ARR2.5 anonymous authentication problem in Lync connectivity
Hello all,
I'm stuck in the middle of deploying ARR to support mobility,
I would just like to say that Lync discovery test used to work before i deployed
ARR 2.5 ,
I followed all the steps in all the guides,
for some reason when i run connectivity online check tool (from Microsoft)
i get the following error:
Testing HTTP authentication methods for URL https://lyncdiscover.DOMAIN.com/Autodiscover/AutodiscoverService.svc/root/user.
HTTP authentication test failed.
Tell me more about this issue and how to resolve it
Additional Details
Initial anonymous HTTP(s) request didn't fail, but Anonymous isn't a supported Authentication Method for this scenario.
HTTP Response Headers:
Pragma: no-cache
X-MS-Server-Fqdn: clvlync01.lan.coolvision.biz
X-Content-Type-Options: nosniff
Content-Length: 225
Cache-Control: no-cache
Content-Type: application/json
Expires: -1
Server: Microsoft-IIS/8.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET,ARR/2.5
Date: Thu, 06 Mar 2014 08:47:41 GMT
Elapsed Time: 699 ms.
when i explore the url i get the xml file:
<resource xmlns="http://schemas.microsoft.com/rtc/2012/03/ucwa" rel="user" href="https://lync01.lan.DOMAIN.biz/Autodiscover/AutodiscoverService.svc/root/user">
<link rel="xframe" href="https://lync01.lan.DOMAIN.biz/Autodiscover/AutodiscoverService.svc/root/user/xframe"/>
</resource>
ARR LOG:
connectivity:
2014-03-06 09:54:52 lyncfeIP GET / X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=1d849d36-c51b-4426-ae17-3d73a8e521d5 443 - 10.192.255.33 Mozilla/5.0+(Windows+NT+6.3;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/33.0.1750.146+Safari/537.36
- 200 0 0 78
user browse:
2014-03-06 09:59:47 lyncfeIP GET /abs/handler/C-12ca-12cc.lsabs X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=460bbf67-83ec-4558-99b0-279ee55fe7a3 443 - 2.55.5.51 OC/4.0.7577.4419+(Microsoft+Lync+2010) - 404 0 0 0
In most places people ask to disable delegation... but i don't see an option in
the ARR .... i've tried to disable feature delegation (on the iis server) and it didn't helped.
is there any chance it's have anything to do with my lync kerberos account ?
please advise me what to do i'm lost.
thanks in advance
Check the process to deploy IIS ARR as reverse proxy step by step, you can refer to the following blog:
http://blogs.technet.com/b/nexthop/archive/2013/02/19/using-iis-arr-as-a-reverse-proxy-for-lync-server-2013.aspx
Lisa Zheng
TechNet Community Support
Similar Messages
-
Problems with Anonymous authentication !!
Hi All,
I hope this is the right forum to ask my problem. And also, I would like to say that I dont have any idea in Java.
Our problem is
1. We are using Java SSL as server and OpenSSL as client.
2. For server authentication, the connection is successful.
3. But for Anonymous authentication, the connection fails in read server hello.
I am not sure why this connection is failing. I have referred to client log file but did not get any information to solve the problem.
I dont know how to check log information in the server side if it provides.
Our settings are like this in server.xml for server side :
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="false"
clientAuth="false" sslProtocol="TLS" />
Please let me know whether above settings are OK for Anonymous authentication or not.
If above settings are OK, please let me know how can I debug into the problem.
Server is being run with TomCat.
As I am not familiar with Java, May be I did not provide enough details.
You may think that if I am not familiar, why I am posting ? :) I am supporting some other project team for SSL. So, we have faced this problem. I am familiar with SSL but not Java.
Please let me know if you need any further details.
Thank you very much !
Regards
Satish.3. But for Anonymous authenticationAnonymous authentication is a contradiction in terms. What you are doing is anonymous SSL, i.e. with no authentication.
the connection fails in read server hello. Fails how? With what exception? stack trace? message? What happens if you run the server with -Djavax.net.debug=ssl,handshake?
Please let me know whether above settings are OK for Anonymous authentication or not.They are not. You would have to enable one or more of the anonymous cipher suites. They are disabled by default.
Next question, why are you doing anonymous SSL? Are you aware that it isn't secure? -
Hi,
I have this Windows 2008 R2 on which I installed remoteapp some years ago.
