ADFS setup for external access

Similar Messages

• SAN certificate for external access for edge server and reverse proxy

  Hello
  I have a question related to the certificate planning for LYNC 2013 EDGE SERVER .
  For external access and mobile user's , Iwant to enable all the feature for external user's .
  im planning to purchase san certificate ,
  my first question do I need only one SAN for both my edge server and the reverse proxy ?
  my second question about the name's that shoud be added to the certificate ?
  sip.mydomain.com
  av.mydomain.com
  webconf.mydomain.com
  what else I should add ? I want to add the names for all feature access.
  Kind Regards
  MK

  Your Front End Pool should only contain front end servers, does it also contain your edge and back end? If so, this is a misconfiguration.
  If you're planning to implement high availability, you'll want a different internal web services FQDN name than your pool name (unless you load balance the entire pool with a hardware load balancer).
  You'll want your external web services FQDN to be different from your pool name if you want to use the mobile client on the internal network.  Once you've come up with a new and otherwise unused FQDN for this purpose, you'll want that as additional
  SAN on your cert.
  Since you're not using this for the internal certificate, you can also pull admin.mydomain.com and LYNC2013-FE.mydomain.com off of the cert as those are needed internally only. 
  Lyncdiscoverinternal you can leave on if you need your internal mobile clients to not throw certificate errors because they don't trust your internal certificate authority, but this name would then need to be pointed to a reverse proxy or something that
  can present the third party certificate.
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
  SWC Unified Communications
  This forum post is based upon my personal experience and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Restrict OWA for external access by ADFS 3.0 after business hours

  Hello Everyone all right?
  I'm trying to block access to OWA for external users except for a group of AD users that will be allowed
  I used the article https://technet.microsoft.com/en-us/library/hh526961%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396 in scenario 4, but instead of allowing the User groups it locks and the other groups are allowed.
  I have in hybrid environment office 365 with Exchange 2007 + Exchange 2103 and installed ADFS 3.0 in the organization of my customer.
  Can anyone help?
  Regards,
  Leonardo Fogaça de Almeida

  another part
  I have Office 365 too.
  Regards,
  Leonardo Almeida

• Configure security realm for external Access Manager in App server 8.1

  Hi All,
  I would like to protect my j2ee application using access manager running on an external host.
  I would like to configure the security realm in Sun app Server 8.1 for the external Access Manager
  external host & port of AM is:
  http://svrd234d.dnn.com.au:58765
  Please verify if these are the correct settings for the agentRealm configuration on Sun App server 8.1.
  classname="com.sun.amagent.as.realm.AgentRealm"
  property name="jaas-context" value="agentRealm"
  property name="base-dn" value="ou=People,dc=dnn,dc=com,dc=au"
  property name="hostURL " value="http://svrd234d.dnn.com.au:58765"

  Did you download AS8.1 agent under http://www.sun.com/download/products.xml?id=4266924d?
  If you can unjar am_as81_agent_2_1.jar after installing the J2EE agent, you will find AgentRealm.class under com.sun.amagent.as.realm.
  Please also note that page 161 of J2EE agent guide shows how to disable AgentRealm to better fit your agent policy mode. Check it out http://docs-pdf.sun.com/816-6884-10/816-6884-10.pdf
  Jerry

• Port forwarding for external access to VNC server on multiple machines

  I will have 10 PCs connected to the WRT54GL wireless AP. I am testing with 1. It has a static addresses 10.155.22.51. It is running a VNC server at port 5951.
  If I  set my VNC client up to access 10.155.22.51:5951 it works through the WRT54GL wireless AP.
  I set the WRT54GL port forwarding to 5951 - 5951, set the IP address to 10.155.22.51 and enable. The external address of the AP is 10.155.0.29 on the company LAN.
   So I set the VNC client to access the AP address with the VNC port, i.e. 10.155.0.29:5951. I expect the AP to change the address to 10.155.22.51:5951. This does not work.
  Note: the problem could be that the AP is going through NATting because I can also access it at 10.155.22.9 along with all the other PCs on that LAN, i.e. I can access the LAN directly from elsewhere on the company net.

  You can try changing the IP of the AP manually ... connect it to the Computer  ..... access the setup page using http://192.168.1.245  .... use password as admin ....
  Configure the IP settings first ...
  Again login with new IP address .... configure wireless settings .....
  Power down the AP & then the router ....
  Wait for few minutes .... then power on the router ...first then the AP ...

