Documentation on settings up DP, MP in non trusted domain USING HTTPS
Is there any documentation that specifically talks about setting up a site system in a non trusted domain with management point and distribution point and communication using HTTPS.
I see some examples but none of them talk about the certificates that are required on the DP and MP in the non trusted site server.
Thanks Lance
Hi Jason,
I am stumped (and not a certificate guru) and not sure how to get certs based on the Config Manager Web Server template and Config Manager Distribution Client Template into the machine (Secondary MP/DP) that is in the untrusted domain. I hear
you about the untrusted domain part not making a difference. Our secondary MP/DP in the untrusted domain does have the root certificate in the trust root store.
I have tried MMC certificates, certreq and have tried to go directly to the CA (https://caserver/certsrv) but in neither case do the Config Manager Distribution Client nor Config Manager Web Server templates show up.
Conversely in the domain that the CA Server resides, I can request both of these certs in the MMC certificate plugin.
I am certain I am missing something.
We used this technet document to setup the certificate templates, etc.
http://technet.microsoft.com/en-us/library/gg682023.aspx
Thanks Lance
Similar Messages
-
OSD Across a Non-Trusted Domain
Hello All,
Thank you in advance for the help. I am trying to validate a configuration I would like to put in place for a client.
The client has Configuration Manager 2012 set up to manage computers in a non-trusted domain with no MPs in the non-trusted domain. There are DPs in the non-trusted domain. The site runs in an https configuration for these clients. We have configured a subordinate
CA in their forest that trusts the CA in the forest that hosts the ConfigMgr site servers and all certs are working fine.
My question: Will OSD function correctly for computers in the non-trusted domain? Or so I need to have an MP in the non-trusted domain as well?
Thanks!Hi Jason,
Yes, you are correct - there are multiple HTTP MPs that are reachable from the non-trusted forest's computers on the Intranet. There is also an HTTPS MP in the DMZ which is reachable from the internal network as well (we use split-brain DNS for this). The
DMZ MP in HTTPS mode can handle the requests from the non-trusted forest's clients and I envision DPs being configured in the non-trusted forest's domain in HTTPS mode to provide the DP service for the non-trusted domain's clients.
One of the other respondants indicated that they believed this config would work as long as the client could reach a PXE enabled DP. I don't see a reason this won't work as well with a boot image with a cert on it or via Software Center, right?
Does this configuration sound kosher?
Thank you! -
Distribution/management point in non trusted domain
Hoping somebody can clarify a stituation for us on distribution points on a machine in a non trusted domain.
We are assuming that this distribution point uses the same certicate that the primary distribution point uses.
Is this correct? When we try this it says that certicate is already in use and do we want to continue.
Thanks in advance.
Thanks LanceHi,
Please configuring CEP/CES web service and the following blog is for your reference.
https://blogs.technet.com/b/askds/archive/2010/05/25/enabling-cep-and-ces-for-enrolling-non-domain-joined-computers-for-certificates.aspx
Best Regards,
Joyce Li
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Gateway server in non trusted domain
I have been trying to monitor a non trusted domain from SCOM 2012 R2. All servers are running Server 2012 R2 and this is running in a home lab.
I have added the trusted root certificate to both the gateway server and the SCOM management server.
SCOM Management Server is OM01.Corp.ViaMonstra.Com.
Gateway Server is BMC-DC01.BMC.Intern.
Both of these servers have the trusted root cert for ViaMonstraRootCA.
I then created a OpsMgr certificate by copying the ipsec(offline request) and making a new template. This has server and client authentication.
I requested this on both the gateway server and the management server and exported it from the user store and into the local computer store (with the private key).
I also ran MOMCERTIMPORT on both servers, only one cert showed up on each server which was the one I created and imported into the personal area of the local computer store.
I have checked that the FQDN name of the management server appears in the required opsmanager registry keys and also the required tls2.1 keys are in place.
I have also run the gateway approval tool which can with success and installed the gateway server role using the opsmgr install media.
