Can I use LDAP server's authentication mechanism rather than comparing password ?

Hi All,
The weblogic security and adminguide says that the user authencation can be of
the following 3 types:
1. Bind specifies that the LDAP security realm
retrieves user data, including the password for
the LDAP server, and checks the password in
WebLogic Server.
2. External specifies that the LDAP security
realm authenticates a User by attempting to
bind to the LDAP server with the username
and password supplied by theWebLogic
Server client. If you choose the External
setting, you must also use the SSL protocol.
3. Local specifies that the LDAP security realm
authenticates a User by looking up the
UserPassword property in the LDAP directory
and checking it against the passwords in
WebLogic Server.
But say I want that my users should be authenticated by the LDAP server rather
than picking up the password from LDAP and comparing at weblogic end. Then what
should I do ?
Because no. 2 is applicable only for ssl certificates, no.1 and no.3 picks up
password using the login dn and password provided at the time of configuration
of realm and compare with password given by user.
And once gain there some issues on having picking up password and comparing it:
1. Netscape directory server can store the password in oneway hashed form(and
that is preferred , too). So when userpassword attribute is read , it's in one
way hashed form. So how the comparison will go on ?
2. Creating a user who has the access to user data along with userpassword attribute
itself is a security threat, as if someone can crack that user's dn and password
then he/she can do anything as userdata can be read.
Any suggestion is welcome.
TIA,
Sudarson

Thanks a lot Jerry.
I got these stuff from weblogic 6.1 docs sets security.pdf and adminguide.pdf.
I have another question, if that is the case (in Case of BIND), then why do we
a require a dn of user and password who has the access to read the entire directory
And at the same time, u specified this for Bind, what are the cases for other
two-local and external ? And then what is actually difference between Bind and
Local ?
Pls help me.
Thanks,
Sudarson
Jerry <[email protected]> wrote:
Hi Sudarson,
Whatever doc you were reading is at least partially incorrect, unfortunately...
I know for sure that when you specify BIND, weblogic sends the username/password
to your
LDAP server in an attempt to bind to it.
If the bind is successful, WLS determines that the username/password
pair were correct.
If the bind was unsuccessful, WLS determines that the username/password
pairing is not
valid.
At all times, WebLogic is letting the LDAP server do the actual compare
of
username/password. WLS does not, at any time, retrieve a password from
the LDAP server.
I hope this helps,
Joe Jerry
sudarson wrote:
Hi All,
The weblogic security and adminguide says that the user authencationcan be of
the following 3 types:
1. Bind specifies that the LDAP security realm
retrieves user data, including the password for
the LDAP server, and checks the password in
WebLogic Server.
2. External specifies that the LDAP security
realm authenticates a User by attempting to
bind to the LDAP server with the username
and password supplied by theWebLogic
Server client. If you choose the External
setting, you must also use the SSL protocol.
3. Local specifies that the LDAP security realm
authenticates a User by looking up the
UserPassword property in the LDAP directory
and checking it against the passwords in
WebLogic Server.
But say I want that my users should be authenticated by the LDAP serverrather
than picking up the password from LDAP and comparing at weblogic end.Then what
should I do ?
Because no. 2 is applicable only for ssl certificates, no.1 and no.3picks up
password using the login dn and password provided at the time of configuration
of realm and compare with password given by user.
And once gain there some issues on having picking up password and comparingit:
1. Netscape directory server can store the password in oneway hashedform(and
that is preferred , too). So when userpassword attribute is read ,it's in one
way hashed form. So how the comparison will go on ?
2. Creating a user who has the access to user data along with userpasswordattribute
itself is a security threat, as if someone can crack that user's dnand password
then he/she can do anything as userdata can be read.
Any suggestion is welcome.
TIA,
Sudarson

Similar Messages

How can I use LDAP for Tomcat authentication ?

