ARR2.5 anonymous authentication problem in Lync connectivity

Similar Messages

• Problems with Anonymous authentication !!

  Hi All,
  I hope this is the right forum to ask my problem. And also, I would like to say that I dont have any idea in Java.
  Our problem is
  1. We are using Java SSL as server and OpenSSL as client.
  2. For server authentication, the connection is successful.
  3. But for Anonymous authentication, the connection fails in read server hello.
  I am not sure why this connection is failing. I have referred to client log file but did not get any information to solve the problem.
  I dont know how to check log information in the server side if it provides.
  Our settings are like this in server.xml for server side :
  <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
  maxThreads="150" scheme="https" secure="false"
  clientAuth="false" sslProtocol="TLS" />
  Please let me know whether above settings are OK for Anonymous authentication or not.
  If above settings are OK, please let me know how can I debug into the problem.
  Server is being run with TomCat.
  As I am not familiar with Java, May be I did not provide enough details.
  You may think that if I am not familiar, why I am posting ? :) I am supporting some other project team for SSL. So, we have faced this problem. I am familiar with SSL but not Java.
  Please let me know if you need any further details.
  Thank you very much !
  Regards
  Satish.

  3. But for Anonymous authenticationAnonymous authentication is a contradiction in terms. What you are doing is anonymous SSL, i.e. with no authentication.
  the connection fails in read server hello. Fails how? With what exception? stack trace? message? What happens if you run the server with -Djavax.net.debug=ssl,handshake?
  Please let me know whether above settings are OK for Anonymous authentication or not.They are not. You would have to enable one or more of the anonymous cipher suites. They are disabled by default.
  Next question, why are you doing anonymous SSL? Are you aware that it isn't secure?

• There is a problem with this connection's security certificate The remote computer cannot be authenticated due to problems with its security certificate. Security certificate problems might indicate an attempt to fool you or intercept any data you send

  Hi,
  I have this Windows 2008 R2 on which I installed remoteapp some years ago.
  Now the certificate expired and I get the message
  "There is a problem with this connection's security certificate
  The remote computer cannot be authenticated due to problems with its security certificate.
  Security certificate problems might indicate an attempt to fool you or intercept any data you send to the remote computer."
  How should I renew the certificate? I already went to certification store and tried to renew certificate with same key but then it says "the request contains nor certificate template information".
  Please advise.
  J.
  J.
  Jan Hoedt

  Does the computer account have Enroll permission to the certificate template?
  From the Server running your CA, run mmc, click File then Add/Remove Snap-in...
  Add Certificate Templates and click OK.
  Find the certificate template, then right click and select properties.  On my CA its call ed RemoteDesktopComputers but might be called something different depending on what what template your certificate is based on.
  On the security tab, click Oblect types, check Computers then OK. Enter the Computername and click OK.  Then give your computer account Enroll permisssion.
  HTH,
  JB

• New Galaxy 5s.  Trying to connect to a guest wireless that routes browser to a login screen.  The wireless will not connect (gives authentication error), so will not pull up browser window.  My previous Android did not have this problem (it would connect

  New Galaxy 5s.  Trying to connect to a guest wireless that routes browser to a login screen.  The wireless will not connect (gives authentication error), so will not pull up browser window.  My previous Android did not have this problem (it would connect and immediately reroute to the login screeen).

  Would you please try manually set the DNS address on client NIC to the IP of your server, then try run the connector again?

• Phone won't connect to wifi saying authentication problem

  My phone after being connected to sky wifi from sept 2013, has all of a sudden started hardly connecting, and always says 'authentication problem'. I have my iPad connected to the wifi too, but this has also been connecting fine since sept 2013.The connection to my phone drops a lot, and then when it is connected it is very, very slow. It doesn't drop at all on my iPad.  Please can someone help me. And put it in layman terms please, thank you. EM

  Two things to try. Change the wifi channel on the Sky router/Hub itself, instruction on a post at the top of this forum. And try forgetting the network on the iPhone; Settings->WiFi, and select the network ticked. Select Forget This Network and confirm it. Then reconnect to the Sky router/Hub by selecting the wifi network and entering the password again on the iPhone. Try the latter first, then change the wifi channel on the Sky Hub/router after this step. If you don't have an iPhone, then use the steps appropriate for that phone to basically do the same as above, for forgetting and reconnecting the phone to the wifi network.

