Skip to Content
author's profile photo Former Member
Former Member

RAR not sending alert mails

Dear experts,

We are working with a Access Control 5.3 SP12 implementation.

When configuring alets, RAR is generating alerts (we can see them in the Monitor Alerts Tab), but notification mails are not being sent. We checked that every risk has a Risk Owner assigned with his corresponding email address and also checked the box for sending notification when scheduling the alert job in the Configuration Tab.

Here is an extract of the log, where I can see that, there is a problem with the authetication of a user, but cant undestand very well what user is causing the problem and where is trying to authenticate.

Thanks very much in advance.

INFO: -


Scheduling Job =>946----


#

#1.5#001A4B06312800400000001600019D7B0004B85E869EE3D4#1328616031839#System.err#sap.com/tcwddispwda#System.err#Guest#0##n/a##af1d2559510711e1cdc3001a4b063128#SAPEngine_Application_Thread[impl:3]_34##0#0#Error##Plain###Feb 7, 2012 9:00:31 AM com.virsa.cc.xsys.bg.BgJob run

INFO: --- Starting Job ID:946 (GENERATE_ALERT) - Alertas

#

#1.5#001A4B06312800400000001700019D7B0004B85E869F3A1C#1328616031861#System.err#sap.com/tcwddispwda#System.err#Guest#0##n/a##af1d2559510711e1cdc3001a4b063128#SAPEngine_Application_Thread[impl:3]_34##0#0#Error##Plain###Feb 7, 2012 9:00:31 AM com.virsa.cc.xsys.bg.BgJob setStatus

INFO: Job ID: 946 Status: Running

#

#1.5#001A4B06312800400000001800019D7B0004B85E869F52B7#1328616031867#System.err#sap.com/tcwddispwda#System.err#Guest#0##n/a##af1d2559510711e1cdc3001a4b063128#SAPEngine_Application_Thread[impl:3]_34##0#0#Error##Plain###Feb 7, 2012 9:00:31 AM com.virsa.cc.xsys.bg.dao.BgJobHistoryDAO insert

INFO: -


Background Job History: job id=946, status=1, message=Alertas started :threadid: 2

#

#1.5#001A4B06312800400000001900019D7B0004B85E869F874F#1328616031881#System.err#sap.com/tcwddispwda#System.err#Guest#0##n/a##af1d2559510711e1cdc3001a4b063128#SAPEngine_Application_Thread[impl:3]_34##0#0#Error##Plain###Feb 7, 2012 9:00:31 AM com.virsa.cc.xsys.bg.BgJob alertGen

INFO: @@@ Alert Generation Started @@@

#

#1.5#001A4B06312800400000001A00019D7B0004B85E869FC562#1328616031896#System.err#sap.com/tcwddispwda#System.err#Guest#0##n/a##af1d2559510711e1cdc3001a4b063128#SAPEngine_Application_Thread[impl:3]_34##0#0#Error##Plain###Feb 7, 2012 9:00:31 AM com.virsa.cc.xsys.bg.BgJob alertGen

INFO: @@@ Conflict Risk Input has 1 records @@@

#

#1.5#001A4B06312800400000001B00019D7B0004B85E869FCCFD#1328616031898#System.err#sap.com/tcwddispwda#System.err#Guest#0##n/a##af1d2559510711e1cdc3001a4b063128#SAPEngine_Application_Thread[impl:3]_34##0#0#Error##Plain###Feb 7, 2012 9:00:31 AM com.virsa.cc.xsys.bg.BgJob alertGen

INFO: @@@ Critical Risk Input has 1 records @@@

#

#1.5#001A4B06312800400000001C00019D7B0004B85E869FD43C#1328616031900#System.err#sap.com/tcwddispwda#System.err#Guest#0##n/a##af1d2559510711e1cdc3001a4b063128#SAPEngine_Application_Thread[impl:3]_34##0#0#Error##Plain###Feb 7, 2012 9:00:31 AM com.virsa.cc.xsys.bg.BgJob alertGen

INFO: @@@ Mitigation Monitor Control Input has 1 records @@@

#

#1.5#001A4B06312800400000001D00019D7B0004B85E869FE2E8#1328616031904#System.err#sap.com/tcwddispwda#System.err#Guest#0##n/a##af1d2559510711e1cdc3001a4b063128#SAPEngine_Application_Thread[impl:3]_34##0#0#Error##Plain###Feb 7, 2012 9:00:31 AM com.virsa.cc.comp.BackendAccessInterface alertGenerate

INFO: @@@@@ Backend Access Interface execution has been started @@@@@

#

#1.5#001A4B06312800150000003E00019D7B0004B85E86BC1F5D#1328616033754#System.err#sap.com/tcwddispwda#System.err#EDellors#5325##n/a##4be4a2b2518211e1a752001a4b063128#SAPEngine_Application_Thread[impl:3]_33##0#0#Error##Plain###rootText:Job de fondo#

#1.5#001A4B06312800400000001E00019D7B0004B85E8F14A5E5#1328616173774#System.err#sap.com/tcwddispwda#System.err#Guest#0##n/a##af1d2559510711e1cdc3001a4b063128#SAPEngine_Application_Thread[impl:3]_34##0#0#Error##Plain###Feb 7, 2012 9:02:53 AM com.virsa.cc.comp.BackendAccessInterface alertGenerate

INFO: -


No of Records Inserted in ALTCDLOG =>322 For System =>D01 -


#

#1.5#001A4B06312800400000001F00019D7B0004B85E8F1BDD94#1328616174241#com.sap.engine.services.security.authentication.loginmodule.spnego.SPNegoLoginModule#sap.com/tcwddispwda#com.sap.engine.services.security.authentication.loginmodule.spnego.SPNegoLoginModule#Guest#0##n/a##af1d2559510711e1cdc3001a4b063128#SAPEngine_Application_Thread[impl:3]_34##0#0#Error##Java###Acquiring credentials for realm MYCOMPANY.CL failed

