Authentication method for JCo connection in XSS installation

Similar Messages

• Where can i find .properties file for jco connection?

  For jco connection to SAP, we need .properties file. Is this file already contained in Exchange Profile or somewhere??
  If yes, where can i find .properties file for jco connection or what is the path to this file?
  OR, do we have to create manually??
  Any help is appreciated.
  Thanks.
  Karma

  Hi Karma,
  Please take a look at these..
  Where to set up the JCO connection?
  http://help.sap.com/saphelp_nw04/helpdata/en/bc/42e13d82fcfb34e10000000a114084/frameset.htm
  http://help.sap.com/saphelp_webas620/helpdata/en/bc/42e13d82fcfb34e10000000a114084/content.htm
  cheers,
  Prashanth

• Change password for JCO connections

  Hi,
  In our landscape we have around 80-100 applications running and there are 300-400 JCO connections on an average. We have 4 servers like this. Earlier we used to have developers user id and password for JCO connections. Now we have decided to have a universal userid and password for all the JCo connections. My question is there any way by which we can change the passwords for all the JCO connections without going to each one of them individually as it is a hectic task.
  Thanks & Regards,
  Vijith

  Hi Vijith Kumar,
  Look at the following blog:
  /people/anilkumar.vippagunta2/blog/2007/02/06/dynamic-jco-creation
  I guess that if you can create JCO by code you can also edit it...
  Regards,
  Omri

• Java-Program for JCO-Connection

  Hallo experts!
  I tried to get a Java-Program running which should establish JCO-Connection to a SAP-System and got the following error message:
  java.lang.ExceptionInInitializerError: JCO.classInitialize(): Could not load middleware layer 'com.sap.mw.jco.rfc.MiddlewareRFC'
  JCO.nativeInit(): Could not initialize dynamic link library librfc. Found version "640.0.144" but required at least version "640.0.161".
       at com.sap.mw.jco.JCO.<clinit>(JCO.java:776)
       at JCOTEST.main(JCOTEST.java:24)
  Exception in thread "main"
  Anyone got an idea?
  Thanks for your help in advance.

  Thank you Jens,
  it worked fine with the newest JCo-Download.
  Now I seem to have some Network problem: ip not reached:
  com.sap.mw.jco.JCO$Exception: (102) RFC_ERROR_COMMUNICATION: Connect to SAP gateway failed
  Connect_PM  GWHOST=10.251.24.10, GWSERV=sapgw10, ASHOST=10.251.24.10, SYSNR=10
  LOCATION    CPIC (TCP/IP) on local host
  ERROR       partner not reached (host 10.251.24.10, service 3310)
  I need to talk to our network manager in the firm.
  Regards.
  Thomas

• Port for JCO connection

  Hi,
    I am accessing an R3 table using JCO connection. Can someone please let me know the port no. of the server which will be neccessary for doing this?
  Thanks

  Hi Jacob,
  try {
  con = cgservice.getConnection("ISOILESconnect", cp);
  ix = con.createInteractionEx();
  ixspec = ix.getInteractionSpec();
  ixspec.setPropertyValue("Name", "Z_MESSAGES");
  rf = ix.getRecordFactory();
  // CCI api only has one datatype: Record
  RecordFactory recordFactory = ix.getRecordFactory();
  MappedRecord importParams=recordFactory.createMappedRecord("CONTAINER_OF_IMPORT_PARAMS");
  MappedRecord exportParams = (MappedRecord) ix.execute(ixspec, importParams);
  output = (IRecordSet) exportParams.get("LI_MESSAGES");
  This is the piece of code im using, I have already created a system on both the servers and tested them successfuly. But for some reason it works on one but does not give an output when i run it on the other server.
  I get an error which tells me that no output is returned.
  Thanks.