Hi
I have an implementation of apache 1.3.20 with tomcat 3.2.3. I an doing
auth. with a ldap server wihich works prefectly with apache
mod_auth_ldap (module). When i am trying to read the environment
variables with a cgi , REMOTE_USER returns me the authentificated user
but when i am doing a getremoteuser() in my servlet with tomcat , it
returns NULL Why ?
I came accross this page when looking for material and
http://www.peacetech.com/java/files/apache/tomcat/
did the following
1) Downloaded - jndi_auth_beta1.jar, Extracted jndi_auth.jar file which contained
class files and plcaed them inside my tomcat/lib directory
2) Then i have updated the server.xml file of my Tomcat, that i wanted to use LDAPRealm
<RequestInterceptor className="com.peacetech.webtools.tomcat.LdapRealm"
debug="1"
directoryUrl = "ldap://csee.usf.edu:389"
searchBaseContext = "o=usf.edu"
searchFilter = "uid={0}"
searchScopeAsString = "sub"
securityAttributes = "securityEquals"
attributesReadByOwner = "true"
connectionMaxPoolSize = "10"
ldapVersion = "3" />
Then i had shutdown and restarted the server after some initial hickups, then i have tried to open some sample JSP and sevlets in the examples directory of my server. But i was not asked for any UserId/Password. Was wondering if i have done anything wrong ??
Thanks
Arun

Maybe you should look at JAAS for that. I think it could help you.
http://java.sun.com/products/jaas/
C

On Apple TV can I use "sub" or personal phot streams rather than displaying the baseline photo stream?

I would like to control the sequence and content of what ends up as the screen saver for my Apple TV. Can I use other "folders"?
Thank you.

You can specify a folder on a computer (or iPhoto events etc on a Mac) though you may not get perfect control over display order.
Use iTunes>File>Home Sharing>Choose photos to share etc
iTunes would need to be running on teh LAN to support this.
AC

How can I use LDAP searching from OSX Lion Server to Mozilla Thunderbird?

How can I use LDAP searching from OSX Lion Server to Mozilla Thunderbird? We have a super awesome contacts server that works great for our Mac users. About 30% of our company are on PCs, and I would like to use the Mozilla Thunderbird mail client for them. I see that in Thunderbird I can set up LDAP searching, and would like to have this feature point to our contacts server. I've tried several different settings, and looked all over the web, but could not find the proper way to configure this. Does anyone know if this can be done, or if not, would have a better suggestion? Thank you for your time!!

try double clicking keychain acces should launch and ask if you want to install login, system, System roots
A dialog box will launch asking where to install the cert since your configuring a vpn I would put the certificate it in system.

Using LDAP server in Login frame work

I need breaf explanation about how to use LDAP server in Portal for Login authontatication.
Any body now good documets please pass me those links.
Thanks,
Venkata Sarvabatla

In a nutshell, WebLogic Server has a pluggable security architecture. If you want your authentication provider to use your LDAP server then you can configure WebLogic Server to use your authentication provider. You configure your authentication provider to connect to your LDAP server. No code development is necessary.
WebLogic Portal Server is built on top of WebLogic Server so you get the pluggable security architecture by definition.
This security architecture has been around a long time and lots of customers use it so the documentation on it is pretty good. If you haven't configured a WebLogic Server LDAP authentication provider before then don't worry: it is not too difficult, but it is going to require that you go through the documentation. The link deepshet gave you is a good starting point.

LDAP Bind Failure: Can't contact LDAP server in Presentation Server

I have configured LDAP configuration in the RPD and am able to connect to the LDAP from the BI server. Its returning the information i need when i test through the admin tool. But when i try to log in from the PS using the same network id and password, it gives me the below error:
State: 08004. Code: 10018. [NQODBC] [SQL_STATE: 08004] [nQSError: 10018] Access for the requested connection is refused. [53003] LDAP bind failure: Can't contact LDAP server. (08004).
I know for sure, the network connectivity is working as i get my results back from the BI Server. Please advise, if i need to change other configurations on the Presentation end. As my network folks have run out of ideas. Thx!

user9125812 wrote:
Yes, i am pinging from OBIEE Server through the RPD and i am successful.Pinging the OBIEE Server through the RPD? Ping is a DOS command, how can oyu "ping through the RPD".
Can you go to the server, open a CMD windows and do "ping nsldap.companyname.com" and see if it works. If it works it could be that the LDAP port is blocked by a firewall or OBIEE is not able to make a connection. Make sure you are using the correct port as well. Install an LDAP client in your OBIEE Server and test that you can connect to your LDAP server from your OBIEE Server, not from the RPD. You can use this:
http://jxplorer.org/

