11.3 Join Proxy

I have a single ZCM server and have computers outside our School District that I would like to be able to remote to. Along comes 11.3 and the Join Proxy. As a test I have installed the 11.3 agent on my Home computer and opened up http (port 80), https (443) and port 7019 (tcp/udp) through my School District firewall. I was able to register my Home Computer in ZCC , I created a location that has the Join Proxy server role with my ZCM server listed but any attempt to remote control the Home PC is met with an error that the workstation is NOT connected to the Join Proxy. If I relax the District firewall and open all ports to the ZCM public IP, I can remote to my home PC but the ZCC agent status never shows a Green Dot only a message "Unable to connect to the agent service through the IP Address or DNS" . I have read through the docs a couple of times and watched the video showing how easy Join Proxy is but can't find anything telling me what ports all need to be opened to make this work as shown in the video.
Anybody else using this new feature????? And any additional things you did to make it work??
Thanks!

"It sounds like your customer doesn't have a Primary Server that the
device being managed can connect to. They need to be able to connect to
both the join proxy and a primary server for this to work as described
in the documentation."
On 5/29/2014 4:38 PM, CRAIGDWILSON wrote:
> Let me ask around.
> I am not aware of this limitation, but that does not mean one does not
> exist.
>
> On 5/29/2014 3:46 PM, scraig15 wrote:
>> We were able to remote control a laptop through the Join Proxy if we
>> enable password based authentication. However, If we use rights based
>> Authentication we get an error that says. The managed device was unable
>> to contact the ZENworks server. I didn't see anything in the
>> documentation about not being able to use rights based Authentication.
>
>
Craig Wilson - MCNE, MCSE, CCNA
Novell Technical Support Engineer
Novell does not officially monitor these forums.
Suggestions/Opinions/Statements made by me are solely my own.
These thoughts may not be shared by either Novell or any rational human.

Similar Messages

Disabling join proxy settings

Hi all: How do I disable the join proxy settings for the ZCM clients? All my clients have this enabled somehow - I did not do it - and it is annoying to have to go in the turn this off whenever I have to work on a remote machine.
Thanks, Chris.

I see the error. Thanks. And If I ever want to use the join proxy, I assume I have to edit the network location to include that server??
>>> Shaun Pond<[email protected]> 11/17/2014 12:11 PM >>>
Cmosentine,
> I did not do it
well someone did... check the location, does it have a Join Proxy set?
Shaun Pond
newly reminted as a Knowledge Professional

11.3 upgrade and printer policy deleting default setting

Noticed something strange since since the upgrade to 11.3 on as far as I can
tell all of our Win7x64 machines. I have our printer policies assigned to
the machines using Network (SMB / HTTP) printers. No printer is set to
default in any of the polices. When a user logs in their default setting
from the previous day is gone and no printer is set as default.
Under HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
there is a string value 'Device' that contains the users printer that is set
to default. When the user logs off in the evening I can see this value is
there at that point. After logging in the next day the value is gone. I
then tried logging the user out of Zenworks via the tray icon, the key is
still there. Then log them back in via the tray icon and very shortly after
the key goes away. So something has changed from 11.2.4MU1 to 11.3.
Anyone else seeing something similar?
Jim Koerner
Server - ZCM 11.3 and Internal Database on Win2008R2x64
Clients - ZCM 11.3 on Win7SP1x64