• Best authentication method for controlling access to wlan

  What is the best method for controlling access to a wlan with a 5508 wlan controller
  The requirments are
  -Needs to support all types of clients (Mac, PC, smartphones, tablets)
  -Clients need to be able to connect easily and without errors or installing certs or wireless profiles etc..
  -Secure
  This doesn't seem like alot to ask but I keep running into problems.
  What are people using?
  Thanks

  I can't find an errors in any area of the event viewer.
  Here is these files cat'd together.
  GeoTrustGlobalCA
  GeoTrustDVSSLCA
  corp-vs-ca2.########-export
  -----BEGIN CERTIFICATE-----
  MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
  MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
  YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG
  EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg
  R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9
  9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq
  fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv
  iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU
  1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+
  bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW
  MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA
  ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l
  uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn
  Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS
  tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF
  PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un
  hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV
  5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==
  -----END CERTIFICATE-----
  -----BEGIN CERTIFICATE-----
  MIID+jCCAuKgAwIBAgIDAjbSMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
  MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
  YWwgQ0EwHhcNMTAwMjI2MjEzMjMxWhcNMjAwMjI1MjEzMjMxWjBhMQswCQYDVQQG
  EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UECxMURG9tYWluIFZh
  bGlkYXRlZCBTU0wxGzAZBgNVBAMTEkdlb1RydXN0IERWIFNTTCBDQTCCASIwDQYJ
  KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKa7jnrNpJxiV9RRMEJ7ixqy0ogGrTs8
  KRMMMbxp+Z9alNoGuqwkBJ7O1KrESGAA+DSuoZOv3gR+zfhcIlINVlPrqZTP+3RE
  60OUpJd6QFc1tqRi2tVI+Hrx7JC1Xzn+Y3JwyBKF0KUuhhNAbOtsTdJU/V8+Jh9m
  cajAuIWe9fV1j9qRTonjynh0MF8VCpmnyoM6djVI0NyLGiJOhaRO+kltK3C+jgwh
  w2LMpNGtFmuae8tk/426QsMmqhV4aJzs9mvIDFcN5TgH02pXA50gDkvEe4GwKhz1
  SupKmEn+Als9AxSQKH6a9HjQMYRX5Uw4ekIR4vUoUQNLIBW7Ihq28BUCAwEAAaOB
  2TCB1jAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFIz02ZMKR7wAoErOS3VuoLaw
  sn78MB8GA1UdIwQYMBaAFMB6mGiNifurBWQMEX2qfWW4ysxOMBIGA1UdEwEB/wQI
