Auto-user creation issue with OS10.6 clients

Similar Messages

• Directory Caching issue with Cisco Jabber client for Windows

  Hi ,
  I am facing cache issue with Cisco Jabber client for Windows. If I do any change related to modification or deletion of contacts in Active Directory/ Callmanager, it does not reflect in the Jabber. Because jabber takes the contacts from the locally stored cache file in the Windows system.
  Every time I have to remove the cache file to overcome this issue, practically it's not possible to do the same with all the Widows users. As, if any employee leaves the company and still I can see his contact appears in the "Cisco Jabber client". I have not seen this issue with Android/Apple iOS.
  Is there any automated way to remove the cache file? 
  Here is the detail of CUCM,Presence and Jabber.
  CUCM version: 9.1.x
  Presence          : 9.1.X
  Jabber              : 10.5 and 10.6

  Hello
  On our environment we had to install a dedicated Microsoft Certificate Authority "just for Cisco Jabber usage" to house the
  Network Device Enrollment Service.
  Our certificate for the CUPS were generated on this Certification Authority too.
  I discussed this certificate matter with my colleagues this afternoon and nobody seems to remember how these certificates were deployed into the
  Enterprise Trust store for the users.
  But I think they asked all 400 users to accept the 3 certificates by answering "yes" to the popup instead of using a script deployed by GPO...
  I wish you success with that deployment and really hope you have a technical partner that *Knows* this subject.
  Our partner left us alone with that unfortunately.
  Florent
  EDIT: If the "Certutil script method" works, please let me know. This could be useful in our own deployment.

• Issue with  pl/sql client

  Hi All,
  I am getting issue with pl/sql client saying readonly access to DMPROD(database).
  could you help me out..what might be causing this problem or how to overcome it?
  Thanks a lot.

  tvenkatesh07 wrote:
  Hi All,
  I am getting issue with pl/sql client saying readonly access to DMPROD(database).
  could you help me out..what might be causing this problem or how to overcome it?Well, it could be possible that your user, with whom you are trying to connect, is having only read-only access to the db? Did you try to change the user?
  Aman....

• Sign in issue with Lync Mobile client

  Hi guys,
  I'm trying to deploy a reverse proxy for mobile and external users, but I am having issues with the mobile client for android. It keeps saying "an unknown error occurred". Please try again.
  I've got the log zip file outputted by the client here if someone could have a look and point me in the right direction? I've set
  up server farms for the webservices, meet, and dialin.
  Desktop clients can log in without any issue btw.
  Cheers,
  Gareth L. Armstrong

  Verify from DNS Configuration and Check what is causing this issue from
  Lync Connectivity analyzer
  Also to troubleshooting Lync mobility, you can refer below link
  http://blogs.technet.com/b/nexthop/archive/2012/02/21/troubleshooting-external-lync-mobility-connectivity-issues-step-by-step.aspx
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
  Mai Ali | My blog: Technical | Twitter:
  Mai Ali

• SL Server Permission Issues with Windows XP Clients

  I'm running into some permissions issues with Snow Leopard Server. I know it's specific to SL Server because I have two Leopard servers and neither one is affected. All servers are set up the same way.
  I'm using this SL server as a file server in the golden triangle approach: AD for Users, OD for Groups that supply AD User membership. I have one volume per OD group, and that group has read/write privileges to that volume via the default Server Admin read/write ACL. POSIX permissions are 770 on the top level directory, and ownership is set to the AD user who owns the volume, and the OD group the volume belongs to.
  The client is XP SP3. When the client accesses a share on the SL server, their access is correctly granted and they can browse the share and read any files inside the share. They can copy files to the share from wherever. They can open, edit, and save files. However, they cannot rename or delete files within the share. They cannot rename folders, but can delete them. This affects all AD users regardless of the OD group they're in.
  I have a few Windows 7 and Vista clients on the network, and these two OS's are not affected by this so the problem is limited to XP. If I create a user in OD, and auth to the sever from the XP client as that user, the problem goes away, so it's something to do with AD and SMB.
  I do have a ticket in with Apple support, which was escalated to Engineering. Still waiting on that.
  Things I have tried that have not worked/helped:
  -Modify the ACL to Full Privileges
  -Tried removing/re-adding user to OD group.
  -Remove darwin_streams from vfs_objects in smb.conf
  stream support = no
  ea support = yes/no (tried both ways)
  darwin_streams:brlm = no
  -Added nt acl support = no to smb.conf
  per http://bit.ly/6aYycW
  -Animal sacrifice..... ??
  Help?