Good catch.
But when's a fix coming. I've got a client that needs the join proxy.
I can't get that without a upgrade to 11.3.
Unfortunately, they just rolled out ~700 Win7/64 machines with ZCM
delivered printers with another 1200 to go out in the next 6 weeks.
Many or these are clinical nursing stations. I simply cannot have them
losing their default printer.
Does anyone know when this, and the bundle deployment issue that was
also discovered recently, will be fixed?
Regards,
Don
"Jim Koerner" <[email protected]> wrote:
Did an SR on this and it looks like it is famous now! It won the
coveted
TID award.
http://www.novell.com/support/kb/doc.php?id=7014808
Jim
"Jim Koerner" wrote in message
news:%zIWu.6777$[email protected] l.com...
Noticed something strange since since the upgrade to 11.3 on as far as
I can
tell all of our Win7x64 machines. I have our printer policies
assigned to
the machines using Network (SMB / HTTP) printers. No printer is set
to
default in any of the polices. When a user logs in their default
setting
from the previous day is gone and no printer is set as default.
Under HKEY_CURRENT_USER\Software\Microsoft\Windows
NT\CurrentVersion\Windows
there is a string value 'Device' that contains the users printer that
is set
to default. When the user logs off in the evening I can see this
value is
there at that point. After logging in the next day the value is gone.
I
then tried logging the user out of Zenworks via the tray icon, the key
is
still there. Then log them back in via the tray icon and very shortly
after
the key goes away. So something has changed from 11.2.4MU1 to 11.3.
Anyone else seeing something similar?
Jim Koerner
Server - ZCM 11.3 and Internal Database on Win2008R2x64
Clients - ZCM 11.3 on Win7SP1x64

Rights authentication failed

Hi All,
I have deployed a remote control policy to a clients workstations.
Almost all of the workstations allow remote access when requested.
2...

We have been testing the Join proxy and I am not able to remove it in the workstation settings. I have removed the join proxy server setting from all...

POODLE Vulnerabilities on ports 61491 thru 61495

ZCM 11.3.2
After applying TID 7015826 our vulnerability scanner is still detecting
the POODLE vulnerability on ports 61491 thru 61495.
I contacted Novell support and was told the services on these ports have
ZEN in their name but belong to Java services and that I will need to
pursue remediation via Java resources. Support did provide the
following information:
Health service requests listen on the following ports:
61495 zenserver
61491 zenloader
61493 zen casa
61492 zen join proxy
61494 zen xplat agent
A jmxc bean is used to access that port to get the health information.
JMX is Java Management Extensions:
http://www.oracle.com/technetwork/ja...ement-140525.h
tml
zenserver service loads with JMX:
ZEN_JMX_OPTS="-Dcom.novell.zenworks.jmxremote.port=61495
-Dcom.sun.management.jmxremote.ssl=true
-Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.ssl.need.client.auth =true"
loaded by the following scripts:
zenserver /etc/init.d/novell-zenserver
zenloader /opt/novell/zenworks/bin/zenloader
casa: /etc/CASA/authtoken/svc/envvars
join proxy /etc/init.d/novell-zenjoinproxy
agent /etc/init.d/novell-zenworksxplatzmd
Configuration file: %ZENWORKS_HOME%\conf\probe.properties or
/etc/opt/novell/zenworks.probe.properties
I followed the link to the Oracle information concerning JMX, but didn't
find anything to help me figure out how to remediate the POODLE
vulnerability.
Has anyone found a way to remediate the POODLE vulnerability on ports
61491 thru 61495? Any suggestions on how to proceed?
Thank you,
Brad Johnson

Brad,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://www.novell.com/support and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Forums Team
http://forums.novell.com

Propagating Error from Split join to Calling Proxy Service

Hi All,
In our project we are calling a split join service, from a Proxy Service, which in turn calls another Proxy Service.
i.e:
Proxy Service1 (PS1) <-> SplitJoin Service (SjS) <-> Proxy Service2 (PS2)
Requirement:
All the service calls are two way service calls and local protocol is being used. When an error occurs in PS2 we need to propagate the error with detailed error details to the PS1 via the SjS in order to achieve the following
1. Achieving rollback of the Transaction
2. Logging the detailed error report of PS2 in PS1
Issue:
But we are not getting the detailed error in the PS1. On further analysis we found dat the fault variable in the split join is empty in its error handling flow.
We have used reply with error activity in PS2 to propagate the fault to the split join and reply with soap fault option in split join to propagate the fault to the PS1.
We need to propagate the detailed report as error only, in order to achieve the rollback. So kindly suggest me the ways to get the detailed error report in PS1? i.e: getting the detailed error report of PS2 in split join fault variable and propagating the same to PS1.
Regards,
Balaji R