• Tablet will not connect to router it is saying authentication problem

  Tablets saying authentication problem after password is put in,and i dissconected my  phone now that wont connect

  Hi whittydaz,
  Thanks for posting onto the Forum,
  It's not good to see that you are having trouble connecting to the Sky Router with your wireless devices. Can you please tell me if you are able to connect to a device wired at all? What lights are appearing on your Sky router at the moment?
  Have you reset your Sky Router by pressing and holding the button on the back of the router for longer than 30 seconds?
  Please let me know the answer to these questions and hopefully we can get to the bottom of this
  Cheers,

• Authentication problem - solved, but maybe a bug in Mac OS X?

  Hi,
  I've a rather small installation with only a handful of users configured on a Mac mini (Mac OS X Server, 10.6.8). All of them use the mail, calendar and addressbook server on the Mac, nothing more. They use it with Mac, iPhone and iPad. Everything worked fine for months but suddenly all of them were faced authentication problems: it was not possible to login on the imap server, the calendar server, the addressbook server. It was possible to login using the admin account on the server directly. Moreover, all users disappeared from the workgroup manager, however they still were available on the servers LDAP server and findable using ldapsearch.
  First, I used to completely restart the server to solve the problem, but it reappeared after only few hours again.
  Second, after understanding more about the authentication process, I found the "killall DirectoryService" was sufficient to solve the problem, but it still reappeared after few hours.
  Then I found the, once the problem occured, there was nearly no more communication to the local LDAP server on port 389 on localhost. When everything was working fine, the was a lot of such communication, including queries for usernames, when a login attempt was made. I started a "tcpdump -n -i lo0 port 389" and waited for the problem again. After the problem occured, I found in the pcap files that there were a few final query attempts, actually attempts the open a port 389 TCP connection to the slapd running on localhost, which were answered with a TCP RST. Then, no more attempts were made until l restarted the DirectoryService. Using the logfile of the slapd I found that this happened exactly at the time the slapd was stopped and restarted. And - surprisingly for me - stopping and restarting the slapd happened exactly once an hour.
  I then found that it happened exactly at the time the time machine backup process was started and indeed it was possible to trigger the event of restarting the slapd by manually starting a time machine backup.
  (Indeed, I switched my backup strategy from SuperDuper to time machine the other day and maybe that was the time the problem occured for the first time. I know that time machine is not considered as the best backup strategy for a server but I wanted to try on my own.)
  Google helped my to find a hint that time machine will actually stop and restart slapd - which is a generally a good idea, since otherwise a backup from some open database files would be made, which could work but may fail. So, I thing, someone of the developers thought about that problem too and has considered time machine for backups of a server.
  However, a not running slapd can not answer queries from a DirectoryService and a stopping or starting process might indeed end up with TCP SYNs answered with TCP RST.
  My solution was to disable time machine again and from that time the problem does not occur again.
  I'm wondering why the DirectoryService process isn't starting to query the slapd again after a failed connection. Isn't this a bug? After this experience I consider time machine as not only the not preferred backup solution for a server but as completely incompatible with Mac OS X server - although, as I said, it seems that someone thought about backing up the LDAP database using time machine.
  (On a Lion server this problem does not occur, the slapd will not be stopped and restarted when time machine is running. Moreover, I saw a com.apple.slapd.start notification in the slapd.log ... maybe this tells DirectoryService to try again.)
  Cheers,
  Wolfgang

