ChaRM config with Single domain

Hi Guru's,
I am in situation where I have to configure Change request Management with Single Domain Controller in Solution Manager 7.1 SP11.
I have configured transport routes in ECC development system (000) to Integration , quality and production and now I want to add this configuration to Solution manager without domain link.
please help me on this greatly appreciated
thanks

Hi Srini,
Check the below note for active ChaRM with out domain link
1384598 - Harmonizing RFC communication infrastructure in ChaRM/QGM
1756014 - Harmonizing RFC communication infrastructure for ChaRM Check
Rg,
Karthik

Similar Messages

Can we map three BPC users with single domain user

Hi..
When we map the three BPC users in the ABAP server in the program UJA3_WRITE_SYS_USERS with domain user,can we map with only one domain user for all three BPC users or we have to use three different domain users to map the three BPC users?
Please do reply
Thanks
Bobby

yep
u can map three bpc user with single domain user.
but domain user must have management roles.

ChaRM config with two dev clients

Hi Experts,
Has anyone tried ChaRM with two dev clients, one for customizing and one for workbench, is it like adding two QA/prod systems?
Please help.
Thanks and Regards,
Jamuna Nithyanandam

Hi Jamuna,
Like already mentioned, maintain 2 logical components in SMSY with the correct systems, and add these logical components to your Project.
When in a Change Document (U.rgent or Normal Correction), the action 'Create Transport Request' is executed, a pop-up will be shown and people can select where they want to have the Transport created.
Of course, SolMan will always show the two options - Workbench or Customizing Transport - when creating the Transport Request. So people need to pay attention that there are only creating WRKB in the WRKB-client and CUSTO in the CUSTO-client. As far as I know, this cannot be limited technically in SolMan.
Good luck!
Best regards,
Roel

How to delete multiple data domains with single step ?

how to delete multiple data domains with single step ?

You can go to your Endeca-Server domain home e.g.($WEBLOGIC-HOME$/user_projects/domains/endeca_server_domain/EndecaServer/bin)
run
[HOST]$ ./endeca-cmd.sh list-dd
default is enabled.
GettingStarted is enabled.
endeca is enabled.
BikeStoreTest is enabled.
create a new file from the output just with the domains that you want to delete and then create a loop
[HOST]$ vi delete-dd.list
default
GettingStarted
endeca
BikeStoreTest
[HOST]$ for i in $(cat delete-dd.list); do; ./endeca-cmd.sh delete-dd $i; done
Remember that this can not be undone, unless you have a backup.

Same user with administrative rights on all the servers in single domain versus domainadmin as a part of administrator group in all the servers

same user with administrative rights on all the servers in single domain user as a part of administrator group in all the servers:
same user is configured as administrator on all the servers in one domain at windows 2003 server. Should this user be made part of domain admin and then this can be set up in the group of administrator for all the servers.
How this is technically different?
If same user is set up as an administrator on all the servers in domain, will it have the same access on all the files as a domain admin user?
dhomya

If the account is not admin on the domaincontrollers and the account is not member of domain admins or any other privileged AD group, the account has only user privileges on AD and thus cannot perform actions like creating and managing accounts,
groups, OUs,policies, sites, ...in other words cannot potentially ruin Active Directory.
I think that is a pretty big difference.
In fact, it is bad practice to perform you daily server management with an AD privileged account.
In regards of file access. The domain administrator will be just an admin, and thus has the privilies assigned to the local admin group, just as any other admin. But if it are different accounts they might be member of different groups assigning different
privileges. Always be carefull when assuming resulting privileges will be the same.
MCP/MCSA/MCTS/MCITP

Identity firewall with Single Forest/Multi-Domain

I have a question with regard to setting up the ID firewall on the ASA 5585 in a single forest, multiple domain windows network.
Currently I have a semi-operational IDF at the top level but can't find users on the lower other domains, here is the setup:
I have 3 domains.
domain1.test.com
domain2.domain1.test.com
domain3.domain2.domain1.test.com
Both domains have a two way parent-child trust and I can look for users in AD Users/Computer on both domains. I initially setup the ASA to look at domain1.test.com using an LDAP aaa-server per the IDF instructions, and then proceeded to configure the ad-agent. I installed the adagent on the domain1.test.com domain controller configured the settings on that system and had no problem adding users to the firewall and getting functionality within domain1. I looked to see if I could see domain 2 and domain 3 users and found none. I went ahead and added the domain2 system to the adagent on the DC and the system says that it is up, but when I search for users is not pulling them from domain2. Instead, it shows domain1 users as domain2\user1. I also configured another adserver in the ASA to search ldap on domain 2 to no avail.
The cisco documentation states the following:
•Before you configure even a single domain controller machine using the adacfg dc create command, ensure that the AD Agent machine is first joined to a domain (for example, domain J) that has a trust relationship with each and every domain (for example, domain D[i]) that it will monitor for user authentications (through the domain controller machines that you will be configuring on the AD Agent machine).
Single Forest, Multiple Domains—All the domains in a single forest already have an inherent two-way trust relationship with each other. Thus, the AD Agent must first be joined to one of the domains, J, in this forest, with this domain J not necessarily being identical to any of the domains D[i] corresponding to the domain controller machines. Because of the inherent trust relationship between domain J and each of the domains D[i], there is no need to explicitly configure any trust relationships.
Reading that it sounds like it should just work. I had everything properly configured before I installed the adagent, but I'm guessing that there is a chance that you can't have the adagent on the top level DC and get to communicate with the lower level domains. I wanted to ask though before I blow everything up and start over. The instructions are not overwhelming clear on what needs to done in this scenario. Suggestions?

Hi Matthew,
If I understand your post correctly, the problem is that the ASA is unable to search users in domain2, correct? This portion of the communication is unrelated to the AD Agent, but it sounds like the Agent can talk to the DC just fine. The ASA searches for users directly on the DC via LDAP queries. The communication between the ASA and the Agent is all done via RADIUS.
If the above is correct, I would focus on why the LDAP queries are failing between the ASA and the domain2 DC. Feel free to open a TAC case on this as well for additional assistance from the AAA experts.
-Mike

Two-way forest trust between two (single domain) forests with multiple identical user ID's

Domain and forest levels - Windows 2003 (they both have one 2008 R2 DC)
We need to create a two-way forest trust between two separate single-domain forests. The problem is that these two forests already access each others resources through a S2S. Users have the same login names and passwords on both forests/domains. Now, we
are combining their infrastructures and need to set up a trust. From what I'm reading, you can't create forest trusts if you have the same SIDs, user ID's, or computer name in each of the forests.
I'm looking into AD migration tool to copy the userSIDs (SID history?) between forest/domain, deleting the user ID's in the domain we migrated from, and then setting up the trust, but I'm leery about doing it this way as there is no easy 'recovery' should
something go wrong.
Any suggestions for the easiest way to setup this forest trust?