Balaji,
Try to enable Execution and Message(Terse Level) Tracing for the OSB services to see where fault message is going
and
In PS2 try with Reply with Success.
as Reply with failure returns the fault variable back and Reply with success will send the content of (PS2)$body back as a response and then u can capture the fault from faulted body and send it to PS1.
Regards,
Abhinav Gupta
Edited by: Abhinav on Aug 28, 2012 3:06 PM

Attribute handling in Sun Java Directory Proxy Server join data views

Hi all,
I've configured a join data view and want to get rid of the duplicated attributes that show up in the search results since they are present in the primary and the secondary data view. The documentation says that this behaviour is configurable to return only the values of the primary data view but I can't find any information how to do it.
Can anybody shed some light on this?
Thanks and regards
Geli

Hi,
If an attribute is present on both sides and if you want to consider the value(s) from one side only, use the viewable-attr or non-viewable-attr property at the data view level. You can specify which attribute(s) are /are not exposed by that data view (policy for read and write may differ).
For more details, have a look at [http://docs.sun.com/app/docs/doc/819-0986/non-viewable-attr-5dpconf?l=ko&a=view|http://docs.sun.com/app/docs/doc/819-0986/non-viewable-attr-5dpconf?l=ko&a=view]

Internal load balancer for ADFS, Web Application Proxy join problem

Hello,
we deployed 2 x ADFS (2012 R2) behind a internal Azure load balancer.
In front are two WAP servers, which should be joined to the ADFS farm based on the internal load balancer IP.
Unfortunately the WAPs fail to join and sometimes after 5 tries it works. The problem is (based on the event logs) that the ADFS Servers dont trust the WAP certificate.
It seems, that during the join process the ADFS internal load balancer does not stick to one ADFS server. If we join the WAP directly (without the ILB) to one of the ADFS servers, everything works fine.
As soon as we try to join via the ADFS internal load balancer IP, the abover occurs.
Did anyone experience the same problems? How does the internal load balancer distribute the requests? Seems to be not sticky at all.
Thanks for any Feedback,
Thomas

Thomas -
This article talks (in detail) about a recently updated distribution mode - Source IP affinity.
http://azure.microsoft.com/blog/2014/10/30/azure-load-balancer-new-distribution-mode/
Hope this helps!
/Arvind

How to use proxy settings to join a Remote Server ?

I have a problem to configure a Remote Server : my portal is behind a proxy, to access to the remote server, I have to make some proxy settings. I've tried to use -Dhttp.proxyHost and -Dhttp.proxyPort but they have no effect
It seems like that the portal ignore completely my proxy settings
Any idea to resolve this ?
Thanks

I've resolved it : proxy settings can be modified in <PT_HOME>/settings/common/serverconfig.xml
It was not easy to find it, there's no doc talking about this

Joining a work network using wireless and proxy servers

Hi,
I have just arrived at a new work location, where we have an afterhours user network that we can connect to in our accommodation. I have had continual trouble trying to connect to the network, and have taken my MacBook to the geeks who provide the network. They can't fix the problem either (and are reluctant to as they don't like Mac's).
The problem is exactly as follows:
My airport instantly identifies the network. I need a password to connect to the network name, and this seems to work, but when I run the diagnostics it shows that the airport, airport settings and network settings are all green; but ISP, internet and server are red and failed.
Next I click on advanced, and the geeks informed me that I need to set up a Web Proxy (HTTP), Secure Web Proxy (HTTPS), FTP Proxy and SOCKS Proxy. They have all been done correctly with the same login and password (which was provided by the geeks). Now they have watched me do this and tried themselves, and they tell me it is correct and has worked previously on other peoples Mac's this exact way.
But for some reason after applying all this and even restarting the computer just incase, the ISP and onwards still fail to connect.