  I need to do more testing, but I think the fix is to add "acl check permissions = no" to the bottom of /etc/smb.conf:
  ; Site-specific parameters can be added below this comment.
  [global]
  acl check permissions = no

• Issue with only one client - The client version 5.00.7958.1000 does not match the MP version 5.00.7711.0000. The client will not be installed.

  Below issue is with only one client in that untrusted domain. So boundary is not the issue.
  Env -
  mydom.com has SCCM PRI site (MP, DP as well).
  Client is in untrusted forest.
  Please help.
  Thanks
  MP 'mysccm.mydom.com' is compatible ccmsetup 11/4/2014 12:14:55 PM 4816 (0x12D0)
  Retrieved 1 MP records from AD for site 'pri' ccmsetup 11/4/2014 12:14:55 PM 4816 (0x12D0)
  Retrived site version '5.00.7958.1000' from AD for site 'pri' ccmsetup 11/4/2014 12:14:55 PM 4816 (0x12D0)
  SiteCode:         pri ccmsetup 11/4/2014 12:14:55 PM 4816 (0x12D0)
  SiteVersion:      5.00.7958.1000 ccmsetup 11/4/2014 12:14:55 PM 4816 (0x12D0)
  Ccmsetup is being restarted due to an administrative action. Installation files will be reset and downloaded again. ccmsetup 11/4/2014 12:14:55 PM 4816 (0x12D0)
  Deleted file C:\Windows\ccmsetup\client.msi ccmsetup 11/4/2014 12:14:55 PM 4816 (0x12D0)
  Only one MP mysccm.mydom.com is specified. Use it. ccmsetup 11/4/2014 12:14:55 PM 4816 (0x12D0)
  Searching for DP locations from MP(s)... ccmsetup 11/4/2014 12:14:55 PM 4816 (0x12D0)
  Current AD site of machine is Default-First-Site-Name LocationServices 11/4/2014 12:14:55 PM 4816 (0x12D0)
  Local Machine is joined to an AD domain LocationServices 11/4/2014 12:14:55 PM 4816 (0x12D0)
  Current AD forest name is staging.local, domain name is staging.local LocationServices 11/4/2014 12:14:55 PM 4816 (0x12D0)
  DhcpGetOriginalSubnetMask entry point is supported. LocationServices 11/4/2014 12:14:55 PM 4816 (0x12D0)
  Begin checking Alternate Network Configuration LocationServices 11/4/2014 12:14:55 PM 4816 (0x12D0)
  Finished checking Alternate Network Configuration LocationServices 11/4/2014 12:14:55 PM 4816 (0x12D0)
  Sending message body '<ContentLocationRequest SchemaVersion="1.00">
    <AssignedSite SiteCode="pri"/>
    <ClientPackage/>
    <ClientLocationInfo LocationType="SMSPACKAGE" DistributeOnDemand="0" UseProtected="0" AllowCaching="0" BranchDPFlags="0" AllowHTTP="1" AllowSMB="0" AllowMulticast="0"
  UseInternetDP="0">
      <ADSite Name="Default-First-Site-Name"/>
      <Forest Name="staging.local"/>
      <Domain Name="staging.local"/>
      <IPAddresses>
  <IPAddress SubnetAddress="10.72.117.0" Address="10.72.117.134"/>
  <IPAddress SubnetAddress="10.72.117.0" Address="10.72.117.142"/>
      </IPAddresses>
    </ClientLocationInfo>
  </ContentLocationRequest>
  ' ccmsetup 11/4/2014 12:14:55 PM 4816 (0x12D0)
  Sending message header '<Msg SchemaVersion="1.1"><ID>{5B972249-B931-4739-9EFA-A9FDE29C351A}</ID><SourceHost>STAGINGSRVR07</SourceHost><TargetAddress>mp:[http]MP_LocationManager</TargetAddress><ReplyTo>direct:STAGINGSRVR07:LS_ReplyLocations</ReplyTo><Priority>3</Priority><Timeout>600</Timeout><ReqVersion>5931</ReqVersion><TargetHost>mysccm.mydom.com</TargetHost><TargetEndpoint>MP_LocationManager</TargetEndpoint><ReplyMode>Sync</ReplyMode><Protocol>http</Protocol><SentTime>2014-11-04T17:14:55Z</SentTime><Body