Hi,
To eliminate your worries, two user accounts have the same user name doesn’t mean that they have the same SID. Moreover, the user’s SID remains the same even after it has been renamed.
The SID for domain account/group consists of a
Domain Identifier and a Relative Identifier. Domain Identifier is unique in every domain within a forest, and a Relative Identifier is unique within domain. It is unlikely that two user accounts with or without the same account
name from two forests have the same SID.
The Technet article you mentioned is talking about duplicate SIDs instead of “duplicate computer name or user account”, I will submit a change request to Microsoft about this.
If there are duplicate SIDs when you create forest trust, you need to delete one of them as the article guides.
Here are some related articles below for your references:
How Security Identifiers Work
http://technet.microsoft.com/en-us/library/cc778824(v=WS.10).aspx
Security Identifier Structure
http://technet.microsoft.com/en-us/library/cc962011.aspx
Security Identifier
http://en.wikipedia.org/wiki/Security_Identifier
I hope this helps.
Amy Wang

SIP Trunk - No voice with Single Number Reach

Hi Community.
I setup SIP Trunk with the CCA. Everything is working Call In and Call Out. Call Forward and so on.
But with Single Number reach is something wrong. The mobile phone is ringing and I can get the call, but I hear not any voice.
Can someone please help me out? Below the config.
version 15.1
parser config cache interface
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service internal
service compress-config
service sequence-numbers
dot11 ssid cisco-data
vlan 1
authentication open
dot11 ssid cisco-voice
vlan 100
authentication open
ip source-route
ip cef
ip dhcp relay information trust-all
ip dhcp excluded-address 10.1.1.1 10.1.1.9
ip dhcp excluded-address 10.1.1.241 10.1.1.255
ip dhcp pool phone
network 10.1.1.0 255.255.255.0
default-router 10.1.1.1
option 150 ip 10.1.1.1
ip domain name site1.365873.trk.ipvoip.ch
ip name-server 8.8.8.8
ip inspect WAAS flush-timeout 10
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp router-traffic
ip inspect name SDM_LOW udp router-traffic
ip inspect name SDM_LOW vdolive
no ipv6 cef
multilink bundle-name authenticated
stcapp ccm-group 1
stcapp
isdn switch-type basic-net3
voice call send-alert
voice rtp send-recv
voice service voip
ip address trusted list
ipv4 0.0.0.0 0.0.0.0
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
supplementary-service h450.12
no supplementary-service sip refer
fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback pass-through g711ulaw
sip
registrar server expires max 3600 min 3600
localhost dns:site1.365873.trk.ipvoip.ch
no update-callerid
voice class codec 1
codec preference 1 g711alaw
voice register global
mode cme
source-address 10.1.1.1 port 5060
load 9971 sip9971.9-2-2
load 9951 sip9951.9-2-2
load 8961 sip8961.9-2-2
timezone 23
voice source-group CCA_SIP_SOURCE_GROUP_CUE_CME
access-list 2
translation-profile incoming SIP_Incoming
voice source-group CCA_SIP_SOURCE_GROUP_EXTERNAL
access-list 3
voice translation-rule 9
rule 1 /0041449475090/ /90/
rule 2 /0041449475091/ /91/
rule 3 /0041449475092/ /92/
rule 4 /0041449475093/ /93/
rule 5 /0041449475094/ /94/
rule 6 /0041449475095/ /95/
rule 7 /0041449475096/ /96/
rule 8 /0041449475097/ /97/
rule 9 /0041449475098/ /98/
rule 10 /0041449475099/ /99/
voice translation-rule 410
rule 1 /^0$.*$/ /\1/
rule 15 /^..$/ /0041449475090/
voice translation-rule 411
rule 1 /^0$.*$/ /ABCD0\1/
voice translation-rule 412
rule 1 /^ABCD$.*$/ /\1/
voice translation-rule 422
rule 15 /^ABCD$.*$/ /\1/
voice translation-rule 1000
rule 1 /.*/ //
voice translation-rule 1111
rule 1 /^9$[1-9]$$/ /004144947509\1/
rule 15 /^..$/ /0041449475090/
voice translation-rule 1112
rule 1 /^0/ //
voice translation-rule 2000
rule 1 /0041449475098/ /98/
voice translation-rule 2001
rule 1 /0041449475097/ /97/
voice translation-rule 2002
rule 1 /^6/ //
voice translation-rule 2222
voice translation-profile AA_Profile
translate called 2001
voice translation-profile CALLER_ID_TRANSLATION_PROFILE
translate calling 1111
voice translation-profile CallBlocking
translate called 2222
voice translation-profile OUTGOING_TRANSLATION_PROFILE
translate called 1112
voice translation-profile PSTN_CallForwarding
translate redirect-target 410
translate redirect-called 410
voice translation-profile PSTN_Outgoing
translate calling 1111
translate called 1112
translate redirect-target 410
translate redirect-called 410
voice translation-profile SIP_Called_9
translate calling 3265
translate called 9
voice translation-profile SIP_Incoming
translate called 411
voice translation-profile SIP_Passthrough
translate called 412
voice translation-profile SIP_Passthrough_CallBlocking
translate called 422
voice translation-profile VM_Profile
translate called 2000
voice translation-profile XFER_TO_VM_PROFILE
translate redirect-called 2002
voice translation-profile nondialable
translate called 1000
voice-card 0
dspfarm
dsp services dspfarm
fax interface-type fax-mail
license udi pid UC540W-BRI-K9 sn FGL163220SL
archive
log config
logging enable
logging size 600
hidekeys
username admin privilege 15 secret xxx
username xxx password 0 ""
username xxx password 0 ""
ip tftp source-interface Loopback0
bridge irb
interface Loopback0
description $FW_INSIDE$
ip address 10.1.10.2 255.255.255.252
ip access-group 101 in
ip nat inside
ip virtual-reassembly in
interface FastEthernet0/0
description $FW_OUTSIDE$
no ip address
ip inspect SDM_LOW out
ip virtual-reassembly in
ip verify unicast reverse-path
load-interval 30
shutdown
duplex auto
speed auto
interface Integrated-Service-Engine0/0
description cue is initialized with default IMAP group
ip unnumbered Loopback0
ip nat inside
ip virtual-reassembly in
service-module ip address 10.1.10.1 255.255.255.252
service-module ip default-gateway 10.1.10.2
interface FastEthernet0/1/0
no ip address
