Default to a specific domain username on restart

Similar Messages

• Apple Mail specific domain domain \ username does this still work for Mavericks?

  THIS DISCUSSION IS ARCHIVED
  Where do I include Exchange domain in Mail setup?
  10212 Views 8 Replies Latest reply: Aug 18, 2010 2:37 PM by jruano  
  Level 1 (10 points) 
  mike_donahue 
  Jun 2, 2010 4:46 PM 
  Our company is running Exchange 2007, OWA enabled, EWS is setup, Auto discovery is enable. The only thing I haven't got an answer on is whether Service Pack 4 has been installed. The server is set up with a domain specified but I don't know where to include that in the Mail Account Setup. Mail seems to be locating the server fine but it says username or password can not be verified. I can only assume that it's because I haven't included the domain correctly.
  iPad (and I assume iPhone/iTouch) have a field in their setup to include the domain and a coworker is connecting fine with to the company server. Where is it in Mail? I have tried to prepend it to my username (domain/username) but it hasn't worked. I can't recall all the variations I have tried of this, but unless I have the domain first in the username field, Mail won't even connect to the server. I've been all over these boards and dozens more and I can't find any answers to this problem.
  Any here have any ideas? Thanks,
  Mike D 
  MacBook Pro, Intel Core 2 Duo 2.66 GHz, Mac OS X (10.6.3), 4 gig RAM
  I have this question too (0) 
  Categories: Mail and Address bookTags: mail_address_book_macosx_v10.6, mac_os_x_v.10.6
  Level 7 (22,080 points)
  Matthew Morgan Los Angeles, CA
  Re: Where do I include Exchange domain in Mail setup?Jun 2, 2010 5:48 PM (in response to mike_donahue) 
  Here's an article that may help.
  http://support.apple.com/kb/HT3748
  MattDual 1.8 GHz G5 2.5 GB RAM/MBP 2.26GHz 2GB RAM/iPod nano 4g/iPhone 3GS, Mac OS X (10.6.2), ATI Radeon 9600, Time Capsule, AirPort Express
  Like (0) 
  Level 1 (10 points)
  mike_donahue
  Re: Where do I include Exchange domain in Mail setup?Jun 2, 2010 9:01 PM (in response to Matthew Morgan) 
  I already read that one and it fails to address the domain question, but thank you for the suggestion.
  MikeMac OS X (10.6.3)
  Like (0) 
  Level 1 (10 points)
  mike_donahue
  Re: Where do I include Exchange domain in Mail setup?Jun 6, 2010 5:07 PM (in response to mike_donahue) 
  Bump.
  I still haven't found an answer to this. Anyone else have any ideas. Still waiting to hear back from out IT guys about the service pack issues.
  Is there any way to attach a screen grab to a post? Thought it might help paint the picture in case I haven't stated it clearly.
  Again, thanks in advance for any help with this.
  MikeMacBook Pro, Intel Core 2 Duo 2.66 GHz, Mac OS X (10.5.1), 4 gig RAM
  Like (0) 
  Level 1 (0 points)
  tf99
  Re: Where do I include Exchange domain in Mail setup?Jun 22, 2010 1:00 PM (in response to mike_donahue) 
  Hi. I'm having precisely the same problem. My Exchange account works like a charm on my iPhone, but all permutations of the same settings simply don't work in OS X Mail (v. 4.3).
  Has anyone out there set up an Exchange account with a domain? Can you tell us where you put it to get the account to work?
  Thanks!2.0 GHz MacBook, Mac OS X (10.6.4)
  Like (0) 
  Level 4 (2,535 points)
  Asatoran
  Re: Where do I include Exchange domain in Mail setup?Jun 22, 2010 1:16 PM (in response to mike_donahue) 
  Enter your username as:
  <domain>\<username>
  This is standard practice for Microsoft if there's no place to enter the domain name.
  (Note the backslash, not the forward slash. Backslash is NOT the one under the question mark on a U.S.A. English keyboard.)MBP 15" Penryn, Mini 2009, Mac OS X (10.6.2)
  Like (0) 
  Level 1 (0 points)
  tf99
  Re: Where do I include Exchange domain in Mail setup?Jun 22, 2010 1:42 PM (in response to Asatoran) 
  Thanks Asatoran. That turned out to be part of the solution for me. The other part was changing the port I used for the SSL connection -- it was set wrong at some point, either because the default was wrong, or because I forgot I had changed it in troubleshooting before trying the slash the way you suggest. Anyway, the port number for some reason doesn't show up on my iPhone settings, so it didn't occur to me to tweak it.2.0 GHz MacBook, Mac OS X (10.6.4), 4GB RAM
  Like (0) 
  Level 1 (0 points)
  frieiv
  Re: Where do I include Exchange domain in Mail setup?Jun 25, 2010 12:06 PM (in response to tf99) 
  Hi!
  Could you please state the port numer you changed from and to?
  I´m having the same problem and still can´t access the exchange server outside the company network.
  But it seems like Mail 4.3 tryes to use the internal server and never the external? Any tips on this?MacBook Pro, Mac OS X (10.6.4)
  Like (0) 
  Level 1 (0 points)
  jruano
  Re: Where do I include Exchange domain in Mail setup?Aug 18, 2010 2:37 PM (in response to mike_donahue) 
  <domain>\<username> worked for me... FINALLY!!
  Thanks muchMacBook Pro, Mac OS X (10.6.4), iMac

  Quit your mail entirely, then in terminal do:  
  mv ~/Library/Mail/V2/MailData/Envelope* ~/Desktop 
  This moves all your "Envelope Index*" files to your desktop.  An alternative is deleting the files, but this allows you to keep them as a temporary back-up (you can delete them at-will later).  Also, you can move the files from Finder instead of Terminal, if you prefer. 
  After the files have been moved, re-open Mail
  This should re-load all your email messages, updating/restoring the count
  While this works, it does not explain the reason the count goes missing, nor does it ensure that the count won't go missing again in the future, but at least it's a temporary workaround.