[EXCEPTION]

#1#GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new ACCEPT credentials failed!) at sun.security.jgss.krb5.Krb5AcceptCredential.getKeyFromSubject(Krb5AcceptCredential.java:189) at sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.java:80) at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:75) at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:149) at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:334) at sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:44) at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:102) at com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper.acquireCredentialsInCurrentThread(ConfigurationHelper.java:206) at com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper.access$000(ConfigurationHelper.java:29) at com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper$RunnableHelper.run(ConfigurationHelper.java:301) Caused by: com.sap.engine.services.security.exceptions.BaseLoginException: Cannot authenticate the user. at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:180) at java.security.AccessController.doPrivileged(Native Method) at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:181) at com.sap.engine.system.SystemLoginModule.login(SystemLoginModule.java:90) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607) at javax.security.auth.login.LoginContext.login(LoginContext.java:534) at sun.security.jgss.LoginUtility.run(LoginUtility.java:57) at java.security.AccessController.doPrivileged(Native Method) at sun.security.jgss.krb5.Krb5AcceptCredential.getKeyFromSubject(Krb5AcceptCredential.java:186) ... 9 more Caused by: javax.security.auth.login.LoginException: Invalid DES Key! at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:175) ... 25 more Caused by: KrbException: Invalid DES Key! at sun.security.krb5.internal.crypto.u.a(DashoA12275:82) at sun.security.krb5.internal.crypto.u.a(DashoA12275:58) at sun.security.krb5.EncryptedData.<init>(DashoA12275:90) at sun.security.krb5.KrbAsReq.a(DashoA12275:356) at sun.security.krb5.KrbAsReq.<init>(DashoA12275:278) at sun.security.krb5.KrbAsReq.<init>(DashoA12275:82) at sun.security.krb5.Credentials.a(DashoA12275:399) at sun.security.krb5.Credentials.acquireTGT(DashoA12275:380) at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:629) at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:511) at com.sap.engine.services.security.login.LoginModuleLoggingWrapperImpl.login(LoginModuleLoggingWrapperImpl.java:185) at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:70) ... 25 more # #1.5#001A4B06312800400000002100019D7B0004B85E8F1FDD77#1328616174503#com.sap.engine.services.security.authentication.loginmodule.spnego.SPNegoLoginModule#sap.com/tcwddispwda#com.sap.engine.services.security.authentication.loginmodule.spnego.SPNegoLoginModule#Guest#0##n/a##af1d2559510711e1cdc3001a4b063128#SAPEngine_Application_Thread[impl:3]_34##0#0#Error##Java###Acquiring credentials for realm MYCOMPANY.CL failed [EXCEPTION] #1#GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new ACCEPT credentials failed!)

at sun.security.jgss.krb5.Krb5AcceptCredential.getKeyFromSubject(Krb5AcceptCredential.java:189)

at sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.java:80)

at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:75)

at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:149)

at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:334)

at sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:44)

at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:102)

at com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper.acquireCredentialsInCurrentThread(ConfigurationHelper.java:206)

at com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper.access$000(ConfigurationHelper.java:29)

at com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper$RunnableHelper.run(ConfigurationHelper.java:301)

Caused by: com.sap.engine.services.security.exceptions.BaseLoginException: Cannot authenticate the user.

at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:180)

at java.security.AccessController.doPrivileged(Native Method)

at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:181)

at com.sap.engine.system.SystemLoginModule.login(SystemLoginModule.java:90)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

at java.lang.reflect.Method.invoke(Method.java:324)

at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)

at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)

at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)

at java.security.AccessController.doPrivileged(Native Method)

at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)

at javax.security.auth.login.LoginContext.login(LoginContext.java:534)

at sun.security.jgss.LoginUtility.run(LoginUtility.java:57)

at java.security.AccessController.doPrivileged(Native Method)

at sun.security.jgss.krb5.Krb5AcceptCredential.getKeyFromSubject(Krb5AcceptCredential.java:186)

... 9 more

Caused by: javax.security.auth.login.LoginException: Invalid DES Key!

at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:175)

... 25 more

Caused by: KrbException: Invalid DES Key!

at sun.security.krb5.internal.crypto.u.a(DashoA12275:82)

at sun.security.krb5.internal.crypto.u.a(DashoA12275:58)

at sun.security.krb5.EncryptedData.<init>(DashoA12275:90)

at sun.security.krb5.KrbAsReq.a(DashoA12275:356)

at sun.security.krb5.KrbAsReq.<init>(DashoA12275:278)

at sun.security.krb5.KrbAsReq.<init>(DashoA12275:82)

at sun.security.krb5.Credentials.a(DashoA12275:399)

at sun.security.krb5.Credentials.acquireTGT(DashoA12275:380)

at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:629)

at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:511)

at com.sap.engine.services.security.login.LoginModuleLoggingWrapperImpl.login(LoginModuleLoggingWrapperImpl.java:185)

at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:70)

... 25 more

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

1 Answer

  • Posted on Feb 07, 2012 at 02:53 PM

    Maybe you can switch the log level to DEBUG to see where exactly this fails.

    It looks like you're using SPNEGO based SSO login - is it possible that your inter-process web service user can't login properly? RAR uses web services to do it's thing, seems these try to login with the web service user but can't.

    MYCOMPANY.CL also looks like a bit of unfinished config...

    You may need to give us a bit more detail regarding your setup.

    Frank.

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.