Now the certificate expired and I get the message
"There is a problem with this connection's security certificate
The remote computer cannot be authenticated due to problems with its security certificate.
Security certificate problems might indicate an attempt to fool you or intercept any data you send to the remote computer."
How should I renew the certificate? I already went to certification store and tried to renew certificate with same key but then it says "the request contains nor certificate template information".
Please advise.
J.
J.
Jan HoedtDoes the computer account have Enroll permission to the certificate template?
From the Server running your CA, run mmc, click File then Add/Remove Snap-in...
Add Certificate Templates and click OK.
Find the certificate template, then right click and select properties. On my CA its call ed RemoteDesktopComputers but might be called something different depending on what what template your certificate is based on.
On the security tab, click Oblect types, check Computers then OK. Enter the Computername and click OK. Then give your computer account Enroll permisssion.
HTH,
JB -
New Galaxy 5s. Trying to connect to a guest wireless that routes browser to a login screen. The wireless will not connect (gives authentication error), so will not pull up browser window. My previous Android did not have this problem (it would connect and immediately reroute to the login screeen).
Would you please try manually set the DNS address on client NIC to the IP of your server, then try run the connector again?
-
Phone won't connect to wifi saying authentication problem
My phone after being connected to sky wifi from sept 2013, has all of a sudden started hardly connecting, and always says 'authentication problem'. I have my iPad connected to the wifi too, but this has also been connecting fine since sept 2013.The connection to my phone drops a lot, and then when it is connected it is very, very slow. It doesn't drop at all on my iPad. Please can someone help me. And put it in layman terms please, thank you. EM
Two things to try. Change the wifi channel on the Sky router/Hub itself, instruction on a post at the top of this forum. And try forgetting the network on the iPhone; Settings->WiFi, and select the network ticked. Select Forget This Network and confirm it. Then reconnect to the Sky router/Hub by selecting the wifi network and entering the password again on the iPhone. Try the latter first, then change the wifi channel on the Sky Hub/router after this step. If you don't have an iPhone, then use the steps appropriate for that phone to basically do the same as above, for forgetting and reconnecting the phone to the wifi network.
-
Tablet will not connect to router it is saying authentication problem
Tablets saying authentication problem after password is put in,and i dissconected my phone now that wont connect
Hi whittydaz,
Thanks for posting onto the Forum,
It's not good to see that you are having trouble connecting to the Sky Router with your wireless devices. Can you please tell me if you are able to connect to a device wired at all? What lights are appearing on your Sky router at the moment?
Have you reset your Sky Router by pressing and holding the button on the back of the router for longer than 30 seconds?
Please let me know the answer to these questions and hopefully we can get to the bottom of this
Cheers, -
Authentication problem - solved, but maybe a bug in Mac OS X?
Hi,
I've a rather small installation with only a handful of users configured on a Mac mini (Mac OS X Server, 10.6.8). All of them use the mail, calendar and addressbook server on the Mac, nothing more. They use it with Mac, iPhone and iPad. Everything worked fine for months but suddenly all of them were faced authentication problems: it was not possible to login on the imap server, the calendar server, the addressbook server. It was possible to login using the admin account on the server directly. Moreover, all users disappeared from the workgroup manager, however they still were available on the servers LDAP server and findable using ldapsearch.
First, I used to completely restart the server to solve the problem, but it reappeared after only few hours again.
Second, after understanding more about the authentication process, I found the "killall DirectoryService" was sufficient to solve the problem, but it still reappeared after few hours.
Then I found the, once the problem occured, there was nearly no more communication to the local LDAP server on port 389 on localhost. When everything was working fine, the was a lot of such communication, including queries for usernames, when a login attempt was made. I started a "tcpdump -n -i lo0 port 389" and waited for the problem again. After the problem occured, I found in the pcap files that there were a few final query attempts, actually attempts the open a port 389 TCP connection to the slapd running on localhost, which were answered with a TCP RST. Then, no more attempts were made until l restarted the DirectoryService. Using the logfile of the slapd I found that this happened exactly at the time the slapd was stopped and restarted. And - surprisingly for me - stopping and restarting the slapd happened exactly once an hour.
I then found that it happened exactly at the time the time machine backup process was started and indeed it was possible to trigger the event of restarting the slapd by manually starting a time machine backup.
