AD RMS - trusted publishing domain

Similar Messages

• Error to export Trusted Publishing Domains

  Hi, I've a problem with an AD RMS installation.
  1. The digital certificate (ssl) is wrong, missed its private key
  2. I replaced by a new certificate (ssl) and the Verification URL its Ok (certification and licencing).
  3. I can't change the Cluster Key Password and the Password Service Account from AD RMS console and I cannot export the Trusted Publishing Domain to install a New AD RMS and import the "old" Trusted Publishing Domain:
  I need to know which option I have to get my AD RMS and continue to open my documents and email(outlook) protected.
  Camilo L

  Hi Camilo,
  Have you tried to access http(or https)://server_name/_wmcs/certification/certification.asmx and licensing pipeline to confirm that ADRMS is working correctly?
  Are you sure your cluster key is correct?
  Can you please try to add another W2K8R2 server with "Join an existing AD RMS cluster" option?
  Also, please view ADRMS DR guide, which you may find usefull http://social.technet.microsoft.com/wiki/contents/articles/9111.disaster-recovery-guide-for-active-directory-rights-management-services.aspx
  Did my post help you or make you laugh? Don't forget to click the Helpful vote :) If I answered your question please mark my post as an Answer.

• How do I sign my VB / VS 2010 based shared COM add-in for Excel so it loads when the user has checked "Require application add-ins to be signed by a trusted publisher"?

  My COM add-in is developed using VS 2010 and VB. It's a shared COM add-in (not VSTO) and it works with Excel 2007 - 2013. My installer is signed with a code signing certificate but it would appear that my add-in's .dll should also be signed if the user has
  checked the "Require application add-ins to be signed by a trusted publisher" option.
  The "Sign the assembly" option is checked in my add-in's VB -> My Project -> Signing. I have a .snk file selected which I seem to recall generating 6 or 7 years ago when I ported the COM add-in from VB6 to .NET. 
  I have an up-to-date Comodo code signing certificate (a pfx file called MyCompanyCodeSigningCertificatePrivateKey.pfx) which I purchased to use with the installer and was wondering if and how I could use this.
  I tried selecting my pfx file in the My Project -> Signing -> "Choose a strong name key file" dialog. It made a copy of the pfx file in my project folder but when I tried to build the project, I got the following error:
  Error 1 Cannot import the following key file: MyCompanyCodeSigningCertificatePrivateKey.pfx. The key file may be password protected. To correct this, try to import the certificate again or manually install the certificate to the Strong Name CSP with the
  following key container name: VS_KEY_C0B6F251F0FB6016
  After a little research, I found out I might be able to use signtool to sign the dll in a post-build step.
  I added the following command to the post-build event, before the command I use to regasm the assembly.
  "path to signtool\signtool" sign /f "MyCompanyCodeSigningCertificatePrivateKey.pfx" /p "xxxx" /v "$(TargetPath)"
  When I built the project, the dll appeared to get signed (the output window showed a bunch of confirming text as well as "Successfully signed: c:\MyAddIn\bin\Release\MyAddIn.dll") but the next step in the post-build (regasm myaddin.dll /codebase)
  issued a warning RA0000 (see below) but reported "Types registered successfully".
  Here's the message I get from regasm, even though the output window says the dll was sucessfully signed:
  RegAsm : warning RA0000: Registering an unsigned assembly with /codebase can cause your assembly to interfere with other applications that may be installed on the same computer. The /codebase switch is intended to be used only with signed assemblies. Please give your assembly a strong name and re-register it.
  Types registered successfully
  I'm not using a shim if that makes a difference.
  How do I sign my add-in so it loads when the user has checked "Require application add-ins to be signed by a trusted publisher"?
  Any tips would be appreciated.

  Hello,
  Why do you need to use the regasm utility from the post-build action?
  There is a difference between signing the assembly with a strong name and digital signature. The
  How to: Sign an Assembly with a Strong Name article in MSDN explains how to sign an assembly with a strong name (.snk). See
  How to digitally sign a strong named assembly for adding a digital signature.
  You may also find the
  What's the Difference, Part Five: certificate signing vs strong naming article helpful.

