Connecting to servers in ".local" domain

Similar Messages

• Connect LDAP service to local domain

  Is there anyone who can tell me if it's possible to connect form the LDAP service to a local domain?
  I have made a new local domain with some groups and users in the Domain management in LC ES admin module.
  Now I want to retrieve those users to my prcess in workbench with the LDAP service, but I can't get it to connect to the new domain (it works fine when I connect to our company AD).
  I have tried with Base DN: DC=NewDomain,DC=local and Search filter: cn=* but with no luck :-(
  Is it possible to connect to the local domaim from the LDAP service if it is, what should the "Base DN" look like and what are the atributes to use in the search filter?
  Thanks
  Søren

  I think you are getting a few things mixed up.
  When you create the users in a local domain, you're in fact creating them in the LiveCycle database. Not in a LDAP system. LiveCycle NEVER writes to an LDAP system. It only reads from it.
  When LC integrates with an LDAP system (like when you create an enterprise domain in adminui), it connects to an external LDAP system and sychronizes with it. I also adds a copy of the users in its database.
  The LDAP service does the same thing is the sense that it just connects to a external LDAP system to get a list of users.
  If you want to query the users from the livecycle database you can use the User Lookup service (under Foundation) instead.
  Jasmin

• Lync 2010 connection between 2 differnt local domains

  Hallo,
  i hope this forum is the right for my question.
  I just have a question and not a problem so far :-).
  In our organisation we have now setup one standalone lync 2010 server in our local win2008r2 domain for example our.domain.local .
  Our organisation is via WAN also connected to other organisations with there own domain for example remote.domain.local.
  In both organistations we do not have internet access at all.
  For the addressbook exchange of user contacts we use GAL Sync is it possible that a user from our.domain.local can make a lync call to remote.domain.local without voip?
  What i must be configured on the lync servers that they both know each other?
  At the moment we solve the problem in the way that we have a virtual machine which is domain member in remote.domain.local and we use a user account from the remote domain to talk to personnel on the remote organisation but we would like to make it possible
  that all your users can directly call or message users from the remote organisation.
  Would be nice to get some informations how this could be archived without internet because i could not find the right whitepaper or documentation for this purpose.
  best regards
  adpspt

  Hi ADPSPT,
  To better understand the issue, I would like to confirm the following queries.
  Do you mean that your environment is
  a single forest that consists of a root domain and one or more child domains?
  I’m a little confused that you said “Our organisation is via WAN also connected to other organisations with there own domain for example remote.domain.local”.
        Is it a High Speed LAN?
  If yes, then it is supported to have the Lync installed on the child domain and that supports users from both child and root domain. Lync support single forest with multiple domains
  topology.
  Supported Active Directory topologies in Lync Server 2013
  http://technet.microsoft.com/en-us/library/gg398173.aspx
  Best regards,
  Eric

• Newbie: browsing Windows servers on .local AD domain

  Hello all,
  I've added a new Mac Book to out .local domain and I can log on using my domain account. I have internet access after configuring the Proxy server settings.
  However, I don't know how to go to our file servers? I've searched in finders but I can only see the various domains in .local but no specific shares that i know are available for Windows machines.
  Any document I can read or a quick way of doing this? Will GPO s run on the Mac?
  Thanks in advance.

  Your Windows servers should show up in the "All" network location. Select a server and authenticate, and you will see the shares available on that server.
  You can also use "connect to server" in the Go menu to connect to a specific server by IP address or DNS name. Use the form: smb://10.0.1.1 or smb://winserver.example.local
  No, GPOs will not apply to Macs unless you are using a product like Centrify.

• Firefox on Linux doesnt connect to .local domains

  Hello,
  im running FF 3.6.18 on Ubuntu (64bit, 32bit) and im not able to connect to any domain ending in .local (for example: apple.fruits.local). Name resolution is working, prefetching and fixup is disabled. Using FF on windows works without a problem with the same domain name - only in Linux it fails.

  Hi!
  Thats quite simpel:
  .local domains belong to the zeroconf system ( linux: avahi, apple: bonjour, windows: zeroconf) - so if you enter a www.dummy.local than the request is not forwarded to the DNS server it is forwarded to the MDNS and in many networks simply not resolvable.
  Turn of the avahi, bonjour or zeroconf service or daemon and it will work again
  regards
  Martin

• DNS: Client can't connect because .local domain isn't in DNS. How can I connect over the WAN to server.domain.local?