macro description cisco-desktop
spanning-tree portfast
interface FastEthernet0/1/1
switchport voice vlan 100
no ip address
macro description cisco-phone
spanning-tree portfast
interface FastEthernet0/1/2
switchport voice vlan 100
no ip address
macro description cisco-phone
spanning-tree portfast
interface FastEthernet0/1/3
switchport voice vlan 100
no ip address
macro description cisco-phone
spanning-tree portfast
interface FastEthernet0/1/4
switchport voice vlan 100
no ip address
macro description cisco-phone
spanning-tree portfast
interface FastEthernet0/1/5
switchport voice vlan 100
no ip address
macro description cisco-phone
spanning-tree portfast
interface FastEthernet0/1/6
switchport voice vlan 100
no ip address
macro description cisco-phone
spanning-tree portfast
interface FastEthernet0/1/7
switchport voice vlan 100
no ip address
macro description cisco-phone
spanning-tree portfast
interface FastEthernet0/1/8
no ip address
macro description cisco-desktop
spanning-tree portfast
interface BRI0/1/0
no ip address
isdn switch-type basic-net3
isdn point-to-point-setup
isdn incoming-voice voice
isdn sending-complete
isdn static-tei 0
interface BRI0/1/1
no ip address
shutdown
isdn switch-type basic-net3
isdn point-to-point-setup
isdn incoming-voice voice
isdn sending-complete
isdn static-tei 0
interface Dot11Radio0/5/0
no ip address
ssid cisco-data
ssid cisco-voice
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
antenna receive right
antenna transmit right
interface Dot11Radio0/5/0.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio0/5/0.100
encapsulation dot1Q 100
bridge-group 100
bridge-group 100 subscriber-loop-control
bridge-group 100 spanning-disabled
bridge-group 100 block-unknown-source
no bridge-group 100 source-learning
no bridge-group 100 unicast-flooding
interface Vlan1
no ip address
bridge-group 1
bridge-group 1 spanning-disabled
interface Vlan100
no ip address
bridge-group 100
bridge-group 100 spanning-disabled
interface BVI1
description $FW_INSIDE$
ip address 192.168.10.2 255.255.255.0
ip access-group 102 in
ip nat inside
ip virtual-reassembly in
interface BVI100
description $FW_INSIDE$
ip address 10.1.1.1 255.255.255.0
ip access-group 103 in
ip nat inside
ip virtual-reassembly in
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http path flash:/gui
ip dns server
ip nat inside source list 1 interface FastEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 192.168.10.1
ip route 10.1.10.1 255.255.255.255 Integrated-Service-Engine0/0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.1.1.0 0.0.0.255
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 1 permit 10.1.10.0 0.0.0.3
access-list 2 remark CCA_SIP_SOURCE_GROUP_ACL_INTERNAL
access-list 2 remark SDM_ACL Category=1
access-list 2 permit 192.168.10.2
access-list 2 permit 10.1.10.0 0.0.0.3
access-list 2 permit 192.168.10.0 0.0.0.255
access-list 2 permit 10.1.1.0 0.0.0.255
access-list 3 remark CCA_SIP_SOURCE_GROUP_ACL_EXTERNAL
access-list 3 remark SDM_ACL Category=1
access-list 3 permit 212.147.47.216
access-list 3 deny   any
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny   ip 192.168.10.0 0.0.0.255 any
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration##NO_ACES_8##
access-list 101 remark SDM_ACL Category=1
access-list 101 permit tcp 10.1.1.0 0.0.0.255 eq 2000 any
access-list 101 permit udp 10.1.1.0 0.0.0.255 eq 2000 any
access-list 101 deny   ip 10.1.1.0 0.0.0.255 any
access-list 101 deny   ip 192.168.10.0 0.0.0.255 any
access-list 101 deny   ip 192.168.1.0 0.0.0.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 permit ip any any
access-list 102 remark auto generated by SDM firewall configuration##NO_ACES_6##
access-list 102 remark SDM_ACL Category=1
access-list 102 deny   ip 10.1.10.0 0.0.0.3 any
access-list 102 deny   ip 10.1.1.0 0.0.0.255 any
access-list 102 deny   ip 192.168.1.0 0.0.0.255 any
access-list 102 deny   ip host 255.255.255.255 any
access-list 102 deny   ip 127.0.0.0 0.255.255.255 any
access-list 102 permit ip any any
access-list 103 remark auto generated by SDM firewall configuration##NO_ACES_8##
access-list 103 remark SDM_ACL Category=1
access-list 103 permit tcp 10.1.10.0 0.0.0.3 any eq 2000
access-list 103 permit udp 10.1.10.0 0.0.0.3 any eq 2000
access-list 103 deny   ip 10.1.10.0 0.0.0.3 any
access-list 103 deny   ip 192.168.10.0 0.0.0.255 any
access-list 103 deny   ip 192.168.1.0 0.0.0.255 any
access-list 103 deny   ip host 255.255.255.255 any
access-list 103 deny   ip 127.0.0.0 0.255.255.255 any
access-list 103 permit ip any any
access-list 104 remark auto generated by SDM firewall configuration##NO_ACES_14##
access-list 104 remark SDM_ACL Category=1
access-list 104 deny   ip 10.1.10.0 0.0.0.3 any
access-list 104 deny   ip 10.1.1.0 0.0.0.255 any
access-list 104 permit ip any any
access-list 104 permit udp host 8.8.8.8 eq domain any
access-list 104 permit icmp any any echo-reply
access-list 104 permit icmp any any time-exceeded
access-list 104 permit icmp any any unreachable
access-list 104 deny   ip 10.0.0.0 0.255.255.255 any
access-list 104 deny   ip 172.16.0.0 0.15.255.255 any
access-list 104 deny   ip 192.168.0.0 0.0.255.255 any
access-list 104 deny   ip 127.0.0.0 0.255.255.255 any
access-list 104 deny   ip host 255.255.255.255 any
access-list 104 deny   ip host 0.0.0.0 any
access-list 104 deny   ip any any
control-plane
bridge 1 route ip
bridge 100 route ip
voice-port 0/0/0
cptone CH
station-id name FAX
station-id number 99
caller-id enable
voice-port 0/0/1
cptone CH
shutdown
caller-id enable
voice-port 0/0/2
cptone CH
shutdown
caller-id enable
voice-port 0/0/3
cptone CH
shutdown
caller-id enable
voice-port 0/1/0
compand-type a-law
cptone CH
bearer-cap Speech
voice-port 0/1/1
compand-type a-law
cptone CH
bearer-cap Speech
voice-port 0/4/0
auto-cut-through
signal immediate
input gain auto-control -15
description Music On Hold Port
sccp local Loopback0
sccp ccm 10.1.1.1 identifier 1 version 4.0
sccp
sccp ccm group 1
associate ccm 1 priority 1