  Type="ByteRange" Offset="0" Length="1264"/><Hooks><Hook3 Name="zlib-compress"/></Hooks><Payload Type="inline"/></Msg>' ccmsetup 11/4/2014 12:14:55 PM 4816 (0x12D0)
  CCM_POST 'HTTP://mysccm.mydom.com/ccm_system/request' ccmsetup 11/4/2014 12:14:55 PM 4816 (0x12D0)
  Content boundary is '--aAbBcCdDv1234567890VxXyYzZ' ccmsetup 11/4/2014 12:14:55 PM 4816 (0x12D0)
  Received header '<Msg SchemaVersion="1.1">
   <ID>{D4EF0A4D-A000-4697-9AFA-B1317B09931D}</ID>
   <SourceID>GUID:21298681-5080-4365-B614-F0C8DF67452B</SourceID>
   <SourceHost>pri1SCCM02</SourceHost>
   <TargetAddress>direct:STAGINGSRVR07:LS_ReplyLocations</TargetAddress>
   <ReplyTo>MP_LocationManager</ReplyTo>
   <CorrelationID>{00000000-0000-0000-0000-000000000000}</CorrelationID>
   <Priority>3</Priority>
   <Timeout>600</Timeout>
   <TargetHost>STAGINGSRVR07</TargetHost><TargetEndpoint>LS_ReplyLocations</TargetEndpoint><ReplyMode>Sync</ReplyMode><Protocol>http</Protocol><SentTime>2014-11-04T17:14:55Z</SentTime><Body Type="ByteRange"
  Offset="0" Length="2408"/><Hooks><Hook3 Name="zlib-compress"/><Hook Name="authenticate"><Property Name="Signature">3082019206092A864886F70D010702A08201833082017F020101310B300906052B0E03021A0500300B06092A864886F70D0107013182015E3082015A02010130373023311330110603550403130A545247315343434D3032310C300A06035504031303534D5302106C6A0DBD0066FA9642BBD3DB95A990CD300906052B0E03021A0500300D06092A864886F70D01010105000482010042A5446464A1253E1A8D831E124760EAAF9ABAEB8627D5066402ADA9E5EBF22032BD329C6DCEC93506E122ED6D43064E57504C60DEAD096C14F5873C03659B99660F7F037AE8B326F5A5AAD5D04E2FAFDE6BBE99B4226F1B45437D1214585783F2CC92E332045586025E1577F90B15EF16A18EBC10EE029550C3FF0255C74BC373E06851692D090B589FFAA2E2C427CE5687D04F31FE45D738D027F5357E03901E075A0AE9ECD9E5FA90A9AF7470A1877FFC6AD9DE2AAFE6717FB0237A59ACF8C96C797A5C83985F58B3EFD376F8BD29ABEA613B33B3CCEE9160697A83F6503FCF9BD12FFE1234ACF3A58EB7A0DB61915B5C543BB6A9D34491F281BAB589C55E</Property><Property
  Name="AuthSenderMachine">pri1SCCM02;mysccm.mydom.com;</Property><Property Name="MPSiteCode">pri</Property></Hook></Hooks><Payload Type="inline"/></Msg>' ccmsetup 11/4/2014 12:14:55
  PM 4816 (0x12D0)
  Received reply body '<ContentLocationReply SchemaVersion="1.00"><ContentInfo PackageFlags="16777216"><ContentHashValues/></ContentInfo><Sites><Site><MPSite SiteCode="pri" MasterSiteCode="pri"
  SiteLocality="LOCAL" IISPreferedPort="80" IISSSLPreferedPort="443"/><LocationRecords><LocationRecord><URL Name="http://mysccm.mydom.com/SMS_DP_SMSPKG$/pri00002"
  Signature="<ADSite">http://mysccm.mydom.com/SMS_DP_SMSSIG$/pri00002"/><ADSite Name="CSSG-Mount-Laurel"/><IPSubnets><IPSubnet Address="10.72.117.0"/><IPSubnet
  Address=""/></IPSubnets><Metric Value=""/><Version>7958</Version><Capabilities SchemaVersion="1.0"><Property Name="SSLState" Value="0"/></Capabilities><ServerRemoteName>mysccm.mydom.com</ServerRemoteName><DPType>SERVER</DPType><Windows
  Trust="0"/><Locality>LOCAL</Locality></LocationRecord></LocationRecords></Site></Sites><ClientPackage FullPackageID="pri00002" FullPackageVersion="2" FullPackageHash="03CFD97C8FB5F7E7E9F177FD6D30D6F25ED106E517E69B715695A0E81DB1D9AF"
  MinimumClientVersion="5.00.7958.1000" RandomizeMaxDays="7" ProgramEnabled="false" LastModifiedTime="30388855;1262113920" SiteVersionMatch="true" SiteVersion="5.00.7958.1000" EnablePeerCache="true"/><RelatedContentIDs/></ContentLocationReply>'
  ccmsetup 11/4/2014 12:14:55 PM 4816 (0x12D0)