• Best setup for external drives and backup

  I'm using Aperture to organize several thousand photos. I've gotten good advice her before about how to get started on this. I'm not a professional and I'm not an experienced user of Aperture, so don't assume a lot of knowledge when you answer. I'm wondering what the best way to set up the file storage would be. I use a MacBook Pro, so obviously that's out for storage, and financially, purchasing a more powerful desktop is out for the time being. I was thinking of purchasing a mirror drive system, like this: http://www.newertech.com/products/gmax.php
  But then, there still remains the problem of backing up the photos in case of a fire or theft, etc. I have many of them on DVD, but not with all the metadata that I've added. Can I back the external drives up to a cloud-based storage system through the wireless on the MacBook?
  Or, is the answer none of the above? What recommendations do you folks have for managing this?

  more:
  Paula-
  Mirror drives are very much less than ideal for images backup. Mirroring occurs in real-time, so errors, breaks, etc. simply get copied. With images work (unlike fanancial work, for instance) we do not need real-time backup we just need regular accurate backup. Just have 2-3 external drives and rotate them regularly, always having one drive off-site (could be in your car or whatever). Back up manually rather than automatically so that you can be reasonably certain that the backup is not backing up something that just broke.
  I suggest the below workflow. Note that most important is that original images from the camera card are copied to two locations before reformatting the card and before importing into Aperture or any other images management application.
  Original images never change, so I prefer to manually copy them to two locations asap after capture: one location is the computer drive and the other is an external backup HD that itself gets backed up off site regularly. That assures me that "the pic is in the can." Until two digital files exist on different media I do not consider the pic in the can.
  Then reformat the card in-camera, not before.
  The Masters then get imported into Aperture from the Mac internal drive by reference (i.e. "Storing Files: in their current location" on the Mac internal drive). After editing is complete (may take weeks or months), from within Aperture I relocate the referenced Masters to an external hard drive for long-term storage.
  I do use Time Machine routinely on the MBP, but for the daily-volatile activities going of the MBP. I prefer not to have TM be my backup-of-originals protocol. Instead TM backs up the Mac internal drive on the TM schedule and I back up original images asap based on my shooting schedule. Also the TM drive is a different drive than the drives used for long-term original image files archiving.
  TM does back up my Library because the Library lives on the Mac internal drive but I do not assume that TM works for Library backup. I back the Library up to Vaults (on the same drives I put archives of Masters on) independent of TM. IMO one should back up image files and back up Vaults manually after verifying that what is being backed up is not broken, because automatic backup will just back up a broken Library or whatever.
  Note that Masters need only be backed up once (but to multiple backup locations) and that backup should happen immediately after copying to the hard drive from the camera card, before involving Aperture or any other images management app.
  Sorry for the redundant verbosity above but some was copied from previous posts. Also, I reinforce what Léonie said about DVDs. DVDs are way too slow, unreliable, etc. Instead rotate multiple hard drives to achieve redundancy.
  HTH
  -Allen

• Best setup for external hard drive and iMac?

  Just purchased a Seagate FreeAgent GoFlex 1TB external HD for my Mac OSX 10.5.8. Would like to use it to backup all my pics/writing (I am a writer/photog), videos, and music - about 400 gigs worth at present. As an analog person, I am confused as to how best I should format the drive:
  option 1 being to use drive with Time Machine (just now heard of it),
  option 2 to use drive for storage and backup (what's the diff) using Memeo software,
  option 3 to use for storage by reformatting with Disc Utilities.
  This, no doubt, is easy language for most of you, but Japanese to me, a Nuyorican.
  Again, I mainly would like to have backups for what's on my iMac, in case that dreaded day comes and it goes kaput. What would be the best option for me to simply transfer everything, unplug it and put it in a safe place? And if and when I do that, could I, two years, months, weeks later, plug it back in and add what pics or whatever I've accrued to it and replace it in that safe place once again? Looking for what is most practical for the safe keeping of my precious files.
  Hope my old tactile-inclined *** is making sense.
  Appreciate any and all assistance here. Thanks in advance.

  I have to agree with JG, I'd strongly recommend using Time Machine as your primary backup. BTW there is a forum specifically for TM that has a FAQ section and if you need it (most never do) a troubleshooting section. You can find that forum at:
  http://discussions.apple.com/forum.jspa?forumID=1227
  Many people like myself believe in redundant backups, in other words 2 is better than one. If you decide to go that route you will need a second external HD and then use software like SuperDuper or Carbon Copy Cloner. What these applications do is create bootable clones, so if your iMac's internal HD dies you have a bootable clone that you can use to run your machine until the internal HD is replaced. Dual backups are also good if one backup's HD dies.
  Below are links to 3 articles I found in MacWorld magazine, what they are is backup strategies of 3 individuals to give you some ideas so you can figure out what is best for your needs.
  Operating any computer without a backup plan is a recipe for disaster. Many people put their digital life on their computer (photographs, music, movies etc..) without a backup and then cry and moan when their computer dies. These days there is no reason one shouldn't be backing up their computer.
  http://www.macworld.com/article/157414/2011/02/mybackupplanlex.html
  http://www.macworld.com/article/156643/2011/01/howi_back_up_frakes.html?lsrc=top1
  http://www.macworld.com/article/141363/2009/07/backup.html
  Roger

• Setup for external call in to BPEL from the Internet

  We are already using BPEL internally, there is a possibility that we'll need an external party to call our BPEL process. Does anyone have recommendations on how to appropriately secure calls coming in to BPEL from over the Internet ? We have a DMZ which currently is really just used to host an ftp service.
  Products, recommendations for configuration, use of reverse proxy - your comments welcome.