• Channel for incoming mail addressed to specific domain

  I am trying to create a channel for all incoming messages addressed to a specific domain.
  I know that all incoming Internet mails go to tcp_local first.
  What I want to do is to separate mails for different domains to different channels so I could later process them, either with conversion channel or with some channel filters.
  Also, after passing trough those specific channels, how to put those mails back on track for delivery?
  Can anyone help on doing this?
  Thanks
  I�m running (on Solaris 8) MS5.2p1 hf1.21

  To look over the docs� but I already did, and it�s pretty bad, poorly explained�
  So, please let�s try to make this clear.
  Note, every time after making changes I run:
  imsimta cnbuild
  imsimta restart
  First, you gave an example to me (reply 5):
  [email protected]%tcp_friendly-daemon
  Second, I was not sure from your post where to put space (reply6), and I tested both cases:
  domain.net$E$F [email protected]%tcp_friendly-daemon # space between $F and $U
  and
  domain.net [email protected]%tcp_friendly-daemon # space between domain.net and $E
  Unfortunately, nothing has changed.
  Third, you wrote (reply 7) �No spaces�.
  Forth, I tested that as well and it gave me an error (reply 8).
  Fifth, in your last reply (reply 9) you said that I need a left and a right half, and you suggested an example that I�ve already checked (reply 6) and it wasn�t working :(
  So, now I am completely lost�
  Here is the result of testing this last example in imta.cnf:
  domain.net [email protected]%tcp_friendly-daemon # space between domain.net and $E
  ! tcp_friendly
  tcp_friendly smtp mx single_sys subdirs 20 noreverse maxjobs 7 pool SMTP_POOL mailfromdnsverify maytlsserver allowswitchchannel saslswitchchannel tcp_auth
  tcp_friendly-daemon
  imsimta cnbuild
  imsimta restart
  imsimta test -rewrite -debug [email protected]
  Could you review this result, please and try to see what is wrong.
  Initializing mm_.
  Initializing mm_ submission.
  Checking identifiers.
  *** Debug output from initializing MM for submission:
  13:43:32.79: mmc_winit('l','postmaster@machine_name.test.com','0IB800802GOK8O@machine_name.test.com') called.
  13:43:32.79: Queue area size 5858064, temp area size 5858064
  13:43:32.79: 1464516 blocks of effective free queue space available; setting disk limit accordingly.
  13:43:32.79: Rewriting: Mbox = "postmaster", host = "machine_name.test.com", domain = "$*", literal = "", tag = ""
  13:43:32.79: Rewrite: "$*", position 0, hash table -
  13:43:32.79: Found: "$E$F$U%$H@machine_name.test.com$V$H"
  13:43:32.79: Rewrite failed, not forward.
  13:43:32.79: Rewrite: "$*", position 1, hash table -
  13:43:32.79: Failed.
  13:43:32.79: Rewrite: "$*", position 0, rewrite database -
  13:43:32.79: Failed
  13:43:32.79: Rewriting: Mbox = "postmaster", host = "machine_name", domain = "machine_name.test.com", literal = "", tag = ""
  13:43:32.79: Rewrite: "machine_name.test.com", position 0, hash table -
  13:43:32.79: Found: "$U%$D@machine_name.test.com"
  13:43:32.79: New mailbox: "postmaster".
  13:43:32.79: New host: "machine_name.test.com".
  13:43:32.79: New route: "machine_name.test.com".
  13:43:32.79: New channel system: "machine_name.test.com".
  13:43:32.79: Looking up host "machine_name.test.com".
  13:43:32.79: - found on channel l
  13:43:32.79: Routelocal flag set; scanning for % and !
  13:43:32.79: Rewriting: Mbox = "postmaster", host = "machine_name.test.com", domain = "$*", literal = "", tag = ""
  13:43:32.79: Rewrite: "$*", position 0, hash table -
  13:43:32.79: Found: "$E$F$U%$H@machine_name.test.com$V$H"
  13:43:32.79: Rewrite failed, not forward.
  13:43:32.79: Rewrite: "$*", position 1, hash table -
  13:43:32.79: Failed.
  13:43:32.79: Rewrite: "$*", position 0, rewrite database -
  13:43:32.79: Failed
  13:43:32.79: Rewriting: Mbox = "postmaster", host = "machine_name", domain = "machine_name.test.com", literal = "", tag = ""
  13:43:32.79: Rewrite: "machine_name.test.com", position 0, hash table -
  13:43:32.79: Found: "$U%$D@machine_name.test.com"
  13:43:32.79: New mailbox: "postmaster".
  13:43:32.79: New host: "machine_name.test.com".
  13:43:32.79: New route: "machine_name.test.com".
  13:43:32.79: New channel system: "machine_name.test.com".
  13:43:32.79: Looking up host "machine_name.test.com".
  13:43:32.79: - found on channel l
  13:43:32.79: Routelocal flag set; scanning for % and !
  13:43:32.79: Mapped return address: postmaster@machine_name.test.com
  *** Debug output from rewriting a forward header address:
  13:43:32.79: Rewriting: Mbox = "user", host = "domain.net", domain = "$*", literal = "", tag = ""
  13:43:32.79: Rewrite: "$*", position 0, hash table -
  13:43:32.79: Found: "$E$F$U%$H@machine_name.test.com$V$H"