Server 3.1.2: Unable to locate search base: -1 Can't contact LDAP server

Hello all—
I've been getting repeated errors below in my system.log. I'm running OS X 10.9.3 with Server version 3.1.2. I've replaced my actual server name with "my.servername.net" in the log entries. Thanks for any advice! —michael
May 30 17:47:03 leo com.apple.launchd[1] (org.openldap.slapd): Throttling respawn: Will start in 7 seconds
May 30 17:47:04 my.servername.net PasswordService[1345]: int pwsf_GetPublicKey(char *): ldap_search_ext_s cn=authdata for Public Key returned -1
May 30 17:47:04 leo com.apple.launchd[1] (com.apple.PasswordService[1345]): Exited with code: 1
May 30 17:47:04 leo com.apple.launchd[1] (com.apple.PasswordService): Throttling respawn: Will start in 10 seconds
May 30 17:47:06 my.servername.net xscertd-helper[1351]: ldap_search_ext_s returned -1 - Can't contact LDAP server when searching for bdb suffix, exiting
May 30 17:47:06 leo com.apple.launchd[1] (com.apple.xscertd-helper[1351]): Exited with code: 1
May 30 17:47:06 leo com.apple.launchd[1] (com.apple.xscertd-helper): Throttling respawn: Will start in 10 seconds
May 30 17:47:09 my.servername.net xscertd[335]: Failed sending LookupCRLByCARecordName command to com.apple.xscertd.helper: The operation couldn’t be completed. (com.apple.certificateserver error 42005.)
May 30 17:47:14 my.servername.net PasswordService[1363]: -[PasswordServerPrefsObject getSearchBase]: Unable to locate search base: -1 Can't contact LDAP server
May 30 17:47:14 my.servername.net PasswordService[1363]: -[PasswordServerPrefsObject loadXMLData]: Unable to locate passwordserver config record's plist attribute: -1 Can't contact LDAP server
May 30 17:47:14 my.servername.net PasswordService[1363]: -[PasswordServerPrefsObject getSearchBase]: Unable to locate search base: -1 Can't contact LDAP server
May 30 17:47:14 my.servername.net PasswordService[1363]: -[PasswordServerPrefsObject saveXMLData]: ldap_modify_ext_s of the passwordserver config record's plist attribute: -1 Can't contact LDAP server
May 30 17:47:14 leo com.apple.launchd[1] (org.openldap.slapd[1359]): Exited with code: 1
May 30 17:47:14 leo com.apple.launchd[1] (org.openldap.slapd): Throttling respawn: Will start in 7 seconds
May 30 17:47:14 my.servername.net PasswordService[1363]: int pwsf_GetPublicKey(char *): ldap_search_ext_s cn=authdata for Public Key returned -1
May 30 17:47:14 leo com.apple.launchd[1] (com.apple.PasswordService[1363]): Exited with code: 1
May 30 17:47:14 leo com.apple.launchd[1] (com.apple.PasswordService): Throttling respawn: Will start in 10 seconds
May 30 17:47:16 my.servername.net xscertd-helper[1365]: ldap_search_ext_s returned -1 - Can't contact LDAP server when searching for bdb suffix, exiting
May 30 17:47:16 leo com.apple.launchd[1] (com.apple.xscertd-helper[1365]): Exited with code: 1
May 30 17:47:16 leo com.apple.launchd[1] (com.apple.xscertd-helper): Throttling respawn: Will start in 10 seconds
May 30 17:47:20 my.servername.net xscertd[335]: Failed sending LookupCRLByCARecordName command to com.apple.xscertd.helper: The operation couldn’t be completed. (com.apple.certificateserver error 42005.)
May 30 17:47:24 my.servername.net PasswordService[1375]: -[PasswordServerPrefsObject getSearchBase]: Unable to locate search base: -1 Can't contact LDAP server
May 30 17:47:24 my.servername.net PasswordService[1375]: -[PasswordServerPrefsObject loadXMLData]: Unable to locate passwordserver config record's plist attribute: -1 Can't contact LDAP server
May 30 17:47:24 my.servername.net PasswordService[1375]: -[PasswordServerPrefsObject getSearchBase]: Unable to locate search base: -1 Can't contact LDAP server
May 30 17:47:24 my.servername.net PasswordService[1375]: -[PasswordServerPrefsObject saveXMLData]: ldap_modify_ext_s of the passwordserver config record's plist attribute: -1 Can't contact LDAP server
May 30 17:47:25 leo com.apple.launchd[1] (org.openldap.slapd[1371]): Exited with code: 1
May 30 17:47:25 leo com.apple.launchd[1] (org.openldap.slapd): Throttling respawn: Will start in 7 seconds
May 30 17:47:25 my.servername.net PasswordService[1375]: int pwsf_GetPublicKey(char *): ldap_search_ext_s cn=authdata for Public Key returned -1
May 30 17:47:25 leo com.apple.launchd[1] (com.apple.PasswordService[1375]): Exited with code: 1
May 30 17:47:25 leo com.apple.launchd[1] (com.apple.PasswordService): Throttling respawn: Will start in 10 seconds
May 30 17:47:26 my.servername.net xscertd-helper[1377]: ldap_search_ext_s returned -1 - Can't contact LDAP server when searching for bdb suffix, exiting
May 30 17:47:26 leo com.apple.launchd[1] (com.apple.xscertd-helper[1377]): Exited with code: 1
May 30 17:47:26 leo com.apple.launchd[1] (com.apple.xscertd-helper): Throttling respawn: Will start in 10 seconds
May 30 17:47:30 my.servername.net xscertd[335]: Failed sending LookupCRLByCARecordName command to com.apple.xscertd.helper: The operation couldn’t be completed. (com.apple.certificateserver error 42005.)