  Another problem I found with the MacOS X key bindings: the 6 key doesn't work!
  In the config that ships with SQL Developer, I found this:
  <Item class="oracle.javatools.util.Pair">
  <first class="java.lang.String">DOCUMENT_6_CMD_ID</first>
  <second class="oracle.ide.keyboard.KeyStrokes">
  <data>
  <Item class="javax.swing.KeyStroke">6</Item>
  </data>
  </second>
  </Item>
  which should be:
  <Item class="oracle.javatools.util.Pair">
  <first class="java.lang.String">DOCUMENT_6_CMD_ID</first>
  <second class="oracle.ide.keyboard.KeyStrokes">
  <data>
  <Item class="javax.swing.KeyStroke">meta 6</Item>
  </data>
  </second>
  </Item>

• Wifi Authentication Problem in Lenovo K900

  Hi,
  I am able to connect to wifi at home network. And when I try it at office it is showing Authentication problem and "Not in Range". The password and everything is correct. All my colleagues are able to connect with the same password. I searched online for the solution and there are many other lenovo tab and phone users facing the same problem and I am unable to find the solution. Can anyone resolve this issue and give appropriate answer for this.

  This is the first time I'm hearing this issue, I'm also an K900 user but this never happmed to me or my other friends.
  Are you sure that's the right password, maybe its case sensitive, because this bug is not present in K900.
  Facebook Profile I'm a carefree type of guy but always there to help, so if you have anything to ask don't hesitate.

• WLC 5508 WPA Authentication Problems

  Hello,
  We have a WLC 5508 with 7.4.100.0 Firmware.
  We are using 1141 and 1142 APs and we are having authentication problems with clients that are connecting to our WLAN with WPA+AES autentication. The clients receive in her laptop a password error, and we receive the following log in wlc:
  Client Excluded: MACAddress:f8:f1:eb:dd:ff:cd Base Radio MAC :08:ad:dd:76:4d:30 Slot: 0 User Name: unknown Ip Address: unknown Reason:802.1x Authentication failed 3 times. ReasonCode: 4
  The strange thing is that the problem is solved restarting the Access-points.
  Anyone had this problem previusly?
  Thanks in advance.

  I made the configuration using the Cisco Recommended settings, the strange thing its that the users connect normally, until they starts with authentication problems. I restart the access points and the problem its solved.
  Cisco Recommended  and not recommended Authentication Settings
  Security encryption settings need to be identical for WPA and WPA2 for TKIP and AES as shown in this image:
  These images provide examples of incompatible settings for TKIP and AES:
  Note: Be aware that security settings permit unsupported features.
  These images provide examples of compatible settings:

• 802.1x Authentication problems

  I configured dot1x port authentication on the switched network using an cisco ACS SE and on the computers (windows XP/SP2) PEAP and EAP-MSCHAPV2, everything works ok while the user have got already loaded his credentials on the PC, but if somebody tries to log in on the pc as a new user the authentication process fails, so i have to force the authentication process to gain access to network after that i reverse the authentication proccess to auto and the user log off and then the authentication process works again.
  what am i missing??
  Please some help...

  What we are seeing here is the known behavior of dot1x authentication. To bypass this issue we would need to set up machine authentication along with user auth. Here is the 802.1x Process that explains the behavior that we were experiencing with the cached credentials,
  When machine authentication is enabled, the authentications occur in this order:
  When starting a computer,
  * Machine authentication-ACS authenticates the computer prior to user authentication. ACS checks the credentials that the computer provides against the Windows user database. If you use Active Directory and the matching computer account in Active Directory has the same credentials, the computer gains access to Windows domain services.
  * User domain authentication-If machine authentication succeeded, the windows domain authenticates the user. If machine authentication failed, the computer does not have access to Windows domain services and the user credentials are authenticated by using cached credentials that the local operating system retains. When a user is authenticated by cached credentials instead of the domain, the computer does not enforce domain policies, such as running login scripts that the domain dictates.
  * You can also have only user authentication without machine authentication. It only gives problem in case of first time user that is not yet registered once on the AD. So with machine authentication you have network connection to AD, and therefore first time user have no problem. In addition without machine authentication (no access to AD during user login) you need to make sure to have user credential cashing on the workstation. In machine authentication AD and machine will generate its own password (you don't know it) and username = machinename, for the dot1x authentication. So after boot up
  the machine will do dot1x with this machine credetial. As soon you type CTRL-ALT-DEL user login will start.
  Regards,
  ~JG
  Do rate helpful posts