  13:43:32.79: Rewrite failed, not envelope.
  13:43:32.79: Rewrite: "$*", position 1, hash table -
  13:43:32.80: Failed.
  13:43:32.80: Rewrite: "$*", position 0, rewrite database -
  13:43:32.80: Failed
  13:43:32.80: Rewriting: Mbox = "user", host = "domain", domain = "domain.net", literal = "", tag = ""
  13:43:32.80: Rewrite: "domain.net", position 0, hash table -
  13:43:32.80: Found: "[email protected]%tcp_friendly-daemon"
  13:43:32.80: Rewrite failed, not envelope.
  13:43:32.80: Rewrite: "domain.net", position 1, hash table -
  13:43:32.80: Failed.
  13:43:32.80: Rewrite: "domain.net", position 0, rewrite database -
  13:43:32.80: Failed
  13:43:32.80: Rewriting: Mbox = "user", host = "domain", domain = ".net", literal = "", tag = ""
  13:43:32.80: Rewrite: "*.net", position 0, hash table -
  13:43:32.80: Failed
  13:43:32.80: Rewrite: ".net", position 0, hash table -
  13:43:32.80: Found: "$U%$H$D@TCP-DAEMON"
  13:43:32.80: New mailbox: "user".
  13:43:32.80: New host: "domain.net".
  13:43:32.80: New route: "TCP-DAEMON".
  13:43:32.80: New channel system: "TCP-DAEMON".
  13:43:32.80: Looking up host "TCP-DAEMON".
  13:43:32.80: - found on channel tcp_local
  13:43:32.80: Rewrite rules result: [email protected]
  13:43:32.80: Checking reverse URL cache for: [email protected]
  13:43:32.80: Applying reverse URL pattern ldap:///$V?mail?sub?$Q to: [email protected]
  13:43:32.85: Resulting URL: ldap:///o%3Ddomain.net%2Co%3Disp?mail?sub?(|([email protected])([email protected]))
  13:43:32.85: mmc_open_url called to open ldap:///o%3Ddomain.net%2Co%3Disp?mail?sub?(|([email protected])([email protected])), flags = 256
  13:43:32.85: URL with quotes stripped: ldap:///o%3Ddomain.net%2Co%3Disp?mail?sub?(|([email protected])([email protected]))
  13:43:32.85: LDAP URL identified
  13:43:32.85: URL context #1 will be used
  13:43:32.85: Performing URL search on: ldap:///o%3Ddomain.net%2Co%3Disp?mail?sub?(|([email protected])([email protected]))
  13:43:32.86: mmc_read_url result: [email protected]
  13:43:32.86: URL resolution returned: [email protected]
  forward channel = l
  channel description =
  channel user filter =
  dest channel filter =
  source channel filter =
  channel flags #0 = BIDIRECTIONAL MULTIPLE IMMNONURGENT NOSERVICEALL
  channel flags #1 = NOSMTP DEFAULT
  channel flags #2 = COPYSENDPOST COPYWARNPOST POSTHEADONLY HEADERINC NOEXPROUTE
  channel flags #3 = LOGGING NOGREY NORESTRICTED RETAINSECURITYMULTIPARTS
  channel flags #4 = EIGHTBIT NOHEADERTRIM NOHEADERREAD RULES
  channel flags #5 =
  channel flags #6 = LOCALUSER REPORTHEADER
  channel flags #7 = NOSWITCHCHANNEL NOREMOTEHOST DATEFOUR DAYOFWEEK
  channel flags #8 = NODEFRAGMENT EXQUOTA REVERSE NOCONVERT_OCTET_STREAM
  channel flags #9 = NOTHURMAN INTERPRETENCODING USEINTERMEDIATE RECEIVEDFROM VALIDATELOCALSYSTEM NOTURN
  defaulthost = test.com test.com
  linelength = 1023
  channel env addr type = SOURCEROUTE
  channel hdr addr type = SOURCEROUTE
  channel official host = machine_name.test.com
  channel queue 0 name = LOCAL_POOL
  channel queue 1 name = LOCAL_POOL
  channel queue 2 name = LOCAL_POOL
  channel queue 3 name = LOCAL_POOL
  channel after params =
  channel user name =
  urgentnotices = 1 2 4 7
  normalnotices = 1 2 4 7
  nonurgentnotices = 1 2 4 7
  channel rightslist ids =
  local behavior flags = %x7
  backward channel = tcp_local
  header To: address = [email protected]
  header From: address = [email protected]
  envelope To: address = [email protected] (route (machine_name.test.com,machine_name.test.com)) (host domain.net)
  envelope From: address = [email protected]
  name =
  mbox = user
  Extracted address action list:
  [email protected]
  Extracted 733 address action list:
  [email protected]
  Address list expansion:
  user%domain.net@ims-ms-daemon
  1 expansion total.
  *** Debug output from submitting an envelope address:
  13:43:32.88: mmc_wadr(0x0018a888,'[email protected]','[email protected]') called.
  13:43:32.88: Copy estimate before address addition is 1
  13:43:32.88: Parsing address [email protected]
  13:43:32.88: Rewriting: Mbox = "user", host = "domain.net", domain = "$*", literal = "", tag = ""
  13:43:32.88: Rewrite: "$*", position 0, hash table -
  13:43:32.88: Found: "$E$F$U%$H@machine_name.test.com$V$H"
  13:43:32.88: Match, pattern = "domain.net", current = "(*domaincheck*)"
  13:43:32.88: old state = not checked.
  13:43:32.88: Using result 1 from domain match cache.
  13:43:32.88: new state = succeeded.
  13:43:32.88: New mailbox: "user".
  13:43:32.88: New host: "domain.net".
  13:43:32.88: New route: "machine_name.test.com".
  13:43:32.88: New channel system: "machine_name.test.com".
  13:43:32.88: Looking up host "machine_name.test.com".
  13:43:32.88: - found on channel l