  MAYBAf8CAQAwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5j
  b20vY3Jscy9ndGdsb2JhbC5jcmwwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzAB
  hhhodHRwOi8vb2NzcC5nZW90cnVzdC5jb20wDQYJKoZIhvcNAQEFBQADggEBADOR
  NxHbQPnejLICiHevYyHBrbAN+qB4VqOC/btJXxRtyNxflNoRZnwekcW22G1PqvK/
  ISh+UqKSeAhhaSH+LeyCGIT0043FiruKzF3mo7bMbq1vsw5h7onOEzRPSVX1ObuZ
  lvD16lo8nBa9AlPwKg5BbuvvnvdwNs2AKnbIh+PrI7OWLOYdlF8cpOLNJDErBjgy
  YWE5XIlMSB1CyWee0r9Y9/k3MbBn3Y0mNhp4GgkZPJMHcCrhfCn13mZXCxJeFu1e
  vTezMGnGkqX2Gdgd+DYSuUuVlZzQzmwwpxb79k1ktl8qFJymyFWOIPllByTMOAVM
  IIi0tWeUz12OYjf+xLQ=
  -----END CERTIFICATE-----
  -----BEGIN CERTIFICATE-----
  MIIFaDCCBFCgAwIBAgIDBo5UMA0GCSqGSIb3DQEBBQUAMGExCzAJBgNVBAYTAlVT
  MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMR0wGwYDVQQLExREb21haW4gVmFsaWRh
  dGVkIFNTTDEbMBkGA1UEAxMSR2VvVHJ1c3QgRFYgU1NMIENBMB4XDTEzMDQyNTA4
  NTEzNVoXDTE1MDQxNTA0NDcyOVowgdQxKTAnBgNVBAUTIHNZbkoyTG0tb2dGZnZC
  aFlodWRqWVZIMndEek43MGdOMRMwEQYDVQQLEwpHVDU3NDYxMTU1MTEwLwYDVQQL
  EyhTZWUgd3d3Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvY3BzIChjKTEzMTcwNQYD
  VQQLEy5Eb21haW4gQ29udHJvbCBWYWxpZGF0ZWQgLSBRdWlja1NTTChSKSBQcmVt
  aXVtMSYwJAYDVQQDEx1jb3JwLXZzLWNhMi5wb3BtdWx0aW1lZGlhLmNvbTCCASIw
  DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM4jgpKBeo8rtM/zJIEyho3HppeU
  tZeK+wmLfPeBTJxr2UmQFOmcniQblgsHREAGyJR0KT5yrYzxx6wpZaqCUcZlxl1Z
  lUz5mfxHnL5Oc14sUnqwaJuxprXV5Rnclci6W6BMFjI4QoxXjQwSa+3A1enf+ZsO
  sXUojQbQx62MX8rINuQ+srgdDielK/mJqTAMt11x6+NqIpwlGAgOxKd7vjG6aKRf
  a2efvS/hK4Pi0ieWPGn1GXz/AlYpHQv0cppUr8huL/+2+9cEvd1sp8XN/ASN3YTm
  WWo//fVpbXIlzp8mU4Q7t8+7LglxFQabhl4eMBarMi8SnNuh2zYKQxJRPvsCAwEA
  AaOCAbMwggGvMB8GA1UdIwQYMBaAFIz02ZMKR7wAoErOS3VuoLawsn78MA4GA1Ud
  DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwKAYDVR0R
  BCEwH4IdY29ycC12cy1jYTIucG9wbXVsdGltZWRpYS5jb20wQQYDVR0fBDowODA2
  oDSgMoYwaHR0cDovL2d0c3NsZHYtY3JsLmdlb3RydXN0LmNvbS9jcmxzL2d0c3Ns
  ZHYuY3JsMB0GA1UdDgQWBBSODVVgPunABo61x13N20tEP66egDAMBgNVHRMBAf8E
  AjAAMHUGCCsGAQUFBwEBBGkwZzAsBggrBgEFBQcwAYYgaHR0cDovL2d0c3NsZHYt
  b2NzcC5nZW90cnVzdC5jb20wNwYIKwYBBQUHMAKGK2h0dHA6Ly9ndHNzbGR2LWFp
  YS5nZW90cnVzdC5jb20vZ3Rzc2xkdi5jcnQwTAYDVR0gBEUwQzBBBgpghkgBhvhF
  AQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291
  cmNlcy9jcHMwDQYJKoZIhvcNAQEFBQADggEBAC2Kadfzc6X/3dI//J5SGR9fnCa7
  6NVl8SV5aAYAvmOdkZBiurIYa1eHYYaDUGmOO8awTOXTfc4QzX75QwBUmcZeZKdj
  ZMPiJlm7Bsz/3Q1eolxHCqkAiDZIEohoT0o8Spw6+Eq8KcPnhf+K5+rIzJnWBZ9P
  tmpS4SEtrGHIfj3+638eqTydxuOCZ0Be9EanVK0ERav25fTRgRoZ+yEDiFP/MjQd
  rAgW7SyLOjm4I6bTmzjugmXf2Axm2kFuoyyZdrvdrJ+GBku5F6DOufGdGu13j80S
  lp148qh7gCREWrCqn3pH14qPKeHwC47jAQ3+ikRDfB090h9HGRi/8+w7Tx4=
  -----END CERTIFICATE-----