• WiFi Authentication problem

  I have an iMac, and iPad, a Blackberry (forgive me) and Airport for my WiFi all of my pieces are working fine with my WiFi.  I had guests over the other day and we could not allow my guests iPads or iPhone to sign onto my network.  I bought my dad a generic tablet to use for solving cross words, etc., and I cannot sign into my own network.  No opportunity exists to put in a password because it just reads "Authentication Problem".
  No opportunity exists, therefore, to enter the password.  Signal strength is excellent, Securty is WPA2 PSK, I touch connect and it says Saved Secured with WPA2 and then goes back to "Authentication Problem."
  I've unplugged (and plugged back in) both the Airport / router and Internet Service provider's modem. I've rebooted my iMac and the new generic pad 3 times each. 
  I had 2 networks one for me and one for guests, can't get into either, identical problem. I can see all of the neighbour's networks and they're all locked and say secured with (various WPA/WPA2, etc., just mine says Authentication Problem.  I plugged the tablet into my iMac and it's functioning well.
  I now deleted the guest network and can't open a new network. 
  I've triple checked my passwords, hand written and in the Key Chain.
  I've checked my Apple ID (I'm able to get into this forum).
  Both my iPad (purchased May 2013) and BlackBerry (received free July 2013) signed in without any problems.
  I cannot see why I can't get into my network ~ any ideas?

  Hello,
  Hmmm..."problem"...pretty hard to understand. Can you provide more details? What exactly do you try? What exactly happens at each step of what you try? What is the exact and complete content of any error messages presented?
  Please remember that we can't see you nor your device. We have only your words to help us understand your situation, and such understanding is the natural prerequisite to providing you with any useful guidance.
  Thanks and let us know.
  Occam's Razor nearly always applies when troubleshooting technology issues!
  If anyone has been helpful to you, please show your appreciation by clicking the button inside of their post. Please click here and read, along with the threads to which it links, for helpful information to guide you as you proceed. I always recommend that you treat your BlackBerry like any other computing device, including using a regular backup schedule...click here for an article with instructions.
  Join our BBM Channels
  BSCF General Channel
  PIN: C0001B7B4   Display/Scan Bar Code
  Knowledge Base Updates
  PIN: C0005A9AA   Display/Scan Bar Code