  13:43:32.88: Routelocal flag set; scanning for % and !
  13:43:32.88: Address [email protected] requires local processing.
  13:43:32.88: Variant #1 = [email protected]
  13:43:32.89: Variant #2 = *@domain.net
  13:43:32.89: Checking for [email protected] in the system alias file
  13:43:32.89: - not found
  13:43:32.89: Checking for *@domain.net in the system alias file
  13:43:32.89: - not found
  13:43:32.89: Checking [email protected] with URL template ldap:///$V?*?sub?$R
  13:43:32.89: LDAP URL template identified
  13:43:32.89: URL determined to be: ldap:///o%3Ddomain.net%2Co%3Disp?*?sub?(|([email protected])([email protected])([email protected]))
  13:43:32.89: URL context #1 will be used
  13:43:32.89: Using cached LDAP result for URL info: ldap:///$V?*?sub?$R|[email protected]|[email protected]
  13:43:32.89: Scanning LDAP result.
  13:43:32.89: Attribute: objectclass
  13:43:32.89: Attribute index: 0
  13:43:32.89: Attribute: inetuserstatus
  13:43:32.89: Attribute index: 1
  13:43:32.89: Attribute: mailuserstatus
  13:43:32.89: Attribute index: 2
  13:43:32.89: Attribute: uid
  13:43:32.89: Attribute index: 4
  13:43:32.89: Attribute: mail
  13:43:32.89: Attribute index: 5
  13:43:32.89: Attribute: mailhost
  13:43:32.89: Attribute index: 9
  13:43:32.89: Attribute: mailDeliveryOption
  13:43:32.89: Attribute index: 18
  13:43:32.89: Attribute: preferredLanguage
  13:43:32.89: Attribute index: 42
  13:43:32.89: Scanning complete, begin actions
  13:43:32.89: Object class: top
  13:43:32.89: Object class didn't match
  13:43:32.89: Object class: person
  13:43:32.89: Object class didn't match
  13:43:32.89: Object class: organizationalPerson
  13:43:32.89: Object class didn't match
  13:43:32.89: Object class: inetOrgPerson
  13:43:32.89: Object class didn't match
  13:43:32.89: Object class: inetUser
  13:43:32.89: Object class didn't match
  13:43:32.89: Object class: ipUser
  13:43:32.89: Object class didn't match
  13:43:32.89: Object class: nsManagedPerson
  13:43:32.89: Object class didn't match
  13:43:32.89: Object class: userPresenceProfile
  13:43:32.89: Object class didn't match
  13:43:32.89: Object class: inetMailUser
  13:43:32.89: Object class match, reference value 1
  13:43:32.89: Object class: inetLocalMailRecipient
  13:43:32.89: Object class match, reference value 18
  13:43:32.89: User/group index = 1
  13:43:32.89: Domain is active
  13:43:32.89: Mail domain is active
  13:43:32.89: User status = active
  13:43:32.89: Mail user status = active
  13:43:32.89: User UID user found.
  13:43:32.89: Processing mailhost attribute machine_name.test.com
  13:43:32.89: Mailhost references local system
  13:43:32.89: Delivery option: mailbox
  13:43:32.89: Delivery options value: 1
  13:43:32.89: No reprocess flag on user, processing now
  13:43:32.89: Status for this address = 1
  13:43:32.89: - URL match for [email protected]
  13:43:32.89: Delivery option template: $M%$\$2I$_+$2S@ims-ms-daemon
  13:43:32.89: - user%domain.net@ims-ms-daemon
  13:43:32.89: Parsing address user%domain.net@ims-ms-daemon
  13:43:32.90: Rewriting: Mbox = "user%domain.net", host = "ims-ms-daemon", domain = "$*", literal = "", tag = ""
  13:43:32.90: Rewrite: "$*", position 0, hash table -
  13:43:32.90: Found: "$E$F$U%$H@machine_name.test.com$V$H"
  13:43:32.90: Match, pattern = "ims-ms-daemon", current = "(*domaincheck*)"
  13:43:32.90: old state = not checked.
  13:43:32.90: Using result 0 from domain match cache.
  13:43:32.90: new state = fail pending.
  13:43:32.90: Rewrite failed due to channel mismatch.
  13:43:32.90: Rewrite: "$*", position 1, hash table -
  13:43:32.90: Failed.
  13:43:32.90: Rewrite: "$*", position 0, rewrite database -
  13:43:32.90: Failed
  13:43:32.90: Rewriting: Mbox = "user%domain.net", host = "ims-ms-daemon", domain = "ims-ms-daemon", literal = "", tag = ""
  13:43:32.90: Rewrite: "ims-ms-daemon", position 0, hash table -
  13:43:32.90: Failed.
  13:43:32.90: Rewrite: "ims-ms-daemon", position 0, rewrite database -
  13:43:32.90: Failed
  13:43:32.90: Looking up host "ims-ms-daemon".
  13:43:32.90: - found on channel ims-ms
  13:43:32.90: - orig_send_access mapping check: l|postmaster@machine_name.test.com|l|[email protected]
  13:43:32.90: - passed.
  13:43:32.90: - send_access mapping check: l|postmaster@machine_name.test.com|ims-ms|user%domain.net@ims-ms-daemon
  13:43:32.90: - passed.
  13:43:32.90: - adding address user%domain.net@ims-ms-daemon to channel ims-ms
  13:43:32.90: - adding address [email protected] to headers.
  13:43:32.90: Copy estimate after address addition is 2
  Expanded address:
  [email protected]
  Submitted address list:
  ims-ms
  user%domain.net@ims-ms-daemon (orig [email protected], inter [email protected], host ims-ms-daemon) NOTIFY-FAILURES NOTIFY-DELAYS
  Submitted notifications list:

• WRT54G: ONE specific domain suddenly unreachable

  WRT54G has been working flawlessly since i bought it circa 2002. Suddenly, two days ago, ONE specific domain is unreachable. rest of the internet fine. unreachable via wired or wireless connections. windows/linux/iPad/Mac, all cannot reach this ONE domain (fairfield.edu) ...
  i tried:
  1. unplugging and restarting the cable modem (Optimum Online): didn't help.
  2. rebooting the Linksys router: didnt help.
  3. upgrading the firmware in the router: didn't help.
  4. resetting factory defaults in the router: didn't help
  traceroute shows timeouts always at the same point (optimum's lightpath), but Optimum has no advice.
  i assume its the router, but cannot figure out what could have changed to make one (and only one) domain unreachable.
  any advice? MANY thanks.

  When you connect your computer directly to the Modem, on your computer open the command prompt window and type "ipconfig" and post the detail output in your next post. 

• Configure SMTP to forward mail to a specific domain

  We have migrated all of our e-mail from on premise exchange to Office 365. To support internal applications that send e-mail such as our scanners, we have setup a SMTP relay server using IIS on Windows 2012.
  This is working very well however we have some users that when they do a scan they simply enter their e-mail alias (the part before the @ symbol) since that worked when the scanner was sending to Exchange. However Office 365 does not know how to route these
  e-mails so they result in a NDR. Since the NDR is not sent to the person creating the scan they do not even know the issue other than they did not receive their scan. 
  Is there a way to configure the SMTP service on Windows 2012 to send all e-mail that does not have a domain listed in the e-mail address to a specific domain? For example, if someone were to send their scan to myalias it would be delivered to myalias at mycompany
  dot com (sorry about spelling it out but it is not letting me post this with a e-m ail address in it even if the address is not valid)

  Hi,
  You can try to create a SMTP domain in IIS manager(Default SMTP Virtual Server>Domains>New>domain) and then enable "Allow incoming mail to be relayed to this domain" and "Forward all mail to smart host".
  In addition, for questions related to IIS, you can also ask in IIS forum for professional assistance:
  http://forums.iis.net/
  Best regards,
  Susie
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Why do my firewalls only use the domain username and password for login and enable passwords, not a different enable password like my switches do? The RADIUS config looks the same...

  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin:0in;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:10.0pt;
  font-family:"Times New Roman","serif";}
  Issue:
  Cisco firewalls require only one level of password i.e. the domain username and password are used for both logging in as well as reaching global configuration mode.
  Background:
  We have multiple Cisco network devices set up which authenticate to our Windows domain controller using NPS (Windows 2008 R2). The switches we have set up all function exactly as we would hope as they require your domain username and password to login to the device. They then require a separate password when you use the enable command, this is stored in Active Directory:
  Switches:
  Username:domain-username
  Password:domain-password
  SWITCH>enable
  Password:enable-password-in-Active-Directory
  SWITCH#
  Firewalls (as they currently are):
  Username:domain-username
  Password:domain-password
  FIREWALL>enable
  Password:domain-password
  FIREWALL #
  With the firewalls however, they require your domain username and password first, and then your domain password again when using the enable command. I want the firewalls to use the enable level password that the switches currently use instead of the domain password again. The current configuration look like the following:
  Current switch configuration:
  aaa new-model
  aaa authentication login default group radius local
  aaa authentication enable default group radius enable
  aaa authorization exec default group radius local
  aaa session-id common
  radius-server host 192.168.0.1 auth-port 1645 acct-port 1646
  radius-server source-ports 1645-1646
  radius-server key 7 1234abcd
  Current firewall configuration:
  aaa-server DC01 protocol radius
  aaa-server DC01 (outside) host 192.168.0.1
  aaa authentication ssh console DC01 LOCAL
  aaa authentication enable console DC01 LOCAL
  key 1234abcd
  Any help would be great, thanks!

  Cisco ASA works that way by design. You could remove "aaa authentication enable" and then you could use the "enable password" command to set your enable password.
  But if you do that, then ASA would change your username to "enable_15". That would break Authorization and Accounting if you're using them. Let me clarify with an example
  Firewalls :
  Username:domain-username
  Password:domain-password
  FIREWALL>show curpriv
  Username : domain-username
  Current privilege level : 1
  Current Mode/s : P_UNPR
  FIREWALL>enable
  Password:enable-password-from-running-config
  FIREWALL #show curpriv
  Username : enable_15
  Current privilege level : 15
  Current Mode/s : P_PRIV
  If you're using Authorization and Accounting it's recommended to stick with your current behavior.

