DX NetOps

Hello once again,

Since the beginning of this week, any new user I create in the OneClick users tab is unable to launch Oneclick with the following error:

Now I have already seen this is a know anomolie and there is a fix in the update 10.2 however I don't have the possibility to update the server at this moment in time.

Symptom: When trying to create a user in a group, it gets created at root instead of the designated group. When users get created at root, it loses all its privileges and cannot log in to OneClick. 
Resolution: Users will be created properly under the designated group and will retain group's privileges as expected.
(10.2.0, DE200209, 00424835)

Is there any workaround or fix that I can implement myself to allow my users to connect to OneClick?

Thanks

What version of Spectrum are you running?

We have a patch for 10.1.1 as well:

10.01.01.PTF_10.1.136

I don’t see a patch at this time for 10.1.2 unfortunately…

Cheers

Jay

Hi Jay,

Currently all our servers are running 10.1.0 and I have to go through a long process in order to request the updates.

Is there any reason why this has only started this week, or any files I can modify to temporarily fix the issue?

Thanks

Hi Peter,

                I haven’t worked on this issue myself and unfortunately there isn’t much detail in the defect as to what the actual problem was in the code.  It looks to be a code problem, so I don’t see any file changes you can make to work around it.

I have no idea how this would just start out of the blue.   ☹

What happens if you create the user in the root area, then move the user to the Group? Can the user log in if you cycle tomcat?

The only other thing I can think is maybe clearing the user duplicate list:

https://www.ca.com/us/services-support/ca-support/ca-support-online/knowledge-base-articles.tec561657.html

Cheers

Jay

Thanks Jay,

Creating the user in the root area and then moving them to the correct group worked.

I will try and get the ball rolling on Spectrum updates  

Awesome!  Glad we found an easy workaround ☺

Anyone hear if there is a PTF for this yet?

There were two fixes for this for Spectrum 10.1.1, both were included in 10.2.0.  Is this your 10.2.0 environment?

Does your scenario match either of these;

PTF_10.1.121  TEC1659999

Problem:

When a user is created in a certain group, the user gets created automatically into the Root group instead of in the designated group. It will therefore loose all privileges of the group and cannot log into OneClick.

Cause:

When we create a new user it does a call back to OneClick indicating two things, "New User Added" and "User Changed". In this call back the user-group details are returned as null i.e., the "New User Added" update is overwriting the "User Changed" update and when OneClick receives this call back update with group-info as null, it then creates this user in the Root group instead of a designated group.

Resolution:

Fixed in Spectrum_10.01.01.PTF_10.1.121

In this solution, we have swapped the group_association process with role_association, i.e., we first do user_model creation then role association and then group_association so that we get the call back update separately.

1. As the group_association process is delayed the user_model creation will send its call back to OneClick and this update will have null group details as a result the user will be first created under Root.

2. Now once the role_association is completed (which does not have any call back to OneClick), we start the group_association where this user is associated with its group. This association sends a call back to OneClick indicating user_changed with new group association.

3. Once this update is received at the OneClick they move this user (which is created under Root) to the appropriate group and hence the user is finally created under the proper group.

Additional Information:

Spectrum_10.01.01.PTF_10.1.121 has been replaced with Spectrum_10.01.01.PTF_10.1.136, please see TEC1054355

PTF_10.1.136  TEC1054355

Problem:

After applying the Spectrum_PTF_10.1.121 customer has reported an issue with security community strings, i.e., when a user is created under a group then Ideally it should only inherit the group’s security communities but here we saw that along with group’s security communities it is also having additional ADMIN security community added to the user.

Resolution:

This issue has been addressed with Spectrum_PTF_10.1.136.

Spectrum_PTF_10.1.136 consists of Spectrum_PTF_10.1.121 + additional changes to overcome the security communities issue.

So in the future whenever we come across the user getting created under root issue then install Spectrum_PTF_10.1.136.

Additional Information:

Spectrum_PTF_10.1.136 has been delivered to Spectrum 10.2.

Thanks,

Rene’

Rene’ Cantwell

Support Delivery Manager

CA Technologies | 273 Corporate Dr Suite 200 | Portsmouth, NH 03801

Office: 603-334-2497 | Rene.Cantwell@ca.com

<mailto:Rene.Cantwell@ca.com>[CA]<http://www.ca.com/us/default.aspx>[Twitter]<http://twitter.com/CAInc>[Slideshare]<http://www.slideshare.net/cainc>[Facebook]<https://www.facebook.com/CATechnologies>[YouTube]<http://www.youtube.com/user/catechnologies>[LinkedIn]<http://www.linkedin.com/company/1372?goback=.cps_1244823420724_1>[Google]<https://plus.google.com/CATechnologies>[Google+]<http://www.ca.com/us/rss.aspx?intcmp=footernav>

Rene,

Thanks.  I fixed the issue by the following:

o   On the MLS, change directory (cd) to vnmsh and type ./connect to connect to CLI

o   Get the user model handle from OCS USERS tab, Component Detail, Advanced

o   ./update action=0x10103 mh=

It took several minutes before the user was able to log in, but the procedure worked nevertheless.

Thanks again,

Mark Parkin

703-563-8122

Thanks for posting the soluiton. 

May i ask what the action code does exactly? 

It’s explained here:

https://www.ca.com/us/services-support/ca-support/ca-support-online/knowledge-base-articles.tec561657.html

Cheers

Jay