(Indeed, I switched my backup strategy from SuperDuper to time machine the other day and maybe that was the time the problem occured for the first time. I know that time machine is not considered as the best backup strategy for a server but I wanted to try on my own.)
Google helped my to find a hint that time machine will actually stop and restart slapd - which is a generally a good idea, since otherwise a backup from some open database files would be made, which could work but may fail. So, I thing, someone of the developers thought about that problem too and has considered time machine for backups of a server.
However, a not running slapd can not answer queries from a DirectoryService and a stopping or starting process might indeed end up with TCP SYNs answered with TCP RST.
My solution was to disable time machine again and from that time the problem does not occur again.
I'm wondering why the DirectoryService process isn't starting to query the slapd again after a failed connection. Isn't this a bug? After this experience I consider time machine as not only the not preferred backup solution for a server but as completely incompatible with Mac OS X server - although, as I said, it seems that someone thought about backing up the LDAP database using time machine.
(On a Lion server this problem does not occur, the slapd will not be stopped and restarted when time machine is running. Moreover, I saw a com.apple.slapd.start notification in the slapd.log ... maybe this tells DirectoryService to try again.)
Cheers,
WolfgangAnother problem I found with the MacOS X key bindings: the 6 key doesn't work!
In the config that ships with SQL Developer, I found this:
<Item class="oracle.javatools.util.Pair">
<first class="java.lang.String">DOCUMENT_6_CMD_ID</first>
<second class="oracle.ide.keyboard.KeyStrokes">
<data>
<Item class="javax.swing.KeyStroke">6</Item>
</data>
</second>
</Item>
which should be:
<Item class="oracle.javatools.util.Pair">
<first class="java.lang.String">DOCUMENT_6_CMD_ID</first>
<second class="oracle.ide.keyboard.KeyStrokes">
<data>
<Item class="javax.swing.KeyStroke">meta 6</Item>
</data>
</second>
</Item> -
Wifi Authentication Problem in Lenovo K900
Hi,
I am able to connect to wifi at home network. And when I try it at office it is showing Authentication problem and "Not in Range". The password and everything is correct. All my colleagues are able to connect with the same password. I searched online for the solution and there are many other lenovo tab and phone users facing the same problem and I am unable to find the solution. Can anyone resolve this issue and give appropriate answer for this.This is the first time I'm hearing this issue, I'm also an K900 user but this never happmed to me or my other friends.
Are you sure that's the right password, maybe its case sensitive, because this bug is not present in K900.
Facebook Profile I'm a carefree type of guy but always there to help, so if you have anything to ask don't hesitate. -
WLC 5508 WPA Authentication Problems
Hello,
We have a WLC 5508 with 7.4.100.0 Firmware.
We are using 1141 and 1142 APs and we are having authentication problems with clients that are connecting to our WLAN with WPA+AES autentication. The clients receive in her laptop a password error, and we receive the following log in wlc:
Client Excluded: MACAddress:f8:f1:eb:dd:ff:cd Base Radio MAC :08:ad:dd:76:4d:30 Slot: 0 User Name: unknown Ip Address: unknown Reason:802.1x Authentication failed 3 times. ReasonCode: 4
The strange thing is that the problem is solved restarting the Access-points.
Anyone had this problem previusly?
Thanks in advance.I made the configuration using the Cisco Recommended settings, the strange thing its that the users connect normally, until they starts with authentication problems. I restart the access points and the problem its solved.
Cisco Recommended and not recommended Authentication Settings
Security encryption settings need to be identical for WPA and WPA2 for TKIP and AES as shown in this image:
These images provide examples of incompatible settings for TKIP and AES:
Note: Be aware that security settings permit unsupported features.
These images provide examples of compatible settings: -
802.1x Authentication problems
I configured dot1x port authentication on the switched network using an cisco ACS SE and on the computers (windows XP/SP2) PEAP and EAP-MSCHAPV2, everything works ok while the user have got already loaded his credentials on the PC, but if somebody tries to log in on the pc as a new user the authentication process fails, so i have to force the authentication process to gain access to network after that i reverse the authentication proccess to auto and the user log off and then the authentication process works again.
what am i missing??
