Azure VM DNS Namespacing Question

Similar Messages

• Basic namespace question

  Hello,
  A (possibly dumb) namespace question - a schema that we are coding against has the following declaration:
  <xs:schema xmlns="http://webservices.myco.com/mycoXML/2003/07" xmlns:xs="http://www.w3.org/2001/XMLSchema" targetNamespace="http://webservices.myco.com/mycoXML/2003/07" elementFormDefault="qualified">When this schema is xjc'ed and then the associated java objects populated, then marshalled into an xml request, it prefixes "ns2" to all the elements within the XML, possibly because there are 2 namespaces specified.
  the web service however throws a "Could not find element" error, because it's not expecting the ns2 prefix.
  The questions are:
  1. could this ns2 be suppressed?
  2. does it make sense to suppress it?
  any other background/info about this and the right way to resolve it would be greatly appreciated.
  [edit]
  I may have a partial answer to my question - w3.org's primer told me that since the elementFormDefault is set to qualified, and attributeFormDefault is (by default) unqualified, it uses the ns2 to differentiate between the two.
  when i added attributeFormDefault="qualified", it prefixed everything with an ns1, which the web service seems to be quite happy with.
  if anyone has any other comments/insights, i'd appreciate it.
  Thanks,
  Nilesh
  Edited by: nthali on Apr 15, 2010 2:04 PM

  Just to add to Tims response
  If you do calc dim on account first and then aggregate sparse dimensions, then its best to Fix on Level 0 of all the Sparse dimensions for the calc dim and then aggregate the sparse. Otherwise when you run the calc the second time the calculation will calc dim on all levels of all sparse dimension combinations (there will be data there from the previous aggregation). This can be very very slow. So see below
  FIX("Local", "HSP_InputValue", "Actual",  "Final", "Jan", "FY15")
    FIX(@RELATIVE("Entity",0),@RELATIVE("Product",0), @RELATIVE("Channel",0),@RELATIVE("Project",0))
  CALC DIM ("Account");
  ENDFIX
  AGG ("Entity","Product", "Channel", "Project",);
  ENDFIX;

• Azure vs. AWS questions (CDN and other services)

  Hi all,
  We are currently migrating from AWS to Azure and we have a bunch of different questions mostly related to CDN (in comparison to AWS) that we couldn't find online:
  What is the right way to have a CDN that returns static content (Storage) and fallbacks to a virtual machine when the content is not available? Think about a service that automatically creates images when you ask it to, and
  saves them on a Storage bucket for later reuse. On AWS we could do this using CloudFront + 404 handling.
  Is it there something similar enough to CloudFront? That can reroute queries based on paths and/or different http codes?
  When hitting a CDN that reroutes to a VM we get "504 Gateway Timeout" on some requests, that same resources return fine if we ask the resource for a second time. What we are doing on that request is asking the Storage
  service for some image and returning a 302 redirect if it's not there. Perhaps the first request takes too long and that's why the CDN throws that error? A fresh example of this was on this URL: http://az3.hinchas.co.uk/t/4/h/f/4hfaQHaZbRfvPSjsQVe4nH_768x768yz.jpg
  What's the recommended or fastest way to access public Storage from a VM? We are currently using the public DNS.
  There is still no way to have nodejs deamons that need some compilation, right? Versioning the compiled objects is not a option for us now, as we only develop on Linux and Mac and it would make our current build process way
  more complex.
  When using Azure's API service, can we customize API routes based on paths or parameters and proxy some requests to amazon in order to ease the migration ? 
  Are there any recommended/official solutions to autoscale cassandra or elasticsearch clusters?
  Any help will be greatly appreciated.
  Thank you!

