cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Logon Help: Could not connect to IDM server

Former Member

on ‎07-31-2014 9:18 AM

0 Kudos

Hi Experts,

I am working with IdM 7.2 SP08.

I followed this procedure to install the sap logon help. This message error is

http://help.sap.com/saphelp_nwidmic_72/helpdata/en/0d/71c8bb0f744c308c7b5e91657ddcbf/frameset.htm

All the prerequirements are OK: SSL, HTTPS, my computer (Windows 7 Pro 64) is connected to domain, etc.

I import the logonHelp.adm and enaled the server and the port.

Questions and answers are OK and the user "AdminUser" can modify his password via the web url ...idm/pwdreset.

In my compter Win 7 if I run regedit:

HKEY_LOCAL_MACHINE--> SOFTWARE --> SAP --> logonhelp

I cannot find IDM entries(IdmServerHost and IdmServerPort)..? I tried to add them manually but no success

Question2:

After importing the logonHelp.adm in Group Policy Management should I modify the content of logonHelp.adm file also?

In the trace.xml: I can read: the retrieving of the sequrity questions for the user "AdminUser" returned empty response or the execution on one of the methods CwinHttpHelper::SendRequest or CLowCommon::ConvertAsciiToUnicode returned error.

Can you please help? any missing step?

Thanks,

Nina

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

avatartest
Explorer
‎07-31-2014 1:15 PM
0 Kudos

Hello Nina,

I see that actually both your questions could be answered with almost the answer

In order to have the template in the Group Policy you should import this one (the file comes with the installation, I think) - IdM Logon Help Administrative template.

What I have done was:

1. Run gpedit.msc in Start Menu

2. Go to Local Computer Policy –> Computer Configuration –> right click on Administrative Templates

–> choose Add/Remove Templates… –> add LogonHelp.adm

3. Go to Local Computer Policy –> Computer Configuration –> Administrative Templates –> Classic Administrative Templates (ADM)  –> SAP AG –> IdM Logon Help

4. Then modify here the IDM Server Settings

(actually this is the place used from the Logon help component to read the settings and to know to what IdM Server to the requests)

And as for question 2 - no, you do not need to modify the file logonHelp.adm.


I hope this helps.


Kind regards,

Rali

Show replies
Show replies
Former Member
‎08-05-2014 11:00 AM
0 Kudos

Hello Rali,

So as you mention, I installed the Logon Help on my computer, imported the logonHelo on the Local Computer Policy as you described, and enable the server and the port as bellow:

server: servertest.company.com

Port: 50001

and keep the other entries as default (not configured).

As information, If I connected to the computer and runs https://servertest.company.com:50001/idm/pwdreset , I can get the user form with the configured questions. But I am still getting the same error.

So these steps are done on the computer side, what should be done also in the server side?

Thank you for your help,

Nina

Former Member
‎08-05-2014 4:53 PM
0 Kudos

Any help please on this topic ?

avatartest
Explorer
‎08-06-2014 3:01 PM
0 Kudos

Hi Nina,

Actually the Logon Help component uses the REST API provided by the IDM Server - so the address that is requested should be constructed like this:

https://<server>:<port>/idmrest/v72alpha/entries/0/tasks/pwdreset/{MSKEYVALUE}

As a hint - you can look in the Logs of the Application Server - in the http logs to see if you have received any HTTP requests from the Logon Help client.

Also in the Log of the Logon Help component too.

You should have in mind this  - as you will communicate through HTTPS you will need to:

1. You have configured and have access via SSL to the the IDM Server

2.  Add  the IdM Application Server Java Server SSL certificate to “Trusted Root Certification Authorities” in the client system

Kind Regards,

Rali

Former Member
‎08-14-2014 9:23 AM
0 Kudos

Hi Rali,

Thanks for your help, I didi all these stuf but still getting the same error.

I can run https://server:5xx01/idm and https://..../idm/pwdreset and from the cleint system it's works.

So I ckecked the log file in the server log viewer: and every time I run the Logon Help I get this warning:

in nwa:

Client certificate error.IP address

in server log:

"Attempting to create outgoing ssl connection without trusted certificates"

The server public certificate is imported in my client system. and the CA certificate is imported the trusted root certificates.

Thanks,

Nina

avatartest
Explorer
‎08-18-2014 10:45 AM
0 Kudos

Hi Nina,

I think  that this warning is coming from the fact that your server uses self-signed certificate - is this right?

Also - would you try to get the response exactly from the REST call to the IDM Server:

https://<server>:<port>/idmrest/v72alpha/entries/0/tasks/pwdreset/{MSKEYVALUE}


This should contain a JSON with the security questions for this user.


Kind Regards,

Rali

Former Member
‎08-18-2014 2:09 PM
0 Kudos

Hi Rali,

I really appreciate your following help to my problem.

Yes I am using a self signed certificate. and this certificate is imported as trusted certificate in the client system. Is that a problem to be self signed certificate even if I imported the CA certificate in the client system?

Yes I when I run the REST request for my user1234 and I am able to get a file starting with : MX_REST_SUCCESS:true and getting my 3 questions in the file result.

Regards,

Nina

Former Member
‎08-20-2014 2:54 PM
0 Kudos

Hi,

Any hint please for this self signed certificate problem?

Regards,

Nina

Former Member
‎03-29-2016 10:47 PM
0 Kudos

This message was moderated.

Ask a Question