• Email authentication problem on only some of Verizon's servers

  I use Eudora 6.2.4 on an iMac Core 2 Duo 2.0 20" (Al) Macintosh running OX 10.5.5.  Like many others (see one thread each under FiOS Internet and High Speed Internet and Dialup), since about mid-November, I have been receiving intermittent (about 10% of the time) authentication errors when Eudora checks for new mail.  I have 3 VZ e-mail accounts and one at my employer; the errors occur only on the VZ accounts.
  I've used the freeware app Eavesdrop (http://code.google.com/p/eavesdrop/) to observe the TCP conversations between Eudora and the server. The VZ server offers SASL CRAM-MD5 PLAIN, and Eudora uses CRAM-MD5.  I see the challenge from the server, Eudora's response, and the server's authentication-failure response.  Since the response is hashed, I have no way of telling if Eudora is sending the correct response, but it works most of the time.  (After it fails, Eudora then assumes its stored password is NG, discards it, and prompts me for it on the next mail-check, which is just a bit annoying.)
  Here is an example of a successful mail-check:
  +OK Messaging Multiplexor (Sun Java(tm) System Messaging Server 6.2-6.01 (built Apr  3 2006)) <[email protected]>
  CAPA
  +OK list follows
  TOP
  PIPELINING
  UIDL
  RESP-CODES
  AUTH-RESP-CODE
  USER
  SASL PLAIN CRAM-MD5
  IMPLEMENTATION MMP-6.2p6.01 Apr  3 2006
  auth CRAM-MD5
  + PDQ5MzU1ZWY3LmRlZWZlMEB2bXMxMDkubWFpbHNydmNzLm5ldD4=
  amp3b2xmOSA3MDA0MmE5YWQwYzEzOWRkYjE5NDk0OWZjYjY1NzBmMg==
  +OK Maildrop ready
  STAT
  +OK 0 0
  QUIT
  And here's a failure:
  +OK Messaging Multiplexor (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008)) <[email protected]>
  CAPA
  +OK list follows
  TOP
  PIPELINING
  UIDL
  RESP-CODES
  AUTH-RESP-CODE
  USER
  SASL CRAM-MD5 PLAIN
  IMPLEMENTATION MMP-6.3p7.04 Sep 26 2008
  auth CRAM-MD5
  + PGZjMDAxY2M0ZjZlNDAyNjM3ZTI1MTVmMGU1MWEyYzVjQHZtczE3MTAxMy5tYWlsc3J2Y3MubmV0Pg==
  amp3b2xmOSA1NWNmNzJhYzRhZDdlMmE1ZGExZmIwZDVkMzA3NTc5OQ==
  -ERR [AUTH] Authentication failed
  You'll notice that the VZ server identifies itself at the onset of each conversation, including a build ID and date, followed by a timestamp and a server ID (e.g., vms109.mailsrvcs.net).  I'm in eastern Massachusetts, and when my client connects to incoming.verizon.net, one of a pool of V servers responds.  I've observed about 15 different servers, of which two (vms171011 and vms171013) show "6.3-7.04 (built Sep 26 2008)" and all the others show "6.2-6.01 (built Apr  3 2006)".  Furthermore, I observe that vms171011 and vms171013 consistently give this authentication failure for CRAM-MD5, but all the others (with the older build) consistently succeed in authenticating my accounts.
  I called FiOS Support, and the CSR took down took down some relevant info, said she'd pass it on the the e-mail folks.  Within 2 hours I got a call from a Verizon tech.  He said they "knew" about it and that it was a Mac problem.  It wasn't specific to VZ, and it occurred only on Macs.   He had no explanation for my observation that mail-check authentication works with 13 of VZ's servers and consistently fails with two which have a later build version/date, but he believed it was consistent with it being an Apple problem.  So naturally he was off the hook.
  He referred me to an Apple Support Forum discussion to back up his position.  I hadn't seen (or thought of looking in) the Apple forums, so I had a look and found a total of 5 threads under "Mail and Address Book".  Of course, these deal with Mail.app, .  Comcast as well as VZ.  This is the lengthiest of them:
    http://discussions.apple.com/message.jspa?messageID=8478765#8478765 
  These Apple discussion threads and the two Verizon Forum threads all mention Macintoshes, which lends credence to the tech's assertion that it's a Mac problem, not Verizon's.  I've found one that seems to depict the same thing on a PC (http://groups.google.com/group/comp.mail.eudora.ms-windows/browse_thread/thread/b426c0ca59841ca9), but it's not conclusive. 
  I don't know what PeeCee users use for a mail client or what method they use for authentication (the POP3 protocol, as amended,has several possibilities).  My Eudora app has settings for "Password", "Kerberos", and "APOP", but VZ doesn't offer Kerberos, and Eudora seems to ignore the APOP setting, so it uses only the CRAM-MD5 method, so I'm stuck.  I can't disprove that this is a Mac-only problem, but I can't understand why the CRAM-MD5 authentication always works with 13 of VZ's servers and always fails with 2 others (which happen to have a different build version/date).
  Solved!
  Go to Solution.