  Hi,
  Did you talk about azure CDN? If yes, When you enable CDN access for a storage account, the Windows Azure portal provides you with a domain name of the following
  format: http:/ /<guid>.vo.msecnd.net/. This domain name can then be used to access blobs in a public container. When a request is made using the Windows Azure CDN URL, the request is redirected to the CDN endpoint closest to the location from which the
  request was made to provide access to the blob. If the blob is not found at that endpoint, then it is retrieved from the Blob service and cached at the endpoint, where a time-to-live (TTL) setting is maintained for the cached blob. The TTL specifies that the
  blob should be cached for that amount of time in the CDN until it is refreshed by the Blob service. The CDN attempts to refresh the blob from Windows Azure Blob service only once the TTL has elapsed. For more detail information about azure CDN, you could refer
  to:http://azure.microsoft.com/blog/2009/11/05/introducing-the-windows-azure-content-delivery-network/
  If using azure CDN, we could not get the Gateway Timeout error.Fastest
  way to access public Storage, you may consider the file sharing service:http://blogs.msdn.com/b/windowsazurestorage/archive/2014/05/12/introducing-microsoft-azure-file-service.aspx
  For the Azure API related issue, I suggest you ask in Azure API Management forums:https://social.msdn.microsoft.com/Forums/en-US/home?forum=azureapimgmt
  For the autoscaling, you could use the Azure Management API to achieve, more detail information, you could ask in Azure API forums as mentioned.
  Regards.
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Setup internal and external DNS namespaces best practice

  Is external name space (e.g. companydomain.com) and internal name space (e.g. corp.companydomain.com or companydomain.local) able to run on the same DNS server (using Microsoft Windows DNS servers)?
  MS said it is highly recommended to use a subdomain to handle internal name space - say corp.companydomain.com if the external namespace is companydomain.com.  How shall this be setup?  Shall I create my ADDS domain as corp.companydomain.com directly
  or companydomain.com then create a subdomain corp?
  Thanks in advanced.
  William Lee
  Honf Kong

  Is external name space (e.g. companydomain.com) and internal name space (e.g. corp.companydomain.com or companydomain.local)
  able to run on the same DNS server (using Microsoft Windows DNS servers)?
  Yes, it is technically feasible. You can have both of them running on the same DNS server(s). Just only your public DNS zone can be published for external resolution.
  MS said it is highly recommended to use a subdomain to handle internal name space - say corp.companydomain.com
  if the external namespace is companydomain.com.  How shall this be setup?  Shall I create my ADDS domain as corp.companydomain.com directly or companydomain.com then create a subdomain corp?
  What is recommended is to avoid having a split-DNS setup (You internal and external DNS names are the same). This is because it introduces extra complexity and confusion when managing it.
  My own recommendation is to use .local for internal zone and .com for external one.
  This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
  Get Active Directory User Last Logon
  Create an Active Directory test domain similar to the production one
  Management of test accounts in an Active Directory production domain - Part I
  Management of test accounts in an Active Directory production domain - Part II
  Management of test accounts in an Active Directory production domain - Part III
  Reset Active Directory user password

• Azure Media Services Pricing Questions

  I am contacting you in regards to pricing structures for Azure Media Services. I would like to clarify some details outlined on the Azure pricing page.
  I work for a company that provides content security solutions, and we provide Microsoft Playready related DRM solutions to our customers. 
  I have a customer who has an Enterprise Agreement and is using Azure Cloud services. They are planning to utilise the Azure Media Services and I wish to help clarify some points
  for them.  
  Can you please provide answers to these questions ?
  For Content Protection (DRM) does the customer need to prepare their own Playready License servers? Or is this fully covered in the Azure Content Protection service ?  
  For the PAYG plan for Content Protection, there is a price of $0.21/ 100 licenses.  
  Can you please confirm the definition of “license” in this scenario ?
  Is the license in reference to issuing one license per streaming session per unique user ?
  If the user watches multiple contents/assets is a license required for each asset ?  Is only one license required per piece of contents ?  Or multiple licenses during viewing ?
  When using key-rotation for live services, does that impact the number of licenses required ?
  Are there any conditions for using Azure Encoding & Processing services in order to attain the Content Protection price?  (for example certain amount of minimum usage of encoding?
  Are there any conditions for using Azure Streaming services in order to attain the Content Protection price ? (for example certain amount of minimum streaming usage?)
  Is the PAY pricing plan for Content Protection relevant to content encoded as HLS and encrypted with Playready ?
  Is the separate Playready DRM licensing costs ($0.35/ client and $0.02/quarter per active client) still relevant for Silverlight players when using Azure Content Protection services ?
  Is the separate Playready DRM licensing costs ($0.35/ client and $0.02/quarter per active client) still relevant for other players (HLS players) when using Azure Content Protection services ?
  If I have other questions about Azure Media Services, can I raise them to this contact email address ?