The good news is that the basic roaming network setup is the same with the newer 6.x version of the AirPort Utility.
Here are some step-by-step instructions using the 6.x version of the AirPort Utility.
First, there are a few key elements to successfully configuring a roaming network, and they are:
All of the base station must be interconnected by Ethernet. Note: You can use non-Apple routers in this type of network.
All base stations must have unique Base Station Names.
All base stations must use the same Radio Mode and Wireless Security Type/Password.
Each base station should be on a different Radio Channel. Using "Automatic" works well here.
All base stations, other than the "main" base station, must be reconfigured as a bridge.
Let's start with the "main" base station. This will be the one directly connected to the Internet modem:
AirPort Utility > Select the "main" base station > Edit
Base Station tab > Base Station Name > Enter a unique name here
Internet tab > Connect Using: DHCP
Wireless tab > Network Mode: Create a wireless network > Wireless Network Name > Enter the desired name. This will be used on all base stations > Wireless Security: WPA2 Personal (recommended) > Wireless Password > Enter the desired wireless password. This will be used on all base stations.
Network tab > Router Mode: DHCP and NAT
Click on Update
For each additional base station added to the roaming network:
AirPort Utility > Select the appropriate base station > Edit
Base Station tab > Base Station Name > Enter a unique name here
Internet tab > Connect Using: DHCP
Wireless tab > Network Mode: Create a wireless network > Wireless Network Name > Enter the desired name. This will be used on all base stations > Wireless Security: WPA2 Personal (recommended) > Wireless Password > Enter the desired wireless password. This will be used on all base stations.
Network tab > Router Mode: Off (Bridge Mode)
Click on Update

Error Propogation from Split Join back to Caling Proxy Service

I am having this problem here where I am not able to access the fault occurred in SJ , in the proxy service from where SJ is invoked . Here is a brief description :
PS route action calls a SJ . SJ invokes a service and the invoked service throws exception back . I put a scope error handler in "SJ Invoke action" and able to catch the Fault thrown ,by invoked service , and store in a fault variable : say soapFaultVar .I am not doing anything else in SJ exception handler . Infact I don't know what to do .
soapFaultVar looks something like :
<ext:soapFault xmlns:ext="http://www.bea.com/bpel/extensions">
<soapenv:Fault xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<faultcode>soapenv:Server</faultcode>
<faultstring>111</faultstring>
<detail>
<ns2:claimSOAPFault xmlns:ns2="http://ws.claim.zurich.com">
<message>This functionality is currently not available for this order</message>
</ns2:claimSOAPFault>
</detail>
</soapenv:Fault>
</ext:soapFault>>
but when check the $fault in the Proxy service it looks like :
<con:fault xmlns:con="http://www.bea.com/wli/sb/context">
<con:errorCode>BEA-380001</con:errorCode>
<con:reason>
[{http://schemas.xmlsoap.org/soap/envelope/}Server] 111 <ns2:claimSOAPFault xmlns:ns2="http://ws.claim.zurich.com" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<message>This functionality is currently not available for this order</message>
</ns2:claimSOAPFault>
</con:reason>
<con:location>
<con:node>CallScoringEngine</con:node>
<con:path>response-pipeline</con:path>
</con:location>
</con:fault>
Seems although reason in second fault is the string concat of complete first Fault i.e Faultcode , Faultstring and detail . I need the original fault here not the modified one . What can I do here . Anything I could do in SJ Catch block ?? I want soapFaultVar to be in PS , but how to propagate it back to proxy Service ?? Do we have have any predefined variable in SJ (like fault in proxy service) which is returned to PS from SJ in case of error .
Reply action doesn't seem to work in SJ catch action . Any help greatly appreciated .
Edited by: 915114 on May 5, 2013 6:53 AM

HI,
Can you please explaining how to do it?