I see the event 20053 stating the opsmgr connector has loaded the specified authentication certificate succesfully.
Yet I will get the events 20057,21001,20071,21016
Any ideas what else I can try?Try these -
1)
http://social.technet.microsoft.com/Forums/ie/en-US/e478b734-b631-4daa-a752-e4557ad21fd7/gateway-unable-to-connect-to-management-server?forum=operationsmanagergeneral
2)
http://h10025.www1.hp.com/ewfrf/wc/document?cc=us&lc=en&docname=c03381439
3)
http://www2.wolzak.com/index.php/news-mainmenu-2/10-opsmanager/15-the-opsmgr-connector-could-not-connect-to-msomhsvcrms01local
4)
http://www.assemblein.info/system-center/steps-to-resolve-scom-2012-gateway-server-error-unmonitored-state/
Thanks, S K Agrawal -
Retrieve data from a non-peoplesoft application using HTTP Get
I need to retrieve data from a non-peoplesoft application. They want us to submit a HTTP GET request to their URL with a series of parameters. I am thinking about using HTTP Targert connector to accomplish this. Does anyone have sample peoplecode?
Currently we are on 8.51.10 Tools...
If there is any better way .. please let me know ..I have used HTTP Get to get XML file from a government sanction list by hitting URL http://www.treasury.gov/ofac/downloads/sdn.xml
There is a delivered PS program that does that for vendor sanctions. I had to get the online setup correctly by creating a new custom Node with HTTP Target Connector. The program name is BSP_IMPORT. The below code is responsible for the calling the node and retrieving the data. Play around with the code below see if you can get it to meet your needs.
BSP_IMPORT_AET.BANKNODE.Value is just the custom external code that I created.
PMT_FLAT_FILE_INBOUND message is just a none rowset based message to use the web service call.
Local TR:FileUtilities:FTP &oFTPUtil = create TR:FileUtilities:FTP();
+/* HTTP */+
+/*******************************************************************************/+
Local Message &msgHTTP;
Local Message &msgResult;
+&msgHTTP = CreateMessage(Message.PMT_FLAT_FILE_INBOUND);+
+&oFTPUtil.PopulateFTPGetIBInfo(&msgHTTP, BSP_IMPORT_AET.BANKNODE.Value);+
+&msgResult = %IntBroker.ConnectorRequest(&msgHTTP);+
+/* check to see if the file is wrapped */+
+&strAllLines = &msgResult.GenXMLString();+
+&strAllLines = Substitute(&strAllLines, Char(26), " "); /* Added this line to remove invalid characters */+
+/*******************************************************************************/+
Edited by: Maher on Mar 20, 2012 3:28 PM -
Scalability of Business Catalyst for non public domain use.
I have a client looking for a CMS setup that would be more like an intranet than a website, but it seems that all levels of subscription for BC have no more than 10 users as a limit. Is there a version that would allow significantly more? The traffic to said site would not be public domain available, a sign in would be necessary for all users. Also, there would need to be fairly robust security and e-commerce functionality, are both possible? We are looking at as many as 2000 users to start, with more possible as the business model progresses. Also needs the ability to integrate video without embedding youtube or vimeo videos, it would need to be served from the same server as the site for security reasons. Need as much info as possible in this regard.
You could build a website with 2,000 frontend users. The 10 users as part of the plan are users for the backend. IE: Users who can see statistics, edit the site, etc. .
It sounds like secure zones are what you are looking for. You could make your entire site a secure zone and have a person login via username and password.
BC can also handle video without issue (though the video files must be less than 100mb in size.) I will mention that Vimeo and other services have paid plans that allow you to lock a video so it is only viewable at a specified location and not to the public.
Ecommerce BC handles without issue. As for "robust security" what do you consider robust security. I consider BC very secure and is part of the reason I use BC. -
How to implement SSO to non-SAP systems using SAP logon ticket?
Hello,
We would like to implement Single Sign On between our SAP Netweaver system and a Siebel which is a non-SAP system using SAP logon tickets.