  So my 2012 server is set up on the LAN with a .local domain name. 
  Remote Desktop Services are set up and remoteapp stuff works fine on the LAN.
  I've set up port forwarding so I can connect to the server over the WAN too, but remoteapp stuff is a bit different. I can connect to the server by specifying the correct IP address. Giving a Web browser the address
  https://serverIPAddress/RDWeb
  lets me get the login screen and see the range of apps for me to run. I select one, the connectoid is downloaded correctly (in Chrome) and I click on the downloaded connectoid. 
  Unfortunately, rather than pursuing the sensible IP-address approach that I started with, the connectoid has been given the server's name on the LAN:  server.domain.local. Clearly, the client machine tries to look this up but DNS hasn't heard of
  it because it's a .local address. 
  I cannot be the only one to have come across this apparent oversight on Microsoft's part. Any ideas as to how this can sensibly be overcome? Obviously, I could put the IP address translation into every client's hosts file (and I've done this and shown it
  works) but I've got too many clients to mess about like this. Anybody know 'the Microsoft way' to fix this?
  Thank you for checking this out -- I am confident the details of the problem are completely specified in this query but, if I'm wrong, please ask.
  Many thanks again,
  Biffo

  Hi,
  I would like to suggest you to follow the checklist.
  Checklist: Make RemoteApp Programs Available from the Internet
  http://technet.microsoft.com/en-us/library/cc772415.aspx
  Thanks.
  Jeremy Wu
  TechNet Community Support

• DNS is incredibly slow on Lion 10.7.4 when connected to a .local domain

  Im running Lion 10.7.4 and am connected to a .local domain.    I've googled the problem and cant really work out if there is a fix or not.
  I am also running VMWare Fusion on the same machine with Windows 7.  neither Lion or Windows 7 are joined to the domain. The windows 7 VM browses the internet perfectly but lion is painfully slow.
  My IP's are DHCP assigned and the search domain is xxxx.local
  The VM is using bridged not NAT which is why the VM is perfming perfectly.
  I know its something to do with the .local but cant change the TLD here so need a fix. 
  PLEASE HELPPPP   

  Im using Chrome and it happens in Safari and Firefox too.  To be honest its not specifically web browsing.  DNS is just ridiculously slow when connected to a .local domain.

• "Sharepoint 2013" is giving error that prevents local domain users authentication for "Team Foundation Server"

  I am getting 2 errors through the event viewer that prevents TFS 2013 authentication for local domain users, also this error started appearing after having TFS upgraded to [ 12.0.30723.0 (Tfs2013.Update3) ].
  1st Error (from administrative events):
  The Execute method of job definition Microsoft.SharePoint.Administration.SPUsageImportJobDefinition (ID a51a0244-765d-433b-8502-0bb0540ad1fd) threw an exception. More information is included below.
  Access to the path 'C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\LOGS' is denied.
  Tried so far:-
  - changed the path to another folder from "Diagnostic Logging" in another drive, but still getting the same error.
  2nd Error (from application server):
  DistributedCOM error
  The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
  {000C101C-0000-0000-C000-000000000046}
   and APPID 
  {000C101C-0000-0000-C000-000000000046}
   to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
  Which I already got fixed using the following steps on a thread I opened before (but still getting the same error).
  https://social.technet.microsoft.com/Forums/windows/en-US/3896e35c-b99a-4d30-b662-f92d337c8d6f/windows-servers-components-services-and-regedit-permissions-are-grayed-out-for-my-admin-account?forum=winservergen
  Other Fixes I tried
  - Found on another topic that it is not sharepoint that is causing the problem, but it is the generated ASP.NET web pages used for testing is causing the memory to fill up due to cashing on RAM, the fix suggested to change IIS cashing from RAM to HD to prevent
  loading up using w3wp.exe from processes. 
  Concern
  - by checking other topics for people having the same problem, it was mentioned that this error appeared after the lastest TFS update, is there is a fix for it ?

  Hi Kpdn, 
  Thanks for your post.
  All your participation and support are very important to build such harmonious/ pleasant / learning environment for MSDN community.
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• .local domain and autodiscover issues

  I want to preface this by saying I am a new administrator.
  Our SSL cert recently expired, and since .local domains can no longer be on certs, were registered a CA cert with autodiscover.domain.com and mail.domain.com. This new cert was successfully applied, but whenever someones opens their e-mail they get a warning
  about the name on the server not matching the cert. I
  I'm pretty sure this is juts a few DNS records I need to update but I don't know which ones and really need some guidance.
  Thanks for your time.