• MII 12.1 time out for JCo Connection

  I'm running this MII transaction that, is using a JCO connection to run a Function Module in SAP.
  The problem we have is, that function module takes more than 60 seconds to run an return the values, that is correct because we are gathering a big amount of data, so if we run the function Module inside SAP it works ok, BUT, if we run the transaction from MII we receive a time out after exactly 60
  seconds.
  We have already modified several time out parameters inside MII
  but those changes are not making any difference.
  Do you know where that JCo time out parameter is inside MII 12.1?

  Hi Salvador,
  Try to increase the session timeout to 300 in SAP Menu --> System Properties. Initial it will be 60 sec only.
  And increase MII workbench Read Timeout as well. Help --> Setting --> Read Timeout
  If it doesn't solved your problem, go through below post
  How to set timeout for each level in MII?
  Regards,
  Praveen Reddy

• User Id creation for Jco connections

  Hi,
      Need to create a user for verifying the Jco connections. Please help me with the steps of creation and how can it restricted only for verifying the connections.
  Thanks

  Hi Daneil,
  Best way is to do it yourself.
  1 - Create a user having full access (SAP_ALL and SAP_NEW and RFC Full access as well).
  2 - Set up the JCO connection with this user ID.
  3 - Put a trace (ST01) on this user ID and then test the connection.
  4 - Analyze the trace file and create a role having all the access pulled in the trace.
  5 - remove all the access from the above user and assign the role created in 4.
  6 - Put a trace once again on this user Id, just to ensure that if there is a miss in any authorization(failure) then you will be able to capture that as well. Update the role accordingly.
  Hope this helps.

• Best authentication method for controlling DEVICE access to wlan

  Hello,
  I have a similar question to this thread ( https://supportforums.cisco.com/message/3927713 ) but I'm interested about device control on top of user control. Just like that thread, we are using WPA2-AES Enterprise with PEAP MSCHAPv2, which allow users to log on with their domain credentials. We wanted something simple for our users, so MSCHAPv2 with "single sign on" was optimal to us.
  Problem is, we have a new requirement and we need to implement it yesterday. We would like to allow only mobile devices and computers of our choice.
  Since we are using MSCHAPv2 which allow every domain user to connect using any device as long as their domain credentials are valid, is there a simple way to control this ?
  I guess we could go with MAC filtering, but we have about a thousand laptops. Not a big problem, we could do a regular MAC address inventory using SCCM. It's just that it looks like a brute force tactic to a simple problem. Would a Cisco ACE 4.1 RADIUS server tolerate well a MAC address table with a thousand entries ? What if it goes to two thousands ? Would this be easy to implement ? I'm a bit new to this, is there some documentation I could follow ?
  How do people usually do this in an elegant way ? How do you manage and control WLAN access to thousands of device ? I guess they go with TLS with certificates ?
  Thank you very much !
  Konnan

  Konnan,
  Just saw your PM:)
  Would it be possible to configure Access policies even if our Radius servers aren't joined to the domain ?
  > I really don't know... typically all my installs have the radius server joined to the domain.  I don't know what limitations you would have using the setup you currently are using.
  Still wondering if it would be a good path for us, because of the computer authentication issue where it happens only at logon in Windows if I read correctly and our users don't have the habit to log off frequently and we use only manual connection mode when the user already has his session open. I guess MAR will have to be set to a stupid high value... if it even works.
  > Well you need to sit down with everyone who is involved and really think out what works best for you.  Machine authentication works well, but then people wonder what happens if someone logs in that isn't authorized and that because the computer is a domain computer it automatically gets on the network.  Well your not going to get everything you want:)  So PEAP has issue because IT wants to limit the user to only be able to access using a company owned device... well, then ISE is your fix.  You can add a certificate that ISE can see and if that device has that or a registry value and the user is allowed to access the network, the authentication is allowed, or else it will not be.  EAP-TLS... well more work since you need a PKI infrastructure and both the radius and the clients need a cert...
  No matter what, you need to decide what works best and don't over complicate it with adding mac filter, etc.
  I'm wondering if EAP-TLS wouldn't be better for the long term, maybe with MAC Address restriction on the short term...
  > See above
  I'm also wondering if we could stay with PEAP MSCHAPv2 but use an NPS Radius server from Microsoft which allow to use complex policies instead of the Cisco ACS Radius server...
  > You need to know how to setup and configure the policies... either one will work, but if your on ACS 4.x, I would look at upgrading to 5.4.  ISE is replacing ACS as far as the radius portion, but tacacs isn't yet available on ISE.
  There's also the Cisco ISE, which seems to be equivalent to Microsoft NPS... a bit more costly OTOH.
  > ISE allows you to profile devices so you know what device is accessing your network.  Again, ISE is replacing ACS as far as the radius, but tacacs will soon be out and available for ISE.  If you really want to create crazy profiles, then ISE is the way to go.  You can specify that this user group is allowed wireless, but it has to be a domain computer.  The user isn't allowed access if its not a domain computer.  The same user group is allowed access with company iPads (certificate installed), but not have access with personal iPads, tablets or smartphones.
  Hope this helps.
  Thanks,
  Scott
  Help out other by using the rating system and marking answered questions as "Answered"

