Cert auth with a SWS7 reverse-proxy in the way

We are planning to try authenticating Access Manager 7.1 (Portal, Messaging Server) users with a certificate module so they don't have to enter usernames and passwords all the time.
By architecture of the project, there are internal servers (actual AM, Portal, etc hosts in cluster config) in the internal LAN, and a Sun Web Server 7 in the DMZ acting as a load-balancer and reverse proxy which can filter some HTTP code if we need it to. This works okay for usual HTTP sessions.
I have vague ideas how would this NOT break HTTPS sessions concerning the user cert auth module, but I have little to no practice with it.
I would like to know whether we can offload SSL decoding to the Sun Web Server acting as a reverse proxy (with i.e. Niagara hardware for SSL acceleration) and pass/use the user's certificate information to an internal Access Manager host for user authentication, or are we stuck with TCP port-forwarding from internet straight to the internal hosts on the firewall or some hardware LB?
Port-forwarding is not good because of security concerns, and in this case it seems we'd have to make several listening ports, one for each backend application, instead of publishing one standard 443 port on the rev-proxy...
Perhaps there are ways to allow the Web Server to decode HTTPS handshake, determine the destination backend host, and pass the original HTTPS packets to it? Which server certificates would be in effect in such case, or should they be the same on front and backend hosts?
Perhaps we should set up some AM component for the frontend hosts (I've seen keywords about Distributed Access Manager, but didn't research it yet)?
Any other good ideas? :)

Got the rever proxy to work.  Below are the field values in the reverse proxy setting that has worked:
Reverse proxy name: <any name>
Incoming http header host name: server1.domain..company.com (get it from the end-point in WSDL) 
Incoming ICM port: port (get it from the end-point in WSDL)
Substitute host name: server2.domain..company.com (has to be FQDN)
Substitute http port: 80 (in my case)
Substitute https port: (blank)
Additional path prefix: (blank)
Meta data protocol subsitution: http
Endpoint protocol subsitution: http
Status: active

Similar Messages

  • Something wrong with my SSL reverse proxy config.  HELP!

    Using Sun ONE Web Proxy Server 3.6-SP6
    1. Got Wildcard SSL Certificate from Verisign
    2. Ran sec-key
    made alias
    used password from Verisign
    3. Installed certificate
    Used "Trusted Certificate Authority (CA)"
    Pasted Cert in "Message Text (with headers)"
    4. Verified Certificate install in "Manage Certificates."
    5. Created regular and reverse mappings.
    When I try to turn on encryption, it says:
    Unable to read key file (9)
    What did I do wrong? I appreciate help from anyone.
    -ba

    What is the OS ?
    If it's Solaris, a truss will give you more details on the error.
    Verify the rights on your folder alias and all its contents.
    Can we have a more detailled error log file when you try to start the Proxy instance.
    Another remark :
    In the Admin Guide the scenario is called "Setting up a secure reverse proxy ".
    The problem is, that if the Webserver request for Client-Authentication
    within the SSL-Handshake the Proxy-Server has to present a cert signed as Client-Cert.
    Solution:
    - Proxy Server owner has own CA.
    Create CSR within Proxy Server and let the CSR be signed as Client Cert.
    - Proxy Server owner has not own CA.
    Choose a CA which allows to get client certs using CSR (e.g. tctrustcenter)
    Create CSR withing Proxy Server, at the common name use your name/Email=your.name@yourdomain
    Get the client cert at the CA using this CSR
    Import the cert into the Proxy Server.
    Create regular and reverse mappings
    e.g regular: http://test.content.org https://test.content.org
    reverse: https://test.content.org http://test.content.org
    Choose "initialize certificates only" at security settings for proxy instance.

  • Session ID in the Reverse Proxy in the Response

    Hi,
    Can anyone tell if the request is going from the reverse proxy to the application server, will the response also flow back from the app server to reverse proxy and then back to the client.
    Actually I want to fetch some information (MSISDN) from an external system the first time request comes to a proxy server. This is to be done on reverse proxy and map this information to the session id. Now my question is that the session id will be created in the App server and not on the reverse proxy. So can I map this information in the reverse proxy from the response when session id has already been created.
    Pls let me know if I have not phrased my question properly
    Thanks
    AA

    Andy,
    If you do all this in reverse, what happens, i.e., start with AS 2, get redirected to login, then repeat on AS1? Also, you didn't say what happens after the first step: you alter the URL, then login, then what? Do you end up on pg 40 with the session ID you as altered?
    If the behavior is symmetric, I think this is expected in 2.2.1. You are asking to join a session already owned by the SSO-authenticated user.
    Scott

  • Trasnparent proxy and reverse proxy at the same time

    Can I have in a Content Engine v 4.2 transparent proxy and reverse proxy at the same time ?

    Yes, as long as you are not redirecting the two services on the same interface. One service takes precedence over the other and I believe transparent web-cache redirect takes precedence over reverse-proxy.

  • I have a small icon at the top right of my screen on an iphone 4G looks like a lock with a circle 3/4 of the way around it...what is this and how dod I get rid of it?

    I have a small icon at the top right of my iphone 4G right to the left of the battery percent. What is this and how do I get rid of it? It looks like a lock with a circle 3/4 of the way around it

    That icon indicates your iPhone is rotation locked.
    To remove it, swipe up from the bottom of the screen to open Control Center.  Tap the similar looking icon there to turn it off.

  • Problem with Mobile clients - Reverse proxy

    Hi Guys,
    I have an issue that is driving me batty. I've set up a reverse proxy and am putting my mobile clients through it. I've used the Lync connectivity analyzer which is telling me that everything is good. However I am getting an error in my mobile clients to
    the effect "Please check your account info and try again"
    It looks like my IIS logs are showing 401 errors on the webticketservice.svc
    2014-05-30 00:48:01 192.168.0.58 GET / sipuri=sip:[email protected]&X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=0b8473bc-76f4-48e6-b29d-1028dad0dc2f 443 - 24.114.103.233 ACOMO - 200 0 0 93
    2014-05-30 00:48:01 192.168.0.58 GET / - 80 - 24.114.103.233 ACOMO - 406 0 0 62
    2014-05-30 00:48:01 192.168.0.58 GET /autodiscover/autodiscoverservice.svc/root/user originaldomain=openjive.com&X-ARR-LOG-ID=624d5656-03de-4d23-b7be-ef1d86f986ea 443 OPENJIVE\bryan 24.114.103.233 ACOMO - 401 0 0 72
    2014-05-30 00:48:01 192.168.0.58 GET /autodiscover/autodiscoverservice.svc/root/user originaldomain=openjive.com&X-ARR-LOG-ID=989d376d-f93d-4a61-a2e8-75e44a2f630e 443 OPENJIVE\bryan 24.114.103.233 ACOMO - 401 0 0 62
    2014-05-30 00:48:01 192.168.0.58 POST /webticket/webticketservice.svc/mex X-ARR-LOG-ID=96ab4698-b8bc-4ff6-829f-60bdd7e9d64e 443 OPENJIVE\bryan 24.114.103.233 ACOMO - 200 0 0 209
    2014-05-30 00:48:01 192.168.0.58 POST /webticket/webticketservice.svc X-ARR-LOG-ID=6884e7ec-01fa-4014-96ec-1e891fbb1c7e 443 OPENJIVE\bryan 24.114.103.233 ACOMO - 401 0 0 116
    2014-05-30 00:48:03 192.168.0.58 POST /webticket/webticketservice.svc X-ARR-LOG-ID=c4f2790c-983a-4d4f-b647-dc0c30d2335d 443 OPENJIVE\bryan 24.114.103.233 ACOMO - 401 0 0 84
    Any ideas would be appreciated. I am running windows 2012 R2 across the board. The reverse proxy is IIS 8.5 with ARR 3.