Lync Reverse Proxy Alternatives

When migrating from OCS 2007 to Lync 2010, we balked Microsoft’s recommendation to deploy Forefront Threat Management Gateway (or ISA) just to get the reverse proxy services.
TMG is way too expensive and complex for such a limited, simple use case.
I didn't find much information on what people are using as free alternatives to ISA/TMG, so I decided to post this discussion in case there are others out there who are interested.
We decided to use Apache 2.2 on Windows Server 2008 R2.
Here's how we configured it:
Read here to understand what features require a reverse proxy, and follow the steps to configure your FQDNs, Network Adapters and (maybe) obtain an SSL Certificate for the reverse proxy.
http://technet.microsoft.com/en-us/library/gg398069.aspx
Download and install the latest stable release of Apache with OpenSSL on your reverse proxy server.
http://httpd.apache.org/download.cgi
We're using the same certificate on the reverse proxy that we use on our front end server (it has the appropriate SANs), so we need to convert it to PEM format for use with Apache:
Use the Certificates MMC on your front end server to export the certificate and include the private key.
Transfer the resultant .pfx file to your reverse proxy server.
Use OpenSSL to convert your .pfx file to PEM:
openssl pkcs12 -in c:\pathto\yourcert.pfx -out c:\pathto\yourcert.pem –nodes
Separate the private key from the certificate using notepad:
Open the new .pem file and cut the text from the beginning of the file through the end of the “----END RSA PRIVATE KEY----“ tag.
Save that text to a new file named
yourcert.key.
Save
yourcert.pem, which should now only include the certificate.
Copy (or move) the certificate and private key to the Apache configuration directory. We like to use: C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf\extra\ssl
for storing the certificates.
Edit httpd.conf (typically in
C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf) to enable and configure the proxy and SSL features:
(See http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
for more information on each directive)
Uncomment the following lines, which will enable proxy and SSL:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf
Add the following lines to configure reverse proxy behavior:
#Be a reverse proxy, not a forward proxy
ProxyRequests Off
#Accept requests from any client to any URL
<Proxy *>
Order Deny,Allow
Allow from all
</Proxy>
#Set the network buffer to improve throughput
ProxyReceiveBufferSize 4096
#Configure the Reverse Proxy to forward all requests to your front end server on 4443
ProxyPass / https://yourfrontend.domain.com:4443/
ProxyPassReverse / https://yourfrontend.domain.com:4443/
#Preserve Host Headers for Lync
ProxyPreserveHost On
Optionally, configure logging directives, bindings and server name.
Save and close httpd.conf
Edit httpd-ssl.conf (typically in conf\extra):
Configure the session cache:
Uncomment:
SSLSessionCache “dbm:C:/Program Files (x86)/Apache Software Foundation/Apache2.2/logs/ssl_scache”
Comment out:
SSLSessionCache “shmcb:C:/Program Files (x86)/Apache Software Foundation/Apache2.2/logs/ssl_scache(512000)”
Locate the <VirtualHost _default_:443> tag and configure the following:
Add the following directive:
SSLProxyEngine On
Configure the path to your SSL Certificate saved in step 3-5 above:
SSLCertificateFile “C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf\extra\ssl\yourcert.pem”
Configure the path to your private key saved in step 3-5 above:
SSLCertificateKeyFile “C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf\extra\ssl\yourcert.key”
Optionally, configure the SSLCACertificateFile (you can download the appropriate bundle from your CA).
Optionally, configure logging directives.
Save and close httpd-ssl.conf
Restart the Apache2.2 service
Configure public DNS records and appropriate firewall rules to allow public http/https traffic to the external interface of your reverse proxy, and to allow the internal interface of
the reverse proxy to talk to the front end Lync server on 8080 and 4443.
From an external connection, test connectivity through the reverse proxy:
Test
https://dialin.company.com (friendly URL for getting dial-in information, if you’re using voice conferencing)
Test the Lync Web App by setting up an online meeting and following the URL to join the meeting.
You can force the use of the web app by appending ?sl= to the end of the meet.company.com link.
See this for more information http://blogs.technet.com/b/jenstr/archive/2010/11/30/launching-lync-web-app.aspx
Hope this information is helpful and saves some of you some money and trouble.
Please contact me if you need further clarification or see any mistakes in my notes.
Best regards,
Kenneth Walden
Enterprise Systems Supervisor
GSD&M
Austin, TX