• Authentication methods for BYOD senario?

                    I am in charge of setting up a 2500 wireless controller and a slew of 1142n APs as well coming up with a method to authenticate devices. This is a bring your own device senario so I do not have admin access to the devices. I would think that using MAC address filtering and a WEP key for authentication is the simplest and most cross platform method. Is there a way that I can capture the MAC addresses from the devices from lets say one of my APs and then add the MACs to the filter database? The person that will be adding the devices and the device owners themselves (high school students) might have a hard time finding the MAC of the devices, not to mention the possibility of entering them incorrectly. I was thinking that I can have an AP near the person that the users go to for setting up access that is setup to only use a WEP key to authenticate and then capture the MAC address of the authenticated devices to add to the MAC filter database used for the rest of the APs on the campus.
  Thanks in advance!

  The limit is indeed on the WLC. You can only have 2048 records. These records can be account logons, mac addresses etc. They all pull from the same pull.
  If you are only managing a few macs then it may not be so bad. If you are doing 50+ it will be a pain. Also it adds little value. Anyone can spoof a mac address get around mac filtering.
  Does that help ?
  "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
  ‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

• HTTP/1.1 407 Proxy Authentication Required for cloud connection

  I am using Jdeveloper version 11.1.1.7.1 for ADF deployment on cloud service(Java and DB services).As instructed ,I have followed all the steps and in jdeveloper .when I tried to Authenticate the created connection with username and password, i am getting HTTP/1.1 407 Proxy Authentication Required .I am clueless how to solve this,Followed all the blogs but no luck.Please help on this,

  Presumably you are behind a FW, does your proxy require authentication if so did you set it with "Tools > Preferences > Web Browser and Proxy > Proxy Server Requires Authentication". Also what is the version of your JCS SDK ? You can check it by:
  java -jar javacloud.jar -version
  It should be something like 15.1.2.0 or later ..
  Jani Rautiainen
  Fusion Applications Developer Relations
  https://blogs.oracle.com/fadevrel/

• Clinet for RFC Connection in Java Installation

  hi ,
  I am in the process of installing Java Add on for EP.
  I have BW installed in Client 100
  But during instlaltion pls tell me teh client no i should give for RFC Connection

  Hello Balaji,
  In case of BW only one client can be used as BW client. Since your AS ABAP the BW client is 100 it has to be 100 in case of Java Add-in as well.
  Regards.
  Ruchit.

• JCO connection error:Couldn't create JCOClientConnection for logical System

  Hi All,
  We are facing a production outage issue.
    We have a Federated Portal Network setup where one of our producer goes down automatically (seems on heavy load).
    On this Producer server we have 3 Web Dynpro applications deployed and default trace is full with JCO connection error   saying Could   not create JCOClientConnection for logical System: CSVMR_WD_MODELDATA_DEST.
  We had issue with max allowed JCO connections so we changed the below mentioned parameters for JCO connection settings in portal:
  u2022     Minimum value of JCo Pool Size in total = 80
  u2022     Minimum value for CPIC_MAX_CONV per SAP Web AS = 320
  u2022     Maximum Number JCo Connections = 160
  Please let us know if we are missing on some settings, any help in this regard is appreciated.
  Regards,
  Priyanka