Can anyone please give me some leads on this, in particular:
1. Is there a JAVA API or an SAP plug-in that can be implemented on the Siebel machine to extract the SAP logon ticket?
2. As the other machine might seat on a complete different domain, is it possible to implement SAP logon ticket without using cookies (perhaps through the HTTP header?
3. In case you think using SAP logon tickets is not the best solution here I would be happy to hear any other suggestions you might have.
RoyHi,
I'm currently using SAML as well. Unfortunately the SAP J2EE cannot work as authority (identity provider) but what you can do is using an open implementation of SAML such as opensso which is an open version of SUNs Java System access manager.
There are a couple of other projects such as opensaml, apache's wss4j or shibboleth that might be interesting in this context.
I just installed opensso and got it working with SAP J2EE 7.0 using SAPs JAAS SAMLLoginModule to authenticate users within SAP J2EE.
In this scenario opensso serves as identity provider just as you need! There are a couple of Policy agents available on SUNs Download site you can use with Apache, Tomcat, JBOSS, WebSphere, Bea Web Logic etc. in order to authenticate! Otherwise you just directly authenticate against opensso. When installing opensso you can configure the type of user store you want to use! By default it uses LDAP but you can also use different types of user store using JDBC or other mechanisms. Since you have a Directory Service you could easily connect it to your existing directory.
There is also a way to map user ids directly in opensso by adding a uid mapping class. I created some documentation with lots of screenshots about using opensso with SAP J2EE. You can easily use opensso with any other system that supports SAML. In the case of SAP the usage is currently limited to SAML versions 1.0 and 1.1. Version 2.0 is not yet supported but should be in one of the following versions.
Here are some links you might want to check:
OpenSAML: https://spaces.internet2.edu/display/OpenSAML/Home
wss4j: http://ws.apache.org/wss4j/
shibboleth: http://shibboleth.internet2.edu/
opensso: https://opensso.dev.java.net/
On SDN you will find a documentation on how to connect SUN Java System Access Manager to SAP J2EE (see https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/906d9fc6-31b9-2910-1385-90edad7d7570). As I said opensso is based on the SUN Access Manager code and looks quite the same. So you can adapt this documentation in order to configure opensso or you can just ask me for the documentation.
Hope this is helpful...
Let me know if you need further assistance on this topic
Cheers -
Can the last link in a thunderbolt daisy-chain be a non-thunderbolt monitor, using miniDisplay port?
For example, Mac mini <--> external SSD <--> apple cinema display 30" (using miniDisplay port adaptor plugged into the SSD's second thunderbolt port)TechnoMax wrote:
for instance STAE122 or STAE 127?
FWIW, STAE129 is the current version TB adapter
that is self powered and has TB daisy chain port.
STAE122 and STAE127 are older versions and
not the current model, though there may be stock of
these around. As to whether this will solve your issue,
I don't know.
Can I trick the Mac under Bootcamp as OS to use HDMI for the monitor? Dell officially says that the monitor can only accept 1900x1080 over HDMI, but some have fiddled wth different computers with custom settings that worked with some Monitors but mostly under Linux and to Dell 2711.
The MacMini HDMI port is hardware limited to 1980x1200. -
Read Only for Non Trusted Users
Hi everyone:
Is it possible to forbid non trusted (or non certified) users for modifying the pdf (I'm interested in signing protection particularly) but allowing them to open the pdf in READ ONLY mode?
I'm wondering how to do it using Adobe Acrobat Professional 8 (info with Adobe Acrobat Pro X will be also appreciated) and opening the pdfs in their Reader corresponding versions (managing non trusted users as READ ONLY users).
Thanks for your time
Regards,
JavierThanks Bill:
I've been trying what you said, and is possible to "lock" the pdf so it's in read only mode via password (using Adobe Acrobat X). Is it possible to do the same with certificates? As far as I have seen, if you use certificates policies, you use the certificate to encrypt the document but then, non certified users are not allowed to access the pdf. I'm really interested in using certification restrictions but being able to access the pdf: I want to simulate the READ ONLY MODE for everybody and the WRITE mode for certified users.