• Windows 2012 R2 - NPS in resource forest won't auteticate users in the user forest by UPN, only by DOMAIN\username

  Hi there
  I have recently setup a windows 2012 R2 NPS server (for WIFI auth) in our resource forest to replace an aging 2003 RADIUS server.
  The problem I am having is users logging in with their UPNs.
  To give some background our user forest and domains look like company.local and a few child domains department.company.local etc.
  Our resource domain is companyresources.com
  As we use office 365 we had to add UPNs to our users called company.com and set them.
  The NPS cannot authenticate users when they use their [email protected] UPN.
  From logs
  Network Policy Server denied access to a user.
  Contact the Network Policy Server administrator for more information.
  User:
              Security ID:                              NULL SID
              Account Name:                         [email protected]
              Account Domain:                                  -
              Fully Qualified Account Name:   -
  Followed by event ID 4402
  There is no domain controller available for domain DOMAIN.
  I believe its cannot translate the Account name into an Account domain when using the UPN we need for office 365 ([email protected]).
  If I set a test user to a UPN of [email protected] it does (however we cannot do this because it will affect our office 365 users)
  Network Policy Server granted access to a user.
  User:
              Security ID:                              DOMAIN\user1
              Account Name:                         [email protected]
              Account Domain:                                  DOMAIN
              Fully Qualified Account Name:   DOMAIN\user1
  or if I use DOMAIN\username
  Network Policy Server granted full access to a user because the host met the defined health policy.
  User:
              Security ID:                              DOMAIN\user1
              Account Name:                         DOMAIN\user1
              Account Domain:                                  DOMAIN
              Fully Qualified Account Name:   DOMAIN\user1
  Is there any way I can get my UPN authentication working form the resource domain s I would prefer my users logging into WiFi with their UPNs as we have moved away from the DOMAIN\username method.
  Thanks

  Hi,
  According to your description, my understanding is that client using UPN can’t be authenticated by NPS server, event ID 4402.
  In general, when NPS is configured as a RADIUS server with the default connection request policy, NPS processes connection requests for the domain in which the NPS server is a member and for trusted domains.
  You may try to use realm names configured in connection request policies to ensure that connection requests are routed from RADIUS clients to RADIUS servers that can authenticate and authorize the connection request.
  You may reference the link below for detailed information:
  Realm Names
  https://technet.microsoft.com/en-us/library/cc731342(v=ws.10).aspx
  Using Pattern-Matching Syntax in NPS
  https://technet.microsoft.com/en-us/library/dd197583%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396
  Best Regards,
  Eve Wang
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Edge Transport Server Fails DNS Query When Emailing to one Specific Domain

  This issue occurs for the same domain across three different edge transport servers.
  All servers are Windows 2008 STD SP2, Exchange 2007 SP1 U9.  Emails are delivered using DNS connector from edge.  Emails to this one specific domain would sit in the retry queue with DNS query error until NDR was generated.  Connectivity Logging generated the following:
  2009-09-01T19:52:23.539Z,08CBEDE9198E2DC3,SMTP,subdomain.domain.com,>,DNS server returned ErrorRetry reported by 208.241.124.200
  2009-09-01T19:52:23.539Z,08CBEDE9198E2DC3,SMTP,subdomain.domain.com,-,The DNS query for 'DnsConnectorDelivery':'subdomain.domain.com':'cd771f71-77a3-4aca-b002-86f477816910' failed with error: ErrorRetry
  I changed the servers DNS settings to different servers with the same response.  Validated that manual MX lookups worked, and that I could telnet to any of the three MX records and deliver mail via telnet.
  I did a packet capture and received the following:
  12    32.280037    172.28.16.55    208.241.124.200    DNS    Standard query AAAA SMTPSERVER.subdomain.domain.com
  So what is happening is the Edge servers are only performing IP6 lookups, and throughout the log, only for subdomain.domain.com do they NOT perform a regular IP4 A record lookup.  I then went about disabling TCP/IP6 as per this article:
  http://technet.microsoft.com/en-us/network/cc987595.aspx
  this stated to do the following:
  Alternately, from the Windows XP or Windows Server 2003 desktop, click Start , point to Programs , point to Accessories , and then click Command Prompt . At the command prompt, type netsh interface ipv6 uninstall .
  To remove the IPv6 protocol for Windows XP with no service packs installed, do the following:
  Log on to the computer with a user account that has local administrator privileges.
  From the Windows XP desktop, click Start , point to Programs , point to Accessories , and then click Command Prompt .
  At the command prompt, type ipv6 uninstall .
  Unlike Windows XP and Windows Server 2003, IPv6 in Windows Vista and Windows Server 2008 cannot be uninstalled. However, you can disable IPv6 in Windows Vista and Windows Server 2008 by doing one of the following:
  In the Network Connections folder, obtain properties on all of your connections and adapters and clear the check box next to the Internet Protocol version 6 (TCP/IPv6) component in the list under This connection uses the following items .
  This method disables IPv6 on your LAN interfaces and connections, but does not disable IPv6 on tunnel interfaces or the IPv6 loopback interface.
  Add the following registry value (DWORD type) set to 0xFF:
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\DisabledComponents
  This method disables IPv6 on all your LAN interfaces, connections, and tunnel interfaces but does not disable the IPv6 loopback interface. You must restart the computer for this registry value to take effect.
  I did the above, and still, the Edge Transport servers would only perform AAAA lookups, and messages would sit in the queue.
  As temporary workaround, created new send connector with the three available MX hosts as possible smarthosts for subdomain.domain.com, and this allowed email flow.
  I've tried disabling the TCPIP6, and still doesnt work.  Any suggestions?

  Hi Allen and Paul,
  we experience problems in receiving mails from senders with this Exchage server problem. When we are aware of the problem, we send them the above mentioned link and ask them to make adjustments. Then afterwards usually mail arrives without any problems.
  The problem for us is that it seems as if the problem grows. More and more mail does not arrive on our mailadresses (mine for example is [email protected]) And not all of the senders recieve notifications that mail cannot be delivered. As you can imagine
  this situation is unacceptable and damaging our customer relations.
  Is there anything WE can do? (apart from sending them the information to make adjustements in their Exchange servers...)
  I hope you can help us...
  Thanks in advance
  Leonard
  Hi Leonard,
  as stated below we where experiencing the same problem with one of our customers. Seeing that it's a DNS related problem we suggested to the customer to change or add an additional DNS service through i.e. dyndns.com. After adding the current DNS records
  to the new DNS service mail started coming in from every customer that had problems.
  So for your clients i would suggest a similar solution, it helped over here at least.
  Kind regards,
  Philipp

• Relaying to Specific Domain

  What is the best practice for relaying messages sent externally to a specific domain? I'm not talking about relaying from outside Ironport then back to your email servers. I'm talking about relaying the other direction. So for example your email server sends and email from abc.com to Ironport, I want something on Ironport that says any email from abc.com relay to this IP or domain. Can that only be done using a Outgoing Content Filter?
  The goal is to have emails sent to a certain domain directed from Ironport to a vpn tunnel. 