  Will,
  Thanks. The first point that the license server is included in the Azure service is now clear, thank you.
  For the other questions, the link you put me through to is for support options for Azure. I am being asked to clarify these questions by my customer who is considering using Azure Media Services but is not currently subscribing and I don't have an existing
  support account.  My customer does have an Enterprise Agreement. 
  If you are not able to answer the questions above, would it be possible to receive an email address for where I can direct these questions about Azure Media Services pricing structure and billing ?  (this is for evaluation purposes before becoming a
  subscriber/user)  
  Please confirm an available address for someone with the answers.  I have already contacted MS online technical and billing support groups and have been asked to post here, but not been given an address I can contact with the above specific questions.
  Thank you.
  Regards
  Lincoln

• Transport namespace question

  Hello everyone,
  Small question. I have 2 development systems, I have to transport my things from the 1st development system to the 2nd and only then I can transport to the quality system. But someone else is doing work in the 2nd development system and created some namespaces in the same software component I am working on. So there are more namespaces in the 2nd system then in the 1st. My question is, when I transport the namespace definition for that software component from the 1st development system to the 2nd will those namespaces that do not exist in the 1st be deleted or will the transport only append my namespaces?
  Thanks

  Hi,
  According to my understanding,Unless the namespace in both the system look like the transports will not be affected.It will not delete any namespace, it will always append to the software component.
  Thanks,
  Uaruna

• StAX namespace question

  Hello,
  Looking at this soap fault document:
  <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <soapenv:Body>
  <soapenv:Fault>
    <faultcode>21</faultcode>
    <faultstring>Login error</faultstring>
  </soapenv:Fault>
  </soapenv:Body>
  </soapenv:Envelope>The 'faultcode' element has no prefix associated, but it belongs to ''http://schemas.xmlsoap.org/soap/envelope/" URI. When I'm positioned on 'faultcode' element, the XmlStreamReader.getNamespaceURI() call gets null, because there is no namespace directly associated to this element. The question is that I need all the namespaces associated to this element. The specification talks about a "namespace stack" -> NamespaceContext, but this is not useful for me because I'd need an iterator with all namespaces of this element (and with NamespaceContext you always need to pass a prefix or a URI as parameters to methods).
  Is there any way to achieve this, or should I program it?
  Thanks a lot,
  Joan

  Thank you for the message.
  I know the config.xml file is eventually passed to java.exe and the error is from there. Since namespace is just a token to distinguish one from another, I don't understand why the default namespace has to be kept and can not be changed.
  Can you please explain it more to me? If my webservice is under that namespace and you too have a webservice under the same namespace, what's going to happen if we 2 accidently give the same name to our webservices? Is there any conflict going on?
  Thanks

• DNS Records Questions - TXT Files

  Hello everyone,   I would like to preface this post with, this is my first time dealing with DNS records.  However, the instructions seem a little confusing, so i would like your professional feedback.  
  Currently using Godaddy for hosting.  Ill start with the instructions, then my set up, my result and my questions. 
  Instructions:
  You will be adding two separate TXT entries to your DNS record - note - be sure that you do not add any carriage returns when copying the key, below:
  First Entry (This is called the DKIM policy record):
  Name:  _domainkeyTXT:   "t=y; o=~;"If your domain is 'foo.com', then the 'name' entry will look like this when it is displayed as: "_domainkey.foo.com" 
  Second Entry: (This is called the 'selector record' and includes a public crypto key):
  Name: key1._domainkeyTXT: "k=rsa\; p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKQrQeUnNX/CQBIXWqeHc8lKl+EwhGKzPuDRbDjnN2Xzl8N4Fc2oQ6R+opnEM6U4x4p
  3NggEyNg8Mp2W6oUYpAECAwEAAQ=="
  If your domain is 'foo.com', then the 'name' entry for this will look like this when it is displayed: "key1._domainkey.foo.com"
  That's it!
  You can send a test message to a yahoo email address, then select Actions->View Full Headers in Yahoo
  when you view the email.  If you have configured DKIM correctly, the header information for the email will include a line similar to:
  Authentication-Results: mta1084.mail.mud.yahoo.com  from=mypinpointe.com; domainkeys=pass (ok)
  Fisrt Entrey
  Hostname: @
  TXT Value: _domainkey.mydomain.com:   t=y; o=~;
  TTL: 1/2 hour
  Second Entry:
  Hostname: @
  TXT Value: key1._domainkey.mydomain.com: k=rsa; p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKQrQeUnNX/CQBIXWqeHc8lKl+EwhGKzPuDRbDjnN2Xzl8N4Fc2oQ6R+opnEM6U4x4p3NggEyNg8Mp2W6oUYpAECAwEAAQ==
  TTL: 1/2 hour
  Results
  1. a really long string of code, but when you search for it here is the result  Doesnt say domainkeys=pass (ok): 
        Authentication-Results: mta1466.mail.gq1.yahoo.com  from=giglinxusa.com; domainkeys=neutral (no sig);  from=crapemyrtle.mypinpointe.com; dkim=pass (ok)
  Questions
  1. Should the TXT value include "", like they have it in the instructions?
  2. In the first entry, should there be so many spaces after the .com:    t=y
  3. What are carriage returns? (assuming spaces)