associate profile 2 register mtpa4934c6ee4e0
dspfarm profile 2 transcode
description CCA transcoding for SIP Trunk VTX
codec g711ulaw
codec g711alaw
codec g729ar8
codec g729abr8
maximum sessions 10
associate application SCCP
dial-peer cor custom
name internal
name local
name local-plus
name international
name national
name national-plus
name emergency
name toll-free
dial-peer cor list call-internal
member internal
dial-peer cor list call-local
member local
dial-peer cor list call-local-plus
member local-plus
dial-peer cor list call-national
member national
dial-peer cor list call-national-plus
member national-plus
dial-peer cor list call-international
member international
dial-peer cor list call-emergency
member emergency
dial-peer cor list call-toll-free
member toll-free
dial-peer cor list user-internal
member internal
member emergency
dial-peer cor list user-local
member internal
member local
member emergency
member toll-free
dial-peer cor list user-local-plus
member internal
member local
member local-plus
member emergency
member toll-free
dial-peer cor list user-national
member internal
member local
member local-plus
member national
member emergency
member toll-free
dial-peer cor list user-national-plus
member internal
member local
member local-plus
member national
member national-plus
member emergency
member toll-free
dial-peer cor list user-international
member internal
member local
member local-plus
member international
member national
member national-plus
member emergency
member toll-free
dial-peer voice 1 pots
destination-pattern 99
port 0/0/0
no sip-register
dial-peer voice 2 pots
port 0/0/1
no sip-register
dial-peer voice 3 pots
port 0/0/2
no sip-register
dial-peer voice 4 pots
port 0/0/3
no sip-register
dial-peer voice 5 pots
description ** MOH Port **
destination-pattern ABC
port 0/4/0
no sip-register
dial-peer voice 6 pots
description tcatch all dial peer for BRI/PRIv
translation-profile incoming nondialable
incoming called-number .%
direct-inward-dial
dial-peer voice 50 pots
description ** incoming dial peer **
incoming called-number ^AAAA$
direct-inward-dial
port 0/1/0
dial-peer voice 51 pots
description ** incoming dial peer **
incoming called-number ^AAAA$
direct-inward-dial
port 0/1/1
dial-peer voice 2000 voip
description ** cue voicemail pilot number **
translation-profile outgoing XFER_TO_VM_PROFILE
destination-pattern 98
b2bua
session protocol sipv2
session target ipv4:10.1.10.1
voice-class sip outbound-proxy ipv4:10.1.10.1
dtmf-relay rtp-nte
codec g711ulaw
no vad
dial-peer voice 2001 voip
description ** cue auto attendant number **
translation-profile outgoing PSTN_CallForwarding
destination-pattern 97
b2bua
session protocol sipv2
session target ipv4:10.1.10.1
voice-class sip outbound-proxy ipv4:10.1.10.1
dtmf-relay rtp-nte
codec g711ulaw
no vad
dial-peer voice 2012 voip
description ** cue prompt manager number **
translation-profile outgoing PSTN_CallForwarding
destination-pattern 96
b2bua
session protocol sipv2
session target ipv4:10.1.10.1
voice-class sip outbound-proxy ipv4:10.1.10.1
dtmf-relay rtp-nte
codec g711ulaw
no vad
dial-peer voice 1000 voip
permission term
description ** Incoming call from SIP trunk (VTX) **
session protocol sipv2
session target sip-server
incoming called-number .%
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
fax rate 14400
fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback pass-through g711ulaw
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1001 voip
corlist outgoing call-local
description ** star code to SIP trunk (VTX) **
destination-pattern *..
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
fax rate 14400
fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback pass-through g711ulaw
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1003 voip
description ** Passthrough Inbound Calls for PSTN from CUE **
translation-profile incoming SIP_Passthrough
b2bua
session protocol sipv2
session target ipv4:10.1.10.1
incoming called-number ABCDT
dtmf-relay rtp-nte
codec g711ulaw
no vad
dial-peer voice 1005 voip
description ** Passthrough Inbound Calls for MWI from CUE **
b2bua
session protocol sipv2
session target ipv4:10.1.10.1
incoming called-number A80T
dtmf-relay rtp-nte
codec g711ulaw
no vad
dial-peer voice 1009 voip
description ** Passthrough Inbound Calls for Internal Extensions from CUE **
b2bua
session protocol sipv2
session target ipv4:10.1.10.1
incoming called-number ^..$
dtmf-relay rtp-nte
codec g711ulaw
no vad
dial-peer voice 1033 voip
corlist outgoing call-local
description **CCA*Switzerland*Short Code Services**
translation-profile outgoing PSTN_Outgoing
preference 1
destination-pattern 0187
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1042 voip
corlist outgoing call-emergency
description **CCA*Switzerland*Ambulance / Poisioning**
translation-profile outgoing CALLER_ID_TRANSLATION_PROFILE
preference 1
destination-pattern 0014[45]
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1041 voip
corlist outgoing call-emergency
description **CCA*Switzerland*REGA Air Rescue**
translation-profile outgoing CALLER_ID_TRANSLATION_PROFILE
preference 1
destination-pattern 00333333333
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1025 voip
corlist outgoing call-national
description **CCA*Switzerland*National Destination Numbers**
translation-profile outgoing PSTN_Outgoing
preference 1
destination-pattern 00[789]1.......
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1020 voip
corlist outgoing call-national
description **CCA*Switzerland*Regional Announcement VM**
translation-profile outgoing PSTN_Outgoing
preference 1
destination-pattern 01600
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1040 voip
corlist outgoing call-emergency
description **CCA*Switzerland*REGA Air Rescue**
translation-profile outgoing CALLER_ID_TRANSLATION_PROFILE
preference 1
destination-pattern 000333333333
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1043 voip
