Documentation on settings up DP, MP in non trusted domain USING HTTPS

Similar Messages

• OSD Across a Non-Trusted Domain

  Hello All,
  Thank you in advance for the help. I am trying to validate a configuration I would like to put in place for a client.
  The client has Configuration Manager 2012 set up to manage computers in a non-trusted domain with no MPs in the non-trusted domain. There are DPs in the non-trusted domain. The site runs in an https configuration for these clients. We have configured a subordinate
  CA in their forest that trusts the CA in the forest that hosts the ConfigMgr site servers and all certs are working fine.
  My question: Will OSD function correctly for computers in the non-trusted domain? Or so I need to have an MP in the non-trusted domain as well?
  Thanks!

  Hi Jason,
  Yes, you are correct - there are multiple HTTP MPs that are reachable from the non-trusted forest's computers on the Intranet. There is also an HTTPS MP in the DMZ which is reachable from the internal network as well (we use split-brain DNS for this). The
  DMZ MP in HTTPS mode can handle the requests from the non-trusted forest's clients and I envision DPs being configured in the non-trusted forest's domain in HTTPS mode to provide the DP service for the non-trusted domain's clients.
  One of the other respondants indicated that they believed this config would work as long as the client could reach a PXE enabled DP. I don't see a reason this won't work as well with a boot image with a cert on it or via Software Center, right?
  Does this configuration sound kosher?
  Thank you!

• Distribution/management point in non trusted domain

  Hoping somebody can clarify a stituation for us on distribution points on a machine in a non trusted domain.
  We are assuming that this distribution point uses the same certicate that the primary distribution point uses.
  Is this correct?   When we try this it says that certicate is already in use and do we want to continue.
  Thanks in advance.
  Thanks Lance

  Hi,
  Please configuring CEP/CES web service and the following blog is for your reference.
  https://blogs.technet.com/b/askds/archive/2010/05/25/enabling-cep-and-ces-for-enrolling-non-domain-joined-computers-for-certificates.aspx
  Best Regards,
  Joyce Li
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Gateway server in non trusted domain

  I have been trying to monitor a non trusted domain from SCOM 2012 R2. All servers are running Server 2012 R2 and this is running in a home lab.
  I have added the trusted root certificate to both the gateway server and the SCOM management server. 
  SCOM Management Server is OM01.Corp.ViaMonstra.Com.
  Gateway Server is BMC-DC01.BMC.Intern.
  Both of these servers have the trusted root cert for ViaMonstraRootCA.
  I then created a OpsMgr certificate by copying the ipsec(offline request) and making a new template. This has server and client authentication.
  I requested this on both the gateway server and the management server and exported it from the user store and into the local computer store (with the private key). 
  I also ran MOMCERTIMPORT on both servers, only one cert showed up on each server which was the one I created and imported into the personal area of the local computer store.
  I have checked that the FQDN name of the management server appears in the required opsmanager registry keys and also the required tls2.1 keys are in place.
  I have also run the gateway approval tool which can with success and installed the gateway server role using the opsmgr install media.
  I see the event 20053 stating the opsmgr connector has loaded the specified authentication certificate succesfully.
  Yet I will get the events 20057,21001,20071,21016
  Any ideas what else I can try?

  Try these -
  1)
  http://social.technet.microsoft.com/Forums/ie/en-US/e478b734-b631-4daa-a752-e4557ad21fd7/gateway-unable-to-connect-to-management-server?forum=operationsmanagergeneral
  2)
  http://h10025.www1.hp.com/ewfrf/wc/document?cc=us&lc=en&docname=c03381439
  3)
  http://www2.wolzak.com/index.php/news-mainmenu-2/10-opsmanager/15-the-opsmgr-connector-could-not-connect-to-msomhsvcrms01local
  4)
  http://www.assemblein.info/system-center/steps-to-resolve-scom-2012-gateway-server-error-unmonitored-state/
  Thanks, S K Agrawal

• Retrieve data from a non-peoplesoft application using HTTP Get

  I need to retrieve data from a non-peoplesoft application. They want us to submit a HTTP GET request to their URL with a series of parameters. I am thinking about using HTTP Targert connector to accomplish this. Does anyone have sample peoplecode?
  Currently we are on 8.51.10 Tools...
  If there is any better way .. please let me know ..