  All you need is a Web Server installed in the DMZ to proxy the external calls to the internal network where the BPEl is installed.
  have a look at the following doc it should give you examples of this topology.
  http://download.oracle.com/docs/cd/E10291_01/core.1013/e10294/toc.htm
  cheers
  James

• Help with ios LDAP setup for VPN access

  I am trying to move Microsoft LDAP for my vpn setup to an ISR router with 15.1 code . It has support but very little doccumentation. Anyone configured this before? i need some help or  basic  config.

  Ldap authentication started from 7.1 if I recall correctly along with LDAP mapping which helps you validate whether the user has the dial in attribute on or of. I would say starting from 7.1 till the latest 8.X version.
  Version 6.X does not have this feature.

• Setting Up Time Capsule for External Access

  Hello all,
  I am trying to set up my Time Capsule to be accessed without local Wi-Fi. I can use Back to My Mac to access the Time Capsule from my iMac, but not from my iPhone as Back to My Mac isn't intergrated into iOS. I use File Browser on my iPhone to access my TC from LAN, and it seems likely the TC can also be accessed through 4G using File Browser, too.
  My first question is, can the Time Capsule be accessed through the internet (by port forwarding or something)?
  Second question if the first is possible, how do I do so? (step by step instructions please)
  I have the latest model of Time Capsule and AirPort Utility.
  Thanks!
       - Noah

  Filebrowser can be used to remotely access the TC.
  There are instructions in the filebrowser website.. have you tried those?
  http://www.stratospherix.com/support/gsw_timecapsule.php?page=6remote
  The one area where I think you might have issues is global domain name.. as that has been problematic.
  You really need a static public IP from your ISP for this to be successful.
  See Tesserax doco on remote access especially the global domain instructions.
  https://discussions.apple.com/docs/DOC-3413
  There is a hugely better method BTW..
  Buy a vpn router and substitute that for the Time Capsule.. which can then be bridged behind the router.
  VPN client is built into iOS and every mainline OS available. It is robust and has far superior security.
  Note carefully the method you are going to use with iphone is opening your TC to attack. They have hidden the SMB port, but in reality.. any hacker will one day do a port scan on you and find it open.. no matter what port it is translated to.. at that point your password will be the only thing stopping access to outsider.. and they can often get around that.. or mount Man in the Middle type attack, since passwords in SMB are not secure.
  Not that I think a hacker is going to waste their time doing it.. but it is just so you know.. it is fundamentally wrong. 

• How to create a networkdrive for external access?

  i am using an iMac with a time capsule. There is an internet access availbale. the iMac and time capsule are connected via WLAN.
  now I would like to create a network drive which can be accessed from the internet either by my laptop or iPad and iPhone.
  what do i have to do to create this access?
  Please peovide some inside.
  Thank you

  i am using an iMac with a time capsule. There is an internet access availbale. the iMac and time capsule are connected via WLAN.
  now I would like to create a network drive which can be accessed from the internet either by my laptop or iPad and iPhone.
  what do i have to do to create this access?
  Please peovide some inside.
  Thank you

• Trying to open port 8080 in WRT400N for external access

  Hi,
  I have tried everyhting I can find and I still can't get it open.
  I verified no port 8080 is in use with the "netstat -a" trick
  I got a router checker that verifies I have only one router.
  I got a free app that tells me the port is not open.
  I turned Comodo off .
  Once I start up Calibre I see this in 'netstat;
        Protocol     main address      Foreign Address
          TCP          0.0.0.0:8080              MAIN-PC:0               Listening
  *IF* MY 'public IP" is 98.93.123.456 -
  *IF* I had my stuff fixed would outsiders use 98.93.123.456:8080 to get to the server?
  I set Single Port Forwarding to 8080  8080 Both 192.168.1.106 (Enabled)
  I set Port Range Forwarding to the very same
  I set Port Range Trigger ing to 8080 to 8080,  8080 to 8080
  I can't figure out anything else to do?
  Any help would be appreciated
  Thanks