  So what you are saying is that his current DNS for company.com (which his internal users use for external access) needs to be duplicated internally, then modified to support his internal email access?  I've set up many systems where internal DNS and
  external DNS hosted the same name, and it is far from simple as "a new zone takes less than a minute to create".  How do you handle internal access to external sites (which is currently working just fine with his external DNS)?
  To answer your question, my recommendation is that his internal clients use AutoDiscover to gain their internal settings. Keep in mind that while the Exchange server may be in the .local domain, the SMTP domain they host is a .com domain. And since his servers
  are in a domain, any domain-attached Outlook client will be able to access the mailbox successfully.
  Just create a new DNS record pointing to the external host.  Or get a new domain name that doesn't have external websites, then create a new DNS zone for that.
  Alright, so with your recommendation - he updates his clients to use Autodiscover, which they are likely already using, to gain internal settings.  And then what do you configure the internal URLs as?  
  For example - Autodiscover.
  You set the AutoDiscoverServiceInternalURI to servername.domain.local -> he still gets a cert prompt every time he opens Outlook.
  You set the AutoDiscoverServiceInternalURI to mail.domain.com to match the certificate -> Now ALL autodiscover requests from all clients are going out to the internet, then back into the Public VIP.  
  Same with EWS.  And this is assuming he's using RPC/TCP rather than HTTP.  So then he's either going to get prompts for cert every time he opens outlook and checks OOF or mailtips, or all internal clients are going to use the external VIP for Autodiscover
  and EWS. 

• Same user with administrative rights on all the servers in single domain versus domainadmin as a part of administrator group in all the servers

  same user with administrative rights on all the servers in single domain user as a part of administrator group in all the servers:
  same user is configured as administrator on all the servers in one domain at windows 2003 server. Should this user be made part of domain admin and then this can be set up in the group of administrator for all the servers.
  How this is technically different?
  If same user is set up as an administrator on all the servers in domain, will it have the same access on all the files as a domain admin user?
  dhomya

  If the account is not admin on the domaincontrollers and the account is not member of domain admins or any other privileged AD group, the account has only user privileges on AD and thus cannot perform actions like creating and managing  accounts,
  groups, OUs,policies, sites, ...in other words cannot potentially ruin Active Directory.
  I think that is a pretty big difference.
  In fact, it is bad practice to perform you daily server management with an AD privileged account.
  In regards of file access. The domain administrator will be just an admin, and thus has the privilies assigned to the local admin group, just as any other admin. But if it are different accounts they might be member of different groups assigning different
  privileges. Always be carefull when assuming resulting privileges will be the same.
  MCP/MCSA/MCTS/MCITP

• Migrate existing users from local domains to Open Directory.

  Here is the environment I'm working with:
  Small local environment (8-10) users. Everyone is on their own laptop, everyone is authenticating to their local directories. Network files are stored on a server, with everyone using a single shared user ID to authenticate and access the files.
  I have just installed a Xserve, and it is now serving DNS, DHCP, NTP, WWW. I want to setup Open Directory in Master mode, create user IDs for everyone, and then assign permissions to the shared files area.
  The one part that I'm not sure how to approach is the local laptops. If user "John Doe" has a local ID "jdoe" that he has been using on his local laptop, how does he migrate over to being "jdoe" in the OD domain, while reatining his "local" home directory and files? The problem I think I'll have is that when I create "jdoe" on the domain, he will have a UID of (say) 10001, but his local UID is 501 (as is the UID of all the other employees since they are all the first user on each of their respective laptops.) so when he logs back into his laptop after it has been attached to the OD domain, I assume that the laptop will see "jdoe" from the OD domain as a new user and create a new home for him (with the UID:10001), so now John cannot see any of his old files and such.
  Also, as a side question: I've worked with Windows ID before, and I know once you join a windows computer to a domain and then login to it, it creates a new user and caches the authentication info, so that when the laptop is not connected to the corporate network, the user can still login and work. Does Open Directory do the same on the laptops?
  Thanks for any help.

  Retaining password is a manual process of asking the user what his or her password is and then creating it in OD.
  As for migration of account, it is rather simple, provided the short name of the user remains consistent across directory systems. For example, if you have a user named Joe User and his short name is juser with a home folder in /Users/juser. And you create the same account in OD. You can do these few short actions.
  1: Bind system to the domain
  2: From the Admin account, and using Terminal from root, navigate to /var/db/dslocal/nodes/Default/users and find the plist file for the user (in our example, juser.plist).
  3: Delete the file using rm
  4: Restart the machine or restart Open Directory
  5: Log in as the admin user and change ownership of the users home folder. Recall that when the user is in the local domain, the UID was likely 502, 503, etc (you do have a standard local admin at 501 right?) Now that the user is in OD, the UID will be 4 digits, something like 1027. So understanding that user attributes and user data are independent, you now have a folder in /Users titled juser and owned by uid 50x. You need to make it owned by juser from the OD domain. User this:
  sudo chown -R juser /Users/juser
  6: Log out of the admin account
  7: Log in as the user after choosing Other at login window.
  Assuming you have your OD account set up properly, you will likely be asked to confirm the caching of the users credentials. This will path you right back into the user's home folder and all will be right with the world.
  This is simple and quick. If the shortnames are different, throw an mv into the mix to rename the home folder to match the domain shortname. If you have no local admin, then you will need to reset DSLocal and start again.