corlist outgoing call-emergency
description **CCA*Switzerland*Ambulance / Poisioning**
translation-profile outgoing CALLER_ID_TRANSLATION_PROFILE
preference 1
destination-pattern 014[45]
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1035 voip
corlist outgoing call-national
description **CCA*Switzerland*Mobile Numbers**
translation-profile outgoing PSTN_Outgoing
preference 1
destination-pattern 007[46789].......
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1024 voip
corlist outgoing call-national-plus
description **CCA*Switzerland*Personal Numbering**
translation-profile outgoing PSTN_Outgoing
preference 1
destination-pattern 00878......
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1029 voip
corlist outgoing call-national
description **CCA*Switzerland*Voicemail Access**
translation-profile outgoing PSTN_Outgoing
preference 1
destination-pattern 00860.........
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1036 voip
corlist outgoing call-national
description **CCA*Switzerland*VPN Access**
translation-profile outgoing PSTN_Outgoing
preference 1
destination-pattern 00869.............
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1027 voip
corlist outgoing call-national-plus
description **CCA*Switzerland*Premium Rate (Business)**
translation-profile outgoing PSTN_Outgoing
preference 1
destination-pattern 00900......
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1026 voip
corlist outgoing call-national
description **CCA*Switzerland*Test Numbers**
translation-profile outgoing PSTN_Outgoing
preference 1
destination-pattern 00868T
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1034 voip
corlist outgoing call-national-plus
description **CCA*Switzerland*Shared Cost numbers**
translation-profile outgoing PSTN_Outgoing
preference 1
destination-pattern 0084[0248]......
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1038 voip
corlist outgoing call-emergency
description **CCA*Switzerland*Emergency**
translation-profile outgoing CALLER_ID_TRANSLATION_PROFILE
preference 1
destination-pattern 0011[278]
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1037 voip
corlist outgoing call-toll-free
description **CCA*Switzerland*Toll Free Numbers**
translation-profile outgoing PSTN_Outgoing
preference 1
destination-pattern 00800......
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1039 voip
corlist outgoing call-emergency
description **CCA*Switzerland*Emergency**
translation-profile outgoing CALLER_ID_TRANSLATION_PROFILE
preference 1
destination-pattern 011[278]
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1032 voip
corlist outgoing call-national
description **CCA*Switzerland*National Destination Numbers**
translation-profile outgoing PSTN_Outgoing
preference 1
destination-pattern 00[23456]........
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1023 voip
corlist outgoing call-international
description **CCA*Switzerland*International Calls**
translation-profile outgoing PSTN_Outgoing
preference 1
destination-pattern 000T
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1031 voip
description **CCA*Switzerland*Premium Rate (Social)**
translation-profile outgoing PSTN_Outgoing
preference 1
destination-pattern 0090[16]......
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1030 voip
corlist outgoing call-national
description **CCA*Switzerland*Short Code**
translation-profile outgoing PSTN_Outgoing
preference 1
destination-pattern 014[0357]
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1045 voip
corlist outgoing call-emergency
description **CCA*Switzerland*REGA/Glaciers Air Rescue**
translation-profile outgoing CALLER_ID_TRANSLATION_PROFILE
preference 1
destination-pattern 0141[45]
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1028 voip
corlist outgoing call-national-plus
description **CCA*Switzerland*Directory Enquiries**
translation-profile outgoing PSTN_Outgoing
preference 1
destination-pattern 018[15].
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1021 voip
corlist outgoing call-national
description **CCA*Switzerland*Short Code**
translation-profile outgoing PSTN_Outgoing
preference 1
destination-pattern 011[45].
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1022 voip
corlist outgoing call-national
description **CCA*Switzerland*Short Code Services**
translation-profile outgoing PSTN_Outgoing
preference 1
destination-pattern 01[67].
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1044 voip
corlist outgoing call-emergency
description **CCA*Switzerland*REGA/Glaciers Air Rescue**
translation-profile outgoing CALLER_ID_TRANSLATION_PROFILE
preference 1
destination-pattern 00141[45]
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 2002 voip
description ** cue voicemail PSTN number **
translation-profile outgoing VM_Profile
destination-pattern xxx$
b2bua
session protocol sipv2
session target ipv4:10.1.10.1
voice-class sip outbound-proxy ipv4:10.1.10.1
dtmf-relay rtp-nte
codec g711ulaw
no vad
dial-peer voice 2003 voip
description ** cue auto attendant PSTN number **
translation-profile outgoing AA_Profile
destination-pattern xxx$
b2bua
session protocol sipv2
session target ipv4:10.1.10.1
voice-class sip outbound-proxy ipv4:10.1.10.1
dtmf-relay rtp-nte
codec g711ulaw
no vad
dial-peer voice 1110 pots
preference 9
destination-pattern xxx
port 0/0/0
no sip-register
dial-peer voice 3006 voip
description SIP
translation-profile incoming SIP_Called_9
session protocol sipv2
session target sip-server
incoming called-number xxx.
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
no dial-peer outbound status-check pots
sip-ua
keepalive target dns:site1.365873.trk.ipvoip.ch
authentication username xxx password 7 xxx
no remote-party-id
retry invite 2
retry register 10
timers connect 100
timers keepalive active 100
registrar dns:site1.365873.trk.ipvoip.ch expires 3600
sip-server dns:site1.365873.trk.ipvoip.ch
host-registrar
telephony-service
sdspfarm units 5
sdspfarm transcode sessions 10