  I have used HTTP Get to get XML file from a government sanction list by hitting URL http://www.treasury.gov/ofac/downloads/sdn.xml
  There is a delivered PS program that does that for vendor sanctions. I had to get the online setup correctly by creating a new custom Node with HTTP Target Connector. The program name is BSP_IMPORT. The below code is responsible for the calling the node and retrieving the data. Play around with the code below see if you can get it to meet your needs.
  BSP_IMPORT_AET.BANKNODE.Value is just the custom external code that I created.
  PMT_FLAT_FILE_INBOUND message is just a none rowset based message to use the web service call.
  Local TR:FileUtilities:FTP &oFTPUtil = create TR:FileUtilities:FTP();
  +/* HTTP */+
  +/*******************************************************************************/+
  Local Message &msgHTTP;
  Local Message &msgResult;
  +&msgHTTP = CreateMessage(Message.PMT_FLAT_FILE_INBOUND);+
  +&oFTPUtil.PopulateFTPGetIBInfo(&msgHTTP, BSP_IMPORT_AET.BANKNODE.Value);+
  +&msgResult = %IntBroker.ConnectorRequest(&msgHTTP);+
  +/* check to see if the file is wrapped */+
  +&strAllLines = &msgResult.GenXMLString();+
  +&strAllLines = Substitute(&strAllLines, Char(26), " "); /* Added this line to remove invalid characters */+
  +/*******************************************************************************/+
  Edited by: Maher on Mar 20, 2012 3:28 PM

• Scalability of Business Catalyst for non public domain use.

  I have a client looking for a CMS setup that would be more like an intranet than a website, but it seems that all levels of subscription for BC have no more than 10 users as a limit. Is there a version that would allow significantly more? The traffic to said site would not be public domain available, a sign in would be necessary for all users.  Also, there would need to be fairly robust security and e-commerce functionality, are both possible? We are looking at as many as 2000 users to start, with more possible as the business model progresses. Also needs the ability to integrate video without embedding youtube or vimeo videos, it would need to be served from the same server as the site for security reasons. Need as much info as possible in this regard.

  You could build a website with 2,000 frontend users. The 10 users as part of the plan are users for the backend. IE: Users who can see statistics, edit the site, etc. .
  It sounds like secure zones are what you are looking for. You could make your entire site a secure zone and have a person login via username and password.
  BC can also handle video without issue (though the video files must be less than 100mb in size.)  I will mention that Vimeo and other services have paid plans that allow you to lock a video so it is only viewable at a specified location and not to the public.
  Ecommerce BC handles without issue. As for "robust security" what do you consider robust security. I consider BC very secure and is part of the reason I use BC.

• How to implement SSO to non-SAP systems using SAP logon ticket?

  Hello,
  We would like to implement Single Sign On between our SAP Netweaver system and a Siebel which is a non-SAP system using SAP logon tickets.
  Can anyone please give me some leads on this, in particular:
  1. Is there a JAVA API or an SAP plug-in that can be implemented on the Siebel machine to extract the SAP logon ticket?
  2. As the other machine might seat on a complete different domain, is it possible to implement SAP logon ticket without using cookies (perhaps through the HTTP header?
  3. In case you think using SAP logon tickets is not the best solution here I would be happy to hear any other suggestions you might have.
  Roy

  Hi,
  I'm currently using SAML as well. Unfortunately the SAP J2EE cannot work as authority (identity provider) but what you can do is using an open implementation of SAML such as opensso which is an open version of SUNs Java System access manager.
  There are a couple of other projects such as opensaml, apache's wss4j or shibboleth that might be interesting in this context.
  I just installed opensso and got it working with SAP J2EE 7.0 using SAPs JAAS SAMLLoginModule to authenticate users within SAP J2EE.
  In this scenario opensso serves as identity provider just as you need! There are a couple of Policy agents available on SUNs Download site you can use with Apache, Tomcat, JBOSS, WebSphere, Bea Web Logic etc. in order to authenticate! Otherwise you just directly authenticate against opensso. When installing opensso you can configure the type of user store you want  to use! By default it uses LDAP but you can also use different types of user store using JDBC or other mechanisms. Since you have a Directory Service you could easily connect it to your existing directory.
  There is also a way to map user ids directly in opensso by adding a uid mapping class. I created some documentation with lots of screenshots about using opensso with SAP J2EE. You can easily use opensso with any other system that supports SAML. In the case of SAP the usage is currently limited to SAML versions 1.0 and 1.1. Version 2.0 is not yet supported but should be in one of the following versions.
  Here are some links you might want to check:
  OpenSAML: https://spaces.internet2.edu/display/OpenSAML/Home
  wss4j: http://ws.apache.org/wss4j/
  shibboleth: http://shibboleth.internet2.edu/
  opensso: https://opensso.dev.java.net/
  On SDN you will find a documentation on how to connect SUN Java System Access Manager to SAP J2EE (see https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/906d9fc6-31b9-2910-1385-90edad7d7570). As I said opensso is based on the SUN Access Manager code and looks quite the same. So you can adapt this documentation in order to configure opensso or you can just ask me for the documentation.
  Hope this is helpful...
  Let me know if you need further assistance on this topic
  Cheers

• Can the last link in a thunderbolt daisy-chain be a non-thunderbolt monitor using miniDisplay port?