• RDS - .local domain and external users. Best way to get rid of SSL warnings

  I am evaluating MS RDS as a possible solution for a VDI implementation at the college I work for.  When we setup our AD years ago we set it up as a .local domain.  I am running into issues with the .local machine name on the connection broker for
  external users.  I know for internal domain systems we can setup the self signed .local cert as a trusted root cert to bypass the self signed untrusted warning  but for the bulk of our users which will be using systems external to our domain they
  will get the SSL warning about the self signed certificate when they try to connect to a remote app or a desktop.
  Initially I thought if I setup a local AD CA that we could setup a trust relationship with the SSL cert.  After further reading I believe that this would only work for systems internal to our domain and we would still have the issue with external devices.
  The other option would be to tell our users to click the box to never display the warning message again and to go on or to add the self signed cert to their trusted list.  Of course when ever you ask the user to do something there will be issues.  We
  have also found that in our testing that we can not seem to connect via the web portal with a macbook.  We get an error that there is a problem with the trust relationship with the server after we login and click on an app or a desktop to connect.  We
  have been able to connect with iOS devices.  
  We could of course rename the .local domain to a .edu domain which would permit us to use our wildcard certificate but that is a major undertaking that we don't want to cross at the moment.  I think I might have some up with a solution and wanted to
  bounce the idea off of those on this forum.
  If we setup a second domain on campus that is not a .local.  Join the non internet facing RDS systems to this new domain that would have a SSL cert that was trusted and then setup a full trust relationship between the two domains such that users and
  systems in one domain could communicate with the systems in the other domain would that remove the certificate warnings for external users?

  Hi AKlein,
  Initially I thought if I setup a local AD CA that we could setup a trust relationship with the SSL cert.  After further reading I believe that this would only work for systems internal to our domain and we would
  still have the issue with external devices.
  Just add the root CA certificate of the internal CA into Trusted Root Certification Authorities store on external clients manually (or through group policy if there is an external domain), then SSL certificate warning would be gone.
  We could of course rename the .local domain to a .edu domain which would permit us to use our wildcard certificate but that is a major undertaking that we don't want to cross at the moment.
  Yes, renaming domain is not recommended due to its complexity.
  If we setup a second domain on campus that is not a .local.  Join the non internet facing RDS systems to this new domain that would have a SSL cert that was trusted and then setup a full trust relationship between
  the two domains such that users and systems in one domain could communicate with the systems in the other domain would that remove the certificate warnings for external users?
  If you are setting up a new domain with two way trust, then root CA certificate of the internal CA still needs to be distributed manually (or through group policy). If you are setting up a child domain, then enterprise CA would be trusted within the same
  forest.
  As long as there are enough external users and devices to manage, an external private network exists and extra domain management tasks are acceptable, then setting up a new domain is a good choice since domain provides secure boundary.
  Or, you could just create a new site from the other network location, which saves you from creating a new domain, new users and trust.
  Best Regards,
  Amy
  Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]

• Selective IP filtering for multiple servers in a domain?

  Is it possible to have IP filtering on for certain servers in a
  domain, and not for others?
  This is the situation:
  I am deploying two servers in mydomain, so let's call it serverA
  and serverB. I want serverA to accept all connections while
  serverB accepts connections only from certain IPs. I know you
  can do IP filtering using SimpleConnectionFilter in the
  "Connection Filter" option in Security->General tab of the Admin
  console, but this turns on IP filtering for BOTH serverA and
  serverB! How do I turn it on for one, and not the other? Any
  help would be greatly appreciated. Thank you.
  Leon

  Hi,
  Yes you can have muliple servers in a domain. You can create as many managed
  servers as your hardware can handle. When you added the server, did you use the
  startManagedWebLogic.sh (or .cmd) script to start the server. Once you do that,
  you should see the server as running.
  Hope this helps,
  pat
  "MS" <[email protected]> wrote:
  >
  Hello All,
  Is it possible to have multiple servers in a domain?
  When I add a new server, the State is reported in the weblogic console
  as "UNKNOWN".
  What does this mean?
  rgds
  MS

• Can Ironport support 2 different servers within 1 domain?

