CUCM BoQ for 250 users

Similar Messages

• How to Automate to Add a Role for 250+ Users in One Shot ?

  Hi all,
    How can I add a Role 'X' for 250+ User in one shot. I could go to SU01 for each User and add a Role 'X' manually, but it will take at least more than two hours. Is there any automation to accomplish this task, PLEASE ?
  Thanks.

  Look at the How To paper on maintaining authorizations through flat file...
  <a href="https://www.sdn.sap.comhttp://www.sdn.sap.comhttp://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/1d8ea990-0201-0010-43b3-d13b83e2bf20">How to maintain authorizations through flat file</a>
  Hope this helps.

• 7 AP for 250 users in the building without Backbone

  Hello,
  We need connect 250 users wireless and more o less 7 AP to give cover in the building, but we don?t have a backbone wiring and need the same SSID.
  which product to be the best? or you think it?s better a backbone among AP?

  Lots more details are needed, along with a site survey.
  Is the building one floor, many floors? Construction materials? How many other wireless systems are "in the neighborhood"? Lots of radio noise, or an RF-quiet environment?
  *GENERALLY* you can probably / maybe use a dual-radio AP, like a 1241, where the clients are served on 2.4 (802.11g), and the 802.11a radios are used as a backbone channel.
  Because of backbone constraints, you'd probably limit your clients to some lower bandwidth (no more than 11 Mbps / 802.11b speeds).
  250 clients with 7 APs ... that's probably going to be a stretch. How many logged on at the same time? What kind of traffic? Any voice?
  Given the choice, a wired backbone will give you better performance ... do it if you can.
  You also have a choice of having all the APs be "stand-alone" (automomous) or using "lightweight" APs to a single central controller.
  You need on-site help; someone to do a solid site survey and make recommendations ... anything you get here are, at best, "a good guess," and will probably end up costing you more money and reputation.
  We're OK for ideas and clarification, but someone that knows what they're doing needs to put eyeballs to the location to make a realistic recommendation.
  Good Luck
  Scott

• CUCM Design for 3K user

  Dear All
  is Scenario#1 is valid to design 3K user CUCM cluster, or i Have to stick with Scenario#2? which one of those is recommended
  Scenario #1
  use 2 Primary CPE (Call processing engine) each have 2500 user ( in addition to 2:1 redundancy  for Secondary (Backup) CPE) ==> total will be 3 subscriber CPE, plus 1X2500 user ova for publisher ( any issue running 2500 ova as publisher for 3K user ? or this only affect number of devices).
  so as a total i should have 2 UCS server each run 2X2500 ova for HW sizing
  ===============
  Scenario #2
  use 1 Primary CPE (Call processing engine) have 7500 user ( in addition to 1:1 redundancy  for Secondary (Backup) CPE) ==> total will be 2 subscriber CPE
  plus 1X7500 user ova for publisher.
  so as a total i should have 2 UCS server one run 2X7500 ova  and one run 1X7500 ova for HW sizing.
  Last note according to SRND Publisher recommended to be the same size as other subscribers, but my question can we little deviate from Ova size limit like run 3K user using 2500 ova publisher? Any special consideration for TFTP?

  Thanks Marwan , but in this case
  1- i need 2 ova for CPE sub (1:1 redundancy) , 1 Pub , 1 as TFTP/MOH ==> so total of four VMs
  2 - just to understand any issue from design prospective using  2500 ova for two primary Sub , (and one 2500 Ova for Pub  keeping in mind 3K user), since if Distribute the users over the two 2500 ova primary CPE and use backup 2500 ova CPE (2:1 redundancy) i have an issue only if both primary CPE fails? is it right , but this can work
  3 - last things the Pub Ova is related to user size, i mean 2500 ova for Pub can handle Database for 3K user, any deep info about Pub Database capacity and related Ova size ??since we deviate little form Max number of user.
  Thanks
  Ahmad

• How many of licenses I should consider for 200-250 users?

  How many of licenses I should consider for 200-250 users?

  You should contact Adobe sales for your region. See Government and business software | Adobe Creative Cloud for enterprise and click the Enterprise link.

• Voice mail for one user with two extensions

  Environment:
  Cisco Unified CM Administration System version: 7.1.3.30000-1
  Cisco Unity Connection Administration Version 7.1.3.10000-68
  We have a user this year that will be wearing two hats and will have offices in two different locations. I have both extensions as a line on each phone. Now I just need to point both extensions to the same voicemail box or give the user two mail boxes. It seems that CM Administration only supports one voicemail box per user. I think it would be easier for the user to only have to check one mail box by having both extensions point to the same VM. How can I accomplish this?