    Here is the connectivity analyzer results.
    Sending HTTP request to
    https://lyncdiscover.openjive.com/[email protected]
    Logging test parameters:
    SIP Uri: [email protected]
    User Name: openjive\bryan
    Discovery Type: Automatic Discovery
    Network access: NetworkAccessExternal
    Selected client: ApplicationLyncMobile2013
    Starting Lync server autodiscovery
    Please wait; this test may take several minutes to complete...
    Starting automatic discovery for secure (HTTPS) internal channel
    lyncdiscoverinternal.openjive.com can't be resolved by the DNS server. Skipping internal discovery.
    Starting automatic discovery for secure (HTTPS) external channel
    Cookie  found in autodiscover response: StatusCode: 200, ReasonPhrase: 'OK', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
      Pragma: no-cache
      X-MS-Server-Fqdn: banff.openjive.local
      X-Content-Type-Options: nosniff
      Cache-Control: no-cache
      Server: Microsoft-IIS/8.5
      X-AspNet-Version: 4.0.30319
      X-Powered-By: ASP.NET
      X-Powered-By: ARR/2.5
      X-Powered-By: ASP.NET
      Date: Fri, 30 May 2014 00:49:45 GMT
      Content-Length: 1049
      Content-Type: application/vnd.microsoft.rtc.autodiscover+xml; v=1
      Expires: -1
    Parsing the response for URL
    https://lyncdiscover.openjive.com/[email protected].  Full response: <?xml version="1.0" encoding="utf-8"?><AutodiscoverResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    AccessLocation="External"><Root><Link token="Domain" href="https://lyncweb.openjive.com/Autodiscover/AutodiscoverService.svc/root/domain?originalDomain=openjive.com"
    /><Link token="User" href="https://lyncweb.openjive.com/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=openjive.com"
    /><Link token="Self" href="https://lyncweb.openjive.com/Autodiscover/AutodiscoverService.svc/root?originalDomain=openjive.com" /><Link
    token="OAuth" href="https://lyncweb.openjive.com/Autodiscover/AutodiscoverService.svc/root/oauth/user?originalDomain=openjive.com" /><Link
    token="External/XFrame" href="https://lyncweb.openjive.com/Autodiscover/XFrame/XFrame.html" /><Link token="Internal/XFrame" href="https://banff.openjive.local/Autodiscover/XFrame/XFrame.html"
    /><Link token="XFrame" href="https://lyncweb.openjive.com/Autodiscover/XFrame/XFrame.html" /></Root></AutodiscoverResponse>
    Autodiscover URL
    https://lyncdiscover.openjive.com/[email protected] redirected to
    https://lyncweb.openjive.com/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=openjive.com
    Sending HTTP request to
    https://lyncweb.openjive.com/Autodiscover/AutodiscoverService.svc/root/[email protected]
    Cookie  found in autodiscover response: StatusCode: 401, ReasonPhrase: 'Unauthorized', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
      X-MS-WebTicketURL:
    https://lyncweb.openjive.com/WebTicket/WebTicketService.svc
      X-MS-WebTicketSupported: cwt,saml
      X-MS-Server-Fqdn: banff.openjive.local
      X-Content-Type-Options: nosniff
      Cache-Control: no-cache
      Server: Microsoft-IIS/8.5
      X-Powered-By: ASP.NET
      X-Powered-By: ARR/2.5
      X-Powered-By: ASP.NET
      WWW-Authenticate: Negotiate
      WWW-Authenticate: NTLM
      Date: Fri, 30 May 2014 00:49:45 GMT
      Content-Length: 1293
      Content-Type: text/html
    Authorization required for
    https://lyncweb.openjive.com/Autodiscover/AutodiscoverService.svc/root/[email protected]
    Obtaining WebTicket from
    https://lyncweb.openjive.com/WebTicket/WebTicketService.svc
    On-premises WebTicket server:
    https://lyncweb.openjive.com/WebTicket/WebTicketService.svc/Auth
    AcquireTicketAsync succeeded for
    https://lyncweb.openjive.com/WebTicket/WebTicketService.svc/Auth
    WebTicket: <saml:Assertion MajorVersion="1" MinorVersion="1" AssertionID="SamlSecurityToken-bf1eeeeb-c7b5-4d50-87df-929bf90bd370" Issuer="https://banff.openjive.local:4443/f0ca8325-b055-5552-be4f-fb4088f97387"
    IssueInstant="2014-05-30T00:52:05.151Z" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"><saml:Conditions NotBefore="2014-05-30T00:52:05.151Z" NotOnOrAfter="2014-05-30T08:49:30.151Z"><saml:AudienceRestrictionCondition><saml:Audience>https://lyncweb.openjive.com/</saml:Audience></saml:AudienceRestrictionCondition></saml:Conditions><saml:AuthenticationStatement
    AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified" AuthenticationInstant="2014-05-30T00:52:05.151Z"><saml:Subject><saml:NameIdentifier Format="sip:[email protected]</saml:NameIdentifier><saml:SubjectConfirmation><saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</saml:ConfirmationMethod><KeyInfo">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/uri">sip:[email protected]</saml:NameIdentifier><saml:SubjectConfirmation><saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</saml:ConfirmationMethod><KeyInfo
    xmlns="<e:EncryptedKey">http://www.w3.org/2000/09/xmldsig#"><e:EncryptedKey xmlns:e="<e:EncryptionMethod">http://www.w3.org/2001/04/xmlenc#"><e:EncryptionMethod
    Algorithm="</e:EncryptionMethod><KeyInfo><KeyName>f0ca8325-b055-5552-be4f-fb4088f97387:8d149b659ca1d29</KeyName></KeyInfo><e:CipherData><e:CipherValue>kE4cKJAJbZL3GFCEx3/XxiBO/nhVPZJ15xEIQk96DjkxRNgzgxlh+w==</e:CipherValue></e:CipherData></e:EncryptedKey></KeyInfo></saml:SubjectConfirmation></saml:Subject></saml:AuthenticationStatement><Signature">http://www.w3.org/2001/04/xmlenc#kw-aes256"></e:EncryptionMethod><KeyInfo><KeyName>f0ca8325-b055-5552-be4f-fb4088f97387:8d149b659ca1d29</KeyName></KeyInfo><e:CipherData><e:CipherValue>kE4cKJAJbZL3GFCEx3/XxiBO/nhVPZJ15xEIQk96DjkxRNgzgxlh+w==</e:CipherValue></e:CipherData></e:EncryptedKey></KeyInfo></saml:SubjectConfirmation></saml:Subject></saml:AuthenticationStatement><Signature
    xmlns="<SignedInfo><CanonicalizationMethod">http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="</CanonicalizationMethod><SignatureMethod">http://www.w3.org/2001/10/xml-exc-c14n#"></CanonicalizationMethod><SignatureMethod
    Algorithm="</SignatureMethod><Reference">http://www.w3.org/2000/09/xmldsig#rsa-sha1"></SignatureMethod><Reference URI="#SamlSecurityToken-bf1eeeeb-c7b5-4d50-87df-929bf90bd370"><Transforms><Transform
    Algorithm="</Transform><Transform">http://www.w3.org/2000/09/xmldsig#enveloped-signature"></Transform><Transform Algorithm="</Transform></Transforms><DigestMethod">http://www.w3.org/2001/10/xml-exc-c14n#"></Transform></Transforms><DigestMethod
    Algorithm="</DigestMethod><DigestValue>krqtSvw6JUlsbBsxdbXSsHyIgFzUD1G7DOKZ635AC4Q=</DigestValue></Reference></SignedInfo><SignatureValue>qo+GkTNnjyl250pQVkSSTCI707At83dn2zu1ZOSLoSlPF74FuzRgCysD5UPrgMvY5SYi+pi2igwEV7zt7ALtWFuAJWPU3e0mNT701xyO86+f11YtHXC/NhQDudJvq7DO3uWRGgZGdBodt82OyZlXKifplMgEE352y0+S4jy0GmKCpvHTbytUthInMSxSAp7UWcU+6ourkAj4NpLbSywgm4su6byHEZmZyJ1/6eZ6/xO3a395dxhlBoMbIs+Gk9zcQ75KL/VAy7WTcBq+kJ/16yfd9q73VzYO5NBSEgrOHW/xZuRUYusLyhSZ0AJTVaUUJuBi6XdG44kaP0Nsz9UTrw==</SignatureValue><KeyInfo><o:SecurityTokenReference">http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod><DigestValue>krqtSvw6JUlsbBsxdbXSsHyIgFzUD1G7DOKZ635AC4Q=</DigestValue></Reference></SignedInfo><SignatureValue>qo+GkTNnjyl250pQVkSSTCI707At83dn2zu1ZOSLoSlPF74FuzRgCysD5UPrgMvY5SYi+pi2igwEV7zt7ALtWFuAJWPU3e0mNT701xyO86+f11YtHXC/NhQDudJvq7DO3uWRGgZGdBodt82OyZlXKifplMgEE352y0+S4jy0GmKCpvHTbytUthInMSxSAp7UWcU+6ourkAj4NpLbSywgm4su6byHEZmZyJ1/6eZ6/xO3a395dxhlBoMbIs+Gk9zcQ75KL/VAy7WTcBq+kJ/16yfd9q73VzYO5NBSEgrOHW/xZuRUYusLyhSZ0AJTVaUUJuBi6XdG44kaP0Nsz9UTrw==</SignatureValue><KeyInfo><o:SecurityTokenReference
    xmlns:o="<o:KeyIdentifier">http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><o:KeyIdentifier ValueType="AhJJ0tEVWf4IRNbKNKfDMD1Qyvg=</o:KeyIdentifier></o:SecurityTokenReference></KeyInfo></Signature></saml:Assertion">http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">AhJJ0tEVWf4IRNbKNKfDMD1Qyvg=</o:KeyIdentifier></o:SecurityTokenReference></KeyInfo></Signature></saml:Assertion>
    Sending HTTP request to
    https://lyncweb.openjive.com/Autodiscover/AutodiscoverService.svc/root/[email protected]
    Cookie  found in autodiscover response: StatusCode: 200, ReasonPhrase: 'OK', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
      Pragma: no-cache
      X-MS-Server-Fqdn: banff.openjive.local
      X-Content-Type-Options: nosniff
      Cache-Control: no-cache
      Server: Microsoft-IIS/8.5
      X-AspNet-Version: 4.0.30319
      X-Powered-By: ASP.NET
      X-Powered-By: ARR/2.5
      X-Powered-By: ASP.NET
      Date: Fri, 30 May 2014 00:49:45 GMT
      Content-Length: 2111
      Content-Type: application/vnd.microsoft.rtc.autodiscover+xml; v=1
      Expires: -1
    Parsing the response for URL
    https://lyncweb.openjive.com/Autodiscover/AutodiscoverService.svc/root/[email protected].  Full response: <?xml version="1.0" encoding="utf-8"?><AutodiscoverResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" AccessLocation="External"><User><SipServerInternalAccess fqdn="banff.openjive.local" port="5061" /><SipClientInternalAccess fqdn="banff.openjive.local"
    port="5061" /><SipServerExternalAccess fqdn="lyncedge.openjive.com" port="5061" /><SipClientExternalAccess fqdn="lyncedge.openjive.com" port="5061" /><Link token="Internal/Autodiscover" href="https://banff.openjive.local/Autodiscover/AutodiscoverService.svc/root"
    /><Link token="Internal/AuthBroker" href="https://banff.openjive.local/Reach/sip.svc" /><Link token="Internal/WebScheduler" href="https://banff.openjive.local/Scheduler"
    /><Link token="Internal/CertProvisioning" href="https://banff.openjive.local/CertProv/CertProvisioningService.svc" /><Link token="External/Autodiscover" href="https://lyncweb.openjive.com/Autodiscover/AutodiscoverService.svc/root"
    /><Link token="External/AuthBroker" href="https://lyncweb.openjive.com/Reach/sip.svc" /><Link token="External/WebScheduler" href="https://lyncweb.openjive.com/Scheduler"
    /><Link token="External/CertProvisioning" href="https://lyncweb.openjive.com/CertProv/CertProvisioningService.svc" /><Link token="Internal/Mcx" href="https://lyncweb.openjive.com/Mcx/McxService.svc"
    /><Link token="External/Mcx" href="https://lyncweb.openjive.com/Mcx/McxService.svc" /><Link token="Ucwa" href="https://lyncweb.openjive.com/ucwa/v1/applications"
    /><Link token="Internal/Ucwa" href="https://banff.openjive.local/ucwa/v1/applications" /><Link token="External/Ucwa" href="https://lyncweb.openjive.com/ucwa/v1/applications"
    /><Link token="External/XFrame" href="https://lyncweb.openjive.com/Autodiscover/XFrame/XFrame.html" /><Link token="Internal/XFrame" href="https://banff.openjive.local/Autodiscover/XFrame/XFrame.html"
    /><Link token="XFrame" href="https://lyncweb.openjive.com/Autodiscover/XFrame/XFrame.html" /><Link token="Self" href="https://lyncweb.openjive.com/Autodiscover/AutodiscoverService.svc/root/user"
    /></User></AutodiscoverResponse>
    Server discovery has completed for https://lyncdiscover.openjive.com/.
    Autodiscover full response for URL https://lyncdiscover.openjive.com/ is <?xml version="1.0" encoding="utf-8"?><AutodiscoverResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" AccessLocation="External"><User><SipServerInternalAccess fqdn="banff.openjive.local" port="5061" /><SipClientInternalAccess fqdn="banff.openjive.local"
    port="5061" /><SipServerExternalAccess fqdn="lyncedge.openjive.com" port="5061" /><SipClientExternalAccess fqdn="lyncedge.openjive.com" port="5061" /><Link token="Internal/Autodiscover" href="https://banff.openjive.local/Autodiscover/AutodiscoverService.svc/root"
    /><Link token="Internal/AuthBroker" href="https://banff.openjive.local/Reach/sip.svc" /><Link token="Internal/WebScheduler" href="https://banff.openjive.local/Scheduler"
    /><Link token="Internal/CertProvisioning" href="https://banff.openjive.local/CertProv/CertProvisioningService.svc" /><Link token="External/Autodiscover" href="https://lyncweb.openjive.com/Autodiscover/AutodiscoverService.svc/root"
