2192</pid><tid>216</tid><time>20130927145022.230</time><lvl>3</lvl><msg>      GetHttpsW response: {&quot;ENTRIES&quot;:{&quot;MX_AUTHQ_003&quot;:{&quot;VALUE&quot;:&quot;&quot;,&quot;DISPLAYNAME&quot;:&quot;What is your pet's name?&quot;,&quot;DISPLAYVALUE&quot;:&quot;&quot;},&quot;MX_PASSWORD&quot;:{&quot;VALUE&quot;:&quot;&quot;,&quot;DISPLAYNAME&quot;:&quot;Password&quot;,&quot;DISPLAYVALUE&quot;:&quot;&quot;},&quot;MX_AUTHQ_002&quot;:{&quot;VALUE&quot;:&quot;&quot;,&quot;DISPLAYNAME&quot;:&quot;What make of car do you drive?&quot;,&quot;DISPLAYVALUE&quot;:&quot;&quot;},&quot;MSKEYVALUE&quot;:{&quot;VALUE&quot;:&quot;&quot;,&quot;DISPLAYNAME&quot;:&quot;Unique ID&quot;,&quot;DISPLAYVALUE&quot;:&quot;&quot;},&quot;MX_AUTHQ_001&quot;:{&quot;VALUE&quot;:&quot;&quot;,&quot;DISPLAYNAME&quot;:&quot;What is your favorite color?&quot;,&quot;DISPLAYVALUE&quot;:&quot;&quot;}},&quot;MX_REST_SUCCESS&quot;:true}</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred::GetQuestionList</mod><sid>3</sid><pid>2192</pid><tid>216</tid><time>20130927145022.230</time><lvl>3</lvl><msg>      ParseResponse</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred::GetQuestionList</mod><sid>3</sid><pid>2192</pid><tid>216</tid><time>20130927145022.230</time><lvl>3</lvl><msg>      The number of the security questions returned for user 'KBAHIA' is 0 or 'MX_REST_SUCCESS=FALSE' was returned. The response is: {&quot;ENTRIES&quot;:{&quot;MX_AUTHQ_003&quot;:{&quot;VALUE&quot;:&quot;&quot;,&quot;DISPLAYNAME&quot;:&quot;What is your pet's name?&quot;,&quot;DISPLAYVALUE&quot;:&quot;&quot;},&quot;MX_PASSWORD&quot;:{&quot;VALUE&quot;:&quot;&quot;,&quot;DISPLAYNAME&quot;:&quot;Password&quot;,&quot;DISPLAYVALUE&quot;:&quot;&quot;},&quot;MX_AUTHQ_002&quot;:{&quot;VALUE&quot;:&quot;&quot;,&quot;DISPLAYNAME&quot;:&quot;What make of car do you drive?&quot;,&quot;DISPLAYVALUE&quot;:&quot;&quot;},&quot;MSKEYVALUE&quot;:{&quot;VALUE&quot;:&quot;&quot;,&quot;DISPLAYNAME&quot;:&quot;Unique ID&quot;,&quot;DISPLAYVALUE&quot;:&quot;&quot;},&quot;MX_AUTHQ_001&quot;:{&quot;VALUE&quot;:&quot;&quot;,&quot;DISPLAYNAME&quot;:&quot;What is your favorite color?&quot;,&quot;DISPLAYVALUE&quot;:&quot;&quot;}},&quot;MX_REST_SUCCESS&quot;:true}</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred</mod><sid>3</sid><pid>2192</pid><tid>216</tid><time>20130927145022.230</time><lvl>4</lvl><msg>    } 1</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred::Process_StartLogonHelp</mod><sid>3</sid><pid>2192</pid><tid>216</tid><time>20130927145022.230</time><lvl>3</lvl><msg>    GetQuestionList() = S_FALSE</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred</mod><sid>3</sid><pid>2192</pid><tid>216</tid><time>20130927145022.230</time><lvl>4</lvl><msg>  } 1</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred::Workflow</mod><sid>3</sid><pid>2192</pid><tid>216</tid><time>20130927145022.230</time><lvl>3</lvl><msg>  Process_StartLogonHelp()</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred</mod><sid>3</sid><pid>2192</pid><tid>216</tid><time>20130927145022.230</time><lvl>4</lvl><msg>  { CSapLowCrpIdmCred::Process_StartLogonHelp</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred::Process_StartLogonHelp</mod><sid>3</sid><pid>2192</pid><tid>216</tid><time>20130927145022.230</time><lvl>3</lvl><msg>    SetScreen_EnterUsername()</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred</mod><sid>3</sid><pid>2192</pid><tid>216</tid><time>20130927145022.230</time><lvl>4</lvl><msg>    { CSapLowCrpIdmCred::SetScreen_EnterUsername</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred</mod><sid>3</sid><pid>2192</pid><tid>216</tid><time>20130927145022.230</time><lvl>4</lvl><msg>    } 0</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowProvider</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145024.824</time><lvl>4</lvl><msg>{ CSapLowCredential::SetDeselected</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCredential::SetDeselected</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145024.824</time><lvl>3</lvl><msg>  m_pWorkFlow-&gt;Stop()</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145024.824</time><lvl>4</lvl><msg>  { CSapLowCrpIdmCred::Stop</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred::Stop</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145024.824</time><lvl>3</lvl><msg>    m_pCallback-&gt;CB_ReleaseGUI()</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred::Stop</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145024.824</time><lvl>3</lvl><msg>    WaitForSingleObject()</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred</mod><sid>3</sid><pid>2192</pid><tid>216</tid><time>20130927145024.824</time><lvl>4</lvl><msg>  } 0</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred::Workflow</mod><sid>3</sid><pid>2192</pid><tid>216</tid><time>20130927145024.824</time><lvl>3</lvl><msg>  SetEvent()</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred</mod><sid>3</sid><pid>2192</pid><tid>216</tid><time>20130927145024.824</time><lvl>4</lvl><msg>} 0</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred::Stop</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145024.824</time><lvl>3</lvl><msg>    CloseHandle(m_hExitEvent)</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145024.824</time><lvl>4</lvl><msg>  } 0</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowProvider</mod><sid>3</sid><pid>2192</pid><tid>2536</tid><time>20130927145024.824</time><lvl>4</lvl><msg>} 0</msg></logentry></LogFile>