Please some help...What we are seeing here is the known behavior of dot1x authentication. To bypass this issue we would need to set up machine authentication along with user auth. Here is the 802.1x Process that explains the behavior that we were experiencing with the cached credentials,
When machine authentication is enabled, the authentications occur in this order:
When starting a computer,
* Machine authentication-ACS authenticates the computer prior to user authentication. ACS checks the credentials that the computer provides against the Windows user database. If you use Active Directory and the matching computer account in Active Directory has the same credentials, the computer gains access to Windows domain services.
* User domain authentication-If machine authentication succeeded, the windows domain authenticates the user. If machine authentication failed, the computer does not have access to Windows domain services and the user credentials are authenticated by using cached credentials that the local operating system retains. When a user is authenticated by cached credentials instead of the domain, the computer does not enforce domain policies, such as running login scripts that the domain dictates.
* You can also have only user authentication without machine authentication. It only gives problem in case of first time user that is not yet registered once on the AD. So with machine authentication you have network connection to AD, and therefore first time user have no problem. In addition without machine authentication (no access to AD during user login) you need to make sure to have user credential cashing on the workstation. In machine authentication AD and machine will generate its own password (you don't know it) and username = machinename, for the dot1x authentication. So after boot up
the machine will do dot1x with this machine credetial. As soon you type CTRL-ALT-DEL user login will start.
Regards,
~JG
Do rate helpful posts -
I have an iMac, and iPad, a Blackberry (forgive me) and Airport for my WiFi all of my pieces are working fine with my WiFi. I had guests over the other day and we could not allow my guests iPads or iPhone to sign onto my network. I bought my dad a generic tablet to use for solving cross words, etc., and I cannot sign into my own network. No opportunity exists to put in a password because it just reads "Authentication Problem".
No opportunity exists, therefore, to enter the password. Signal strength is excellent, Securty is WPA2 PSK, I touch connect and it says Saved Secured with WPA2 and then goes back to "Authentication Problem."
I've unplugged (and plugged back in) both the Airport / router and Internet Service provider's modem. I've rebooted my iMac and the new generic pad 3 times each.
I had 2 networks one for me and one for guests, can't get into either, identical problem. I can see all of the neighbour's networks and they're all locked and say secured with (various WPA/WPA2, etc., just mine says Authentication Problem. I plugged the tablet into my iMac and it's functioning well.
I now deleted the guest network and can't open a new network.
I've triple checked my passwords, hand written and in the Key Chain.
I've checked my Apple ID (I'm able to get into this forum).
Both my iPad (purchased May 2013) and BlackBerry (received free July 2013) signed in without any problems.
I cannot see why I can't get into my network ~ any ideas?Hello,
Hmmm..."problem"...pretty hard to understand. Can you provide more details? What exactly do you try? What exactly happens at each step of what you try? What is the exact and complete content of any error messages presented?
Please remember that we can't see you nor your device. We have only your words to help us understand your situation, and such understanding is the natural prerequisite to providing you with any useful guidance.
Thanks and let us know.
Occam's Razor nearly always applies when troubleshooting technology issues!
If anyone has been helpful to you, please show your appreciation by clicking the button inside of their post. Please click here and read, along with the threads to which it links, for helpful information to guide you as you proceed. I always recommend that you treat your BlackBerry like any other computing device, including using a regular backup schedule...click here for an article with instructions.
Join our BBM Channels
BSCF General Channel
PIN: C0001B7B4 Display/Scan Bar Code
Knowledge Base Updates
PIN: C0005A9AA Display/Scan Bar Code -
Email authentication problem on only some of Verizon's servers
I use Eudora 6.2.4 on an iMac Core 2 Duo 2.0 20" (Al) Macintosh running OX 10.5.5. Like many others (see one thread each under FiOS Internet and High Speed Internet and Dialup), since about mid-November, I have been receiving intermittent (about 10% of the time) authentication errors when Eudora checks for new mail. I have 3 VZ e-mail accounts and one at my employer; the errors occur only on the VZ accounts.
I've used the freeware app Eavesdrop (http://code.google.com/p/eavesdrop/) to observe the TCP conversations between Eudora and the server. The VZ server offers SASL CRAM-MD5 PLAIN, and Eudora uses CRAM-MD5. I see the challenge from the server, Eudora's response, and the server's authentication-failure response. Since the response is hashed, I have no way of telling if Eudora is sending the correct response, but it works most of the time. (After it fails, Eudora then assumes its stored password is NG, discards it, and prompts me for it on the next mail-check, which is just a bit annoying.)