    /><Link token="External/AuthBroker" href="https://lyncweb.openjive.com/Reach/sip.svc" /><Link token="External/WebScheduler" href="https://lyncweb.openjive.com/Scheduler"
    /><Link token="External/CertProvisioning" href="https://lyncweb.openjive.com/CertProv/CertProvisioningService.svc" /><Link token="Internal/Mcx" href="https://lyncweb.openjive.com/Mcx/McxService.svc"
    /><Link token="External/Mcx" href="https://lyncweb.openjive.com/Mcx/McxService.svc" /><Link token="Ucwa" href="https://lyncweb.openjive.com/ucwa/v1/applications"
    /><Link token="Internal/Ucwa" href="https://banff.openjive.local/ucwa/v1/applications" /><Link token="External/Ucwa" href="https://lyncweb.openjive.com/ucwa/v1/applications"
    /><Link token="External/XFrame" href="https://lyncweb.openjive.com/Autodiscover/XFrame/XFrame.html" /><Link token="Internal/XFrame" href="https://banff.openjive.local/Autodiscover/XFrame/XFrame.html"
    /><Link token="XFrame" href="https://lyncweb.openjive.com/Autodiscover/XFrame/XFrame.html" /><Link token="Self" href="https://lyncweb.openjive.com/Autodiscover/AutodiscoverService.svc/root/user"
    /></User></AutodiscoverResponse>
    SendRequest failed for
    https://lyncweb.openjive.com/Autodiscover/AutodiscoverService.svc/root/[email protected]
    Automatic discovery results for https://lyncdiscover.openjive.com/
    Access Location                          : External
    SIP Server Internal Access               : banff.openjive.local
    SIP Server External Access               : lyncedge.openjive.com
    SIP Client Internal Access               : banff.openjive.local
    SIP Client External Access               : lyncedge.openjive.com
    Internal Auth broker service             :
    https://banff.openjive.local/Reach/sip.svc
    External Auth broker service             :
    https://lyncweb.openjive.com/Reach/sip.svc
    Internal Auto discover service           :
    https://banff.openjive.local/Autodiscover/AutodiscoverService.svc/root
    External Auto discover service           :
    https://lyncweb.openjive.com/Autodiscover/AutodiscoverService.svc/root
    Internal MCX service                     :
    https://lyncweb.openjive.com/Mcx/McxService.svc
    External MCX service                     :
    https://lyncweb.openjive.com/Mcx/McxService.svc
    Internal UCWA service                    :
    https://banff.openjive.local/ucwa/v1/applications
    External UCWA service                    :
    https://lyncweb.openjive.com/ucwa/v1/applications
    Internal Webscheduler service            :
    https://banff.openjive.local/Scheduler
    External Webscheduler service            :
    https://lyncweb.openjive.com/Scheduler
    Total server discovery time: 1.1 seconds
    Server discovery succeeded for secure (HTTPS) external channel against URL
    https://lyncdiscover.openjive.com/
    Starting automatic discovery for unsecure (HTTP) external channel
    Sending HTTP request to
    http://lyncdiscover.openjive.com/[email protected]
    Cookie  found in autodiscover response: StatusCode: 406, ReasonPhrase: 'Not Acceptable', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
      Date: Fri, 30 May 2014 00:49:45 GMT
      Server: Microsoft-IIS/8.5
      X-Powered-By: ASP.NET
      Content-Length: 1346
      Content-Type: text/html
    Autodiscover: SendRequest(): the URL
    http://lyncdiscover.openjive.com/[email protected] couldn't be connected.  Complete HTTP headers:\r\n Date: Fri, 30 May 2014 00:49:45 GMT
    Server: Microsoft-IIS/8.5
    X-Powered-By: ASP.NET
    Couldn't connect to URL
    http://lyncdiscover.openjive.com/[email protected] (HTTP status code NotAcceptable)
    System.Exception: Couldn't connect to URL
    http://lyncdiscover.openjive.com/[email protected] (HTTP status code NotAcceptable)
       at Microsoft.LyncServer.WebServices.AutoDiscoverManager.TerminateAD(String mesg)
       at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<SendRequest>d__d.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
       at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<TryNextUrl>d__3.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<StartDiscoveryJourney>d__0.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at LyncConnectivityAnalyzerCore.Utilities.<RetrieveUserLocation>d__3e.MoveNext()
    Server discovery failed for unsecured external channel against
    http://lyncdiscover.openjive.com/
    None, AutoInternalDNSFail, AutoInternalSecureD, AutoInternalUnsecureD, AutoExternalUnsecureD, ManualDNSFail, ManualSecureD, ManualUnsecureD, AuthBrokerInternalLMXCheckGET, AuthBrokerInternalLMXCheckPOST, AuthBrokerExternalLMXCheckGET, AuthBrokerExternalLMXCheckPOST,
    MobilityMCXInternalLMXCheckGET, MobilityMCXInternalLMXCheckPOST, MobilityMCXExternalLMXCheckGET, MobilityMCXExternalLMXCheckPOST, LMXSIPServerInternalDNS, LMXSIPServerExternalDNS, MobilityUCWAInternalCheckPOST, MobilityUCWAExternalCheckPOST
    Starting the requirement tests for Lync Mobile 2013 App
    Please wait; this test may take several minutes to complete...
    Testing the app requirements using the following discovery response:
    Access Location                          : External
    SIP Server Internal Access               : banff.openjive.local
    SIP Server External Access               : lyncedge.openjive.com
    SIP Client Internal Access               : banff.openjive.local
    SIP Client External Access               : lyncedge.openjive.com
    Internal Auth broker service             :
    https://banff.openjive.local/Reach/sip.svc
    External Auth broker service             :
    https://lyncweb.openjive.com/Reach/sip.svc
    Internal Auto discover service           :
    https://banff.openjive.local/Autodiscover/AutodiscoverService.svc/root
    External Auto discover service           :
    https://lyncweb.openjive.com/Autodiscover/AutodiscoverService.svc/root
    Internal MCX service                     :
    https://lyncweb.openjive.com/Mcx/McxService.svc
    External MCX service                     :
    https://lyncweb.openjive.com/Mcx/McxService.svc
    Internal UCWA service                    :
    https://banff.openjive.local/ucwa/v1/applications
    External UCWA service                    :
    https://lyncweb.openjive.com/ucwa/v1/applications
    Internal Webscheduler service            :
    https://banff.openjive.local/Scheduler
    External Webscheduler service            :
    https://lyncweb.openjive.com/Scheduler
    Starting tests for Mobility (UCWA) service
    UCWA user agent string: <input xmlns="<property">http://schemas.microsoft.com/rtc/2012/03/ucwa"><property name="culture">en-US</property><property name="endpointId">44:D8:84:3C:68:68</property><property
    name="type">Phone</property><property name="userAgent">LyncConnectivityAnalyzer/5.0.8308.582 (Windows OS 6.0)</property></input>
    Verifying external Ucwa service:
    https://lyncweb.openjive.com/ucwa/v1/applications
    On-premises WebTicket server:
    https://lyncweb.openjive.com/WebTicket/WebTicketService.svc/Auth
    AcquireTicketAsync succeeded for
    https://lyncweb.openjive.com/WebTicket/WebTicketService.svc/Auth
    WebTicket: <saml:Assertion MajorVersion="1" MinorVersion="1" AssertionID="SamlSecurityToken-cda8f5c3-dc31-46d1-b9ba-51fa49cffcd3" Issuer="https://banff.openjive.local:4443/f0ca8325-b055-5552-be4f-fb4088f97387"
    IssueInstant="2014-05-30T00:52:06.062Z" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"><saml:Conditions NotBefore="2014-05-30T00:52:06.062Z" NotOnOrAfter="2014-05-30T08:44:42.062Z"><saml:AudienceRestrictionCondition><saml:Audience>https://lyncweb.openjive.com/</saml:Audience></saml:AudienceRestrictionCondition></saml:Conditions><saml:AuthenticationStatement
    AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified" AuthenticationInstant="2014-05-30T00:52:06.062Z"><saml:Subject><saml:NameIdentifier Format="sip:[email protected]</saml:NameIdentifier><saml:SubjectConfirmation><saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</saml:ConfirmationMethod><KeyInfo">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/uri">sip:[email protected]</saml:NameIdentifier><saml:SubjectConfirmation><saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</saml:ConfirmationMethod><KeyInfo
    xmlns="<e:EncryptedKey">http://www.w3.org/2000/09/xmldsig#"><e:EncryptedKey xmlns:e="<e:EncryptionMethod">http://www.w3.org/2001/04/xmlenc#"><e:EncryptionMethod
    Algorithm="</e:EncryptionMethod><KeyInfo><KeyName>f0ca8325-b055-5552-be4f-fb4088f97387:8d149b659ca1d29</KeyName></KeyInfo><e:CipherData><e:CipherValue>HiaWvrXQLacT+brihMO3w2xV0JCWsOj2hQNAkbGkl1yuavEW5U2+yA==</e:CipherValue></e:CipherData></e:EncryptedKey></KeyInfo></saml:SubjectConfirmation></saml:Subject></saml:AuthenticationStatement><Signature">http://www.w3.org/2001/04/xmlenc#kw-aes256"></e:EncryptionMethod><KeyInfo><KeyName>f0ca8325-b055-5552-be4f-fb4088f97387:8d149b659ca1d29</KeyName></KeyInfo><e:CipherData><e:CipherValue>HiaWvrXQLacT+brihMO3w2xV0JCWsOj2hQNAkbGkl1yuavEW5U2+yA==</e:CipherValue></e:CipherData></e:EncryptedKey></KeyInfo></saml:SubjectConfirmation></saml:Subject></saml:AuthenticationStatement><Signature
    xmlns="<SignedInfo><CanonicalizationMethod">http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="</CanonicalizationMethod><SignatureMethod">http://www.w3.org/2001/10/xml-exc-c14n#"></CanonicalizationMethod><SignatureMethod
    Algorithm="</SignatureMethod><Reference">http://www.w3.org/2000/09/xmldsig#rsa-sha1"></SignatureMethod><Reference URI="#SamlSecurityToken-cda8f5c3-dc31-46d1-b9ba-51fa49cffcd3"><Transforms><Transform
    Algorithm="</Transform><Transform">http://www.w3.org/2000/09/xmldsig#enveloped-signature"></Transform><Transform Algorithm="</Transform></Transforms><DigestMethod">http://www.w3.org/2001/10/xml-exc-c14n#"></Transform></Transforms><DigestMethod
    Algorithm="</DigestMethod><DigestValue>9aGUpr6tQkHD1fj+o1gDZSFMpPp1HwnNjO9BmmGjA+Y=</DigestValue></Reference></SignedInfo><SignatureValue>jfleXw8Do6pavetwKPAGEEIezTJlJhF2UlnuNh04dK4FlCJMRowZbxHUyqUjTsCbjIdvVMhljsPrufsPwPd4v1ksvf8apfeVJ2zZZSyIqLLCjKW3Vus7X6DlBqZ+YB8rP1dGKleuH5E7kuk4asAc5XpzjoB3xvLf5cXp2hVvKuhwlDhqQp3dCIFnNCGPQLbqY+hek55uNcmyspJno13YbQ/fje/1CJxfwiN3M0o2dPskIMvOt1oqHlxn1zIeWm1lWkKd/ZDjchoWzmqiO67cbXuJpe7IrqwCx4WT7vHMkyHZznXB6D55pgPen94+h0Vwq75mWZeYBMIeXOM3t+7HnA==</SignatureValue><KeyInfo><o:SecurityTokenReference">http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod><DigestValue>9aGUpr6tQkHD1fj+o1gDZSFMpPp1HwnNjO9BmmGjA+Y=</DigestValue></Reference></SignedInfo><SignatureValue>jfleXw8Do6pavetwKPAGEEIezTJlJhF2UlnuNh04dK4FlCJMRowZbxHUyqUjTsCbjIdvVMhljsPrufsPwPd4v1ksvf8apfeVJ2zZZSyIqLLCjKW3Vus7X6DlBqZ+YB8rP1dGKleuH5E7kuk4asAc5XpzjoB3xvLf5cXp2hVvKuhwlDhqQp3dCIFnNCGPQLbqY+hek55uNcmyspJno13YbQ/fje/1CJxfwiN3M0o2dPskIMvOt1oqHlxn1zIeWm1lWkKd/ZDjchoWzmqiO67cbXuJpe7IrqwCx4WT7vHMkyHZznXB6D55pgPen94+h0Vwq75mWZeYBMIeXOM3t+7HnA==</SignatureValue><KeyInfo><o:SecurityTokenReference
    xmlns:o="<o:KeyIdentifier">http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><o:KeyIdentifier ValueType="AhJJ0tEVWf4IRNbKNKfDMD1Qyvg=</o:KeyIdentifier></o:SecurityTokenReference></KeyInfo></Signature></saml:Assertion">http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">AhJJ0tEVWf4IRNbKNKfDMD1Qyvg=</o:KeyIdentifier></o:SecurityTokenReference></KeyInfo></Signature></saml:Assertion>
    Successfully created the UCWA service
    Completed tests for Mobility (UCWA) service
    None, AutoInternalDNSFail, AutoInternalSecureD, AutoInternalUnsecureD, AutoExternalUnsecureD, ManualDNSFail, ManualSecureD, ManualUnsecureD, AuthBrokerInternalLMXCheckGET, AuthBrokerInternalLMXCheckPOST, AuthBrokerExternalLMXCheckGET, AuthBrokerExternalLMXCheckPOST,
    MobilityMCXInternalLMXCheckGET, MobilityMCXInternalLMXCheckPOST, MobilityMCXExternalLMXCheckGET, MobilityMCXExternalLMXCheckPOST, LMXSIPServerInternalDNS, LMXSIPServerExternalDNS, MobilityUCWAInternalCheckPOST
    Your deployment meets the minimum requirements for Lync Mobile 2013 App.