• Filter out PeoplePicker results coming from trusted AD domains

  We have individuals who have accounts in multiple trusted domains. Thus when a search in PeoplePicker is performed, results will return multiple entries for those individuals.
  i.e. Bob has account in main AD domain foo.int and also has an account in trusted AD domain bar.int . Search for Bob in PeoplePicker currently returns both entries which is confusing to users.
  We have deprecated the trusted domain and eventually it will go away. However until then we want PeoplePicker to only return results from MAIN domain foo.int.
  I believe the correct solution is to setproperty peoplepicker-searchadcustomquery so that PeoplePicker only returns results from the main domain.
  I am not sure of the proper syntax and proper AD attribute to use in the property value for this command.
  stsadm -o setproperty -pn peoplepicker-searchadcustomquery -pv (?????)
  (from http://technet.microsoft.com/en-us/library/cc262988.aspx)
  Or is there another approach to this problem?

  Hi Bruce, 
  You want to restrict people picker to specific Domain.
  You can use the following command:
  stsadm -o setsiteuseraccountdirectorypath -url http://<RootSiteURL> -path "<Path to OU>"
  Path to OU examples:
  Single Domain: DC=DOMAIN, DC=COM
  For more information, see Setsiteuseraccountdirectorypath: Stsadm operation (Office SharePoint Server) (http://technet.microsoft.com/en-us/library/cc263328.aspx)
  By the way the command you used before can also achieve the goal, what you need to do is specify a correct LDAP filter.
  stsadm -o setproperty -pn peoplepicker -searchadcustomfilter -pv <LDAP Filter>
  Hope the information can be helpful.
  -lambert
  Posting is provided "AS IS" with no warranties, and confers no rights.

• How To Register Adobe As A Trusted Publisher to Microsoft Access 2007

  Hello:
  I am a Microsoft Access developer, and I recently wrote an application that opens PDF documents from within Microsoft Access.  The documents are opened using Adobe Reader.  Every time it opens a document, I receive a security warning.  I am using the Hyperlink Method from within VBA.  In the Microsoft Access 2007 Trust center, Adobe is not on the "Trusted Publisher" list.  Does anyone know how to make Adobe a trusted publisher?  From within Access, there does not seem to be a way to "Add Trusted Publisher".  It all has to do with Security Certificates.
  Thanks,
  Rich Locus

  Isn't it up to Microsoft to tell you how to make a program a trusted publisher for Access?

• Do I need to enable trust between domains in the following scenario

  I have a domain x and domain y on 2 seperate machines. My client logs into domain x does stuff and logs out. The same client now logs into domian y and needs to do stuff, but the second domain kicks out the client by throwing an exception saying "invalid subject" etc .. But the same scenario works if I enable trust between both domains or have my client restart. What should I do so that the client can logout of domain x and login to domain y without having to enable trust betweeen domain x and y and without having to restart the client.
  Thanks
  Prashanth

  Hi Mike,
  there is no switching circuitry on the UMI, that could disable the Iso Power outputs and there is nothing you need to configure in MAX. If you can't measure a voltage between Iso Power and Iso Common pins on the Dsub outputs, the UMI might be defective (e. g. blown fuse). Please contact your local NI branch for repair options.
  Thanks and kind regards,
  Jochen

• Unhandled exception was thrown by the sandboxed code wrapper's Execute method in the partial trust app domain

  Hi All,
    I have created a custom web part in VS 2008 for Share point server 2010 with DevExpress v12.2.17, and deployed as Sandboxed solution. when i add that web parts in web part zone i am getting the error as "Web Part Error:
  Unhandled exception was thrown by the sandboxed code wrapper's Execute method in the partial trust app domain: An unexpected error has occurred. ".
  If there is any way to get detailed error either log file or event viewer.
  Kindly advice to find the cause of the problem.
  Thanks,
  Selvakumar.S

  Hello,
  Are you impersonating your code? Have you tried to debug your code by attaching SPUCHostService.exe? if not please do so.
  You also need to check ULS log for more information about this error. Here is one ref link if this could help
  http://sohilmakwana.wordpress.com/2013/11/29/sandbox-error-unhandled-exception-was-thrown-by-the-sandboxed-code-wrappers-execute-method-in-the-partial-trust-app-domain/
  Hemendra:Yesterday is just a memory,Tomorrow we may never see
  Please remember to mark the replies as answers if they help and unmark them if they provide no help

• Problem creating external trust between domains

  Hello,
  When I try to create one-way incoming external trust between 2 domains (to DomainA from DomainB) in separate forests I get this info:
  This domain already has a one-way trust relationshp with specified domain.
  But I cannot see it on the list of trusts either incoming or outgoing (in both domains).
  For sure trust was never setup before.
  In DomainA there are several other external not transitive trusts with other domains. But for sure DomainB do not have any incoming or outgoing trusts on list. Name resolution betwen domains is OK. I can ping domain name on both sides.
  Any help is welcome.
  Darek.