sdspfarm tag 2 mtpa4934c6ee4e0
video
fxo hook-flash
max-ephones 40
max-dn 300
ip source-address 10.1.1.1 port 2000
auto assign 1 to 1 type bri
calling-number initiator
service phone videoCapability 1
service phone ehookenable 1
service phone ehookEnable 1
service dnis overlay
service dnis dir-lookup
service dss
timeouts interdigit 5
system message SwissT.Net
url services http://10.1.10.1/voiceview/common/login.do
url authentication http://10.1.10.1/voiceview/authentication/authenticate.do
cnf-file location flash:
cnf-file perphone
user-locale U4 load CME-locale-de_DE-German-8.1.2.2.tar
network-locale U4
load 521G-524G cp524g-8-1-17
load 525G spa525g-7-5-4
load 501G spa50x-30x-7-5-2b
load 502G spa50x-30x-7-5-2b
load 504G spa50x-30x-7-5-2b
load 508G spa50x-30x-7-5-2b
load 509G spa50x-30x-7-5-2b
load 525G2 spa525g-7-5-4
load 301 spa50x-30x-7-5-2b
load 303 spa50x-30x-7-5-2b
time-zone 23
time-format 24
date-format dd-mm-yy
keepalive 30 auxiliary 4
voicemail 98
max-conferences 8 gain -6
call-forward pattern .T
call-forward system redirecting-expanded
hunt-group logout HLog
moh flash:/media/music-on-hold.au
multicast moh 239.10.16.16 port 2000
web admin system name cisco secret 5 xxx
dn-webedit
time-webedit
transfer-system full-consult dss
transfer-pattern .T
transfer-pattern 0.T
transfer-pattern 6.. blind
secondary-dialtone 0
night-service day Sun 17:00 09:00
night-service day Mon 17:00 09:00
night-service day Tue 17:00 09:00
night-service day Wed 17:00 09:00
night-service day Thu 17:00 09:00
night-service day Fri 17:00 09:00
night-service day Sat 17:00 09:00
fac standard
create cnf-files version-stamp Jan 01 2002 00:00:00
ephone-template 1
url services 1 http://10.1.10.1/voiceview/common/login.do VoiceviewExpress
service phone webAccess 0
softkeys remote-in-use Newcall
softkeys idle Redial Pickup Mobility Newcall Cfwdall Gpickup Dnd Login
softkeys seized Cfwdall Endcall Redial Pickup Gpickup Callback
softkeys connected Hold Endcall Trnsfer Mobility TrnsfVM Confrn Acct Park
button-layout 7931 2
ephone-template 15
url services 1 http://10.1.10.1/voiceview/common/login.do VoiceviewExpress
softkeys remote-in-use Newcall
softkeys idle Redial Newcall Mobility Cfwdall Pickup Gpickup Dnd Login
softkeys seized Cfwdall Endcall Redial Pickup Gpickup Callback
softkeys connected Hold Endcall Mobility Trnsfer TrnsfVM Confrn Acct Park
button-layout 7931 2
ephone-template 16
url services 1 http://10.1.10.1/voiceview/common/login.do VoiceviewExpress
softkeys remote-in-use Newcall
softkeys idle Redial Newcall Mobility Cfwdall Pickup Gpickup Dnd Login
softkeys seized Cfwdall Endcall Redial Pickup Gpickup Callback
softkeys connected Hold Endcall Mobility Trnsfer TrnsfVM Confrn Acct Park
ephone-template 17
url services 1 http://10.1.10.1/voiceview/common/login.do VoiceviewExpress
softkeys remote-in-use CBarge Newcall
softkeys idle Redial Newcall Mobility Cfwdall Pickup Gpickup Dnd Login
softkeys seized Cfwdall Endcall Redial Pickup Gpickup Callback
softkeys connected Hold Endcall Mobility Trnsfer TrnsfVM Confrn Acct Park
ephone-template 18
url services 1 http://10.1.10.1/voiceview/common/login.do VoiceviewExpress
softkeys remote-in-use CBarge Newcall
softkeys idle Redial Newcall Mobility Cfwdall Pickup Gpickup Dnd Login
softkeys seized Cfwdall Endcall Redial Pickup Gpickup Callback
softkeys connected Hold Endcall Mobility Trnsfer TrnsfVM Confrn Acct Park
button-layout 7931 2
ephone-dn 9
number BCD no-reg primary
description MoH
moh out-call ABC
ephone-dn 292
number xxx
description SIP Main Number registration
preference 10
ephone-dn 293 dual-line
number 90 secondary xxx no-reg both
label Zentrale
description 90
name Zentrale
call-forward busy 98
call-forward noan 98 timeout 20
ephone-dn 294 dual-line
number 94 secondary xxx no-reg both
label LL
description Lehrling Lehrnende
name Lehrling Lehrnende
mobility
snr xxx delay 1 timeout 30 cfwd-noan 98
snr ring-stop
call-forward busy 98
call-forward noan 98 timeout 20
ephone-dn 295 dual-line
number 93 secondary xxx no-reg both
label CM
description
name
snr xxx delay 1 timeout 30 cfwd-noan 98
snr ring-stop
call-forward busy 98
call-forward noan 98 timeout 10
ephone-dn 296 dual-line
number 92 secondary xxx no-reg both
label EE
description
name
mobility
call-forward busy 98
call-forward noan 98 timeout 20
ephone-dn 297 dual-line
number 91 secondary xxx no-reg both
label RS
description
name
mobility
snr xxx delay 1 timeout 30 cfwd-noan 98
snr ring-stop
call-forward busy 98
call-forward noan 98 timeout 10
ephone-dn 298
number 6.. no-reg primary
description ***CCA XFER TO VM EXTENSION***
call-forward all 98
ephone-dn 299
number A801.. no-reg primary
mwi off
ephone-dn 300
number A800.. no-reg primary
mwi on
ephone 1
device-security-mode none
mac-address A44C.11A0.B648
ephone-template 1
max-calls-per-button 2
username "xxx" password xxx
type 525G2
button 1:296 2:293 3m297 4m295
button 5m294
ephone 2
device-security-mode none
mac-address A44C.11A0.B566
ephone-template 1
max-calls-per-button 2
username "xxx" password xxx
type 525G2
button 1:297 2:293 3m296 4m295
button 5m294
ephone 3
device-security-mode none
mac-address A44C.11A0.B5C4
ephone-template 1
max-calls-per-button 2
username "xxx" password xxx
type 525G2
button 1:295 2:293 3m297 4m296
button 5m294
ephone 4
device-security-mode none
mac-address A44C.11A0.B67A
ephone-template 1
max-calls-per-button 2
username "xxx" password xxx
type 525G2
button 1:294 2:293 3m297 4m296
button 5m295
alias exec cca_voice_mode PBX
alias exec cca_vm_notification schedule from_time=00 to_time=24
alias exec clid-ALL_BRI ;1:0-4;1:0-9;1:0-9;1:1-9
alias exec clid-SIP ;1:1-9;1:1-9;1:1-9
banner login ^CCisco Configuration Assistant. Version: 3.2 (3). Fri Jul 04 13:18:33 CEST 2014^C
line con 0
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
line vty 0 4
transport preferred none
transport input all
line vty 5 100
transport preferred none
transport input all
ntp master
ntp server 91.240.0.5 prefer
en