  With the help of a Windows-using friend, I have additional evidence that the mail-check authentication problem is NOT Mac-specific, but also can be shown to occur with a POP3 client (the final version, Eudora 7.1.0.9) using a secure authentication method (APOP) on Windows (XP Home, SP 3).  He had been observing no authentication problems, but investigation showed that his authentication setting was for "Password", which uses the basic (and very insecure) USER/PASS messages.  His Eudora does not allow CRAM-MD5, but it does have APOP authentication, which is another secure method that also uses the MD5 algorithm to encrypt the password.
  When he changed the setting to use APOP authentication, he observed the same behavior that I've reported above:
     - with most of the VZ servers (e.g., vms095.mailsrvcs.net, vms104.mailsrvcs.net) that show "6.2-6.01 (built Apr  3 2006)", the authentication succeeds
     - with vms171011.mailsrvcs.net and vms171013.mailsrvcs.net, which show "6.3-7.04 (built Sep 26 2008)", the authentication fails.
  See examples below.
  Here's a successful mail-check (these excerpts are from the Eudora log; I've edited his username):
  3244    64:13.20 Rcvd: "+OK Messaging Multiplexor (Sun Java(tm) System Messaging Server 6.2-6.01 (built Apr  3 2006)) <[email protected]> [ISafe POP3 Proxy] \r\n"
  3244    32:13.20 Sent: "CAPA\r\n"
  3244    64:13.20 Rcvd: "+OK list follows\r\n"
  3244    64:13.20 Rcvd: "TOP\r\n"
  3244    64:13.20 Rcvd: "PIPELINING\r\n"
  3244    64:13.20 Rcvd: "UIDL\r\n"
  3244    64:13.20 Rcvd: "RESP-CODES\r\n"
  3244    64:13.20 Rcvd: "AUTH-RESP-CODE\r\n"
  3244    64:13.20 Rcvd: "USER\r\n"
  3244    64:13.20 Rcvd: "SASL PLAIN CRAM-MD5\r\n"
  3244    64:13.20 Rcvd: "IMPLEMENTATION MMP-6.2p6.01 Apr  3 2006\r\n"
  3244    64:13.20 Rcvd: ".\r\n"
  3244    32:13.20 Sent: "APOP XXXXX 8a45b60f3f4a52a472937e86edbfda70\r\n"
  3244    64:13.21 Rcvd: "+OK Maildrop ready\r\n"
  3244    32:13.21 Sent: "STAT\r\n"
  3244    64:13.21 Rcvd: "+OK 0 0\r\n"
  3244    32:13.21 Sent: "QUIT\r\n"
  3244    64:13.21 Rcvd: "+OK\r\n"
  And here's one that fails; note the different server build-date:
  460     64:13.23 Rcvd: "+OK Messaging Multiplexor (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008)) <[email protected]> [ISafe POP3 Proxy] \r\n"
  460     32:13.23 Sent: "CAPA\r\n"
  460     64:13.23 Rcvd: "+OK list follows\r\n"
  460     64:13.23 Rcvd: "TOP\r\n"
  460     64:13.23 Rcvd: "PIPELINING\r\n"
  460     64:13.23 Rcvd: "UIDL\r\n"
  460     64:13.23 Rcvd: "RESP-CODES\r\n"
  460     64:13.23 Rcvd: "AUTH-RESP-CODE\r\n"
  460     64:13.23 Rcvd: "USER\r\n"
  460     64:13.23 Rcvd: "SASL CRAM-MD5 PLAIN\r\n"
  460     64:13.23 Rcvd: "IMPLEMENTATION MMP-6.3p7.04 Sep 26 2008\r\n"
  460     64:13.23 Rcvd: ".\r\n"
  460     32:13.23 Sent: "APOP XXXXX ab2dde7d89cbbf0bf9cd409dce02e5a8\r\n"
  460     64:13.27 Rcvd: "-ERR [AUTH] Authentication failed\r\n"
  IMHO all this evidence validates my original hypothesis, that two (or more) of VZ's mail servers, which have server builds "6.3-7.04 (built Sep 26 2008)", advertise secure CRAM-MD5 and APOP authentication capabilities, but consistently fail such authentication attempts.  All the other servers with builds "6.2-6.01 (built Apr  3 2006)" handle these authentications correctly.  This has been shown to be the case on both Mac and Windows POP3 email clients.  Email clients that use the simpler and unsecure USER/PASS and AUTH PLAIN methods apparently see no authentication errors on any of the VZ servers.  This strongly points to this being a Verizon problem specific to two of the servers that we see here in eastern Massachusetts.  Others have also observed the same server-specificity; see for example http://eudorabb.qualcomm.com/showthread.php?t=13802 .  This problem has been reported since about mid-November.
  Verizon, the ball is in your court.  Find the problem and fix it!