Here is an example of a successful mail-check:
+OK Messaging Multiplexor (Sun Java(tm) System Messaging Server 6.2-6.01 (built Apr 3 2006)) <[email protected]>
CAPA
+OK list follows
TOP
PIPELINING
UIDL
RESP-CODES
AUTH-RESP-CODE
USER
SASL PLAIN CRAM-MD5
IMPLEMENTATION MMP-6.2p6.01 Apr 3 2006
auth CRAM-MD5
+ PDQ5MzU1ZWY3LmRlZWZlMEB2bXMxMDkubWFpbHNydmNzLm5ldD4=
amp3b2xmOSA3MDA0MmE5YWQwYzEzOWRkYjE5NDk0OWZjYjY1NzBmMg==
+OK Maildrop ready
STAT
+OK 0 0
QUIT
And here's a failure:
+OK Messaging Multiplexor (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008)) <[email protected]>
CAPA
+OK list follows
TOP
PIPELINING
UIDL
RESP-CODES
AUTH-RESP-CODE
USER
SASL CRAM-MD5 PLAIN
IMPLEMENTATION MMP-6.3p7.04 Sep 26 2008
auth CRAM-MD5
+ PGZjMDAxY2M0ZjZlNDAyNjM3ZTI1MTVmMGU1MWEyYzVjQHZtczE3MTAxMy5tYWlsc3J2Y3MubmV0Pg==
amp3b2xmOSA1NWNmNzJhYzRhZDdlMmE1ZGExZmIwZDVkMzA3NTc5OQ==
-ERR [AUTH] Authentication failed
You'll notice that the VZ server identifies itself at the onset of each conversation, including a build ID and date, followed by a timestamp and a server ID (e.g., vms109.mailsrvcs.net). I'm in eastern Massachusetts, and when my client connects to incoming.verizon.net, one of a pool of V servers responds. I've observed about 15 different servers, of which two (vms171011 and vms171013) show "6.3-7.04 (built Sep 26 2008)" and all the others show "6.2-6.01 (built Apr 3 2006)". Furthermore, I observe that vms171011 and vms171013 consistently give this authentication failure for CRAM-MD5, but all the others (with the older build) consistently succeed in authenticating my accounts.
I called FiOS Support, and the CSR took down took down some relevant info, said she'd pass it on the the e-mail folks. Within 2 hours I got a call from a Verizon tech. He said they "knew" about it and that it was a Mac problem. It wasn't specific to VZ, and it occurred only on Macs. He had no explanation for my observation that mail-check authentication works with 13 of VZ's servers and consistently fails with two which have a later build version/date, but he believed it was consistent with it being an Apple problem. So naturally he was off the hook.
He referred me to an Apple Support Forum discussion to back up his position. I hadn't seen (or thought of looking in) the Apple forums, so I had a look and found a total of 5 threads under "Mail and Address Book". Of course, these deal with Mail.app, . Comcast as well as VZ. This is the lengthiest of them:
http://discussions.apple.com/message.jspa?messageID=8478765#8478765
These Apple discussion threads and the two Verizon Forum threads all mention Macintoshes, which lends credence to the tech's assertion that it's a Mac problem, not Verizon's. I've found one that seems to depict the same thing on a PC (http://groups.google.com/group/comp.mail.eudora.ms-windows/browse_thread/thread/b426c0ca59841ca9), but it's not conclusive.
I don't know what PeeCee users use for a mail client or what method they use for authentication (the POP3 protocol, as amended,has several possibilities). My Eudora app has settings for "Password", "Kerberos", and "APOP", but VZ doesn't offer Kerberos, and Eudora seems to ignore the APOP setting, so it uses only the CRAM-MD5 method, so I'm stuck. I can't disprove that this is a Mac-only problem, but I can't understand why the CRAM-MD5 authentication always works with 13 of VZ's servers and always fails with 2 others (which happen to have a different build version/date).
Solved!