  Depending on incoming vs. outgoing --- just create a content filter w/ alt-mailhost... and then also be sure to create an SMTP route for that alt-mailhost domain...
  Similar to --->
  SMTP route --->
  In my example --- I'm not really routing anywhere --- so, I am using /dev/null.
  Testing --- standard SMTP telnet --->
  mail from: [email protected]
  250 sender <[email protected]> ok
  rcpt to: [email protected]
  250 recipient <[email protected]> ok
  data
  354 go ahead
  subject: THIS IS A TEST
  HELLO
  250 ok:  Message 202 accepted
  Watching mail_logs --->
  Tue Apr 29 18:11:36 2014 Info: MID 202 ICID 610 From: <[email protected]>
  Tue Apr 29 18:11:41 2014 Info: MID 202 ICID 610 RID 0 To: <[email protected]>
  Tue Apr 29 18:11:49 2014 Info: MID 202 Subject 'THIS IS A TEST'
  Tue Apr 29 18:11:49 2014 Info: MID 202 ready 153 bytes from <[email protected]>
  Tue Apr 29 18:11:49 2014 Info: MID 202 matched all recipients for per-recipient policy DEFAULT in the inbound table
  Tue Apr 29 18:11:49 2014 Info: MID 202 interim verdict using engine: CASE spam negative
  Tue Apr 29 18:11:49 2014 Info: MID 202 using engine: CASE spam negative
  Tue Apr 29 18:11:49 2014 Info: MID 202 Outbreak Filters: verdict negative
  Tue Apr 29 18:11:49 2014 Info: MID 202 queued for delivery
  Tue Apr 29 18:11:49 2014 Info: Delivery start DCID 0 MID 202 to RID [0]
  Tue Apr 29 18:11:49 2014 Info: Message done DCID 0 MID 202 to RID [0] 
  Tue Apr 29 18:11:49 2014 Info: MID 202 RID [0] Response '/dev/null'
  Tue Apr 29 18:11:49 2014 Info: Message finished MID 202 done
  Message is sent where I wanted it... /dev/null.
  I hope this helps!
  -Robert
  (*If you have received the answer to your original question, and found this helpful/correct - please mark the question as answered, and be sure to leave a rating to reflect!)

• How Many Emails Are Sent Using Cres From a Specific Domain

  Am I able to produce a report which displays how many emails are sent using Cres Secure from a specific domain?

  There isn't a way to generate a "formal" report on this - but, you can tailor your own with using 'grep' on the CLI of your appliance... choose your mail_logs and use the key word "PXE encryption filter"
  Ex.
  <snip>
  Enter the number of the log you wish to grep.
  []> 17
  Enter the regular expression to grep.
  []> PXE encryption filter
  Do you want this search to be case insensitive? [Y]> 
  Do you want to tail the logs? [N]> 
  Do you want to paginate the output? [N]> 
  Define file selection pattern.
  []> 
  Mon Apr 14 10:09:17 2014 Info: MID 72 was generated based on MID 71 by PXE encryption filter '_CRES_encrypt'
  Mon Apr 14 12:08:58 2014 Info: MID 91 was generated based on MID 90 by PXE encryption filter 'SB_SSN'
  Mon Apr 14 12:32:01 2014 Info: MID 94 was generated based on MID 93 by PXE encryption filter '_CRES_encrypt'
  Tue Apr 15 12:04:35 2014 Info: MID 103 was generated based on MID 102 by PXE encryption filter '_CRES_encrypt'
  Tue Apr 15 16:07:24 2014 Info: MID 106 was generated based on MID 105 by PXE encryption filter 'Default Action'
  Tue Apr 15 16:10:50 2014 Info: MID 109 was generated based on MID 108 by PXE encryption filter '_CRES_encrypt'
  Wed Apr 16 10:57:22 2014 Info: MID 113 was generated based on MID 112 by PXE encryption filter 'Default Action'
  Wed Apr 16 11:00:12 2014 Info: MID 116 was generated based on MID 115 by PXE encryption filter 'Default Action'
  So - you can see that 8 messages were in mail_logs that went through the associated encryption filters.  If you export your mail_logs to a syslog server - and have full grep/sed/awk capabilities, you could then just do a count based on the grep string you are after to get the #'s easier.
  -Robert

• Error: Key already added to dictionary " domain \ username "

  Hello Community
      In Sharepoint 2013 Server I created a managed account.
      But when I try to create the Search Service application
  with that managed account as the configurable an error message
  appears stating some to the effect that:
       Key already added to dictionary "<domain>\<username>" : ... "<domain>\<username>"
      Since I couldn't use that same "<domain>\<username>", I created
  another new managed account and used that new managed account to create
  the Search Service and it worked.
      The question is why do I get that error stating:
          Key already added to dictionary "<domain>\<username>" : ... "<domain>\<username>" ?
      Thank you
      Shabeaut