Using this kind of restrictions, the only problem that I see (for end users) is that they should disable secure settings before editing / signing (this two options appear disabled with this method). Is it possible to get them available and open the "enter password" dialog when clicking them, not managing the security properties?
Thanks for your time
Regards
Javier -
can I use an airport express as a range extender to a NON apple router using an internet cable (so not wireless)
Yes, if the AirPort Express is set up to create a wireless network that uses the exact same wireless network name as the other router and the same wireless network password as the other router.
-
How to find out the Non Partitioned Tables used 2Gb on oracle
Hi team
how to find out the Non Partitioned Tables used > 2Gb on oracle where not is sys & system
regardsheres 1 I made earlier
set pagesize 999
set linesize 132
col owner format a25
col segment_name format a60
select owner,segment_name,segment_type,(bytes/1024/1024)"MB size"
from dba_segments
where owner not in ('SYS','SYSTEM','XDB','MDSYS','SYSMAN') -- edit for taste
and segment_type = 'TABLE'
having (bytes/1024/1024) > 2000
group by bytes, segment_Type, segment_name, owner
order by 4 asc -
Re: Problem with transferring of data to non sap by using FTP funtion modul
Hi all,
I am doing program of creating excise invoice details and those are transfering to non sap.and I am successfully passing text file to that non sap by using FTP connection.
like FTP_CONNECT
FTP_COMMAND
FTP_R3_TO_CLIENT
FTP_DISCONNECT
But text file details are coming like this
means even line items are all displaying in one row.means continously all line items are coming just like this.
0001000264,070914,,,1000,Steel (pune) Plant,
Retail Outlet 1,0001000265,070914,,,1000,Steel (hyderabad) Plant,Retail Outlet 1
Actually here problem is text file data is continously coming with ','
means actually those values has to come as
0001000264,070914,,,1000,ESSAR Steel (Hazira) Plant,Retail Outlet 1
0001000264,070914,,,1000,ESSAR Steel (Hazira) Plant,Retail Outlet 1
How to split those records when sending the text file.
This is very big issue.I am unable to complete this issue.
Please if any one knows the solution please guide me.
please help me.
Thanks & Regards,
J.GoudHi all,
I am doing program of creating excise invoice details and those are transfering to non sap.and I am successfully passing text file to that non sap by using FTP connection.
like FTP_CONNECT
FTP_COMMAND
FTP_R3_TO_CLIENT
FTP_DISCONNECT
But text file details are coming like this
means even line items are all displaying in one row.means continously all line items are coming just like this.
0001000264,070914,,,1000,Steel (pune) Plant,
Retail Outlet 1,0001000265,070914,,,1000,Steel (hyderabad) Plant,Retail Outlet 1
Actually here problem is text file data is continously coming with ','
means actually those values has to come as
0001000264,070914,,,1000,ESSAR Steel (Hazira) Plant,Retail Outlet 1
0001000264,070914,,,1000,ESSAR Steel (Hazira) Plant,Retail Outlet 1
How to split those records when sending the text file.
This is very big issue.I am unable to complete this issue.
Please if any one knows the solution please guide me.
please help me.
Thanks & Regards,
J.Goud -
Problem with transferring of data to non sap by using FTP funtion modul
Hi all,
I am doing program of creating excise invoice details and those are transfering to non sap.and I am successfully passing text file to that non sap by using FTP connection.
like FTP_CONNECT
FTP_COMMAND
FTP_R3_TO_CLIENT
FTP_DISCONNECT
But text file details are coming like this
means even line items are all displaying in one row.means continously all line items are coming just like this.
0001000264,070914,,,1000,Steel (pune) Plant,
Retail Outlet 1,0001000265,070914,,,1000,Steel (hyderabad) Plant,Retail Outlet 1
Actually here problem is text file data is continously coming with ','
means actually those values has to come as
0001000264,070914,,,1000,ESSAR Steel (Hazira) Plant,Retail Outlet 1
0001000264,070914,,,1000,ESSAR Steel (Hazira) Plant,Retail Outlet 1
How to split those records when sending the text file.