=========================================================================

Any ideas?

keith_zhang
Active Participant
0 Kudos

Hello Leandro,

It seems the connection-related issue happened just at the beginning when logon help tries to retrive the security questions from identity store. Have you checked SAP note 1806098 about XSRF protection if your system version is relevant(section "configuring logon help" of the guide)? If no problem for that, have you already set highest trace level 5 so that it may produce more detail info?

BR, Keith

0 Kudos

Our system is on SP07, so the SAP Note about the XSRF protection does not apply. We already set the trace level to 5 but no extra information is given.

Do you have a other idea or sugestions?

bxiv
Active Contributor
0 Kudos

I assume you meet these pre-reqs?

  • You are running SAP NetWeaver Identity Management Identity Center 7.2 SP 6 or higher in the required technical system landscape. (Yep)
  • The host computer runs Microsoft Windows 7 32-bit or 64-bit. (?)
  • You have configured a password reset task. (Assuming Yep)

How bout this?

     The port must be protected with transport layer security (TLS). Logon Help rejects      connections that are not protected by HTTPS.

And probably an answer as to why a higher logging level didn't help:

  • If the user has any connection-related problems, he or she gets Could not connect to IDM server error message. In such cases he or she has to contact system administrator to check a Log file for details about the error cause. This behavior prevents attackers from learning too much about how the user accounts are protected. For more information about the trace levels and the Log file, see Options of the Logon Help Policy File.
0 Kudos

- Yes, my System meet all pre-reqs.

- The HTTPS are correctly configured on my IdM Server.

- The policy is pointing to the HTTPS port, should I open a OSS message?

Did you successfully implemented this solution?

Thanks.

bxiv
Active Contributor
0 Kudos

Your system meets the pre-reqs?  The host computer isn't a system, I just want to make sure glima's PC is Windows 7.

Take note that SSL and TLS perform encryption, having HTTPS does not necessarily mean you have TLS functioning.

An OSS message may not be a bad idea, as SAP will be able to connect to your system and review something and provide some input on where the issue is for you.

My company does not have IdM in place, I have setup the servers and have sat through a M$ FIM 2010 installation/configuration; so I understand the concepts, but nothing for me to review in a production environment.

That being said one of the security folks that work with me is going to start putting in some time to IdM as the current issue is that no one wants to decide on which product (M$ or SAP) to use for the management...which is fine by me printing and Solution Manager are more then enough time ****!  

keith_zhang
Active Participant
0 Kudos

Hello Leandro,

As per note 1806098, the security correction is available since 7.2 SP07 patch 1(IDMIC), but it also depends on the AS Java system version so that the new protection mechanism will be used.

Maybe you can also have a quick check followings before opening OSS message to proceed further:

1. SSL trust relationship between AS Java and your client is correctly setted up?

2. REST application "tc~idm~jmx~rest~app" started and ran no problem?

3. Your UME datasource already mapped to this ADS?(refer to the guide)

BR, Keith

0 Kudos

Hi Billy,

Yes, the client uses Windows 7.

How can I activate the TLS if this is not default activated automatic in HTTPS?

Thanks.

0 Kudos

Hi Keith,

 

This note are accord with the version.

About the 3 questions above. Yes, are OK too.

Thanks.

bxiv
Active Contributor
0 Kudos

It may be active and you just have a protocol disagreement on the IdM server and the Windows domain...

Can you confirm how you setup UME on the Java stack?

Also interesting thing I found, by googling 'GetQuestionList() = S_FALSE' I had numerous returns with Microsoft hits.  Can you verify that the Windows domain is setup/knows about the security questions that are being held within the IdM server?

bxiv
Active Contributor
0 Kudos

So I see a

The retrieving of the sequrity questions for user 'glima' returned empty response or the execution of one of the methods - CWinHttpHelper::SendRequest or CLowCommon::ConvertAsciiToUnicode returned error.</msg></logentry><logentry><app>LogonUI</app><mod>CSapLowCrpIdmCred::Process_StartLogonHelp</mod><sid>1</sid><pid>1876</pid><tid>844</tid><time>20130910111427.179</time><lvl>3</lvl><msg>    GetQuestionList() = S_FALSE</msg>

Do you have security questions setup for the user?

0 Kudos

Yes, the user has the 5 security questions answered. The password reset works well as anonymous directly on User Interface ".../idm/pwdreset"