  Hi Andy,
  Let's say the user has numbers 7005 & 8450 but we want only one mailbox
  @ 7005. There are a couple of ways to do this.
  In CUCM go to> Feature> Voicemail> Voicemail Profile and  create a new Profile called XXXX (whatever name you want) with a  Description called "XXXX username Mailbox" the Voice Mail Box Mask will be 7005> Save
  Then  via CUCM go to the Users Phones> under Directory Number Config for 8450> Voicemail Profile and change to XXXX (created previously in  above steps)>Update>Reset
  Now when a call routes via forward to Unity Connection it will reach the Mailbox @ 7005.
  Or in Unity Connection set up Alternate Extension so that 8450 is an Alternate Extension for 7005 etc.
  Cheers!
  Rob
  "I don't know how, I don't know when
  But you and I will meet again " 
  - Tom Petty

• How to block calls based ANI for individual user?

  I want to know how to block calls based on ANI for individual user in CUCM?  Lets say if the individual wants to block calls from certain number.
  Malicious call id - softkey will not work for our purpose.
  calls come to cucm via mgcp gateway.  cucm 9.x
  thanks,

  How to block calls has been asked hundreds, and hundreds of times at CSC, a simple search would have provided you with all the necesarry information. Please search before you ask
  https://supportforums.cisco.com/docs/DOC-19628
  HTH
  java
  if this helps, please rate
  www.cisco.com/go/pdihelpdesk

• Can I install Phone designer for all user?

  Hi
  I have phone designer application I install it on my PC but when I install it for anther user and give me error Unable to connected to server.
  Is there any parameters needs to check on CUCM?
  How many times can I install it?
  Thanks
  Kaff

  You can install it as many times as you want. Ensure that either the cluster-wide parameter or the device-specific parameter is set to allow phone personalization. After that, if it works for you it will work in general; don't forget to enter the CCMCIP server address in the client.