Hi Patrick
I am working on this one as well. I have a UC560 with SIP Trunk provider Les.NET.
It was working fine until a few weeks ago when something changed on the provider end and broke it. My hunch it is something to do with the SIP REFER.
http://www.cisco.com/c/en/us/support/docs/voice-unified-communications/unified-communications-manager-express/91535-cme-sip-trunking-config.html
Here is an excerpt from the above page:
Call Transfer
When a call comes in on an SIP trunk to an SCCP Phone or CUE AutoAttendant (AA) and is transferred, the CME by default will send a SIP REFER message to the SP proxy. Most SP Proxy Servers do not support the REFER method. This needs to be configured in order to force the CME to hairpin the call:
Router(config)#voice service voip
Router(conf-voi-serv)#no supplementary-service sip refer
Figure 3 shows the behavior of the CME system with the REFER method disabled.

How many ADFS farms can you have in a single forest/single domain?

Hi
I may have some terminology incorrect...please let me know if I do. :)
My question is, how many ADFS farms can you have in a single forest/single domain? If you want to know why I am asking...please read on.
We have 1 ADFS Farm and we are looking adding services to it. However not every cloud vendor provides a "Identity Broker" with there services.
We have a consultant that is advising that we need to enable a SAML-based IdP-initiated single sign-on (SSO) ie using "IdpInitiatedSignOnPage"
However to do this we need to modify the ADFS website to have "drop down" list so the user can select the "Relying Party" and then authentication with them.
This means we are exposing a list of every company/party we have federated with. The exposure of this information, is deemed a security concern by our company....which I agree with.
So the consultant advises that we need a separate ADFS farm. I have searched online, but haven't found any information that confirms multiple ADFS farms can be implemented in a single forest/single domain.
Thanks for reading and if you have any other suggestions...I'd appreciate it.
Nyobi

This is not exactly FIM related question - there is ADFS forum available on Technet. However - technically there is no limit of ADFS farms in a forest \ domain. It is just a service which uses AD and is not altering it in any way or storing some forest-wide
information like Exchange. So you can setup two ADFS services in single forest - no problem.
If it is a best solution to your problem? I can't say with that limited information but maybe just customization of pages on ADFS side would be enough?
Tomek Onyszko, memberOf Predica FIM Team (http://www.predica.pl), IdAM knowledge provider @ http://blog.predica.pl

Implementing Sites for a new Single Domain Environment and effects on Exchange

Copied from the Active Directory forums as the suggestion of replies.
I didn't find exactly what I was looking for so decided to create my own question to get some direct feedback.
Currently we have a single domain environment with two domain controllers located at two separate sites. When the domain was first set up, no configuration was done in the Sites and Services module for Active Directory. The two domain controllers we have are
currently located in the Default-First-Site-Name container. We do not have any subnets configured with the Sites and Services module.
These two domain controllers are located at two different sites with different IP schemes and the sites are connected with a high speed site-to-site VPN. We also have 2 satellite offices with their own IP schemes as well with more offices to come. In the future
domain controllers will be placed at these satellite offices which are connected with a slower site-to-site VPN to the main offices.
All replication and network functions are working well now, but I would like to know what the effects would be and what to watch out for if I create sites for our environment. I am particularly concerned about our Exchange 2010 server and need to make sure
that the change will not disrupt communications between it and the domain controllers.
I would like to create a site for each of our locations and link the subnet to that site now so that when we install the domain controllers the configuration is ready.
Any suggestions or input is highly appreciated thank you in advance.

Exchange will be an issue only if your Exchange servers span sites when your new Windows sites are created. If you have Exchange servers all in a single location, adding sites to your Windows forest will cause no issues. However, if you have
Exchange servers in both locations, as soon as a new site is defined for an Exchange server in a separate location from your other Exchange servers, you will start having issues. Let me give some examples so you can see what problems might occur:
Two datacenters, one Windows site, Exchange mailbox servers in both locations (primary and DR), but hub and CAS roles only in the primary datacenter:
In this situation, as soon as your second site is defined, the server in the DR datacenter will no longer be receiving mail - there is no hub to deliver it - and users will no longer be able to access their mailboxes - there is no CAS to support them.
Solution: Add hub and CAS to second datacenter and all is well with the world.
Two datacenters, one Windows site, Exchange multirole servers in both locations (primary and DR), but CAS Array defined:
Now we have a little bit better setup, since we have all roles in both locations. However, the CAS array in the primary site isn't going to be able to support your client connections in the DR site - so users will be connecting directly to the CAS
servers in the DR site (not optimum). Solution: Define a second CAS array for the DR site, with its own load balancer and configure the databases in your DR location to use that CAS array as the RPC Client Access Server.
There are other oddities, but as you can see, there will definitely be issues if your Exchange servers aren't all in the same location and you start defining Windows sites ...