  Found local location 'http://mysccm.mydom.com/SMS_DP_SMSPKG$/pri00002' ccmsetup 11/4/2014 12:14:55 PM 4816 (0x12D0)
  Discovered 1 local DP locations. ccmsetup 11/4/2014 12:14:55 PM 4816 (0x12D0)
  PROPFIND 'http://mysccm.mydom.com/SMS_DP_SMSPKG$/pri00002' ccmsetup 11/4/2014 12:14:55 PM 4816 (0x12D0)
  Got 401 challenge Retrying with Windows Auth... ccmsetup 11/4/2014 12:14:55 PM 4816 (0x12D0)
  PROPFIND 'http://mysccm.mydom.com/SMS_DP_SMSPKG$/pri00002' ccmsetup 11/4/2014 12:14:55 PM 4816 (0x12D0)
  Failed to correctly receive a WEBDAV HTTP request.. (StatusCode at WinHttpQueryHeaders: 401) ccmsetup 11/4/2014 12:14:55 PM 4816 (0x12D0)
  Failed to check url http://mysccm.mydom.com/SMS_DP_SMSPKG$/pri00002. Error 0x80004005 ccmsetup 11/4/2014 12:14:55 PM 4816 (0x12D0)
  Enumerated all 1 local DP locations but none of them is good. Fallback to MP. ccmsetup 11/4/2014 12:14:55 PM 4816 (0x12D0)
  GET 'HTTP://mysccm.mydom.com/CCM_Client/ccmsetup.cab' ccmsetup 11/4/2014 12:14:55 PM 4816 (0x12D0)
  C:\Windows\ccmsetup\ccmsetup.cab is Microsoft trusted. ccmsetup 11/4/2014 12:14:55 PM 4816 (0x12D0)
  Successfully extracted manifest file C:\Windows\ccmsetup\ccmsetup.xml from file C:\Windows\ccmsetup\ccmsetup.cab. ccmsetup 11/4/2014 12:14:55 PM 4816 (0x12D0)
  Loading manifest file: C:\Windows\ccmsetup\ccmsetup.xml ccmsetup 11/4/2014 12:14:55 PM 4816 (0x12D0)
  Successfully loaded ccmsetup manifest file. ccmsetup 11/4/2014 12:14:55 PM 4816 (0x12D0)
  Checking if manifest version '5.00.7958.1000' is newer than the ccmsetup version '5.0.7958.1000' ccmsetup 11/4/2014 12:14:55 PM 4816 (0x12D0)
  Running from temp downloaded folder or manifest is not newer than ccmsetup. ccmsetup 11/4/2014 12:14:55 PM 4816 (0x12D0)
  Adding file 'HTTP://mysccm.mydom.com:80/CCM_Client/x64/client.msi' to BITS job, saving as 'C:\Windows\ccmsetup\client.msi'. ccmsetup 11/4/2014 12:14:56 PM 4816 (0x12D0)
  Starting BITS download for client deployment files. ccmsetup 11/4/2014 12:14:56 PM 4816 (0x12D0)
  Successfully completed BITS download for client deployment files. ccmsetup 11/4/2014 12:14:57 PM 4816 (0x12D0)
  Successfully downloaded client files via BITS. ccmsetup 11/4/2014 12:14:57 PM 4816 (0x12D0)
  Validated file 'C:\Windows\ccmsetup\client.msi' hash 'A5732CE24F2B1545E9FBA458971E0A5504093E0F743CA9E8BD9C047582902878' ccmsetup 11/4/2014 12:14:58 PM 4816 (0x12D0)
  Retrieved client version '5.00.7958.1000' and minimum assignable site version '5.00.7845.1000' from client package ccmsetup 11/4/2014 12:14:58 PM 4816 (0x12D0)
  Checking compatibility of site version '5.00.7958.1000', expect newer than '5.00.7845.1000' ccmsetup 11/4/2014 12:14:58 PM 4816 (0x12D0)
  Site version '5.00.7958.1000' is compatible. Client deployment will continue. ccmsetup 11/4/2014 12:14:58 PM 4816 (0x12D0)
  An MP exists on this machine. ccmsetup 11/4/2014 12:14:58 PM 4816 (0x12D0)
  The client version 5.00.7958.1000 does not match the MP version 5.00.7711.0000.  The client will not be installed. ccmsetup 11/4/2014 12:14:58 PM 4816 (0x12D0)
  A Fallback Status Point has not been specified.  Message with STATEID='318' will not be sent. ccmsetup 11/4/2014 12:14:58 PM 4816 (0x12D0)
  InstallFromManifest failed 0x80004005 ccmsetup 11/4/2014 12:14:58 PM 4816 (0x12D0)
  CcmSetup failed with error code 0x80004005 ccmsetup 11/4/2014 12:14:58 PM 3680 (0x0E60)