This is very big issue.I am unable to complete this issue.
Please if any one knows the solution please guide me.
please help me.
Thanks & Regards,
J.GoudHi,
Thanks for reply.
Hi all,
My problem was solved.But I have used GUI_DOWNLOAD.
But i want to place the file name with increasing order number.
Just like suppose 1st i am placing file name as PO000051.txt
next time the file name has to be placed with increasing order like PO000052.txt
I am generating the number in my program actually i am using like this.If i keep file name as
190.0.18.65\qdls\ITGSAP_P\PO000052.txt means only it will place only that file how to increment that number. i am not getting.
If i am keeping
190.0.18.65\qdls\ITGSAP_P\g_file like this means file is not placing.
pls help me if any one knows solution.
CALL FUNCTION 'GUI_DOWNLOAD'
EXPORTING
BIN_FILESIZE = ' '
CODEPAGE = ' '
FILENAME = '
190.0.18.65\qdls\ITGSAP_P\g_file'
FILETYPE = ' '
MODE = ' '
WK1_N_FORMAT = ' '
WK1_N_SIZE = ' '
WK1_T_FORMAT = ' '
WK1_T_SIZE = ' '
COL_SELECT = ' '
COL_SELECTMASK = ' '
importing
filelength =
TABLES
DATA_TAB = ist_file
FIELDNAMES =
EXCEPTIONS
FILE_OPEN_ERROR = 1
FILE_WRITE_ERROR = 2
INVALID_FILESIZE = 3
INVALID_TABLE_WIDTH = 4
INVALID_TYPE = 5
NO_BATCH = 6
UNKNOWN_ERROR = 7
OTHERS = 8.
Regards,
j.Goud -
Purchase order Field LIke Material , Non editable by using Trax code Me22n
Guru
How to make Purchase order Field LIke Material , Non editable by using Trax code Me22n
ThanksHi
Check this in SPRO- SAP IMG- Material Management - Purchasing- Purchase order- Define screen lay out at document level
In this select the particular field selection key and change the material field to display.
Hope it will do
Regards,
Raman -
hi, i cannot publish my iWeb site with a non mac domaine name...can anyone help please?
Hi, I have a site developed by myself usinf iWeb and as iWeb are no longer hosting teh sites in 2012 i have found another domaine. It is with Go Daddy and the domaine / name is live. I have tried to publish site using fttp but keeps coming up wih a common error message saying the info i have input is incorrect. I have tread this may be an issue if host is a windows based host???
appreciete your help
Maybe you are looking for
-
How to get list data and bind to data table or Grid view in share point 2010 using j query
hi, How to bind list data in to data table or grid view using Sp Services. How to use sp services in share point 2010 lists and document library
-
MacBook Pro will not wake up under Windows 7
Note: I've just installed Boot Camp 3.1 and the problem persists. The first time I put the computer to sleep (by closing the lid) under Windows 7 x64, it will sleep and wake no problem. The sleep indicator will flash. If I try to put it to sleep a se
-
How to read xml elements in Bpel
Hi, I had created an empty Bpel Process and configured file adapter to a directory, In my text file i have 3 records with four columns, each column seperated by ',' and each record seperated by "EOL(end of line)", Below is the xsd file generated by t
-
APP-PAY-06153 SYSTEM ERROR:Procedure at step 1
Hi All, I select Inventory ,Vision Operations(USA) responsibility---------->Setup----->Oraganisations----->organisations when i selected that getting the below error. APP-PAY-06153 System Error:Procedure INIT_FORMS STEP 1 cause: The Procedure INIT_FO
-
Will Apple ever become entrenched in the Business Workplace?
The post Will Apple ever become entrenched in the Business Workplace? appeared first on PostmanMojo.com, Inc.. Read More This topic first appeared in the Spiceworks Community