• ITunes using anonymous authentication through proxy

  Hi All,
  We have a bit of an issue here at work, we are trying to update our iPads to the latest version of IOS and they get as far as verifying the update with the apple servers and then we get a 3004 error.
  Looking into this further, it seems that what is happening is that iTunes is using anonymous authentication with our proxy server (Microsoft ISA) as looking at the logs from ISA reveals it denies the connection due to anonymous authentication being used.
  Is there a way that I can make iTunes use my windows credentials when authenticating or are there any other ways around this?

  Fixed by not using a proxy. If you have a proxy, then you can't update your iPod through iTunes - and, because that is the only way you can do it now, you are stuck!

• Screensharing authentication problem and weird solution

  OK, I've been having the Screensharing authentication problem that crops up regularly on this forum.  Accidentally I found a very weird solution.  I want to know what's going on and to let others know of the solution.
  Let's say my laptop account is called 'london' and I want to connect it to my tower account called 'paris' on the LAN.  I browsed the network for the tower, click 'connect as' and in the dialog box I put in "Name: paris" and "Password: xxx".  I click 'connect' and I am connected as the registered user 'paris' and I can browse all of the disks.  File sharing is thus working normally.
  Now I click the 'share screen...' button and I get another dialog box into which I once more type "Name: paris" and "Password: xxx".  This yields an authentication failure message, which many users will be familiar with.
  By accident instead of typing the name and password for the account on the distant machine, I typed into the dialog box the name and password of the local machine:  ie. "Name: london" and "Password: yyy".  Much to my amazement the screensharing works.  What is going on?

  No, the username on london is london and on the machine paris it is paris.  However, the passwords are different.
  Just to be clear, I first connect to the remote machine's file sharing using the remote machine's username and password (ie. in the normal fashion).  I then connect screensharing but give the local machine's username and password in the dialog box.
  Before I made this discovery I had created a couple of fresh accounts on the remote machine. One was glitched, while the other functioned properly (ie. screensharing required the remote machine's username and password).  The bizarre fix worked for my original account.  I have not tested it on the new accounts for fear of screwing things up again.

• Lync Connectivity Analyzer Certificate Error

  The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server lyncedgesvr.redfoxtechnologies.net on port 443.
  The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
  Elapsed Time: 456 ms.
  I got the following certificate error when trying to test remote connection from lync connectivity analyzer, But we have purchase a comodo PositiveSSL Multi-domain what do I need to do Please help I have contact the SSL provider but they don't even know
  the problem.
  Than Public Certificate is bind only on Lync Edge Server and there is not Public Certificate on Lync Federation Server.
  The Lync Edge server is not using a NAT it is directly connected to the internet or the public ip address mounted on LAN.
  I have used only one Public IP address.