  • Solution: iPad/iPhone Login issues with IIS as Reverse Proxy (Android and Windows Phone works)

    Hi,
    I had issues with iPad/iPhone access from external and tried a lot. Now I found my solution I like to share.
    I setup a IIS on Windows Server 2012 with ARR 2.5 and Android and Windows Phone could login but not iPad and iPhone.
    The IIS Log on the reverse proxy showed:
    2013-02-26 12:03:31 <IP> POST /webticket/webticketservice.svc X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=1996c8d7-09d0-4310-8da4-a8dfb7940e28 443 - <ClientIP> Lync%202010/1.6+CFNetwork/609+Darwin/13.0.0 - 401 0 0 124
    2013-02-26 12:03:31 <IP> POST /webticket/webticketservice.svc X-ARR-CACHE-HIT=0 443 - <ClientIP> Lync%202010/1.6+CFNetwork/609+Darwin/13.0.0 - 502 3 12018 93
    First Request gets a 401 while anonymous. Second try would be with authentication but it never reached the internal front end server.
    After I installed a fix for ARR
    http://forums.iis.net/t/1195560.aspx/1?ARR+502+3+Bad+Gateway+0x80072ef2+2147954418+The+supplied+handle+is+the+wrong+type+for+the+requested+operation the Apple Devices could login.