  Can the last link in a thunderbolt daisy-chain be a non-thunderbolt monitor, using miniDisplay port?
  For example, Mac mini <--> external SSD <--> apple cinema display 30" (using miniDisplay port adaptor plugged into the SSD's second thunderbolt port)

  TechnoMax wrote:
  for instance STAE122 or STAE 127?
  FWIW, STAE129 is the current version TB adapter
  that is self powered and has TB daisy chain port.
  STAE122 and STAE127 are older versions and
  not the current model, though there may be stock of
  these around.  As to whether this will solve your issue,
  I don't know.
  Can I trick the Mac under Bootcamp as OS to use HDMI for the monitor? Dell officially says that the monitor can only accept 1900x1080 over HDMI, but some have fiddled wth different computers with custom settings that worked with some Monitors but mostly under Linux and to Dell 2711.
  The MacMini HDMI port is hardware limited to 1980x1200.

• Read Only for Non Trusted Users

  Hi everyone:
  Is it possible to forbid non trusted (or non certified) users for modifying the pdf (I'm interested in signing protection particularly) but allowing them to open the pdf in READ ONLY mode?
  I'm wondering how to do it using Adobe Acrobat Professional 8 (info with Adobe Acrobat Pro X will be also appreciated) and opening the pdfs in their Reader corresponding versions (managing non trusted users as READ ONLY users).
  Thanks for your time
  Regards,
  Javier

  Thanks Bill:
  I've been trying what you said, and is possible to "lock" the pdf so it's in read only mode via password (using Adobe Acrobat X). Is it possible to do the same with certificates? As far as I have seen, if you use certificates policies, you use the certificate to encrypt the document but then, non certified users are not allowed to access the pdf. I'm really interested in using certification restrictions but being able to access the pdf: I want to simulate the READ ONLY MODE for everybody and the WRITE mode for certified users.
  Using this kind of restrictions, the only problem that I see (for end users) is that they should disable secure settings before editing / signing (this two options appear disabled with this method). Is it possible to get them available and open the "enter password" dialog when clicking them, not managing the security properties?
  Thanks for your time
  Regards
  Javier

• Can I use an airport express as a range extender to a NON apple router using an internet cable (so not wireless)

  can I use an airport express as a range extender to a NON apple router using an internet cable (so not wireless)

  Yes, if the AirPort Express is set up to create a wireless network that uses the exact same wireless network name as the other router and the same wireless network password as the other router.

• How to find out the Non Partitioned Tables used 2Gb on oracle

  Hi team
  how to find out the Non Partitioned Tables used > 2Gb on oracle where not is sys & system
  regards

  heres 1 I made earlier
  set pagesize 999
  set linesize 132
  col owner format a25
  col segment_name format a60
  select owner,segment_name,segment_type,(bytes/1024/1024)"MB size"
  from dba_segments
  where owner not in ('SYS','SYSTEM','XDB','MDSYS','SYSMAN') -- edit for taste
  and segment_type = 'TABLE'
  having (bytes/1024/1024) > 2000
  group by bytes, segment_Type, segment_name, owner
  order by 4 asc

• Re: Problem with transferring of data to non sap by using FTP funtion modul

  Hi all,
           I am doing program of creating excise invoice details and those are transfering to non sap.and I am successfully passing text file to that non sap by using FTP connection.
  like FTP_CONNECT
  FTP_COMMAND
  FTP_R3_TO_CLIENT
  FTP_DISCONNECT
  But text file details are coming like this
  means even line items are all displaying in one row.means continously all line items are coming just like this.
  0001000264,070914,,,1000,Steel (pune) Plant,
  Retail Outlet 1,0001000265,070914,,,1000,Steel (hyderabad) Plant,Retail Outlet 1
  Actually here problem is text file data is continously coming with ','
  means actually those values has to come as
           0001000264,070914,,,1000,ESSAR Steel (Hazira) Plant,Retail Outlet 1
          0001000264,070914,,,1000,ESSAR Steel (Hazira) Plant,Retail Outlet 1
  How to split those records when sending the text file.
  This is very big issue.I am unable to complete this issue.
  Please if any one knows the solution please guide me.
  please help me.
  Thanks & Regards,
  J.Goud