  Hi Everyone,
  I am not using reversed proxy I only just used the following below:
  Pfsense: Public IP
  Lync Fe : Single internal IP
  Lync Edge : External Public IP no NAT
  Lync Edge : Internal IP
  Based on the Lync Validator below it says that I should create a NAT of Lync Fe Server to the External ip 103.17.21.198 Then issues a public Certificate to Internal of Lync Fe. Just because I don't have a External for Lync Fe. And I only have one LAN. correct
  me if this validator is wrong.
  For the Certificate CAN I USE THE "Comodo PositiveSSL Multi-Domain"?
  Internal DNS:
  Internal DNS Records                                
  Type
  FQDN
  IP
  Service
  Protocol
  Domain
  Host
  PRI
  Weight
  Port
  SRV
  _sipinternaltls
  _tcp
  redfoxtechnologies.net
  sip.redfoxtechnologies.net
  0
  0
  5061
  Automatic Login
  A
  dialin.redfoxtechnologies.net
  10.10.10.11
  Simple URL Dialin
  A
  lyncadmin.redfoxtechnologies.net
  10.10.10.11
  Simple URL Admin
  A
  lyncdiscoverinternal.redfoxtechnologies.net
  10.10.10.11
  Internal Lync client discovery.
  A
  lyncedgesvr.redfoxtechnologies.net
  172.0.0.113
  Edge Pool Name
  A
  lyncedgesvr.redfoxtechnologies.net
  172.0.0.113
  Edge Server #1
  A
  lyncfesvr.redfoxtechnologies.net
  103.17.21.198
  External Web Services
  A
  lyncfesvr.redfoxtechnologies.net
  10.10.1.1
  Front-End Server #1
  A
  lyncfesvr.redfoxtechnologies.net
  10.10.10.11
  Internal Web Services
  A
  lyncpool.redfoxtechnologies.net
  10.10.1.1
  Front-End Server #1
  A
  meet.redfoxtechnologies.net
  10.10.10.11
  Simple URL Meet
  A
  sip.redfoxtechnologies.net
  10.10.1.1
  Front-End Server #1
  External DNS:
  External DNS Records                                
  Type
  FQDN
  IP
  Service
  Protocol
  Domain
  Host
  PRI
  Weight
  Port
  SRV
  _sip
  _tls
  redfoxtechnologies.net
  lyncedgesvr.redfoxtechnologies.net
  0
  0
  443
  Automatic Login
  SRV
  _sipfederationtls
  _tcp
  redfoxtechnologies.net
  lyncedgesvr.redfoxtechnologies.net
  0
  0
  5061
  Lync Federation Discovery
  A
  dialin.redfoxtechnologies.net
  103.17.21.198
  Simple URL Dialin
  A
  lyncdiscover.redfoxtechnologies.net
  103.17.21.198
  Lync client discovery.
  A
  lyncedgesvr.redfoxtechnologies.net
  103.17.21.196
  Access Edge #1
  A
  lyncedgesvr.redfoxtechnologies.net
  0.0.0.0
  Web Conferencing #1
  A
  lyncedgesvr.redfoxtechnologies.net
  0.0.0.0
  AV #1
  A
  lyncfesvr.redfoxtechnologies.net
  103.17.21.198
  External Web Services
  A
  meet.redfoxtechnologies.net
  103.17.21.198
  Simple URL Meet
  Internal Certificates                                
  Type
  Server
  SN
  SAN
  EKU
  Internal
  Front-End
  lyncpool.redfoxtechnologies.net
  lyncpool.redfoxtechnologies.net
  lyncfesvr.redfoxtechnologies.net
  meet.redfoxtechnologies.net
  dialin.redfoxtechnologies.net
  lyncadmin.redfoxtechnologies.net
  lyncdiscoverinternal.redfoxtechnologies.net
  lyncdiscover.redfoxtechnologies.net
  sip.redfoxtechnologies.net
  lyncfesvr.redfoxtechnologies.net
  lyncfesvr.redfoxtechnologies.net
  Server
  SAN/UCC Certificate for Front-End Pool
  Internal
  OAuth
  redfoxtechnologies.net
  Server
  OAuth
  Internal
  Edge Server
  lyncedgesvr.redfoxtechnologies.net
  Server
  Certificate for Internal Edge
  External Certificates                                
  Type
  Server
  SN
  SAN
  EKU
  Public
  Lync Edge
  lyncedgesvr.redfoxtechnologies.net
  lyncedgesvr.redfoxtechnologies.net
  lyncedgesvr.redfoxtechnologies.net
  Server Client
  SAN/UCC Certificate for Edge Server
  Public
  Reverse Proxy
  lyncfesvr.redfoxtechnologies.net
  meet.redfoxtechnologies.net
  dialin.redfoxtechnologies.net
  lyncdiscover.redfoxtechnologies.net
  lyncfesvr.redfoxtechnologies.net
  Server
  SAN/UCC Certificate for Reverse Proxy