    Hi,
    This resolved our problem too!! So happy after 2 weeks of messing around with just about every setting recommended from all types of forums and rebuilding our reverse proxy I was at a loose end. 
    Our environment is Lync 2013 Enterprise, Lync 2013 Edge, IIS as Reverse Proxy on Server 2012 using ARR 2.5
    We had Android and Windows clients working but no iOS devices at all. In the iOS log we were seeing 
    <h1>Server Error</h1></div><div id="content"> <div class="content-container"><fieldset> <h2>502 - Web server received an invalid response while acting as a gateway or proxy server.</h2> <h3>There is a problem with the page you are looking for, and it cannot be displayed. When the Web server (while acting as a gateway or proxy) contacted the upstream content server, it received an invalid response from the content server.</h3> </fieldset></div></div></body></html>
    When the client was trying to retrieve from the webticketservice.svc
    2013-04-11 17:19:44.659 Lync[4970:6c61000] INFO TRANSPORT TransportUtilityFunctions.cpp/907:<ReceivedResponse>
    POST https://lyncwebext.contoso.com/webticket/webticketservice.svc
    Request Id: 0x72cfc18
    HttpHeader:Content-Length 1477
    HttpHeader:Content-Type text/html
    HttpHeader:Date Thu, 11 Apr 2013 16:22:25 GMT
    HttpHeader:Server Microsoft-IIS/8.0
    HttpHeader:StatusCode 502
    Installed the HotFix from here:-
    Hotfix for Microsoft Application Request Routing Version 2.5 for IIS7 (KB 2732764) (x64)
    Rebooted the Reverse Proxy and iOS clients worked straight away for both Lync 2010 and Lync 2013 on both iPhone 5 and iPad both. 
    I hope this helps others as I was losing the plot :-)
    Cheers
    Sam

  • Can the 4710 reverse proxy like the Apache rerwite rule

    We currently have web servers configured with Apache that act as reverse proxies using an Apache rewrite rule. The end user connects to the Apache web server and it proxies that connection to the backend app server. Is the 4710 capable of acting as a reverse proxy like Apache which would eliminate the need for a web server?
    Thanks

    Hi,
    Although this is not the most common scenario it is doable. What you will need is to NAT the client source IP to the ACE VIP and send the request to the web server. If there is a web farm then you can use another context of ACE to loadbalance the request to the web farm.Actually i have setup ACE as a reverse proxy in replacement of an ISA server by using the one-arm mode for the implementation. Beware though that you will need to use Policy Based Routing or NAT so as for the return traffic to go though ACE. Also you will need to insert the client IP in the x-forwarded-for HTTP header for proper analysis (as you would do with Apache).
    See below link for routed mode (it is for the c6500 / ACE module but same applies for the ACE 4710 appliance
    http://supportwiki.cisco.com/ViewWiki/index.php/Configure_ACE_with_Source_NAT_and_Client_IP_Header_Insert
    Hope it helps,
    ./G

  • Navigation Bar with Rollovers inside to extend all the way across x-axis

    I have a dreamweaver cs4 question. I need to have a navigation bar, that lines up with a background image that DOES not move when scaling the webpages in and out. The images must have rollovers, is there a way to either insert a repeating x-axis image and placing text on top and adding a script element to make the text rollover links?
    All I need is a navigation bar with rollover links in the middle that extends all the way to the sides of the page regardless of browers or screen size.
    Currently I have a divtag with rollover images and a background image that has the same image as the divtag so it looks like the navbar goes all the way across, but when I zoom in and out the background image or the div tag moves just by 1 pixel making them not lined up. example here: its more evident in google chrome http://www.olympicvalleycapital.com/about.html.
    Please help! this is killing me and I dont have much scripting experience so I am trying to do this using the UI elements.
    Or is there a way to prevent the background image from resizing when zooming in and out, like a fixed or absolute dynamic to apply to the background?

    If you quit using position absolute for a basic layout, you will be amply rewarded.
    Going through many of the posts with a similar topic you will find out why.
    Gramps