  Hello,
  but I don't understand anything else then you will use Godaddy.
  What is the aim of this? Connecting an email domain to your internal network or about web services? Please be more specific in your description what you are trying to achieve.
  Best regards
  Meinolf Weber
  MVP, MCP, MCTS
  Microsoft MVP - Directory Services
  My Blog: http://msmvps.com/blogs/mweber/
  Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

• Another DNS Zone Question! :)

  I have several geographic sites all with their own leopard servers (ten or so). Each are open directory masters managing public ip subnets. We do have an external dns server and all of our servers have registered names that are part of the same domain....
  My question is this... when setting up dns on each server, do I need to create zones, or can I just make the dns forward to our external name server. I am worried that having more that one ns authoritative for the same domain will cause problems with our isp dns server? I have one server running just fine without zones... just forwarders ... and all is running smoothly, ical, wiki's, mcx, mobile accounts, etc...
  Looking forward to finding out whether having zones at other locations and authoritative dns servers is a bad thing or not.
  Thanks.

  As long as the external DNS server has all of the info you need, there's no need to set up duplicate zones on your servers; as you note, it could even cause problems if the info got out of sync. In fact, you don't even need to act as a forwarder, you could just turn off DNS service and configure all your computers (servers & clients) to use your ISP's DNS servers.
  In your situation, I see two reasons you might want to run DNS service: in case your internet link goes down (losing access to DNS tends to make it hard to find servers, even if they're on the same LAN), or if the public DNS servers don't have the reverse DNS (IP number -> domain name) entries you need. If you're worried about the first, you could set your servers as secondaries (aka slaves) for the relevant zones, in which case they'll download the zone files from the master and automatically keep in sync. If the second is an issue, you're probably best off bugging your ISP -- since the reverse records are tied to your IP numbers, and those're "owned by" the ISP, they're generally in charge of the reverse DNS no matter who's hosting your forward DNS zones.

• DNS Newbie question

  I have OS X Server 10.4.10 running AFP, OD, NetBOOT and a few other service. We have issues where our clients hang frequently at the login screen and sometines at the logout screen. Can someone tell me if this is likely due to DNS not being configured correctly on the server?
  Initially we didn't have DNS active on the server and were just pointing all clients to the router for DNS. I've read that it is optimal to have the OS X server running DNS but am uncertain how I need to do this.
  I just need a step-by-step from someone one how to do this. There aren't that many fields in the DNS section of Server Admin so I'm guessing it should be relatively simple with my server setup.
  Or maybe DNS has nothing to do with it but it seems like that is my best place to start.

  Camelot's hint about dns being needed for your network,but not necessarily provided by your mac server is important. Sure, you can run dns on your server. But your server will want to resolve its own hostname in the startup process before your server's dns server starts up, and you are left with no lan dns service for your mac server at this crucial phase... I think it is recommended to run dns service with at least a pair of dns servers. On my network, I had to get dns right before I installed os x ldap master server, or it would not automatically configure kerberos correctly.
  I'm not a dns guru, but I think, in your situation, you will have to add A records (machines)for ourschoolname.org and for www.ourschoolname.org. The dns capabilities of the gui are limited to very basic setups, and for complete customization, it is good to familiarize oneself with bind: http://www.bind9.net/manuals . Once you can manually configure /etc/named.conf and the files in /var/named , you will find that these also exist on client installs of os x, and thus you can run DNS on any OS X machine, not just the server (saves on licensing, etc.)
  One question I have for the gurus: can you use the /etc/hosts files on the local machines of the local LAN to provide local name resolution? If you mapped out all of your machines in each /etc/hosts, then you may have a local dns service, as I think this file is checked during each machines crucial startup phase when they verify their own hostnames.
  Just some thoughts....