Go to Solution.With the help of a Windows-using friend, I have additional evidence that the mail-check authentication problem is NOT Mac-specific, but also can be shown to occur with a POP3 client (the final version, Eudora 7.1.0.9) using a secure authentication method (APOP) on Windows (XP Home, SP 3). He had been observing no authentication problems, but investigation showed that his authentication setting was for "Password", which uses the basic (and very insecure) USER/PASS messages. His Eudora does not allow CRAM-MD5, but it does have APOP authentication, which is another secure method that also uses the MD5 algorithm to encrypt the password.
When he changed the setting to use APOP authentication, he observed the same behavior that I've reported above:
- with most of the VZ servers (e.g., vms095.mailsrvcs.net, vms104.mailsrvcs.net) that show "6.2-6.01 (built Apr 3 2006)", the authentication succeeds
- with vms171011.mailsrvcs.net and vms171013.mailsrvcs.net, which show "6.3-7.04 (built Sep 26 2008)", the authentication fails.
See examples below.
Here's a successful mail-check (these excerpts are from the Eudora log; I've edited his username):
3244 64:13.20 Rcvd: "+OK Messaging Multiplexor (Sun Java(tm) System Messaging Server 6.2-6.01 (built Apr 3 2006)) <[email protected]> [ISafe POP3 Proxy] \r\n"
3244 32:13.20 Sent: "CAPA\r\n"
3244 64:13.20 Rcvd: "+OK list follows\r\n"
3244 64:13.20 Rcvd: "TOP\r\n"
3244 64:13.20 Rcvd: "PIPELINING\r\n"
3244 64:13.20 Rcvd: "UIDL\r\n"
3244 64:13.20 Rcvd: "RESP-CODES\r\n"
3244 64:13.20 Rcvd: "AUTH-RESP-CODE\r\n"
3244 64:13.20 Rcvd: "USER\r\n"
3244 64:13.20 Rcvd: "SASL PLAIN CRAM-MD5\r\n"
3244 64:13.20 Rcvd: "IMPLEMENTATION MMP-6.2p6.01 Apr 3 2006\r\n"
3244 64:13.20 Rcvd: ".\r\n"
3244 32:13.20 Sent: "APOP XXXXX 8a45b60f3f4a52a472937e86edbfda70\r\n"
3244 64:13.21 Rcvd: "+OK Maildrop ready\r\n"
3244 32:13.21 Sent: "STAT\r\n"
3244 64:13.21 Rcvd: "+OK 0 0\r\n"
3244 32:13.21 Sent: "QUIT\r\n"
3244 64:13.21 Rcvd: "+OK\r\n"
And here's one that fails; note the different server build-date:
460 64:13.23 Rcvd: "+OK Messaging Multiplexor (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008)) <[email protected]> [ISafe POP3 Proxy] \r\n"
460 32:13.23 Sent: "CAPA\r\n"
460 64:13.23 Rcvd: "+OK list follows\r\n"
460 64:13.23 Rcvd: "TOP\r\n"
460 64:13.23 Rcvd: "PIPELINING\r\n"
460 64:13.23 Rcvd: "UIDL\r\n"
460 64:13.23 Rcvd: "RESP-CODES\r\n"
460 64:13.23 Rcvd: "AUTH-RESP-CODE\r\n"
460 64:13.23 Rcvd: "USER\r\n"
460 64:13.23 Rcvd: "SASL CRAM-MD5 PLAIN\r\n"
460 64:13.23 Rcvd: "IMPLEMENTATION MMP-6.3p7.04 Sep 26 2008\r\n"
460 64:13.23 Rcvd: ".\r\n"
460 32:13.23 Sent: "APOP XXXXX ab2dde7d89cbbf0bf9cd409dce02e5a8\r\n"
460 64:13.27 Rcvd: "-ERR [AUTH] Authentication failed\r\n"
IMHO all this evidence validates my original hypothesis, that two (or more) of VZ's mail servers, which have server builds "6.3-7.04 (built Sep 26 2008)", advertise secure CRAM-MD5 and APOP authentication capabilities, but consistently fail such authentication attempts. All the other servers with builds "6.2-6.01 (built Apr 3 2006)" handle these authentications correctly. This has been shown to be the case on both Mac and Windows POP3 email clients. Email clients that use the simpler and unsecure USER/PASS and AUTH PLAIN methods apparently see no authentication errors on any of the VZ servers. This strongly points to this being a Verizon problem specific to two of the servers that we see here in eastern Massachusetts. Others have also observed the same server-specificity; see for example http://eudorabb.qualcomm.com/showthread.php?t=13802 . This problem has been reported since about mid-November.