  • Need a little help with a Jbutton not working out the way I planned

    The following code is to fulfill an assignment I am working on. The problem I am having is with the btnCalc. For some reason when the button is used, the results I get is from another button. I think the variables are set right for the program to function properly but I am really hung up on this. Do anyone have any suggestions?
    import java.awt.*;                     //Contains classes for creating GUI
    import java.awt.event.*;                //For listener events
    import javax.swing.*;                     // Imports the Main Swing Package
    import javax.swing.event.*;
    import javax.swing.text.*;           // Positions text box
    import java.text.NumberFormat;          // For number format such as currency
    import java.text.*;                     // Imports the Main Text Package
    import java.util.*;                     // Utility Package
    public class MPC extends JFrame implements ActionListener           //Creates Class for MPC
    //double dblLoanAmount, dblInterestRate, dblMonthlyPayment;
    TextField txtTotalMort;
         //JButton fixRates = new JButton("Choose Fixed Rates");
         JLabel lblTotalMort = new JLabel("How much is the loan?"); // Label for dblLoanAmount amount
         JTextField txtYears = new JTextField(10);
         JLabel lblPayment = new JLabel("Your monthly payment is "); // Label for Payment
         JTextField txtPayment = new JTextField(10);
         JLabel lblYears = new JLabel("How many years?");
                             // add(lblYears);
                   JTextField txtYearsInput = new JTextField(10);
                             //a dd(txtYears);
         JLabel lblInterestRate = new JLabel("What is the interest rate?");
                             //add(lblInterestRate);
                   JTextField txtInterestRate = new JTextField(10);
                             //add(txtInterestRate);
         //JLabel lblPayment = new JLabel("Your monthly payment is:");
                             //add(lblPayment);
                   //JTextField txtPayment = new JTextField(10);
                             //txtPayment.setEditable(false);
                                  //add(txtPayment);
         JButton btnCalc = new JButton("Calculate");
                             //add(btnCalc);
                             //btnCalc.addActionListener(this);
    JButton year7InterestRateBtn = new JButton("7 years at 5.35%");     // Mortgage Term and Interest Rate
    JButton year15InterestRateBtn = new JButton("15 years at 5.50%");
    JButton year30InterestRateBtn = new JButton("30 years at 5.75%");
    JButton reset = new JButton("Clear All");
    JTextArea boxSpace = new JTextArea(100,200);          // Morgtage table size
    JScrollPane scroll = new JScrollPane(boxSpace);     // ScrollPane
              public MPC()     // Method
         super("MPC");     // Frame Title
              JMenuBar mb = new JMenuBar();     // Menu Bar
    setJMenuBar(mb);
                        setSize(325, 500);          // Frame Size
                        JPanel pane = new JPanel();
                        pane.setLayout(new BoxLayout(pane, BoxLayout.Y_AXIS)); //Grid box configuration
                        Container grid = getContentPane();
                        grid.setLayout(new GridLayout(8,2,8,8));     // Grid Layout
                        pane.add(grid);                                        // Adds grid
                        pane.add(scroll);                                   // Adds scrollPane
                   grid.setBackground(Color.white);
                        Setting color of text and backgrounds
                   txtYears.setBackground(Color.white);
              txtYears.setForeground(Color.black);
                   txtYears.setFont(new Font("Arial", Font.PLAIN, 10));
                        txtPayment.setBackground(Color.white);
                   txtPayment.setForeground(Color.black);
              txtPayment.setFont(new Font("Arial", Font.PLAIN, 10));
                   boxSpace.setBackground(Color.white);
                   boxSpace.setForeground(Color.black);
                   boxSpace.setFont(new Font("Arial", Font.PLAIN, 10));
              grid.add(lblYears);
              grid.add(txtYearsInput);
              grid.add(lblInterestRate);
              grid.add (txtInterestRate);
              grid.add(lblTotalMort);          // Adds the Mortgage Amount Label
              grid.add(txtYears);               // Adds the Mortgage Amount Text Field
              grid.add(lblPayment);           // Adds the Payment Label
              grid.add(txtPayment);           // Adds the Monthly Payment Text Field
                   txtPayment.setEditable(false);          // Disables editing in this Text Field
              grid.add(btnCalc);
         grid.add(year7InterestRateBtn);               // Adds 1st Loan and Rate Button
              grid.add(year15InterestRateBtn);          // Adds 2nd Loan and Rate Button
              grid.add(year30InterestRateBtn);          // Adds the Exit Button
              grid.add(reset);                               // Adds the New Calc Button
              setContentPane(pane);                          // Enables the Content Pane
              setVisible(true);                               // Sets JPanel to be Visable
              reset.addActionListener(this);                          // Adds Action Listener to the New Calc Button
              txtYearsInput.addActionListener(this);
              txtInterestRate.addActionListener(this);
              btnCalc.addActionListener(this);
         year7InterestRateBtn.addActionListener(this);                              // Adds Action Listener to the 1st loan Button
              year15InterestRateBtn.addActionListener(this);                              // Adds Action Listener to the 2nd loan Button
              year30InterestRateBtn.addActionListener(this);                               // Adds Action Listener to the 3rd loan Button
              txtYears.addActionListener(this);                              // Adds Action Listener to the Mortgage Amount Text Field
              txtPayment.addActionListener(this);                              // Adds Action Listener to the Monthly payment Text Field
              public void actionPerformed(ActionEvent e)                               // Tests to Verify Which Button is Pressed
         Object command = e.getSource(); // Enables command to get data
         int intYears = 0;          // Declares intYears
                   double dblLoanAmount, dblInterestRate, interestRate, intRate;
         if (command == year7InterestRateBtn)                                   // Activates the 1st Loan Button
    intYears = 0;                                        // Sets 1st value of Array
         if (command == year15InterestRateBtn)                                   // Activates the 2nd Loan Button
         intYears = 1;                                        // Sets 2nd value of Array
              if (command == year30InterestRateBtn)                                   // Activates the 3rd Loan Button
                   intYears = 2;                                        // Sets 3rd value of Array
                   if (command == btnCalc)
                        //dblLoanAmount = Double.parseDouble(txtTotalMort.getText() ); // Loan amount
                        //interestRate = Double.parseDouble(txtInterestRate.getText() ); // /100 )/ 12; // Devides rate
                        intRate = (Double.parseDouble(txtInterestRate.getText() )/100 )/ 12;
                        //int intYearsMonths = Integer.parseInt(txtYearsInput.getText() );// * 12; //Multiplies loan length
                        int months = Integer.parseInt(txtYearsInput.getText() )* 12;
    dblLoanAmount = 0;                                   // Declares and Initializes dblLoanAmount
                   dblInterestRate = 0;                                        // Declares and Initializes dblInterestRate
              double [][] dblTrmLoanRate = {{7, 5.35}, {15, 5.50}, {30, 5.75},};           // Array Data for Calculation
    try
    dblLoanAmount = Double.parseDouble(txtYears.getText()); // Gets user input from txtYears Text Field
    catch (NumberFormatException nfe)                          // Checks for correct user input
                             JOptionPane.showMessageDialog(null, "You must enter a valid number.", "MPC", JOptionPane.INFORMATION_MESSAGE);
    return;
              interestRate = dblTrmLoanRate [intYears][1];
                   //dblInterestRate=interestRate;
                   intRate = (interestRate / 100) / 12;                         // Calculates Interst Rate
         double intYearsMonths = dblTrmLoanRate [intYears] [0];                    // Calculates Loan Term in Months
    int months = (int)intYearsMonths * 12;                          // Devides by months
    double interestRateMonthly = (intRate / 12); // Devides Rate
              double payment = dblLoanAmount * intRate / (1 - (Math.pow(1/(1 + intRate), months))); // Calculates monthly payment
         double dblRmnLoan = dblLoanAmount;                              //Left over balance
         double txtPaymentInterest = 0;                                   // Payment
         double txtPaymentPrincipal = 0;                                   // Payment of principal
    NumberFormat currency = NumberFormat.getCurrencyInstance(Locale.US); // Curreny format
         txtPayment.setText(currency.format(payment));
              boxSpace.setText("Month\tPrincipal\tInterest\tBalance Left\n");
              for (;months > 0 ; months -- )
              txtPaymentInterest = (dblRmnLoan * intRate);
                        txtPaymentPrincipal = (payment - txtPaymentInterest);          // Calculates monthly payment
                   dblRmnLoan = (dblRmnLoan - txtPaymentPrincipal);
                        boxSpace.setCaret (new DefaultCaret());                    // Scroll position
                        boxSpace.append(String.valueOf(months) + "\t" +               // Table data
                        currency.format(txtPaymentPrincipal) + "\t" +
                   currency.format(txtPaymentInterest) + "\t" +
                   currency.format(dblRmnLoan) + "\n");
    if(command == reset)
                             Clears fields
                        txtYearsInput.setText(null);
                        txtInterestRate.setText(null);
              txtYears.setText(null);
                        txtPayment.setText(null);
         boxSpace.setText(null);
                        public static void main(String[] args)                               //This is the signature of the entry point of all the desktop apps
              new MPC();
    }

    This portion to be exact. All the buttons work for me except this one. I need to calculate user input and also use the fixed data that can be found in the dblTrmLoanRate array. When I choos to use user input instead, the program either crashes or for some reason uses the year7InterestRateBtn instead.
                   if (command == btnCalc)
                        //dblLoanAmount = Double.parseDouble(txtTotalMort.getText() ); // Loan amount
                        //interestRate = Double.parseDouble(txtInterestRate.getText() ); // /100 )/ 12; // Devides rate
                        intRate = (Double.parseDouble(txtInterestRate.getText() )/100 )/ 12;
                        //int intYearsMonths = Integer.parseInt(txtYearsInput.getText() );// * 12; //Multiplies loan length
                        int months = Integer.parseInt(txtYearsInput.getText() )* 12;
    I was going to leave out the remed portion but thought it might help you with the navigation. I am sorry I did not use code tags, but I am going to go find out what those are and use them in the future.

  • DMZ with reverse proxy

    Hi All,
    I am trying to configure DMZ.
    But I am having only one node for apache.
    So I thought of configuring DMZ using Reverse Proxy with no External node.
    But I am bit confused with configuration of Reverse Proxy using the apache shipped with E-business
    My current archecture like:
    Node 1 : Apache ,Forms and MWA
    Node 2 : CM and DB
    OS : AIX 5.3
    Version : 11.5.10.2
    DB : 10.2.0.4
    1.Will there be 2 apache process running as applmgr on node1(one for external and other for internal)
    2.Will there be 2 context files in node1 (one for external and other for internale)
    3.How to configure 2 Server name for node1
    Thanks in advance

    Hi,
    Did you review (Note: 438744.1 - Case History: Implementing a Reverse Proxy Alone in a DMZ Configuration - 11i)?
    Regards,
    Hussein