• Dns prefetch question

  ''locking as a duplicate of https://support.mozilla.org/en-US/questions/989798''
  Since nobody will anwser question about bug of dns prefetch, so I pick this title.
  Firefox will do dns prefetch direct even user use http proxy or socks5 proxy with remote_dns setting.
  And cannot disable by network.dns.disablePrefetch.
  Here is the bug report 2 years ago.
  https://support.mozilla.org/en-US/questions/928722
  I check some source code of firefox 27.0.1:
  network.dns.disablePrefetch affect places
  nsDNSService2.cpp
  1. prefs->GetBoolPref(kPrefDisablePrefetch, &disablePrefetch);
  2. mDisablePrefetch = disablePrefetch || (proxyType == nsIProtocolProxyService::PROXYCONFIG_MANUAL);
  3. nsDNSService::GetPrefetchEnabled(bool *outVal)
  *outVal = !mDisablePrefetch;
  return NS_OK;
  But no other places use method GetPrefetchEnabled
  actual handle of dns prefetch
  nsDocShell.cpp
  1. mAllowDNSPrefetch(true),
  2. can turn off with header
  mAllowDNSPrefetch = aData.IsEmpty() || aData.LowerCaseEqualsLiteral("on");
  can turn off with https
  if (aNewPrincipal && mAllowDNSPrefetch && sDisablePrefetchHTTPSPref) {
  nsDocument.cpp
  3. load from docshell
  docShell->GetAllowDNSPrefetch(&allowDNSPrefetch);
  Looks network.dns.disablePrefetch and network.dns.disablePrefetchHttps has absolutely no effect,
  network.dns.disablePrefetch always false and network.dns.disablePrefetchHttps always true.
  And here is a photo show how dangers use firefox with proxy.
  http://imgur.com/yssHmkW
  Also dns prefetch is disabled anyway on linux(ubuntu) and macosx (10.8).
  I don't known why mozilla leave this bug will put many guy in dangerous 2 years .

  This sounds a bit long : ns1.server.supachicken.internal
  If you want the (search-) domain name to be "supachicken.internal", "server" becomes a subdomain to that.
  It should suffice calling it "supachicken.internal" with the hostname "server" or "ns1" with either as a CNAME (alias) to the other if you want to use both names.
  You don't need to use CNAMEs or SRV records. SRV records are more useful on internal networks and is used much more in an AcitveDirectory setup.
  Wether you run your own public DNS (for your public domainname) or behind NAT decides what is needed in the DNS for hosting webservices. The webserver needs to find the correct site folder to serve the correct website but is can run in a machine behind NAT.

• Open DNS & Airport Question

  I have a wireless network (Airport Extreme and Airport Express for range in the back of my house). Have 4 Macs on the network. All have Open DNS set in System Prefs>Network>Airport>Advanced>DNS.
  Should I set one or both of the Airports to Open DNS also? If so, how? I looked at Airport Utility and see no ready way to do it.
  If I should add OPen DNS to Airport, can someone tell me how in an easy to follow fashion?
  Thanks in advance!

  No, sorry.
  All my machines are individually set for Open DNS: System Prefs>Network>Airport>Advanced>DNS: 208.67.222.222; 208.67.220.220.
  The machines have been set this way for a long time.
  My Q: Can/Should I set my Airports (Express and Extreme) somehow for Open DNS?
  My general configuration is:Cable>Modem>Airport>4 Macs.
  The hardware configuration is Cable into Router (Cox), Ethernet into Extreme, broadcast to Express 5 rooms away (to serve 2 of the 4 Macs); Ch 1 all.
  Perfect connection - so don't want to mess with that.
  Just want to know (if I can to speed up download time) --
  Would (if possible) setting the Airport settings to Open DNS help my speed? If so, how in the world would one do that - - > set the actual base station to have Open DNS settings?
  Make sense? Hope so!
  Thanks!
  Message was edited by: pcbjr

• Open DNS Numbers Question

  I have a 2Wire Router/Modem from AT&T do i have to add the numbers to this or can i just add them to my computer via System Preferences?

  The number is greyed out, because it is the one supplied by your router since your using DHCP. That's all fine. And you're right. Simply delete the OpenDNS numbers to return to the previous state. Some ISPs have slow DNS, so using OpenDNS is usually a good idea, but not absolutely neccessary.