  Why two primary that is 'coz geographically based server support and workstation. You can think it as a data center to data center split.
  That doesn't make sense and aren't valid reasons for 2012 (not that you can necessarily change it now).
  This line jumps out at me in the log file though: "An MP exists on this machine".
  That looks like the system you are installing on previously had an MP on it. I would delete the ccm namespace in WMI, cleanup all reference to ccm and Configuratin Manager from the registry, and then try again.
  Jason | http://blog.configmgrftw.com | @jasonsandys

• Issue with create user and issue with Java Development tab

  I have two issues with EP,
  1. When i login with Super Admin user, i am unable to Create any user from User Admin tab. Do i have to change the settings of the Super Admin? or is there any criteria for creating the user?
  2. How to assign any user the Java Development tab. Though i login with a super admin user i am unable to see the Java Development role and when tried to assign the role, there were no searches for that Java....

  Hi Adi,
  by default the super administrater has got all permissions. Thus you should be able to create portal users when using a user assigned to the portal group Administrators.
  In order to help you with your first question we need more information. Please describe the malfunction in detail. Have a look into the log files and post related error messages.
  Regarding your second question: You will find the java development role in PCD
  pcd:portal_content/com.sap.pct/platform_add_ons/com.sap.pct.pdk/Roles/com.sap.pct.pdk.JavaDeveloper.
  If not, then you haven't installed the PDK business package in your portal.
  Go to service.sap.com, choose downloads and search the package (PDK should do it). Download the package, and deploy on your portal using SDM.
  Best regards,
  Martin

• Session creation issues with DS3.2

  We are using BODS 3.2 for development. We are aware that a newer version of DS has been released quite a long time ago but due to some reasons we are still using DS 3.2.
  We are facing some session creation issues. We are using Teradata and Oracle as source and extracting\updating data using some SQLs in script tasks. SQLs are targeting huge amount of data. We executed a job and checked on the servers, sessions were created on the databases. Job kept on executing for long time and was not getting completed, there was no error also. After waiting so long, I checked on Database server and found that session was lost for these SQLs on Database servers. We are able to create a successful connection using Data Stores.
  Please suggest something, Why the sessions are not getting lost on the database servers?.
  Thanks & Regards,
  Gaurav Bansal

  ginger_11 wrote:
  Hi...I'm new to the forum.
  2 of the same phones in my household having similar issues since OS upgrade. 
  -Text automatically going to MMS when sending pics and the pics won't send.  1 phone freezes, the other acts like its sent but not sent-this phone won't load emailed pics either.
  -Keep getting notifications that passwords need updated for email accounts.
  -Facebook app won't load on 1 phone-tried deleting, pulling battery and re-installing.  Still getting "session re log-in required" but there is nowhere to load the log-in info under accounts. Getting the same message on the other phone but the app is still listed under accounts so am able to log in.
  -Both phones are randomly re-starting. Multiple times over past 3 days. 
  Any known issues like these?
  There must be some common factor why both phones are having the same problem.
  With the 10.2.1.537, the only problem I had was a few contacts merged and surnames were repeated.
  I haven't noticed any difference with the latest upgrade.
  Maybe a security wipe and restore contacts and email then one app at a time.