I'd like to thank you for this article. We were setting up Apache RP for Lync .... needless to say they weren't too excited to learn this new (and highly complex with lots of specific undocumented requirements) Microsoft product. Anyways, your
blog saved me a LOT of headache. I owe you big time.
AWESOME JOB.
-Greg
*****EDIT***
Decided to come back in there and post good information. We had issues with EXTERNAL and ANONYMOUS users being able to attend a meeting. The "DIALUP" url was working fine but the "MEETING" url was broken. On our WFE servers we were getting
the event error as below.   Turns out that our reverse proxy was not set to "PROXYPRESERVEHOST ON". Once we put that in there ALL was good.
Notice that the MEET portion was the only thing that was really broken. So, if you can get DIALUP to work, but MEET doesn't ... your RP is working to FW the 443 to the 4443 correctly but you're RP is sending the wrong HEADER. Look for
http://10.x.x.x/meet/ or soemthing in the event logs.
Log Name:      Application
Source:        ASP.NET 2.0.50727.0
Date:          11/16/2011 1:26:35 PM
Event ID:      1309
Task Category: Web Event
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      OneofMyInternalWFEservers.local
Description:
Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 11/16/2011 1:26:35 PM
Event time (UTC): 11/16/2011 6:26:35 PM
Event ID: b2039ecd0a62482284030f62e1e639d8
Event sequence: 129
Event occurrence: 28
Event detail code: 0
Application information:
    Application domain: /LM/W3SVC/34578/ROOT/meet-1-129658725547585993
    Trust level: Full
    Application Virtual Path: /meet
    Application Path: C:\Program Files\Microsoft Lync Server 2010\Web Components\Join Launcher\Ext\
    Machine name: MYWFE.local
Process information:
    Process ID: 14204
    Process name: w3wp.exe
    Account name: NT AUTHORITY\NETWORK SERVICE
Exception information:
    Exception type: HttpException
    Exception message: Server cannot append header after HTTP headers have been sent.
Request information:
    Request URL:
https://FQDN:4443/meet/MyName/456456
    User host address: gatewayIP
    User:
    Is authenticated: False
    Authentication Type:
    Thread account name: NT AUTHORITY\NETWORK SERVICE
Thread information:
    Thread ID: 7
    Thread account name: NT AUTHORITY\NETWORK SERVICE
    Is impersonating: False
    Stack trace:    at System.Web.HttpHeaderCollection.SetHeader(String name, String value, Boolean replace)
   at Microsoft.Rtc.Internal.WebServicesAuthFramework.OCSAuthModule.EndRequest(Object source, EventArgs e)
   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Custom event details:
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
    <Provider Name="ASP.NET 2.0.50727.0" />
    <EventID Qualifiers="32768">1309</EventID>
    <Level>3</Level>
    <Task>3</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2011-11-16T18:26:35.000000000Z" />
    <EventRecordID>4483</EventRecordID>
    <Channel>Application</Channel>
    <Computer>XXXXXXXXXXXXXXXXXX</Computer>
    <Security />
</System>
<EventData>
    <Data>3005</Data>
    <Data>An unhandled exception has occurred.</Data>
    <Data>11/16/2011 1:26:35 PM</Data>
    <Data>11/16/2011 6:26:35 PM</Data>
    <Data>b2039ecd0a62482284030f62e1e639d8</Data>
    <Data>129</Data>
    <Data>28</Data>
    <Data>0</Data>
    <Data>/LM/W3SVC/34578/ROOT/meet-1-129658725547585993</Data>
    <Data>Full</Data>
    <Data>/meet</Data>
    <Data>C:\Program Files\Microsoft Lync Server 2010\Web Components\Join Launcher\Ext\</Data>
    <Data>SNKXS300</Data>
    <Data>
    </Data>
    <Data>14204</Data>
    <Data>w3wp.exe</Data>
    <Data>NT AUTHORITY\NETWORK SERVICE</Data>
    <Data>HttpException</Data>
    <Data>Server cannot append header after HTTP headers have been sent.</Data>
    <Data>XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX</Data>
    <Data>/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX</Data>
    <Data>10.71.1.1</Data>
    <Data>
    </Data>
    <Data>False</Data>
    <Data>
    </Data>
    <Data>NT AUTHORITY\NETWORK SERVICE</Data>
    <Data>7</Data>
    <Data>NT AUTHORITY\NETWORK SERVICE</Data>
    <Data>False</Data>
    <Data>   at System.Web.HttpHeaderCollection.SetHeader(String name, String value, Boolean replace)
   at Microsoft.Rtc.Internal.WebServicesAuthFramework.OCSAuthModule.EndRequest(Object source, EventArgs e)
   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
</Data>
</EventData>
</Event>