  Hi,
  As you have already increased the maximum number of connections/pool size but still you are facing this problem. I would suggest you to check the web dynpro application which might not be able to release/disconnect the JCO connection.
  Please check this [Thread|How to close a model object connection for Adaptive RFC?; for more details.
  Regards
  Puneet

• HTTP Authentication Methods

  Testing HTTP Authentication Methods for URL https://mail.domain.co.nz/rpc/rpcproxy.dll?cl-cas01.domain.local:6002.
  The HTTP authentication test failed.
  Tell me more about this issue and how to resolve it
  Additional Details
  Not all the required authentication methods were found.
  Methods Found: Negotiate
  Methods Required: NTLM
  Any ideas how to get around this with the exchange connectivity tester? If I change from negotiate to basic or ntlm, I then have issues with clients on the local network.

  This link does not work. Could you update this post with the information that helped fix your issue? I am receiving the same error. Everything works internally. I have a casarray with 3 client access servers. If I try and connect using Outlook Anywhere externally,
  all the tests pass except for the last one which states:
  Testing HTTP Authentication Methods for URL https://casarray.mydomain.com/rpc/rpcproxy.dll?casarray.mydomain.com:6002.
  The HTTP authentication test failed.
  Additional Details
  An HTTP 500 response was returned from Unknown.
  HTTP Response Headers:
  Content-Length: 3423
  Cache-Control: private
  Content-Type: text/html; charset=utf-8
  Date: Tue, 03 Jun 2014 01:59:11 GMT
  Server: Microsoft-IIS/7.5
  X-AspNet-Version: 4.0.30319
  X-Powered-By: ASP.NET
  Elapsed Time: 2135 ms.
  Here is the full test:
  Testing RPC/HTTP connectivity.
  The RPC/HTTP test failed.
  Additional Details
  Elapsed Time: 10139 ms.
  Test Steps
  Attempting to resolve the host name casarray.mydomain.com in DNS.
  The host name resolved successfully.
  Additional Details
  IP addresses returned: MyIpAddress
  Elapsed Time: 262 ms.
  Testing TCP port 443 on host casarray.mydomain.com to ensure it's listening and open.
  The port was opened successfully.
  Additional Details
  Elapsed Time: 213 ms.
  Testing the SSL certificate to make sure it's valid.
  The certificate passed all validation requirements.
  Additional Details
  Elapsed Time: 1347 ms.
  Test Steps
  The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server casarray.mydomain.com on port 443.
  The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
  Additional Details
  Remote Certificate Subject: CN=casarray.mydomain.com, OU=Domain Control Validated - RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)14, OU=GT62161020, SERIALNUMBER=4/00u9cheL7q8Gq41IXnlvVd8mb8-rjb, Issuer: CN=RapidSSL CA, O="GeoTrust, Inc.", C=US.
  Elapsed Time: 1260 ms.
  Validating the certificate name.
  The certificate name was validated successfully.
  Additional Details
  Host name casarray.mydomain.com was found in the Certificate Subject Common name.
  Elapsed Time: 0 ms.
  Certificate trust is being validated.
  The certificate is trusted and all certificates are present in the chain.
  Test Steps
  The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=casarray.mydomain.com, OU=Domain Control Validated - RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)14, OU=GT62161020, SERIALNUMBER=4/00u9cheL7q8Gq41IXnlvVd8mb8-rjb.
  One or more certificate chains were constructed successfully.
  Additional Details
  A total of 1 chains were built. The highest quality chain ends in root certificate CN=GeoTrust Global CA, O=GeoTrust Inc., C=US.
  Elapsed Time: 32 ms.
  Analyzing the certificate chains for compatibility problems with versions of Windows.
  Potential compatibility problems were identified with some versions of Windows.
  Additional Details
  The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
  Elapsed Time: 4 ms.
  Testing the certificate date to confirm the certificate is valid.
  Date validation passed. The certificate hasn't expired.
  Additional Details
  The certificate is valid. NotBefore = 5/6/2014 10:15:31 AM, NotAfter = 5/9/2015 5:16:00 PM
  Elapsed Time: 0 ms.
  Checking the IIS configuration for client certificate authentication.
  Client certificate authentication wasn't detected.
  Additional Details
  Accept/Require Client Certificates isn't configured.
  Elapsed Time: 6179 ms.
  Testing HTTP Authentication Methods for URL https://casarray.mydomain.com/rpc/rpcproxy.dll?casarray.mydomain.com:6002.
  The HTTP authentication test failed.
  Additional Details
  An HTTP 500 response was returned from Unknown.
  HTTP Response Headers:
  Content-Length: 3423
  Cache-Control: private
  Content-Type: text/html; charset=utf-8
  Date: Tue, 03 Jun 2014 01:59:11 GMT
  Server: Microsoft-IIS/7.5
  X-AspNet-Version: 4.0.30319
  X-Powered-By: ASP.NET
  Elapsed Time: 2135 ms.