  @NO_SCREENNAME@ wrote:
  The closest thing to the wording I saw was "Filter Anonymous Internet Requests" and I unchecked it.
  I changed the port to 8081 everywhere I had it 8080 before
  If there is a number I should use let me know (I am noob in this stuff.)
  So nothing has changed.
  I can bring up the logon if I am on the same computer as Calibre and that's as far as it goes.
  Should I have my computers IP in the places I listed or the routers IP?
  OK I just tried that and the router told me "No"...grasping at straws I guess.
  We are making headway ...any more things to check?
  Thanks guys
  If you forward the port, and the online port scanner shows that the port is closed still odds are that the application on the PC that you are trying to forward to is not running, also it could still be a firewall running on the PC.
  1. Confirm the Router is getting a public IP address, if it is getting a private the device in front will need to be forwarded. (Your router is getting public IP)
  2. Confirm the Router has the correct ports forwarded; also be sure to know if it is TCP or UDP.
  3. Confirm the Application is running on the PC
  4. Make sure no firewalls running.
   After that you should be good just does the test in DOS (For example: public IP address followed by a single space and then the port number). The command would connect you to a web server running on port 8080. You will not see anything in the DOS window; usually what will happen if you connect is the screen will just go entirely black (if it’s successful). If the port is closed it will tell you that it cannot create a connection.

• Switchport setup for lwapp access point running several ssid's

  Hi all
  when setting up an lwapp acces point, do I need to trunk all the vlans on the port to the ap? or do I only need to enable the management vlan to the acces point ? ie 1 vlan and normal access port ?
  cheers
  Carl

  If its a LWAPP AP, then the switchport should be a ACCESS PORT.. this is just to get the IP address to the AP, then the AP wil try to join the WLC.. once the AP joins, the SSID and rest flow through the LWAPP tunnel..
  Regards
  Surendra

• Source system set up for internal / external access

  Hi all.
  We have an EP 6.0 (NW04 SP16) system delivering BW data from a back-end BW 3.1/3.2 system.  We are using BW Report iViews to deliver all reports to external and internal users.  I am having a very specific problem when setting up the source system for the BW system.
  The BW Report iView object uses the WAS hostname parameter(found under: System Administration -> System Configuration -> Systems -> BWSourceSystem -> Open ->Object -> "Web Application Server (WAS)") when retrieving the back-end BW report. 
  When this parameter is set using an internal host id (internal_host.company.com) internal users can access the report in question, but external users can't.  Alternatively, when this parameter is set using an external host id (ie. the host of our DMZ proxy server) external users can access the report, but internal users can't.
  I need to find a way to use one hostname for this parameter that will work for both internal and external users.  I have worked with the HTTPURLLOC table and this solution works great for URL iViews, but not for BW Report iViews.  Does anyone have any suggestions?  Thanks!

  Hi Shashi.
  We did find a solution using web dispatcher.  We actually installed two instances of web dispatcher... one in our DMZ for external access and another one our corporate LAN.  The web dispatchers are configured identically and the EP instance knows only one hostname:
  name.company.com
  The port passed to the URL https://name.company.com:port is what tells web dispatcher what to do with the request (ie. pass the request to EP, BW, ECC, R/3, etc.).
  Be aware that EP allows for only one hostname for Source System Setup - my name.company.com in my example above -(this is the EP Web Application Server hostname (WAS) parameter found under System Admin - System Config - Systems) - so you may need to do something like we did:
  register name.company.com on the internet as a public address and use that DNS mapping for external users (using your DMZ version of webdispatcher).  Subsequently, use internal DNS or host name mapping to register an internal private addresss for name.company.com (using your LAN version of web dispatcher).  this will allow both internal / external users access to the portal and other SAP back-end systems.
  It may sound a bit kludgy, but believe me - we tried everything to make this work.  I took this all of the way to SAP and this was the recommendation SAP made for allowing both internal and external users access to portal and BW data.
  Hope this helps!

• Configure a sharepoint 2013 site for external and internal access

  I need to configure a local install of sharepoint 2013 so that users can access it internally and externally using windows/AD authentication. The internal and external addresses are different.
  I have bound an external ip to the domain for external access.
  I have created Alternate Access mapping, and bound the host header but I get a file not found message for external access.
  Have I missed something here? why the error and how can it be fixed. Step by step process would be appreciated.

  Hi Luis,
  According to your description, my understanding is that the error occurred when accessing the site externally.
  The most common cause for this is that the IIS host header is configured incorrectly. The 404 will appear because we are hitting a different IIS web site and not the one we are intended to.
  Here is a similar issue for you to take a look:
  http://stackoverflow.com/questions/14953322/sharepoint-2013-404-not-found-while-accessing-site-collection-from-outside
  More references:
  http://technet.microsoft.com/en-us/library/cc261814(v=office.15).aspx
  http://technet.microsoft.com/en-us/library/cc263208(v=office.15).aspx
  Best regards.
  Thanks
  Victoria Xia
  TechNet Community Support