Verizon, the ball is in your court. Find the problem and fix it! -
ITunes using anonymous authentication through proxy
Hi All,
We have a bit of an issue here at work, we are trying to update our iPads to the latest version of IOS and they get as far as verifying the update with the apple servers and then we get a 3004 error.
Looking into this further, it seems that what is happening is that iTunes is using anonymous authentication with our proxy server (Microsoft ISA) as looking at the logs from ISA reveals it denies the connection due to anonymous authentication being used.
Is there a way that I can make iTunes use my windows credentials when authenticating or are there any other ways around this?Fixed by not using a proxy. If you have a proxy, then you can't update your iPod through iTunes - and, because that is the only way you can do it now, you are stuck!
-
Screensharing authentication problem and weird solution
OK, I've been having the Screensharing authentication problem that crops up regularly on this forum. Accidentally I found a very weird solution. I want to know what's going on and to let others know of the solution.
Let's say my laptop account is called 'london' and I want to connect it to my tower account called 'paris' on the LAN. I browsed the network for the tower, click 'connect as' and in the dialog box I put in "Name: paris" and "Password: xxx". I click 'connect' and I am connected as the registered user 'paris' and I can browse all of the disks. File sharing is thus working normally.
Now I click the 'share screen...' button and I get another dialog box into which I once more type "Name: paris" and "Password: xxx". This yields an authentication failure message, which many users will be familiar with.
By accident instead of typing the name and password for the account on the distant machine, I typed into the dialog box the name and password of the local machine: ie. "Name: london" and "Password: yyy". Much to my amazement the screensharing works. What is going on?No, the username on london is london and on the machine paris it is paris. However, the passwords are different.
Just to be clear, I first connect to the remote machine's file sharing using the remote machine's username and password (ie. in the normal fashion). I then connect screensharing but give the local machine's username and password in the dialog box.
Before I made this discovery I had created a couple of fresh accounts on the remote machine. One was glitched, while the other functioned properly (ie. screensharing required the remote machine's username and password). The bizarre fix worked for my original account. I have not tested it on the new accounts for fear of screwing things up again. -
Lync Connectivity Analyzer Certificate Error
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server lyncedgesvr.redfoxtechnologies.net on port 443.
The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
Elapsed Time: 456 ms.
I got the following certificate error when trying to test remote connection from lync connectivity analyzer, But we have purchase a comodo PositiveSSL Multi-domain what do I need to do Please help I have contact the SSL provider but they don't even know
the problem.
Than Public Certificate is bind only on Lync Edge Server and there is not Public Certificate on Lync Federation Server.
The Lync Edge server is not using a NAT it is directly connected to the internet or the public ip address mounted on LAN.
I have used only one Public IP address.Hi Everyone,
I am not using reversed proxy I only just used the following below:
Pfsense: Public IP
Lync Fe : Single internal IP
Lync Edge : External Public IP no NAT
Lync Edge : Internal IP
Based on the Lync Validator below it says that I should create a NAT of Lync Fe Server to the External ip 103.17.21.198 Then issues a public Certificate to Internal of Lync Fe. Just because I don't have a External for Lync Fe. And I only have one LAN. correct
me if this validator is wrong.
For the Certificate CAN I USE THE "Comodo PositiveSSL Multi-Domain"?
Internal DNS:
Internal DNS Records
Type
FQDN
IP
Service
Protocol
Domain
Host
PRI
Weight
Port
SRV
_sipinternaltls
_tcp
redfoxtechnologies.net
sip.redfoxtechnologies.net
0
0
5061
Automatic Login
A
dialin.redfoxtechnologies.net
10.10.10.11
Simple URL Dialin
A
lyncadmin.redfoxtechnologies.net
10.10.10.11
Simple URL Admin
A
lyncdiscoverinternal.redfoxtechnologies.net
10.10.10.11
Internal Lync client discovery.