  Is it specific to some particular managed account or for all the managed accounts ?
  Does that managed account exists twice ?
  Have a look at the following links if it gives you any pointers.
  https://tayzarminn.wordpress.com/2013/03/21/getting-error-like-item-has-already-been-added-key-in-dictionary-while-removingediting-managed-account-in-sharepoint-2010/
  http://sharepointgoose.blogspot.in/2012/08/getting-error-item-has-already-been.html
  Geetanjali Arora | My blogs |

• Dns server for specific domain

  Is there a way to define a dns server for a specific domain?
  I'm setting up a develop machine with an amp stack and i want to redirect all urls with a specific domain (i.e. project.dev) to 127.0.0.1.
  I've done this on OSX with dnsmasq configured in this way:
  # dnsmasq.conf
  address=/.dev/127.0.0.1
  listen-address=127.0.0.1
  port=35353
  and adding a dev file in /etc/resolver with this content
  # /etc/resolver/dev
  nameserver 127.0.0.1
  port 35353
  but this in arclinux with dhcpd doesn't work.
  I've tested dnsmasq with
  dig [email protected] -p 35353
  and it works (the address returned is 127.0.0.1) so the problem is the resolver.
  I've also tried either put into /etc/resov.conf.head this:
  # /etc/resolv.conf.head
  nameserver 127.0.0.1
  port 35353
  and configure dnsmasq with the default 53 port without luck.
  This is my /etc/resolv.conf
  # /etc/resolv.conf
  nameserver 127.0.0.1
  nameserver 192.168.0.1

  On linux you should simply run all dns request through one nameserver that forwards everything it doesn't understand. [Edit: You can do that with dnsmasq.] Another simple way to create a local developer zone would be to use wildcard_dns_proxy instead.
  Last edited by progandy (2015-03-03 17:20:29)

• Is it possible to restrict the ability to e-mail a pdf outside a specific domain name?

  Hello,
  I am trying to find a solution to a friends problem.  She has a quarterly publication that she sends out to big banks and financial institutions.  Recently she has had some problems with press leaks.  I am trying to find some security options for her however the task is difficult. Because these institutions have firewalls I am not sure encrypting or tracking is the right answer because the publication might not make it through. She wants users to be able to print the publication because many of the readers are older and prefer to read during their commute and at home.  Essentially I am looking for any ways to make readers think twice about sharing the information. I thought if I could restrict e-mail to a specific domain name that would help this way users can only e-mail within their specific company.  If any one has any suggestions please feel free to share. 

  Thank you Todd, I was able to get it to work but I do have a few more questions...
  1) When I tested this, at the top of the message, before any of the text I created, this showed up: This is a multi-part message in MIME format. --------------040406040801080102080500 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit
  2) After the signature line, this showed up: --------------040406040801080102080500 Content-Type: image/jpeg Content-Transfer-Encoding: base64 Content-ID: /9j/4AAQSkZJRgABAQEAYABgAAD/4QAiRXhpZgAATU0AKgAAAAgAAQESAAMAAAABAAEAAAAA AAD/2wBDAAIBAQIBAQICAgICAgICAwUDAwMDAwYEBAMFBwYHBwcGBwcICQsJCAgKCAcHCg0K CgsMDAwMBwkODw0MDgsMDAz/2wBDAQICAgMDAwYDAwYMCAcIDAwMDAwMDAwMDAwMDAwMDAwM DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAz/wAARCAC5ApUDASIAAhEBAxEB/8QA HwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQID AAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6 Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWm p6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/
  (It was actually much longer than that)
  Is there anyway that I can get that to go away? I obviously would prefer a nice, cleanly formatted e-mail to be sent just like I would send if I were creating it on the spot.
  Thanks,
  Evan

• Specific domain blocked for both mail programs

  Hi all. Need some help... One specific domain name's email addresses has been blocked by my mac for outgoing email from both 'mail' and entourage programs. I don't get any error messages but the emails never get delivered. However emails from the domain name get delivered to me just fine.
  It is isolated to my mac as I can send/receive using a different computer on the same internet connection to the domain name addresses.
  I think it results from a moment last week when I accidentally clicked on 'junk' instead of delete for an email from the domain name thats causing the trouble. I immediately clicked 'this is not junk', and thought nothing more of it. it appears that somehow the computer will now not deliver email to the domain name address in question. Its like a very specific block, but effects both mail programs. Apple Support suggested posting to this disscussion board or an 'archive and install'. Hope someone can help. thanks.
  iMac   Mac OS X (10.4.8)  

  Open one of these messages in the Sent mailbox, and then click on View in the Menubar of the Mail window, place the cursor on Message, and choose Long Headers from the resulting menu. In the Long Headers, is there on named Message ID#? If so, then the message was sent from this Mac, as the ID# must be reported back from the SMTP.
  Are you using Rich Text Format, when composing and sending on this Mac? Do these messages have any attachments, or images such as might be in a Signature? If this is the situation, then the RTF may be getting converted to HTML, and a SPAM filter in front of the recipient may be blocking the receipt of messages from this Mac.
  Try resending one of these message, after first changing to Plain Text, as a test. Open the message in the Sent mailbox, click on Message in the Menubar, and choose Send Again. Next click on Format in the Menubar, and choose Make Plain Text, and send.
  Keep us posted.
  Ernie

• Is there a way to "lock" an app tab so that it will stay on a specific domain?

  I use our family computer in the living room. I have told them numerous times not to change the app tab because I use it everyday, and I don't want it going to some game site. Unfortunately, they don't care and do it anyway. Is there a way that I can "lock" the tab so that it stays on that specific domain? example: facebook.com

  Unfortunately these don't lock tab by domain, but only a current page :( I'm also looking for a solution to enable domain browsing on locked tab. It seems like logical behavior, so I'm really surprised I can't find anything how to achieve it.