  Hi all,
           I am doing program of creating excise invoice details and those are transfering to non sap.and I am successfully passing text file to that non sap by using FTP connection.
  like FTP_CONNECT
  FTP_COMMAND
  FTP_R3_TO_CLIENT
  FTP_DISCONNECT
  But text file details are coming like this
  means even line items are all displaying in one row.means continously all line items are coming just like this.
  0001000264,070914,,,1000,Steel (pune) Plant,
  Retail Outlet 1,0001000265,070914,,,1000,Steel (hyderabad) Plant,Retail Outlet 1
  Actually here problem is text file data is continously coming with ','
  means actually those values has to come as
           0001000264,070914,,,1000,ESSAR Steel (Hazira) Plant,Retail Outlet 1
          0001000264,070914,,,1000,ESSAR Steel (Hazira) Plant,Retail Outlet 1
  How to split those records when sending the text file.
  This is very big issue.I am unable to complete this issue.
  Please if any one knows the solution please guide me.
  please help me.
  Thanks & Regards,
  J.Goud

• Problem with transferring of data to non sap by using FTP funtion modul

  Hi all,
           I am doing program of creating excise invoice details and those are transfering to non sap.and I am successfully passing text file to that non sap by using FTP connection.
  like FTP_CONNECT
  FTP_COMMAND
  FTP_R3_TO_CLIENT
  FTP_DISCONNECT
  But text file details are coming like this
  means even line items are all displaying in one row.means continously all line items are coming just like this.
  0001000264,070914,,,1000,Steel (pune) Plant,
  Retail Outlet 1,0001000265,070914,,,1000,Steel (hyderabad) Plant,Retail Outlet 1
  Actually here problem is text file data is continously coming with ','
  means actually those values has to come as
           0001000264,070914,,,1000,ESSAR Steel (Hazira) Plant,Retail Outlet 1
          0001000264,070914,,,1000,ESSAR Steel (Hazira) Plant,Retail Outlet 1
  How to split those records when sending the text file.
  This is very big issue.I am unable to complete this issue.
  Please if any one knows the solution please guide me.
  please help me.
  Thanks & Regards,
  J.Goud

  Hi,
       Thanks for reply.
  Hi all,
              My problem was solved.But I have used GUI_DOWNLOAD.
      But i want to place the file name with increasing order number.
  Just like suppose 1st i am placing file name as  PO000051.txt
  next time the file name has to be placed with increasing order like PO000052.txt
  I am generating the number in my program actually i am using like this.If i keep file name as
  190.0.18.65\qdls\ITGSAP_P\PO000052.txt means only it will place only that file how to increment that number. i am not getting.
  If i am keeping
  190.0.18.65\qdls\ITGSAP_P\g_file   like this means file is not placing.
  pls help me if any one knows solution.
    CALL FUNCTION 'GUI_DOWNLOAD'
         EXPORTING
            BIN_FILESIZE        = ' '
            CODEPAGE            = ' '
              FILENAME            = '
  190.0.18.65\qdls\ITGSAP_P\g_file'
            FILETYPE            = ' '
            MODE                = ' '
            WK1_N_FORMAT        = ' '
            WK1_N_SIZE          = ' '
            WK1_T_FORMAT        = ' '
            WK1_T_SIZE          = ' '
            COL_SELECT          = ' '
            COL_SELECTMASK      = ' '
        importing
             filelength          =
         TABLES
              DATA_TAB            = ist_file
            FIELDNAMES          =
         EXCEPTIONS
              FILE_OPEN_ERROR     = 1
              FILE_WRITE_ERROR    = 2
              INVALID_FILESIZE    = 3
              INVALID_TABLE_WIDTH = 4
              INVALID_TYPE        = 5
              NO_BATCH            = 6
              UNKNOWN_ERROR       = 7
              OTHERS              = 8.
  Regards,
  j.Goud

• Purchase order Field LIke Material , Non editable by using Trax code Me22n

  Guru
  How to make Purchase order Field LIke Material , Non editable by using Trax code Me22n
  Thanks

  Hi
  Check this in SPRO- SAP IMG- Material Management - Purchasing- Purchase order- Define screen lay out at document level
  In this select the particular field selection key and change the material field to display.
  Hope it will do
  Regards,
  Raman

• Hi, i cannot publish my iWeb site with  a non mac domaine name...can anyone help please?

  hi, i cannot publish my iWeb site with  a non mac domaine name...can anyone help please?

  Hi, I have a site developed by myself usinf iWeb and as iWeb are no longer hosting teh sites in 2012 i have found another domaine. It is with Go Daddy and the domaine / name is live. I have tried to publish site using fttp but keeps coming up wih a common error message saying the info i have input is incorrect. I have tread this may be an issue if host is a windows based host???
  appreciete your help