Sharepoint 2013 + Windows Server 2012 as reverse proxy

Hello All -
I'd like to ask if anyone has any experience with the new Windows Server 2012 (reverse) proxy, in providing a single sign-on service to Sharepoint 2013.
Scenario:
My client has a Sharepoint 2013 with 3 web applications (portal, teamsites, mysites). All three URLs are available externally via HTTPS only. All clients have AD credentials (no requirement for claims based authentication), although this includes 3 domains
in two different forests (trusts exist). Everything is already configured to allow clients access from domain-joined devices.
My client would like mobile devices (not domain-joined) to be able to access the three web applications without repeated logon prompts. Browser default settings must be used, they do not want to instruct people to perform any configuration on their mobile
device - it all has to work "out of the box" from the client side. Clients will be using iPads and iPhones with Safari, Windows Phones, Androids etc.
I'm considering proposing the use of a reverse-proxy, and rather than using the now depracated Forefront TMG or probably soon-to-be depracated UAG, I would like to jump straight in to the new and very cool looking Windows 2012 proxy server.
It's my understanding that this will provide a single sign-on service in this scenario. I'm unsure whether an ADFS server is also required even for pass-through, the information available is unclear, and also whether any special configuration is required
to a domain controller (DCs in the environment are all 2008R2, with 2008R2 functional level).
I would appreciate it if anyone could give an overview or point me in the direction of some accurate documentation regarding all of the above. Most importantly, if any of my assumptions above seem incorrect, please let me know.
Thank you!
sysadmin

I've heard no supportability statement with SharePoint and the Web Application Proxy (likely because it isn't GA yet). However, it does use ADFS for SSO, so you'll have to SAML-enable your Web Applications. The only downside to this is if you
use anything that is SAML-unfriendly, like PowerPivot [Data Refresh] and at least in 2010, Visio Services and InfoPath Forms Services.
Trevor Seward, MCC
Follow or contact me at...
&nbsp&nbsp
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

I need to know how to set proxy exception list on remote pcs that are not on a domain controller

I currently manage approx 1,800 computers on a vpn network. They are not part of any AD. There are mixed service packs of XP mostly SP2 and SP3. They all access the internet via a proxy server. They are all running either IE6 (not many left) or IE8. I have
wrote a script to change the proxy exception list but not all of them have worked I have changed the following reg keys [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings] & [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet
Settings] & [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings]. It seems in the ones that have not changed, the local SID account is the one in use and this has not changed because of its uniqueness. Is there a way either
scripting or a commercial package that I can use to write keys to ALL users. I'm not sure on the details of how to use local policy to set this or how I would be able to write a script that would import the settings from a text file or something. Can anyone
help with this matter.
Thanks

Well that is certainly not an easy task.
.Default is not the default user account. I do not recommend making changes there. HKLM is for the local machine which is probably your best bet for all users but if it is not propagating through that then it would have to be the current user since they
are not logged into a domain.
There is a way to update all the HKCU and there is a walk through here:
http://micksmix.wordpress.com/2012/01/13/update-a-registry-key-for-all-users-on-a-system/
Making this management simple I'd suggest joining a domain and using GPO but I understand if it is not an option.

OSB example calling multiple business services using a single proxy service???

Hi,
I have three business services created using http urls i.e.
1. LoginBS
2. GetListBS
3. LogoutBS
My requirement is to get a list of names from GetListBS using a single proxy service and to call GetListBS I have to first call LoginBS then GetListBS i.e. after authentication and then finally logout.
Kindly help with a detailed example for this and I am new to OSB.
Thanks,
Vik

Hi Eric,
Thanks for the response. We figured that it is possible to call multiple services with Split Join. However, we ran into the issue you described. We had a blocking call and had to wait until each of the services returned a response.
However, we needed a Async model for our design and felt that this might not be a right fit.
We are now looking at implementing the publish option with QoS configured as this fits our usecase better. Thanks for the help again.
Rudraksh

11.3 Join Proxy

Similar Messages

Maybe you are looking for