Dynamic CRM connect outlook Client with different domain

Hi Guys,
I had installed CRM 2011 in cloud with different domain.
If I use browser is working fine just that when i use Outlook client it show
15:24:16| Error| Exception : The request for security token could not be satisfied because authentication failed. at System.ServiceModel.Security.SecurityUtils.ThrowIfNegotiationFault(Message message, EndpointAddress target)
at System.ServiceModel.Security.SspiNegotiationTokenProvider.GetNextOutgoingMessageBody(Message incomingMessage, SspiNegotiationTokenProviderState sspiState)
I found that is because you must connect to the same domain.
any idea that i can use my Outlook client to connect to CRM 2011 without changing my domain?
Regards,
Kim

Yes - I've been scarred with this for many years :(
If it is just CAS 1 that is causing issues, then focus in on that. The support statement for Win 2008 R2 is that NLB is still a 3rd party component and support may ask for it to be disabled.
http://support.microsoft.com/kb/278431
Does CAS1 and CAS2 have the same NICs (firmware as well), driver, teaming software, and teaming config?
I also want to ask what the network team did for configuring the switch ports on the servers? This will vary from vendor to vendor - did they do the same config on both?
Cheers,
Rhoderick
Microsoft Senior Exchange PFE
Blog:
http://blogs.technet.com/rmilne
Twitter:   LinkedIn:
  Facebook:
  XING:
Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.
Thanks Rhoderick, issue still persists
can you also help clarify what you meant by "configuring the switch ports on the servers"?
thanks again

[Forum FAQ] How to sync time with a Domain Controller for a standalone server

As we all known, if a computer belongs to an Active Directory domain, it will sync the time automatically by using the Windows Time service that is available on Domain Controllers.
While a standalone server will synchronize with its local hardware time and Windows time server. (Figure 1)
Figure 1.
Under some circumstances, a standalone server is necessary in a product environment. We can sync the time of this standalone server with the Domain Controller using
the steps below:
1. Modified the value of the AnnounceFlags:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
Under this entry we can see the default value of AnnounceFlags is 10 (Decimal), we configure the value as 5 (Decimal). (Figure 2)
Figure 2.
2. Confirm the value of the registry key below is set to 0:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer
Figure 3.
3. Configure the standalone server to synchronize with a specific time source (Domain Controller).
In our test, we configured our Domain Controller (192.168.10.200) as the time source. Used the following commands:
w32tm /config /syncfromflags:manual /manualpeerlist:192.168.10.200
4. Sync the time with the Domain Controller using the command below:
w32tm /config /update
From the figure below (Figure 4), you can see the after we did all the steps above, the time on the standalone server was synced with the Domain Controller.
Figure 4.
(Note: Peerlist is a separated list of DNS servers, or IP Addresses for the time servers)
More information:
Windows Time Service Tools and Settings
http://technet.microsoft.com/en-us/library/cc773263(WS.10).aspx#w2k3tr_times_tools_dyax
Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.

Thank you for the instruction! I am sure it is one of the scenarios that majority of administrators will run into. So I suggest to write a wiki about it and publish it for this month's TechNet Guru in Windows Server section. This month's TechNet Guru can
be found here:
Calling All Wise Men! Windows
Server Gurus Needed! Apply Within! No One Turned Away!
Thanks for your informative post. :)
Regards.
Mahdi Tehrani |
|
www.mahditehrani.ir
Please click on Propose As Answer or to mark this post as
and helpful for other people.
This posting is provided AS-IS with no warranties, and confers no rights.
How to query members of 'Local Administrators' group in all computers?

Using multiple wireless networks with Single sign on?

The university that I currently work for has switched from one wireless SSID to 2 separate SSIDs that separate the student users from the faculty/staff users. At this time only the Faculty Staff can log into STAFF and students can only log into STUDENT...
I have a few laptop carts that were setup for student use and have single sign on configured for the STUDENT wireless connection. The laptops are on the university's domain so that students have access to the home drives.
We run into problems when Faculty try to use a laptop to teach a class. They are unable to log in because their credentials are not authorized for the STUDENT wireless network.
So...Is it possible to setup 2 wireless profiles (STUDENT and STAFF) with single sign on and give the user an option to choose from?

Hi,
Based on your description, I would like to suggest you use Group Policy to configure Wireless Network Settings:
Using Group Policy to Configure Wireless Network Settings
http://technet.microsoft.com/en-us/magazine/gg266419.aspx
Please follow the information from the link above to check the issue.
If it doesn’t work, I recommend you initial a new thread in our Windows Server Forum for further assistance.
http://social.technet.microsoft.com/Forums/scriptcenter/en-US/home?category=windowsserver
Hope it helps.
Regards,
Blair Deng
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.

Multiple S650s in single domain

I just recently purchased two S650s for my organization assuming that it could be configured like our C150s (clustered). Now that I actually hooked up the second device I found my assumption to be wrong. What is the best way to configure them for load balancing with a single domain using a single Cisco Router with transparent redirection. I already configured them both almost identically and they appear to be load-sharing the client traffic. I just wanted to verify there isn't a better way.

Thanks for the reply.
I have the devices configured for client-based load-balancing. Everything appears to be working. I also notice on my daily reports that the devices have a evenly distributed number of clients attached to each device. I think this load-balancing and fail-over option will meet our needs better than just a fail-over cluster configuration. Being that my organization is small, my cpu load on each device is extremely small. I was just wondering what the refresh time is as far as client connections? Will I get a daily report for each device that contains all clients or will the report look like it does now in the morning with just a split group of clients on each device?

CCM / AD intigration with Multiple domains

Our corporation is made up of two different active directory domains. Is it possible to integrate call manager with both domains?

If they are in the same forest, yes you can. Take a look at the following link:
http://www.cisco.com/univercd/cc/td/doc/product/voice/c_callmg/4_2/srnd4_2/uc4_2/42drctry.htm#wp1067012
There are definitely some added complexities and considerations in this sceario. Take a look at the following note from the previous link:
"In a multiple-domain AD forest, try to keep the users for a specific Cisco Unified CallManager cluster within a single domain, and follow the guidelines described previously. If a single domain is not possible because users are spread across multiple domains, set the User Search Base to the lowest point in the tree containing all domains with users serviced by the Cisco Unified CallManager cluster. In structures in which serviced child domains are under the top-level domain, the User Search Base must be set at the root of the entire AD forest. In all cases, though, try to ensure that a domain controller for each serviced domain is collocated with Cisco Unified CallManager, or that the network is sufficiently resilient and fast to allow remote searches with no greater performance degradation than occurs with local searches."
Hope this helps. If so, please rate the post.
Brandon

ChaRM config with Single domain

Similar Messages

Maybe you are looking for