  Hi,
  Were there error events logged in Event Viewer? Besides, did we open necessary firewall ports for creating external trust?
  Regarding firewall ports, the following thread can be referred to for more information.
  Creating external trust between domain on different forest
  http://social.technet.microsoft.com/Forums/en-US/efe56730-ff95-4d6b-b95c-fc2c01ebd2d3/creating-external-trust-between-domain-on-different-forest?forum=winserverDS
  Best regards,
  Frank Shen

• Removing External Trust Type Domain

  We are in process of planning our 2003 to 2012R2 AD upgrade, yea I know, and we have a legacy External Domain that I wish to collapse. 
  The domain is setup with an external trust non-transitive. 
  It also shows another domain that we no longer have in the Trusts tab showing Realm for trust type and Yes for transitive.
  My question is when we DCPromo the last DC in the external domain are the trust settings removed automatically or do I need to ‘remove’ them on both sides of the trust prior to DCPromo process? Or does removing one side remove the other side settings?
  Any concerns about the user account being used.  In each case I have an account in both domains that is a Domain Admin with the same name but different passwords. 
  Should I sync these PW’s up for this process?
  Also, I'm correct in the though that collapsing the external trust domain should not have any affect on my primary domain that is still in place or are there other points that I should be aware of in this process?

  Hi,
  Yes, i would agree with others, you could remove the External Trust.
  How to Remove Existing Active Directory Trust Relationships
  Open the Active Directory Domains And Trusts console.
  In the console tree, right-click a domain that is specified in the trust relationship to be removed and select Properties from the shortcut menu.
  Click the Trusts tab.
  Use the Domains Trusted By This Domain (Outgoing Trusts) box to select the trust to be removed.
  Click the Remove button alongside the box.
  In order to remove the trust from the local domain only, click the No, Remove The Trust From The Local Domain Only option, and click OK.
  In order to remove the trust from the local domain and the other domain, click the Yes, Remove The Trust From Both The Local Domain And The Other Domain option. Enter the appropriate user name and password combination in the User Name and Password boxes
  and click OK.
  Click Yes to verify the desire to remove the trust relationship.
  Use the Domains That Trust This Domain (Incoming Trusts) box to select the trust to be removed.
  Choose the appropriate option in the Active Directory dialog box and click OK.
  Click Yes to verify the desire to remove the trust relationship.
  Please feel free to let us know if you need further assistance.
  Regards.
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Moving SP2013 and SQL2008R2 to new domain - no trusts between domain

  Hello,
  I'm looking to move a customized installation of SharePoint 2013 (Microsoft server 2012 std VM) and it's db (SQL 2008 r2 VM) from one domain to another domain. There will be no trust between the domains and assume that no users or service accounts will be
  migrated. Has anyone performed a similar operation? If so, can you provide guidance as to the best way to tackle this situation. Currently we plan on exporting the SP2013 VM from the old domain, importing (re-creating) that VM in the new domain and importing
  the DB to an existing SQL server in the new domain. My concern is being able to log in to Central Admin afterwards because the domain accounts are no longer valid. Should we change all accounts to local admins first, detach the db and change those accounts
  as well? Or would a totally different approach make more sense? Any help would be appreciated..
  Thanks in advance, 
  Alex

  You need to build a new SharePoint farm, changing SharePoint server's domain membership isn't supported.
  What you'll do is build a new farm, create the Web Application(s), etc. and then restore SQL database backups from the old farm into the new farm.
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Cisco ISE and forest trusts vs domain trusts

  Hi All,
  Is there any issues with forest trusts with Cisco ISE ?
  I have a customer that had external trusts and ISE was working ok for PEAP MSChapv2 user auth across domains.
  They recently removed external trusts and changed to forest trusts.  Now auth doesn't work.  Initial error was authc ok, authz fail.
  I can search and get lists of AD groups ok for the remote domain. 
  Using the attribute tab, I can't get attributes for users in remote domain.  I'm thinking since I can't see the memberof attribute, none of my authz pollicies will work.
  I have done "leave" and "join" domain again.
  In my lab, I have forest trusts and it actually works ok.  A previous poster talked about kerberos issues across forest trusts ?
  Cheers
  Peter. 

  http://www.cisco.com/en/US/docs/security/ise/1.1.1/user_guide/ise_ug.pdf
  Kindly find the steps on the page no.170

• Remote windows 7 computer has lost trust with domain

  I have a remote windows 7 box on a domain that has lost its domain trust.   I would like to just unjoin/rejoin the machine to reset the trust but i cant log onto it with a domain account (even one that previously was logged onto the machine)
  and there is not a local account on the box.  The local admin account is disabled and the domain admin account errors with the same trust failure message as all other accounts.  Is there any way to access this machine short of wiping it and rebuilding? 