• B2C user creation issue in B2C site

  Hi Experts,
       We are using ECC 6.0, not CRM.  We are trying to setup the B2C store.  I have a created B2CREFUSER as reference user in SU01 with roles (SAP_ISA_B2C_FULL & SAP_ISA_B2C_RFC).  I also given customer number as KNA1 with 12995 (by going to Goto -> reference). 
  I have created a webshop for Internet Sales B2C (http://<hostname>:<port>/shopadmin/shopadmin/init.do).  at general information tab I have given a reference user as B2CREFUSER under User Management section.  Under Transaction tab given 12995 as Reference Customer.
  I went to b2c site (http://<hostname>:<port>/b2c_xyz/b2c/init.do).  I created a new customer and created a order.  I went to VA02 transaction in the ECC 6.0.  I found that sold-to party and ship-to party is not 12995 but it is created with new number (IS0000000002).
  I thought B2C user will always use the Reference customer number not the new one.  I want to new users which are creating through B2C site, needs to use the 12995 customer number.  Please help me to fix this issue.  Thank you very much.
  With Regards,
  Sudheer.
  Edited by: Sudheer Somisetty on Aug 19, 2009 2:27 PM
  Edited by: Sudheer Somisetty on Aug 19, 2009 2:28 PM

  You have configured the application perfectly correctly and the application also seems to be working correct. What you see is the standard behavior. The order is created for the new consumer IS0000000002 you possibly created / registered earlier. And this is mostly the preferred behavior required by SAP user community.
  The reference customer is defined to "share" some of its business properties, like Org information etc. when transactions are created through the web  for the web customers. The transactions are not created for the reference customer as you intend.
  So, do you really want all your transactions to have 12995 as the customer number? And how are you (as a business) planning to differentiate order from one customer to the other? Reporting etc. etc..

• Playlist creation issues with Centrale

  Hello,
  I've had a Zen X-Fi 32gb for over a year and I love it. However, I have consistently had issues with creating playlists using Centrale. Frequently, when I go to add a song to an existing playlist or a new playlist,Centrale adds the song to a different playlist than the one I intended. I estimate that this happens with about 50% of my playlists. Does anyone else experience this and has anyone figured out how to correct this? It's maddening!
  Thanks,
  Jenn

  i've heard similar issues as yours although i'm sorry i cannot be really of help because i do not use it now.
  http://storeyourpicture.com/images/s...lectronics.jpg

• TMG SSO issue with Windows 7 clients

  I have very strange problem with Forefront TMG 2010 Single Sign On feature.
  SSO settings:
  I'm publishing two websites (https://site1.domain.com and https://site2.domain.com) by using the same web listener with SSO enabled for *.domain.com
  SSO is working as charm for Windows 8.1 clients
  The issue when accessing sites from Windows 7 clients:
  On the first access to any of the sites (i.e. site1), I'm getting TMG forms login form - as expected.
  I login, then visit few pages of the same site (i.e. site1), and everything works as expected. I'm logged in, and I can surf.
  The problem arises when I try to open the other site (i.e. site2). I'm getting TMG forms login form again! And even worse - as soon as new TMG login form opens -
  I'm logged off from the first site also. So not just I must login separately for both sites - I can't be logged to both sites in the same time because as soon as I login to one site, the session with other site is terminated!
  Interesting thing is that behavior is the same in any browser. I've tried with IE, Chrome and Mozilla - the problem is the same.
  When external client tries to open the second site, TMG logs one interesting message:
  Req ID: 0ae9f57b; Compression: client=Yes, server=No, compress rate=0% decompress rate=0% ;
  FBA cookie: exists=yes, valid=no, updated=no, logged off=no, client type=private, user activity=yes
  It looks that TMG finds that cookie is not valid and deletes it, terminating this way existing session with all sites.
  My setup:
  Array of two TMG's 2010 SP2 RU4, on Windows Server 2008 R2, all updates installed.
  Published websites (site1.domain.com and site2.domain.com) are residing on two different servers (srv1 and srv2)
  Websites are published over https by using SSL certificate gotten from local PKI. All clients and servers do have PKI CA in their "Trusted Root Certificates" storage. No client or server reports any certificate issue. Websites are "green"
  in address bar.
  I'm really confused with this behavior. Especially due to the fact that the same third-party browser (Chrome), can be used with SSO without any problem when installed on Windows 8.1, but not when installed on Windows 7!?!?
  Any help would be appreciated...
  Thanks!
  Fat Dragon