  • Access Mac Mini Server (profile management) through reverse proxy

    Hi,
    Newbie in Mac's world and yet trying to make it more complicated as it is.
    As we recently (last month) decided to equip our sales force with iPads, they were configured through Apple Configurator tool running on a dedicated Mac Mini Mountain Lion.
    Now, I'd be keen in moving this configuration to the Profile Manager, part of the OSx Server plugin. So far so good.
    Problem is the following : another web server is already on the LAN using both 80 and 443 ports. So all incoming traffic on those ports was routed to this other server. As Mac Mini Server default http/s ports may not be altered, I installed a reverse proxy server (Oracle VM - Ubuntu 12.04LTS - pound), configured to deal differently traffic on those ports according to the domain name (host) of the web request (header). Each 'local' server has been allocated a domain name. Just to be clear, traffic is now routed by the WAN/LAN router, for those ports, towards the reverse proxy, configured to reroute the traffic to the correct destination.
    So far so good, it works like a charm, except... as soon as we enter https protocol on Mac Mini Server Profile Manager.
    Access from an iDevice to the Mac Mini Server Profile Manager login page is fine, but as soon as password is confirmed, safari is pending and finally a message 'An internal serer error occured. Please try later again' appears.
    Looking to both reverse proxy system log and Mac Mini profilemanager.log files to trace the problem, the following lines are produced at this particular moment :
    reverse proxy system.log
    Jan 15 14:44:03 reverseproxy pound: 91.... GET /devicemanagement/console/apple_theme_v2/en/da56af0a69e733b259dac3991419fa928b4 94a56/resources/images/sprites/me_controls.png HTTP/1.1 - HTTP/1.1 200 OK
    Jan 15 14:44:03 reverseproxy pound: 91.... GET /auth?redirect=http://osxsrv.fiks.net/devicemanagement/api/authentication/callback HTTP/1.1 - HTTP/1.1 302 Moved Temporarily
    Jan 15 14:44:04 reverseproxy pound: 91.... GET /devicemanagement/api/authentication/callback?auth_token=336952DE-BDDE-4390-82F 7-8475B79FB2D3 HTTP/1.1 - HTTP/1.1 302 Moved Temporarily
    Jan 15 14:44:04 reverseproxy pound: (b7680b40) e500 can't read header
    Jan 15 14:44:04 reverseproxy pound: (b7680b40) e500 response error read from 192.168....:443/GET /profilemanager/ HTTP/1.1: Success (0.007 secs)
    Jan 15 14:44:08 reverseproxy pound: 91.... POST /devicemanagement/api/magic/get_updated HTTP/1.1 - HTTP/1.1 200 OK
    OSx Server profilemanager.log
    Jan 15 14:44:05 osxsrv ProfileManager[1748] <Info>: Processing MagicController#do_magic (for 91.... at 2013-01-15 14:44:05) [POST]Jan 15 14:44:05 osxsrv ProfileManager[1749] <Info>: Processing MagicController#do_magic (for 91.... at 2013-01-15 14:44:05) [POST]
    Jan 15 14:44:06 osxsrv ProfileManager[1748] <Info>: Completed in 492ms (View: 0, DB: 6) | 200 OK [http://osxsrv.../magic/do_magic]
    Jan 15 14:44:06 osxsrv ProfileManager[1749] <Info>: Completed in 687ms (View: 0, DB: 5) | 200 OK [http://osxsrv..../magic/do_magic]
    Jan 15 14:44:07 osxsrv ProfileManager[1750] <Info>: auth_token doesn't exist
    Jan 15 14:44:07 osxsrv ProfileManager[1750] <Info>: Filter chain halted as [:verify_auth_token] rendered_or_redirected.
    Jan 15 14:44:07 osxsrv ProfileManager[1751] <Info>: Processing MagicController#do_magic (for 91.... at 2013-01-15 14:44:07) [POST]
    Jan 15 14:44:07 osxsrv ProfileManager[1751] <Info>: auth_token doesn't exist
    Jan 15 14:44:07 osxsrv ProfileManager[1751] <Info>: Filter chain halted as [:verify_auth_token] rendered_or_redirected.
    Jan 15 14:44:07 osxsrv ProfileManager[1751] <Info>: Completed in 4ms (View: 1, DB: 14) | 403 Forbidden [http://osxsrv..../magic/do_magic]
    Jan 15 14:44:07 osxsrv ProfileManager[1748] <Info>: Processing MagicController#do_magic (for 91.... at 2013-01-15 14:44:07) [POST]
    Jan 15 14:44:07 osxsrv ProfileManager[1748] <Info>: auth_token doesn't exist
    Jan 15 14:44:07 osxsrv ProfileManager[1748] <Info>: Filter chain halted as [:verify_auth_token] rendered_or_redirected.
    Jan 15 14:44:07 osxsrv ProfileManager[1748] <Info>: Completed in 45ms (View: 1, DB: 43) | 403 Forbidden [http://osxsrv..../magic/do_magic]
    Jan 15 14:44:07 osxsrv ProfileManager[1750] <Info>: Processing MagicController#do_magic (for 91.... at 2013-01-15 14:44:07) [POST]
    Jan 15 14:44:07 osxsrv ProfileManager[1750] <Info>: auth_token doesn't exist
    Jan 15 14:44:07 osxsrv ProfileManager[1750] <Info>: Filter chain halted as [:verify_auth_token] rendered_or_redirected.
    Jan 15 14:44:07 osxsrv ProfileManager[1750] <Info>: Completed in 55ms (View: 0, DB: 1) | 403 Forbidden [http://osxsrv..../magic/do_magic]
    Jan 15 14:44:08 osxsrv ProfileManager[1749] <Info>: Processing AuthenticationController#callback (for 91.... at 2013-01-15 14:44:08) [GET]
    Jan 15 14:44:08 osxsrv ProfileManager[1749] <Info>: Redirected to https://osxsrv..../profilemanager/
    Jan 15 14:44:08 osxsrv ProfileManager[1749] <Info>: Completed in 149ms (DB: 5) | 302 Found [http://osxsrv..../authentication/callback?auth_token=[FILTERED]]
    I guess the '302 Found' is causing or explaining the problem.
    I agree this might not be a Mac issue, so I still knock your doors hoping some of you could at least give a hint for what to search for !
    If the pound configuration file is of interest, just ask, but this is pretty trivial, saying basically listen these protocols (http/https) on these ports (80/443) and according to Header content (check destination host) and reroute packet to LAN device (with given LAN IP address).
    As the default port(s) of the Mac Mini Web Services may not be altered (so far I know), I guess I am stuck using 80 and 443 anyway.
    Maybe should I invest time in changing my other apache server ports to some more exotic 8080 or 88 or whatever so Mac Mini Server Profile Manager default ports 80 and 443 are maintained and can be easily and directly rerouted to my Mac server without any reverse proxy along the way.
    Thanks in advance for your help
    Alx

    HI All,
    i'm also using reverse proxy technique to publish my server to the internet. The ip is used by twice domains. The problem is by using the profile manager
    after login it redirects the url to the Local Area network addresse instead to the domain.
    How to configure this on OS X Server and the Profile Manager Service?
    Kind Regards
    Oemer

  • Sun One 6.1 reverse proxy with multiple certs

    We are using Sun One Web Server 6.1sp6 as a reverse proxy without the passthrough plugin. We also have multiple certs and not a global cert and what we are seeing is the data getting "staged" on the web server before moving on to the destination (which obviously halves throughput). Some research tells us that this staging is happening because it needs to re-encrypt the packets for the next cert.
    Is there any way besides having a global cert that we can get around this? Would using the passthrough plugin help?
    Thanks,
    Don