A
lyncedgesvr.redfoxtechnologies.net
172.0.0.113
Edge Pool Name
A
lyncedgesvr.redfoxtechnologies.net
172.0.0.113
Edge Server #1
A
lyncfesvr.redfoxtechnologies.net
103.17.21.198
External Web Services
A
lyncfesvr.redfoxtechnologies.net
10.10.1.1
Front-End Server #1
A
lyncfesvr.redfoxtechnologies.net
10.10.10.11
Internal Web Services
A
lyncpool.redfoxtechnologies.net
10.10.1.1
Front-End Server #1
A
meet.redfoxtechnologies.net
10.10.10.11
Simple URL Meet
A
sip.redfoxtechnologies.net
10.10.1.1
Front-End Server #1
External DNS:
External DNS Records
Type
FQDN
IP
Service
Protocol
Domain
Host
PRI
Weight
Port
SRV
_sip
_tls
redfoxtechnologies.net
lyncedgesvr.redfoxtechnologies.net
0
0
443
Automatic Login
SRV
_sipfederationtls
_tcp
redfoxtechnologies.net
lyncedgesvr.redfoxtechnologies.net
0
0
5061
Lync Federation Discovery
A
dialin.redfoxtechnologies.net
103.17.21.198
Simple URL Dialin
A
lyncdiscover.redfoxtechnologies.net
103.17.21.198
Lync client discovery.
A
lyncedgesvr.redfoxtechnologies.net
103.17.21.196
Access Edge #1
A
lyncedgesvr.redfoxtechnologies.net
0.0.0.0
Web Conferencing #1
A
lyncedgesvr.redfoxtechnologies.net
0.0.0.0
AV #1
A
lyncfesvr.redfoxtechnologies.net
103.17.21.198
External Web Services
A
meet.redfoxtechnologies.net
103.17.21.198
Simple URL Meet
Internal Certificates
Type
Server
SN
SAN
EKU
Internal
Front-End
lyncpool.redfoxtechnologies.net
lyncpool.redfoxtechnologies.net
lyncfesvr.redfoxtechnologies.net
meet.redfoxtechnologies.net
dialin.redfoxtechnologies.net
lyncadmin.redfoxtechnologies.net
lyncdiscoverinternal.redfoxtechnologies.net
lyncdiscover.redfoxtechnologies.net
sip.redfoxtechnologies.net
lyncfesvr.redfoxtechnologies.net
lyncfesvr.redfoxtechnologies.net
Server
SAN/UCC Certificate for Front-End Pool
Internal
OAuth
redfoxtechnologies.net
Server
OAuth
Internal
Edge Server
lyncedgesvr.redfoxtechnologies.net
Server
Certificate for Internal Edge
External Certificates
Type
Server
SN
SAN
EKU
Public
Lync Edge
lyncedgesvr.redfoxtechnologies.net
lyncedgesvr.redfoxtechnologies.net
lyncedgesvr.redfoxtechnologies.net
Server Client
SAN/UCC Certificate for Edge Server
Public
Reverse Proxy
lyncfesvr.redfoxtechnologies.net
meet.redfoxtechnologies.net
dialin.redfoxtechnologies.net
lyncdiscover.redfoxtechnologies.net
lyncfesvr.redfoxtechnologies.net
Server
SAN/UCC Certificate for Reverse Proxy
Maybe you are looking for
-
Installing a second hard drive in a G10-133
Couple of questions for you... I'd like to install a second hard drive in my G10-133. Specifically I'm looking at a second 80gig drive (MK8026GAX). Does anyone have experience of installing a second drive like this? Secondly, I know where to buy the
-
All animation freezes after Log Out used
I've searched and searched and cannot locate another issue similar to this...wondering if someone could offer advice. After I took the iTunes 7, Front Row, and QuickTime updates recently, my dock animation, menu animations, etc freezes after using Lo
-
How to get the vmdetails in VirtualBox
Hi, I am using "VBoxManage metrics query <vmname>" command to collect the metrics of quest vm. But i need the difference between CPU/Load/User and Guest/CPU/Load/User. I want to know the cpu utilization of guest against allocation of cpu from host. P
-
SMTP Authentication fix?
I was looking for a way to let our mail server relay mail through our ISP. Everything I found said use the terminal and create a file with our username and password in etc/postfix/sasl_passwd Then in SA go to mail->settings->relay outgoing mail throu
-
Hello, I have some problems connecting my iPod touch to my WLAN at work. There are 3 different ssids on one access point. I can connect to each one of them and I get an ip address of the right network. But when I try to go online with the safari or a