  Hahah! Shame on me! The problem is not related to Windows 8.1 / Windows 7. Client OS coincides with DNS server settings... To explain:
  My two-server TMG array has two public IPs (each server having one) - 1.1.1.1 and 1.1.1.2.
  In order to avoid setting the same IPs for all my websites, I've decided to create one common A record, and to define all websites as CNAME records pointing to this common A record. (This way I have just one place where I should change IP if it changes.)
  My common A record is defined as follows:
  a.domain.com -> 1.1.1.1, 1.1.1.2
  And websites as follows:
  site1.domain.com -> a.domain.com
  site2.domain.com -> a.domain.com
  When multiple IPs are bound to the same host some DNS servers will round robin them, and some will not. For example, when I do nslookup on the PC with google's public DNS server (8.8.8.8) I'm getting the following result:
  C:\Windows\System32>nslookup site1.domain.com
  Server: google-public-dns-a.google.com
  Address: 8.8.8.8
  Non-authoritative answer:
  Name: a.domain.com
  Addresses: 1.1.1.1
  1.1.1.2
  Aliases: site1.domain.com
  No matter how many times I execute nslookup, I'm getting the same answer, with IP addresses in the same sequence. But when I do nslookup on the PC that uses local DNS service on the router, sequence of IP addresses changes with each subsequent call:
  C:\Windows\System32>nslookup site1.domain.com
  Server: UnKnown
  Address: 192.168.1.1
  Non-authoritative answer:
  Name: a.domain.com
  Addresses: 1.1.1.1
  1.1.1.2
  Aliases: site1.domain.com
  C:\Windows\System32>nslookup site1.domain.com
  Server: UnKnown
  Address: 192.168.1.1
  Non-authoritative answer:
  Name: a.domain.com
  Addresses: 1.1.1.2
  1.1.1.1
  Aliases: site1.domain.com
  In my case Windows 8.1 machines were using Google's public DNS server, so all of them were resolving both websites in the same way, always using the first IP gotten - 1.1.1.1. In the other words, both websites were pointing to the same TMG array member 1.1.1.1.
  And SSO was working as expected.
  On the other side, my Windows 7 machines were setup to dynamically get network settings from the DHCP service (the router), and they were using its DNS service (second example). So when the browser opens site1.domain.com it queries DNS for site1.domain.com,
  gets two IPs, as always selects the first one (1.1.1.1), makes request to the first member of my TMG array and successfully creates session. Browser caches site1.domain.com -> 1.1.1.1, so each subsequent call goes to the same address without querying DNS
  server. But when the browser opens site2.domain.com it queries DNS server again, this time getting the same IP addresses, but reordered. As always it selects the first one (1.1.1.2), and sends the request (with authentication cookie) to
  the second TMG array member. The second TMG validates the cookie and doesn't recognize it, so
  rejects it and deletes it, and redirects the browser to login form. Since the cookie is deleted, browser cannot access site1.domain.com (through 1.1.1.1) anymore.
  Huuuhhh.
  The new question: can SSO be setup with TMG arrays and DNS round robin? Is there any way to "force" array members to accept cookies distributed by other members?
  I guess that I must open new question...
  Sorry for my stupidity!
  Fat Dragon

• Some SBS 2011 users having issues with s/mime messages containing attachments

  We have a contact from the outside world who is obligated to send emails that have attachments as S/mime. Whenever he sends the Executive Staff here an email containing (let's say) a Microsoft Office file, they instead get an attachment named smime.p7m that
  contains a winmail.dat file or instead just get a winmail.dat file attached instead.
  As someone with administrative rights (and I think that's what the deciding factor is), if he sends me the same email and I open it in my client of choice (Eudora in this case), I get the attachment he wants received and also a smime.p7m file with certificate
  information in it. However, if he sends the email with me as a cc: to one of the other users, instead of recipient, I only see what the other user sees.
  If I go into OWA as any of the affected users, it takes a bit of maneuvering (in that I have to click on a dialog that reads "This type of message isn't fully supported in Conversation mode.
  Click here to open the full version, which may show you more details or features"), but I can eventually get to the attachment once the full version pane opens.
  If get into Outlook 2010 as the user "Journaling", I can open the copy that Journaling's mailbox receives and see the attachment just fine too.
  I honestly have no clue what the problem might be, and would be very grateful for any help.