  When Secure channel is broken, you have to disjoint & rejoin the machine to domain.Since you can't log-in to domain using any domain account & you don't have local account password with you its difficult now.
  You can disconnect the cable of LAN & try to login with the previous successful domain login id, but if cache has been refreshed then it will not allow you to login.
  You can use tricks to crack the password else you have to rebuild the machine.
  http://www.online-tech-tips.com/windows-7/forgot-lost-administrator-password-windows-7/
  You can give a try to Artiste1 solution, if it works else rebuild is the option.
  Regards
  Awinish Vishwakarma| MY Blog
  Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.

• How to control published domain URL

  iWeb needs a site name (I understand that), but it uploads to the domain name WITH the site name given in iWeb. For example, the domain is www.mysite.com, and that is the domain name I tell it to ftp to, BUT the new files are uploaded to a folder called newsite (the name I gave iWeb to call the site when I started to build it... the root folder, if you will. Sooooo... what happens is that when the files are uploaded, the new url is www.mysite/newsite/filename.html
  I don't want whatever name I give the "site" in iWeb to be included in the upload domain. Eventhough the settings reflect just a plain http://www.mysite.com/ as the root folder, the files are dumped in a a folder created by iWeb and the name of which is determined by the "site name" I give it in iWeb. How can I have the files/pages I create in iWeb land in the root folder and NOT add the directory called "newsite" (in this example)?

  You need to use an ftp program to get the files that you published to a folder to your server/host. To do this download Cyberduck which is a dedicated ftp client and as was said before, upload just the contents of the site folder - this is the one with the same name as your iWeb site.
  This will then give you the url http://www.domain.com/pagename.

• Unable to create Trust between domains

  Scenario. I am trying to build 2 way trust between two Windows forests abc.com & xyz.com
  Highest OS in both domain is Win 2008 R2
  FFL and DFL in both is Win2003
  I added forwarders in DNS in both - It is resolving
  I disabled Antivirus
  I stopped Windows firewall in all the DCs of the domains and no n/w level port restrictions is there
  I am able to ping to all DCs from each of the DCs in both domains.
  Doing above all I am unable to create trust - in the trust wizard it is not identifying Domain names.
  Another thing is I have a Primary zone exists in name of each of the domain name. ie In abc.com I have another Primary zone created in xyz.com, Likewise in XYZ.com I have ABC.com primary zone . Will this be an issue?, If not guidelines please...

  Hi,   
  >>In ABC.com I have a Primary zone created as xyz.com, Likewise in XYZ.com I have ABC.com primary zone .
  How
  did
  you create these Primary zones?  Is there a ABC.com zone in ABC.com?
  >>I am unable to put Conditional forwarders because I have a Primary zone exists in name
  of each of the domain name
  If
  there is
  a
  DNS zone of another domain
  then we cannot create a conditional forwarder for the other domain.
  Besides,I
  suggest you check the SRV Records. You can try to restart the netlogon services
  to re-register SRV records.More
  specifically, in the command
  prompt, type
  net stop netlogon to stop netlogon services, then type net start netlogon to start netlogon services.
  Best Regards,
  Erin

• ACS Mapping Group @ Trust-Tree (Domain Trust)

  Dears,
  Could ACS mapping group @ AD Domain trust??
  I install abc.com / qqq.com and trust other!
  My ACS install in abc.com domain, but I cannot get qqq.com user information?
  ^ ^
  消息编辑者为：mr.marslin

  The Database Group Mapping feature in the External User Databases section enables you to associate unknown users with a CiscoSecure ACS group for assigning authorization profiles. For external user databases from which CiscoSecure ACS can derive group information, you can associate the group memberships defined for the users in the external user database to specific CiscoSecure ACS groups
  http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a0080205a4f.html#wp712817