  Hi All,
  The situation is:
  Our company's Ironport is using firmware AsyncOS 7.6 and currently is connected to Lotus Notes Server.
  However, we are now planning to add 1 more mail server - MS Exchange.
  The questions are:
  1. Is it possible to connect both Notes and Exchange with 1 domain only?
  2. If yes, can we set some filtering to seperate then the incoming email can fall into the designated server?
  3. How can we achieve connecting 2 different servers under 1 domain?
  Please give any other comments if you have. Thanks!!
  Thanks and Regards
  Krav

  Krav,
  You should be able to do this. However, a curious question, are you planning to migrate off of Lotus notes or is this going to be a permanent solution? Are the mailboxes for both mail servers going to be the same (maybe clustered).
  1. Yes, you can have multiple servers assigned to a domain, by specifying the ip address as an additional entry in SMTP routes.
  2. This may prove to be the big issue. There is no filtering mechanism that can distinguish lotus notes bound mail from exchange bound mail. For example; if you set both the servers with the same priority in SMTP routes they will round robin, meaning some mail will goto Lotus notes and other mail will goto Exchange. So if this is just to test, you can possibly use the priority option in the SMTP routes. However, this may also be more of a question as to whether you could cluster an Exchange and lotus notes server, which is beyond my understanding.
  3.In the SMTP Routes section click on the domain and add in the ip address of the other server. Be mindful that if you keep the priority the same, mail will round robin between the devices. However if you set the first device to 0 and the second device to 10, mail will primarily goto the device with the 0 priority. You will also need to specify the ip address of the second server in your HAT table, if you are using the Relaylist.

• Adding alternative FQDN for local domain.

  Hi,
  I'm trying to configure RDS for my standalone Windows Server 2012 Essentials and it's almost done.
  (Probablly) last thing i need to do is to change FQDN for my local domain to .com to use RDS externaly.
  So, like i said, i've done dyndns config, added ssl cert, configured RDWeb, RD Gateway, RD License and RD Broker.
  Now, when i'm logging into remote.mydomain.com/RDWeb , i can login with Active Directory credentials, get rdp i try login into server. But i can only try, becuase there is an error about wrong FQDN for server (know and not new error for anyone). So, what I
  had done was changing FQDN for my domain by this powershell script http://gallery.technet.microsoft.com/Change-published-FQDN-for-2a029b80 (if anyone had problems with digitally unsigned script, google for "Set-ExecutionPolicy Unrestricted"), in
  theory, this script changed FQDN, but in reality, i still have same problem trying to connect externally.
  I also read that i should add new DNS Zone for my .com domain and there add (A) record for my subdomain for remote desktop, that points to internal IP adress of my server. When i tried that, it was even worse because i couldn't even open RDWeb site. When that
  dns zone was deleted, everything came back to previous state.
  And now i'm here, out of ideas. Any suggestion what I did wrong? Maybe it was something with this DNS Zone for .com ? Maybe there should be Zone, but not normal one but "stub zone"?
  I would be happy for any suggestion.

  " suspect we may have a basic mis-understanding of what each of us is trying to say.  Let me try again. 
  There are (at least) three ways to reach a LAN computer from the internet with Essentials.  Remote Web Access, direct RDP and VPN.  There are also third party solutions, such as Go To My PC and Log Me In.  The third party type
  usually involve a subscription model with recurring charges, the others may involve a fee for SSL certificates, but they are (usually) much less expensive and do not rely on a third party."
  Yes, i can agree we difinitelly had problem with mis-uderstanding so, sorry for that. I was talking about direct RDP to my server because Anywhere Access is already configured (but remote desktop from there to server opened only Essential Dashboard, that's
  why i left this solution). Also, like i said, i'm aware of risks and i'll
  take responsibility for that.
  "Direct RDP is configured at the router and points the port (3389, but it can be changed) to the IP of the device you want to contact.  then, simply opening the RDP applet on your remote computer and typing in the public IP of the router/firewall
  will automatically connect you to the chosen computer.  This is a very high security risk and should be avoided when ever possible."
  Here is double facapalm for me - when you wrote about 3389 TCP port, i got enlightenment that i didn't do that (because i ealier tried to work on 443 with Anywhere Access and forgot about it), also information i got after tries to connect weren't usefull neither
  - because Windows gave me back information about wrong FQDN, i was strictly focused on that problem, but like we know now, problem was in much different place. When i opened that port, everything started to be like i wanted (i also find out, after testing
  RDP client from remoteapp in web menu that why i'm using this when i want to used direct RDP anyway). So much facepalm.
  Next thing for now will be different port then 3389 and in future, VPN instead of direct RDP.
  Anyway, really, thanks for help!