Unfortunately this problem wasn't solved this way. After dragging the Server.app to the trash and then retrieving it ("Put Back") and launching it, and re-starting services, my problem still persists.
Here are relevant system.log file entries. (Note the hostname is "leo"—I've changed the FQDN to leo.myservername.net):
Jun 6 22:57:31 leo.myservername.net PasswordService[1011]: int pwsf_GetPublicKey(char *): ldap_search_ext_s cn=authdata for Public Key returned -1
Jun 6 22:57:31 leo com.apple.launchd[1] (com.apple.PasswordService[1011]): Exited with code: 1
Jun 6 22:57:31 leo com.apple.launchd[1] (com.apple.PasswordService): Throttling respawn: Will start in 10 seconds
Jun 6 22:57:32 leo.myservername.net xscertd-helper[1014]: ldap_search_ext_s returned -1 - Can't contact LDAP server when searching for bdb suffix, exiting
Jun 6 22:57:32 leo com.apple.launchd[1] (com.apple.xscertd-helper[1014]): Exited with code: 1
Jun 6 22:57:32 leo com.apple.launchd[1] (com.apple.xscertd-helper): Throttling respawn: Will start in 10 seconds
Jun 6 22:57:34 leo.myservername.net xscertd[333]: Failed sending LookupCRLByCARecordName command to com.apple.xscertd.helper: The operation couldn’t be completed. (com.apple.certificateserver error 42005.)
Jun 6 22:57:40 leo com.apple.launchd[1] (org.openldap.slapd[1016]): Exited with code: 1
Jun 6 22:57:40 leo com.apple.launchd[1] (org.openldap.slapd): Throttling respawn: Will start in 7 seconds
Jun 6 22:57:40 leo.myservername.net com.apple.SecurityServer[22]: Session 100004 created
Jun 6 22:57:41 leo.myservername.net PasswordService[1024]: -[PasswordServerPrefsObject getSearchBase]: Unable to locate search base: -1 Can't contact LDAP server
Jun 6 22:57:41 leo.myservername.net PasswordService[1024]: -[PasswordServerPrefsObject loadXMLData]: Unable to locate passwordserver config record's plist attribute: -1 Can't contact LDAP server
Jun 6 22:57:41 leo.myservername.net PasswordService[1024]: -[PasswordServerPrefsObject getSearchBase]: Unable to locate search base: -1 Can't contact LDAP server
Jun 6 22:57:41 leo.myservername.net PasswordService[1024]: -[PasswordServerPrefsObject saveXMLData]: ldap_modify_ext_s of the passwordserver config record's plist attribute: -1 Can't contact LDAP server
Jun 6 22:57:41 leo.myservername.net PasswordService[1024]: int pwsf_GetPublicKey(char *): ldap_search_ext_s cn=authdata for Public Key returned -1
Jun 6 22:57:41 leo com.apple.launchd[1] (com.apple.PasswordService[1024]): Exited with code: 1
Jun 6 22:57:41 leo com.apple.launchd[1] (com.apple.PasswordService): Throttling respawn: Will start in 10 seconds
Jun 6 22:57:42 leo.myservername.net xscertd-helper[1028]: ldap_search_ext_s returned -1 - Can't contact LDAP server when searching for bdb suffix, exiting
Jun 6 22:57:42 leo com.apple.launchd[1] (com.apple.xscertd-helper[1028]): Exited with code: 1
Jun 6 22:57:42 leo com.apple.launchd[1] (com.apple.xscertd-helper): Throttling respawn: Will start in 10 seconds
Jun 6 22:57:45 leo.myservername.net xscertd[333]: Failed sending LookupCRLByCARecordName command to com.apple.xscertd.helper: The operation couldn’t be completed. (com.apple.certificateserver error 42005.)
Also, for what it's worth, "Open Directory" in the Server.app has no settings within it. Nor will it stay "on." I'm not using OD per se, and am happy to leave it off, but it's possible the errors above are preventing it from running.
Thanks for any other solutions. —michael