  Hi ,
  Thank you for posting your issue in the forum.
  I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.
  Thank you for your understanding and support.
  Best Regards,
  Andy Qi
  Andy Qi
  TechNet Community Support

• Multiple Issues with Windows 8 Client

  Mac client, Yosemite with auto-update on
  Windows client, Windows 8 with auto-update on.
  Mac client sends request to user on Windows 8 and gets nothing.
  Mac client tries to call Windows 8 user who changed her security setting to "accept call from anyone."  Call does not complete to Windows 8 user and returns "system error" or something like that.  Windows 8 user gets no indication of attempted call.
  Furthermore, Windows 8 user cannot find user using "add contact" menu and searching skype users for the Mac user.  Mac (various versions OS) and Linux clients can find the Mac user.  Other non-Windows platforms work as expected in every way.
  Finally, I'm getting "invalid html" error posting this in Linux, Firefox browser.  It's 100% plain text.

  Mac client, Yosemite with auto-update on
  Windows client, Windows 8 with auto-update on.
  Mac client sends request to user on Windows 8 and gets nothing.
  Mac client tries to call Windows 8 user who changed her security setting to "accept call from anyone."  Call does not complete to Windows 8 user and returns "system error" or something like that.  Windows 8 user gets no indication of attempted call.
  Furthermore, Windows 8 user cannot find user using "add contact" menu and searching skype users for the Mac user.  Mac (various versions OS) and Linux clients can find the Mac user.  Other non-Windows platforms work as expected in every way.
  Finally, I'm getting "invalid html" error posting this in Linux, Firefox browser.  It's 100% plain text.

• User from certificate with Cisco VPN client and ASA (and radius)

  Hello,
  we are trying to migrate a vpn client connection from GROUP to certificate. We want that client uses the user from the certificate and doesn't ask user, only password. Is it possible? Now, with user certificate, you can connect as another user if you know the user and the password of the other user with your own certifcate.
  Thanks!
  Santiago.

  mrbacklash wrote:
  Ok with that being said will the MBA 11.6 1.4ghz have the guts to make it run mostly internet based programs over the VPN connection?
  I think if you are running apps over the Internet the bottleneck will be the Internet and your VPN bandwidth. Your computer can certainly execute faster than Internet communications.
  Besides, Internet or remote applications run on the remote server. All your local computer does is local processing of the data if necessary.
  Message was edited by: BobTheFisherman

• Remote desktop connection issue with an RDP client while connecting to some of windows 2008 and 2003 operating system flavors and not receiving SDin value choice 26 from DomainMCSPDU

  Hi Team
  We have our RDP client and i came across with one issue "Expected data got 3" with this client.
  This issue is getting while connecting some of below operating system flavors.
  Microsoft Windows 2008 Enterprise edition
  Microsoft Windows 2008 Standard edition
  Microsoft Windows 2003 servers
  When we are trying to get RDP to those servers with our client, getting "Expected data got 3" error. One more main thing here is the specified error is not getting for all the servers of same operating system in above list.
  Able to get the RDP console for those servers using mstsc client.
  When i read the [MS-RDPBCGR] specification, i found the below points
  mcsSDin (variable): Variable-length PER-encoded MCS Domain PDU (DomainMCSPDU) which encapsulates an MCS Send Data Indication structure (SDin, choice 26 from DomainMCSPDU), as specified in [T125] section 11.33 (the ASN.1 structure definitions
  are given in [T125] section 7, parts 7 and 10). The userData field of the MCS Send Data Indication contains a Security Header and a Valid Client License Data (section 2.2.1.12.1) structure.
  In my code i am not getting SDin value as 26. Is it the problem with Remote desktop Licensing in RDP servers as specified in the specification like "The userData field of the MCS Send Data Indication contains a Security Header and a Valid
  Client License Data (section 2.2.1.12.1) structure."
  Could you please explain me is this issue is happening due to Licence configuration in RDP server and please provide support with server side configuration if any because our code works for other servers ?
  Thanks & Regards,
  Pavan G.

  Hello Pavan -
  Thanks for contacting Microsoft Support. I'm researching this for you and request you to please send me mail at dochelp @ Microsoft dot com so that I can share tools and techniques to collect some traces and analyze.
  Thanks.
  Tarun Chopra | Escalation Engineer | Open Specifications Support Team