• Dns Configuration Question

  Hello all,
  I need some feedback regarding a network setup.
  A 1800series router is configures as an adsl router.
  It also carries 2 ethernet connections.
  int f0  is connected to my inside home network.(192.168.0.0/24)
  int f1 is connected to a mikrotic router (10.2.101.0/24)
  The mikrotic router is actually a  gateway to a wireless metropolitan network. The metropolitan network is actually a class A network 10.0.0.0/8
  I am having some issues configuring the dns service.
  mikrotik router has dns enabled and  answers all my queries for the wireless network.
  cisco has dns enabled and answers all my normal internet queries.
  What i need is by entering only my cisco as a dns server to automatically get responses for both my networks.
  is that possible?
  If a enter the mikrotik router as a primary dns it works as long as my wireless links are up. If mikrotik wireless links (towards tha wireless community)
  go down then all resolving stops.
  my dhcp pool config:
  ip dhcp pool aeon_pool
     import all
     network 192.168.0.0 255.255.255.0
     dns-server 8.8.8.8 10.2.101.1
     default-router 192.168.0.254
  any dns conf:
  ip domain name garden.org
  ip host Aeon 192.168.0.254
  ip host Pulsar 10.2.101.1
  ip name-server 8.8.8.8
  ip name-server 10.2.101.1

  Hi Karolo,
  Sorry to say that i didnt understand what exactly you are trying to achive :-( May be my fault. As i understand it your network have only exit to internet which is through milkrotik router..
  The point i didnt understand is that what exactly you are trying to resolve internally? Do you have any intra net?
  Is your requirment is to internally resolve your hostname as Aeon to 192.168.0.254 & Pulsar to 10.2.101.1?
  From the DHCP pool i can see that you have configured the DNS as 8.8.8.8 which is public dns server hosted on internet. So it make sence that dns resolution stops when milkrotik wireless goes down as it can not communicate with the internet for dns resolution.
  It would be great if you could be specific about your requirment.
  Appologies for my lack of understanding of your requirment.
  Regards
  Najaf

• Error while Authenticating sharepoint site with Azure AD users using Azure Access Control Namespace

  I have a Sharepoint site running on Azure virtual Machine. Now i want to authenticate my sharepoint site with Azure AD users.
  For this i have followed below link, but getting error after login.
  Using Microsoft Azure Active Directory for SharePoint 2013 authentication
  I have implemented as given on reference link, but still facing error. When i access my url from browser, it will ask me through which you want to logon.
  Then on selection of ACS Provider, it will redirect me to office365 login. After i submit my credentials, it will redirect me to
  https://testvm.cloudapp.net/_trust/
  and got error. So i checked in sharepoint log and found below error.
  Cannot find site lookup info for request Uri urn:sharepoint:spvms.
  SPAudienceValidator: Audience uri 'urn:sharepoint:spvms is not valid for the context.
  Getting Error Message for Exception Microsoft.IdentityModel.Tokens.FailedAuthenticationException: The Audience URI could not be validated.
  SPSaml11SecurityTokenHandler: Audience validation failed for request 'https://testvm.cloudapp.net/_trust/' with
  the following audience URIs: 'urn:sharepoint:spvms', .
  Application error when access /_trust/, Error=The Audience URI could not be validated.
  at Microsoft.SharePoint.IdentityModel.SPSaml11SecurityTokenHandler.ValidateConditions(SamlConditions conditions, Boolean enforceAudienceRestriction)
  at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ValidateToken(SecurityToken token)
  at Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection.ValidateToken(SecurityToken token)
  at Microsoft.IdentityModel.Web.TokenReceiver.AuthenticateToken(SecurityToken token, Boolean ensureBearerToken, String endpointUri)
  at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequest request)
  at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args)
  at Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs eventArgs)
  at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
  at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

  I want 100,000 external users to have access to my SharePoint online Site collection.
  I was thinking of going the Azure AD route, where external users will have there ID's created in Azure AD cloud.
  Trying to figure how I can integrate Azure AD cloud with my SharePoint Online Site collection.
  Currently my site collection is tied to On-premise AD.
  Is there a way to integrate the SharePoint online to use both Azure AD and On-premise AD?
  Thanks
  Nate
  Any Answer here?