Can't contact LDAP server

Hello,
Have setup DSEE 7 in the following manner 2 ldap hosts running Solaris 10 10/08 s10x_u6wos_07b X86
These 2 ldap servers are connected into another host that is running the DSCC console. Everything from the DSCC console looks
good and works good. Problem is when I try to connect with ldapsearch I get this error " ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) "
SSL certs are current and contain the subject alternative name for each ldap host. These are behind a cisco content switch. It does not appear to be a SSL
issue from what I can see. The certs are enabled on the ldap hosts and from the debugging output that looks ok. ldapsearch below was run from a linux host.
$ ldapsearch -d 33 -W -D "cn=Directory Manager" -H ldaps://ldapt.test.mydom.com -b dc=test,dc=mydom,dc=com objectClass=*
ldap_url_parse_ext(ldaps://ldapt.test.mydom.com)
ldap_create
ldap_url_parse_ext(ldaps://ldapt.test.mydom.com:636/??base)
Enter LDAP Password:
ldap_pvt_sasl_getmech
ldap_search
put_filter: "(objectclass=*)"
put_filter: simple
put_simple_filter: "objectclass=*"
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP ldapt.test.mydom.com:636
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 10.17.1.123:636
ldap_pvt_connect: fd: 3 tm: -1 async: 0
TLS trace: SSL_connect:before/connect initialization
TLS trace: SSL_connect:SSLv2/v3 write client hello A
TLS trace: SSL_connect:SSLv3 read server hello A
TLS trace: SSL_connect:SSLv3 read server certificate A
TLS trace: SSL_connect:SSLv3 read server done A
TLS trace: SSL_connect:SSLv3 write client key exchange A
TLS trace: SSL_connect:SSLv3 write change cipher spec A
TLS trace: SSL_connect:SSLv3 write finished A
TLS trace: SSL_connect:SSLv3 flush data
TLS trace: SSL_connect:SSLv3 read finished A
ldap_open_defconn: successful
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_scanf fmt ({) ber:
ber_flush2: 64 bytes to sd 3
ldap_result ld 0x613570 msgid 1
wait4msg ld 0x613570 msgid 1 (infinite timeout)
wait4msg continue ld 0x613570 msgid 1 all 1
** ld 0x613570 Connections:
* host: ldapt.test.mydom.com port: 636 (default)
refcnt: 2 status: Connected
last used: Mon Jun 28 08:36:40 2010
** ld 0x613570 Outstanding Requests:
* msgid 1, origid 1, status InProgress
   outstanding referrals 0, parent count 0
ld 0x613570 request count 1 (abandoned 0)
** ld 0x613570 Response Queue:
   Empty
ld 0x613570 response count 0
ldap_chkResponseList ld 0x613570 msgid 1 all 1
ldap_chkResponseList returns ld 0x613570 NULL
ldap_int_select
read1msg: ld 0x613570 msgid 1 all 1
ber_get_next
TLS trace: SSL3 alert read:warning:close notify
ldap_free_connection 1 0
ldap_free_connection: actually freed
ldap_err2string
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
Since I do get a good connection status against the CSS address ldapt.test.mydom.com on port 636, That would seem to be a good sign.
These are listening on each ldap instance
*.ldap               *.*                0      0 49152      0 LISTEN
*.ldaps              *.*                0      0 49152      0 LISTEN
Perhaps this is something I am missing on the setup side for the ldap hosts from inside DSCC ?   Logs from the ldap servers have not provided much insight...
and help is much appreciated...