    The thing is that it apparently doesn't do it on the fly, which is why I was wondering if the passthrough plug in would help. In other words, if I am sending a 10mb file through to the destination server (there's a weblogic server on the back end with a different cert that I want to do the real processing), the web server waits until it gets all 10mb then resends it. Seems it should do the encrypt/decrypt on a packet level to me.
    As far as the config, I didn't set it up, I'm just trying to get it to work :)
    Here are the configs, if it would help. If there's something set up wrong here, please feel free to point it out!
    Thanks,
    Don
    magnus.conf
    # The NetsiteRoot, ServerName, and ServerID directives are DEPRECATED.
    # They will not be supported in future releases of the Web Server.
    NetsiteRoot /iplanet/servers
    ServerName rpserver.testdomain.com
    ServerID https-rpserver.testdomain.com
    RqThrottle 256
    DNS off
    Security on
    PidLog /iplanet/servers/https-rpserver.testdomain.com/logs/pid
    User iplanet1
    StackSize 131072
    TempDir /tmp/https-rpserver.testdomain.com-a9dd9515
    PostThreadsEarly off
    KernelThreads off
    ChunkedRequestBufferSize 0
    LogVerbose on
    LogVsId off
    AsyncDNS off
    KeepAliveTimeout 10
    UseNativePoll on
    Init fn="load-modules" funcs="wl_proxy,wl_init" shlib=/iplanet/servers/plugins/nsapi/wls923/libproxy128_61.so
    Init fn="wl_init"
    Init fn="load-modules" shlib="/iplanet/servers/bin/https/lib/libj2eeplugin.so" shlib_flags="(global|now)"
    Init fn="stats-init" profiling="on"
    obj.conf
    # The NetsiteRoot, ServerName, and ServerID directives are DEPRECATED.
    # They will not be supported in future releases of the Web Server.
    NetsiteRoot /iplanet/servers
    ServerName rpserver.testdomain.com
    ServerID https-rpserver.testdomain.com
    RqThrottle 256
    DNS off
    Security on
    PidLog /iplanet/servers/https-rpserver.testdomain.com/logs/pid
    User iplanet1
    StackSize 131072
    TempDir /tmp/https-rpserver.testdomain.com-a9dd9515
    PostThreadsEarly off
    KernelThreads off
    ChunkedRequestBufferSize 0
    LogVerbose on
    LogVsId off
    AsyncDNS off
    KeepAliveTimeout 10
    UseNativePoll on
    Init fn="load-modules" funcs="wl_proxy,wl_init" shlib=/iplanet/servers/plugins/nsapi/wls923/libproxy128_61.so
    Init fn="wl_init"
    Init fn="load-modules" shlib="/iplanet/servers/bin/https/lib/libj2eeplugin.so" shlib_flags="(global|now)"
    Init fn="stats-init" profiling="on"
    server.xml
    <?xml version="1.0" encoding="UTF-8"?>
    <!--
    Copyright (c) 2003 Sun Microsystems, Inc. All rights reserved.
    Use is subject to license terms.
    -->
    <!DOCTYPE SERVER PUBLIC "-//Sun Microsystems Inc.//DTD Sun ONE Web Server 6.1//EN" "file:///iplanet/servers/bin/https/dtds/sun-web-server_6_1.dtd">
    <SERVER qosactive="false">
    <PROPERTY name="docroot" value="/iplanet/servers/docs"/>
    <PROPERTY name="accesslog" value="/iplanet/servers/https-rpserver.testdomain.com/logs/access"/>
    <PROPERTY name="user" value=""/>
    <PROPERTY name="group" value=""/>
    <PROPERTY name="chroot" value=""/>
    <PROPERTY name="dir" value=""/>
    <PROPERTY name="nice" value=""/>
    <LS id="ls1" port="443" servername="rpserver.testdomain.com" defaultvs="https-rpserver.testdomain.com" security="on" ip="any" blocking="false" acceptorthreads="2">
    <SSLPARAMS servercertnickname="Server-Cert" ssl2="off" ssl2ciphers="-rc4,-rc4export,-rc2,-rc2export,-desede3,-des" ssl3="on" tls="on" ssl3tlsciphers="-rsa_rc4_128_sha,+rsa_rc4_128_md5,-rsa_rc4_56_sha,-rsa_rc4_40_md5,+rsa_3des_sha,+rsa_des_sha,-rsa_des_56_sha,-rsa_rc2_40_md5,-rsa_null_md5,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,+fips_3des_sha,-fips_des_sha" tlsrollback="on" clientauth="off"/>
    </LS>
    <MIME id="mime1" file="mime.types"/>
    <ACLFILE id="acl1" file="/iplanet/servers/httpacl/generated.https-rpserver.testdomain.com.acl"/>
    <VSCLASS id="vsclass1" objectfile="obj.conf" rootobject="default" acceptlanguage="false">
    <VS id="https-rpserver.testdomain.com" connections="ls1" mime="mime1" aclids="acl1" urlhosts="rpserver.testdomain.com" state="on">
    <PROPERTY name="docroot" value="/iplanet/servers/docs"/>
    <USERDB id="default"/>
    <SEARCH>
    <WEBAPP uri="/search" path="/iplanet/servers/bin/https/webapps/search" enabled="true"/>
    </SEARCH>
    </VS>
    </VSCLASS>
    <JAVA javahome="/iplanet/servers/bin/https/jdk" serverclasspath="/iplanet/servers/bin/https/jar/webserv-rt.jar:${java.home}/lib/tools.jar:/iplanet/servers/bin/https/jar/webserv-ext.jar:/iplanet/servers/bin/https/jar/webserv-jstl.jar:/iplanet/servers/bin/https/jar/ktsearch.jar" classpathsuffix="" envclasspathignored="true" nativelibrarypathprefix="" debug="false" debugoptions="-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n" dynamicreloadinterval="-1">
    <JVMOPTIONS>-Djava.security.auth.login.config=/iplanet/servers/https-rpserver.testdomain.com/config/login.conf</JVMOPTIONS>
    <JVMOPTIONS>-Djava.util.logging.manager=com.iplanet.ias.server.logging.ServerLogManager</JVMOPTIONS>
    <JVMOPTIONS>-Xmx256m</JVMOPTIONS>
    <SECURITY defaultrealm="native" anonymousrole="ANYONE" audit="false">
    <AUTHREALM name="file" classname="com.iplanet.ias.security.auth.realm.file.FileRealm">
    <PROPERTY name="file" value="/iplanet/servers/https-rpserver.testdomain.com/config/keyfile"/>
    <PROPERTY name="jaas-context" value="fileRealm"/>
    </AUTHREALM>
    <AUTHREALM name="native" classname="com.iplanet.ias.security.auth.realm.webcore.NativeRealm">
    <PROPERTY name="jaas-context" value="nativeRealm"/>
    </AUTHREALM>
    <AUTHREALM name="ldap" classname="com.iplanet.ias.security.auth.realm.ldap.LDAPRealm">
    <PROPERTY name="directory" value="ldap://localhost:389"/>
    <PROPERTY name="base-dn" value="o=isp"/>
    <PROPERTY name="jaas-context" value="ldapRealm"/>
    </AUTHREALM>
    </SECURITY>
    <RESOURCES/>
    </JAVA>
    <LOG file="/iplanet/servers/https-rpserver.testdomain.com/logs/errors" loglevel="info" logtoconsole="true" usesyslog="false" createconsole="false" logstderr="true" logstdout="true" logvsid="false"/>
    </SERVER>

  • Problem with Apache reverse proxy after applying SP13 NW

    Hello,
    we have a NW04 EP Portal and a Apache reverse proxy in the DMZ. After applying SP 13 for the portal we get the following error from the reverse proxy:
    Proxy Error
    The proxy server received an invalid response from an upstream server.
    The proxy server could not handle the request GET /irj/.
    Reason: Error reading from remote server
    Apache/2.0.52 (Win32) mod_ssl/2.0.52 OpenSSL/0.9.7e Server at servername.company.de Port 443
    Is is it possible, that there is a problem with sp13?
    Best regards
    Daniel Holstein

    Hi Daniel,
    ok I`ll try to find a solution in parallel and keep you up to date.
    In the following my settings in case I missed something:
    <VirtualHost test.firma.de:443>
    SSLEngine on
    SSLProxyEngine on
    SSLCertificateFile /apache/keys/pac_ssl_qep_dmz_server.crt
    SSLCertificateKeyFile /apache/keys/pac_ssl_qep_dmz_server.key
    ServerName test.firma.de:443
    ServerAdmin [email protected]
    LogLevel debug
    ErrorLog logs/ssl_443_error
    CustomLog logs/ssl_443_access_log common
    ProxyVia Off
    ProxyPreserveHost On
    ReWriteEngine on
    ReWriteLogLevel 0
    ReWriteLog logs//ssl_443_rewrite_http.log
    ProxyPass / https://backend.firma.de:50001/
    ProxyPassReverse / https://backend.firma.de:50001/
    </VirtualHost>
    Regards, Jens

  • Apache Reverse Proxy with Abap Web query

    Hi to all
      We are trying to configure apache 2 to work as a reverse proxy with web abap Netweaver installation.
    From inside the network the web query is fine.
    Running the query with the reverse proxy we have only the html code in the browser. All the scripts and css are not present.
    We checked some messages inside the forum and we have tried a lot of stuff without success.
    We use always linux (Fedora, Ubuntu with xampp or apache only) plus the html module or the publisher from http://apache.webthing.com.
    Our installation is like this the reverse proxy in the dmz and the netweaver to the inside off coarse, and we don't have the same domain name, i don't know if this is important.
    Any help/idea  is valuable.
    Thank you
    Yiannis

    Hi Olivier
    I have seen your solution in other messages but i didn't try it because i was trying to work with the html_proxy module.
    I read the documents you gave me plus some apache tutorials on the rewrite rule.
    In any case i have my installation working now.
    I did some extra changes in my config so now the rules are like that
    ProxyVia On
    ProxyBadHeader IsError
    ProxyRequests Off
    ProxyPreserveHost On
    ProxyPass /sap http://192.168.1.59:8001/sap
    ProxyPassReverse /sap http://192.168.1.59:8001/sap
    RewriteEngine On
    RewriteRule ^/(sap\(.*) http://192.168.1.59:8001/$1 [P,L]
    Thanks again for your help
    Yiannis

Maybe you are looking for

  • Windows 8 on boot camp on MacBook Pro retina w/external monitors = screen resolution not correct

    how do i calibrate external monitors resolutions individually in windows 8 (like can be done in OS X) so that my MacBook Pro retina text isn't teeny tiny and my external monitors look normal? Is there a way to set the resolution and text size for eac

  • Selection Menu for VM, possible?

    Hi all, I pretty new at this, but after weeks of trial and error, I am able to get the SRSS 4.2 and ESX4U1 to display my vm desktop to a DTU. Now I want to dig a little deeper. Question, is it possible in SRSS 4.2 to be able to create a "selection me

  • Image not seen in JFrame

    I have an applet with a background image and some JButtons. When you click a button a new Window (JFrame) is opened with some JLabels, JButtons on. This works fine in Appletviewer. When I run the program in IE the image in the JFrame isn't visible. S

  • Photoshop Elements refuses to open

    I've had PSE, version 6, on my PC for over a year but tonight it locked up. When I closed it down and tried to restart it, it stopped when it came to the line 'Reading Workspace Modes'. When I click on 'check online for a solution' for solution nothi

  • HELP! All my songs have vanished

    I switched on my pc yesterday and clicked on itunes and when it opened i found that all 5006 tunes in my itunes to be gone including all my playlists. They're in the pc somewhere but itunes isn't recognising them for some reason. It was working fine