• ARR2.5 anonymous authentication problem in Lync connectivity

  Hello all,
  I'm stuck in the middle of deploying ARR to support mobility,
  I would just like to say that Lync discovery test used to work before i deployed
  ARR 2.5 ,
  I followed all the steps in all the guides,
  for some reason when i run connectivity online check tool (from Microsoft)
  i get the following error:
  Testing HTTP authentication methods for URL https://lyncdiscover.DOMAIN.com/Autodiscover/AutodiscoverService.svc/root/user.
  HTTP authentication test failed.
  Tell me more about this issue and how to resolve it
  Additional Details
  Initial anonymous HTTP(s) request didn't fail, but Anonymous isn't a supported Authentication Method for this scenario.
  HTTP Response Headers:
  Pragma: no-cache
  X-MS-Server-Fqdn: clvlync01.lan.coolvision.biz
  X-Content-Type-Options: nosniff
  Content-Length: 225
  Cache-Control: no-cache
  Content-Type: application/json
  Expires: -1
  Server: Microsoft-IIS/8.0
  X-AspNet-Version: 4.0.30319
  X-Powered-By: ASP.NET,ARR/2.5
  Date: Thu, 06 Mar 2014 08:47:41 GMT
  Elapsed Time: 699 ms.
  when i explore the url i get the xml file:
  <resource xmlns="http://schemas.microsoft.com/rtc/2012/03/ucwa" rel="user" href="https://lync01.lan.DOMAIN.biz/Autodiscover/AutodiscoverService.svc/root/user">
  <link rel="xframe" href="https://lync01.lan.DOMAIN.biz/Autodiscover/AutodiscoverService.svc/root/user/xframe"/>
  </resource>
  ARR LOG:
  connectivity:
  2014-03-06 09:54:52 lyncfeIP GET / X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=1d849d36-c51b-4426-ae17-3d73a8e521d5 443 - 10.192.255.33 Mozilla/5.0+(Windows+NT+6.3;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/33.0.1750.146+Safari/537.36
  - 200 0 0 78
  user browse:
  2014-03-06 09:59:47 lyncfeIP GET /abs/handler/C-12ca-12cc.lsabs X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=460bbf67-83ec-4558-99b0-279ee55fe7a3 443 - 2.55.5.51 OC/4.0.7577.4419+(Microsoft+Lync+2010) - 404 0 0 0
  In most places people ask to disable delegation... but i don't see an option in
  the ARR .... i've tried to disable feature delegation (on the iis server) and it didn't helped.
  is there any chance it's have anything to do with my lync kerberos account ?
  please advise me what to do i'm lost.
  thanks in advance

  Check the process to deploy IIS ARR as reverse proxy step by step, you can refer to the following blog:
  http://blogs.technet.com/b/nexthop/archive/2013/02/19/using-iis-arr-as-a-reverse-proxy-for-lync-server-2013.aspx
  Lisa Zheng
  TechNet Community Support