Do you actually want to use a secure connection? If not, you could add "-x" to that ldapsearch and it will perform plain auth (not SASL).
Also for plain ldap requests, you should use the ldap port, not the ldaps port
If you wanted to perform a search over SSL, then you should use the -Z and -P options too. Please read the admin guide.

A certificate could not be found that can be used with this extensible authentication protocol in PEAP policy config

Windows 2003 enterprise
AD DC, DNS, DHCP, CA and IAS all are running from single server. But at the time of configuration of Remote Access Policy the error message of "a certificate could not be found that can be used with this extensible authentication protocol" is appeared.
So with the help of mmc snap in the certificate was requested from CA (Domain Controller template)as a new certificate request and placed in the local computer personal folder.
After placing the certificate the error message was disappeared during configuring PEAP.
But after sometime the certificate was disappeared from remote access policy. But the same imported certificate was present in personal folder.
What is reason for frequent disappearing?
How to manage the situation?

Hi,
I think the cause is that the DomainControllerAuthentication certificate has superseded the
DomainController certificate which is chosen during the setup of IAS.
To avoid this, if you’re going to install IAS on a Domain Controller, the DC should be made to enroll for a separate certificate from the template
'RAS and IAS Servers' before the IAS server is installed and this certificate should then be chosen for any PEAP setup.
Further details:
Enrolling Certificates with Templates
http://technet.microsoft.com/en-us/library/dd197527(v=WS.10).aspx
Configure the server certificate template
http://technet.microsoft.com/en-us/library/cc755043(v=WS.10).aspx
Steven Lee
TechNet Community Support

Can I use Reports Server Queue PL/SQL Table API to retrieve past jobs ?

Hi all,
Can I use Reports Server Queue PL/SQL Table API to retrieve past jobs using WEB.SHOW_DOCUMENT from Forms ?
I have reviewed note 72531.1 about using this feature and wonder if i can use this metadata to retrieve past jobs submitted by a user.
The idea would be to have a form module that can filter data from the rw_server_queue table, say, base on user running the form, and be able to retrieve past jobs from Report Server Queue. For this, one would query this table and use WEB.SHOW_DOCUMENT.
Is this possible ...?
Regards, Luis ...!

Based on that metalink note and the code in the script rw_server.sql, I am pretty sure that by querying the table you would be able accomplish what you want... I have not tested it myself... but it looks that it will work... you have the jobid available from the queue, so you can use web.show_document to retrieve the output previously generated...
ref:
-- Constants for p_status_code and status_code in rw_server_queue table (same as zrcct_jstype)
UNKNOWN CONSTANT NUMBER(2) := 0; -- no such job
ENQUEUED CONSTANT NUMBER(2) := 1; -- job is waiting in queue
OPENING CONSTANT NUMBER(2) := 2; -- opening report
RUNNING CONSTANT NUMBER(2) := 3; -- running report
FINISHED CONSTANT NUMBER(2) := 4; -- job has finished
TERMINATED_W_ERR CONSTANT NUMBER(2) := 5; -- job has terminated with

A certificate could not be found that can be used with this Extensible Authentication Protocol. (Error 798)

Hi,
I posted this on Azure forim with no luck maybe here is a better choise.
When trying to connect a windows 8\8.1 client with a vpn connection for azure virtual network we get the fallowing error.
"A certificate could not be found that can be used with this Extensible Authentication Protocol. (Error 798)"\
I'm fallowing this msdn article about point to site vpn on azure. according to it the certificat is good for both win 7 and win 8.
http://msdn.microsoft.com/en-us/library/azure/dn133792.aspx
this is the commanf to build the client certificat:
makecert.exe -n "CN=ClientCertificateName" -pe -sky exchange -m 96 -ss My -in "RootCertificateName" -is my -a sha1
When runing the installtion of the certificat on the client the defult crtificate store is "Automatic", It does not metter if I leave it on Automatic or choose any of the other options (personal, trusted issuers ...) I always get the same error.
Thanks

Hi,
Apologize to say that I am not familar with Azure and lack of the environment to investigate the issue here.
Besides, please take a look at the below threads to see if it could help:
Point-to-Site on Windows 8 Client
connection Error 798
Best regards
Michael Shao
TechNet Community Support

Can we use TREX server to search cFolders documents?

Can we use TREX server to search cFolders documents by their contents?

Yes, this is possible with cFolders 4.5 release.

Can we use SQL Server 2012 Web Edition as a witness server in mirroring?

Hi All,
Can we use SQL Server 2012 Web Edition as a witness server in mirroring?
Grateful to your time and support. Regards, Shiva

Hi All,
Can we use SQL Server 2012 Web Edition as a witness server in mirroring?
Grateful to your time and support. Regards, Shiva
As Per BOL
We strongly recommend that the witness reside on a separate computer from the partners. Database mirroring partners are supported only by SQL Server 2005 Standard and later versions and by SQL Server 2005 Enterprise Edition and later versions.
Witnesses, in contrast, are also supported by SQL Server 2005 Workgroup and later versions and by SQL Server 2005 Express Edition and later versions. Except during an upgrade from an earlier version of SQL Server, the server instances in a
mirroring session must all be running the same version of SQL Server. For example, a SQL Server 2005 witness is supported when you are upgrading from a SQL Server 2005 mirroring configuration but cannot be added to an existing or new SQL Server 2008 or later
mirroring configuration.
A witness can run on any reliable computer system that supports any of these editions of SQL Server. However, we recommend that every server instance that is used as a witness correspond to the minimum configuration that is required for the SQL Server Standard
version that you are running. For more information about these requirements
http://technet.microsoft.com/en-us/library/ms175191.aspx#SwHwRecommendations
Please mark this reply as the answer or vote as helpful, as appropriate, to make it useful for other readers

Can I install Calendar Server on another partition other than root file system

Can I install Calendar Server on another partition other than / ?

In this version, the default path is hard coded to install in
/users/unison. However, if you do not have enough room on your root
partition or choose to install it in another location, you can do so
using a logical link. The installation guide explains this as well.

For example, suppose you want /users/unison, which must NOT already
exist, to be logically linked to /var/opt/unison, which must exist.
Then as root user:

<UL>
<LI>
Create the directory /users (if it does not already exist)

% mkdir /users

<LI>
Create the logical link. The directory /users/unison must
NOT exist before doing this.

% ln -s /var/opt/unison /users/unison
</UL>



makes a lot of sense. I am looking for an answer myself. My documents folder long ago outgrew it's place on the boot drive. It would be nice to keep it in the user folder organized on another disc

Can I use a USB hub to connect more than 1 hard drive/flash drive device to the EA4500?

Can I use a USB hub to connect more than 1 hard drive/flash drive device to the EA4500?

That's not possible, it was designed to handle one device at a time.
I don't work for Cisco. I'm just here to help.

Can I use LDAP server's authentication mechanism rather than comparing password ?

Similar Messages

Maybe you are looking for