• NPS: Event 6274 - Network Policy Server discarded the request for a user

  Intermittently I will get desktop (wired) and laptop (wireless) computers experiencing issues with NPS (they drop off the network).
  Some computers are affected more than others, although they are identical hardware and based on a standard image.
  In the event log of the NPS servers I can see the following messages:
  Log Name:      Security
  Source:        Microsoft-Windows-Security-Auditing
  Date:          2/05/2014 8:47:58 a.m.
  Event ID:      6274
  Task Category: Network Policy Server
  Level:         Information
  Keywords:      Audit Failure
  User:          N/A
  Computer:      NT147.domain.local
  Description:
  Network Policy Server discarded the request for a user.Contact the Network Policy Server administrator for more information.User:
   Security ID:   NULL SID
   Account Name:   host/DPC0387.domain.local
   Account Domain:   DOMAIN
   Fully Qualified Account Name: DOMAIN\DPC0387$Client Machine:
   Security ID:   NULL SID
   Account Name:   -
   Fully Qualified Account Name: -
   OS-Version:   -
   Called Station Identifier:  3c-xx-xx-xx-xx-xx
   Calling Station Identifier:  00-xx-xx-xx-xx-xxNAS:
   NAS IPv4 Address:  10.nnn.nnn.nnn
   NAS IPv6 Address:  -
   NAS Identifier:   ND246
   NAS Port-Type:   Ethernet
   NAS Port:   71RADIUS Client:
   Client Friendly Name:  Network Device Management Subnet
   Client IP Address:   10.nnn.nnn.nnnAuthentication Details:
   Connection Request Policy Name: NAP 802.1X (Wired)
   Network Policy Name:  -
   Authentication Provider:  Windows
   Authentication Server:  NT147.domain.local
   Authentication Type:  -
   EAP Type:   -
   Account Session Identifier:  384F322E317838316564303034313030306230666632
   Reason Code:   1
   Reason:    An internal error occurred. Check the system event log for additional information.
  How do I debug when an internal error occurs but there is nothing in the system event log? Where else can I look?
  Here's the packet trace that matches the event log entry above:
  No.     Time        Source                Destination           Protocol Length Time from request Info
        1 0.000000    JuniperN_xx:xx:xx     Universa_xx:xx:xx     EAP      60                       Request, Identity
        2 2.470423    Universa_xx:xx:xx     Nearest               EAPOL    60                       Start
        3 2.472870    JuniperN_xx:xx:xx     Universa_xx:xx:xx     EAP      60                       Request, Identity
        4 2.539416    Universa_xx:xx:xx     Nearest               EAP      60                       Response, Identity
        5 2.544206    Universa_xx:xx:xx     Nearest               EAPOL    60                       Start
        6 2.548804    JuniperN_xx:xx:xx     Universa_xx:xx:xx     EAP      60                       Request, Identity
        7 2.550050    Universa_xx:xx:xx     Nearest               EAP      60                       Response, Identity
        8 2.552597    10.switch             10.NPS_Server         RADIUS   254                      Access-Request(1) (id=249, l=208)
        9 2.556043    10.NPS_Server         10.switch             RADIUS   136    0.003446000       Access-Challenge(11) (id=249, l=90)
       10 2.565876    JuniperN_xx:xx:xx     Universa_xx:xx:xx     EAP      60                       Request, Protected EAP (EAP-PEAP)
       11 2.569472    10.switch             10.NPS_Server         RADIUS   254                      Access-Request(1) (id=250, l=208)
       12 2.572566    10.NPS_Server         10.switch             RADIUS   136    0.003094000       Access-Challenge(11) (id=250, l=90)
       13 2.580254    Universa_xx:xx:xx     Nearest               TLSv1    123                      Client Hello
       14 2.586544    10.switch             10.NPS_Server         RADIUS   361                      Access-Request(1) (id=251, l=315)
       15 4.564841    Universa_xx:xx:xx     Nearest               EAPOL    60                       Start
       16 4.568530    JuniperN_xx:xx:xx     Universa_xx:xx:xx     EAP      60                       Request, Identity
       17 4.569876    Universa_xx:xx:xx     Nearest               EAP      60                       Response, Identity
       18 4.582263    10.switch             10.NPS_Server         RADIUS   254                      Access-Request(1) (id=252, l=208)
       19 4.586006    10.NPS_Server         10.switch             RADIUS   136    0.003743000       Access-Challenge(11) (id=252, l=90)
       20 4.591896    JuniperN_xx:xx:xx     Universa_xx:xx:xx     EAP      60                       Request, Protected EAP (EAP-PEAP)
       21 4.592692    Universa_xx:xx:xx     Nearest               TLSv1    123                      Client Hello
       22 4.599634    10.switch             10.NPS_Server         RADIUS   361                      Access-Request(1) (id=253, l=315)
       23 4.600887    10.NPS_Server         10.switch             IPv4     1518                     Fragmented IP protocol (proto=UDP 17, off=0, ID=07db)
       24 4.609920    JuniperN_xx:xx:xx     Universa_xx:xx:xx     TLSv1    1514                     Server Hello, Certificate, Certificate Request, Server Hello Done
       25 4.610516    Universa_xx:xx:xx     Nearest               EAP      60                       Response, Protected EAP (EAP-PEAP)
       26 4.617407    10.switch             10.NPS_Server         RADIUS   262                      Access-Request(1) (id=254, l=216)
       27 4.618352    10.NPS_Server         10.switch             RADIUS   288    0.000945000       Access-Challenge(11) (id=254, l=242)
       28 4.623650    JuniperN_xx:xx:xx     Universa_xx:xx:xx     TLSv1    176                      Server Hello, Certificate, Certificate Request, Server Hello Done
       29 4.643316    Universa_xx:xx:xx     Nearest               TLSv1    361                      Certificate, Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
       30 4.649607    10.switch             10.NPS_Server         RADIUS   601                      Access-Request(1) (id=255, l=555)
       31 4.656950    10.NPS_Server         10.switch             RADIUS   199    0.007343000       Access-Challenge(11) (id=255, l=153)
       32 4.662734    JuniperN_xx:xx:xx     Universa_xx:xx:xx     TLSv1    87                       Change Cipher Spec, Encrypted Handshake Message
       33 4.681106    Universa_xx:xx:xx     Nearest               EAP      60                       Response, Protected EAP (EAP-PEAP)
       34 4.788536    10.switch             10.NPS_Server         RADIUS   262                      Access-Request(1) (id=2, l=216)
       35 4.789735    10.NPS_Server         10.switch             RADIUS   173    0.001199000       Access-Challenge(11) (id=2, l=127)
       36 4.795723    JuniperN_xx:xx:xx     Universa_xx:xx:xx     TLSv1    61                       Application Data
       37 4.796372    Universa_xx:xx:xx     Nearest               TLSv1    93                       Application Data
       38 4.802368    10.switch             10.NPS_Server         RADIUS   331                      Access-Request(1) (id=3, l=285)
       39 4.803363    10.NPS_Server         10.switch             RADIUS   189    0.000995000       Access-Challenge(11) (id=3, l=143)
       40 4.808905    JuniperN_xx:xx:xx     Universa_xx:xx:xx     TLSv1    77                       Application Data
       41 4.809501    Universa_xx:xx:xx     Nearest               TLSv1    77                       Application Data
       42 4.817342    10.switch             10.NPS_Server         RADIUS   315                      Access-Request(1) (id=4, l=269)
       43 4.822986    10.NPS_Server         10.switch             RADIUS   189    0.005644000       Access-Challenge(11) (id=4, l=143)
       44 4.828973    JuniperN_xx:xx:xx     Universa_xx:xx:xx     TLSv1    77                       Application Data
       45 4.833318    Universa_xx:xx:xx     Nearest               TLSv1    829                      Application Data
       46 4.840610    10.switch             10.NPS_Server         RADIUS   1073                     Access-Request(1) (id=5, l=1027)
       47 4.845946    10.NPS_Server         10.switch             RADIUS   189    0.005336000       Access-Challenge(11) (id=5, l=143)
       48 4.850938    JuniperN_xx:xx:xx     Universa_xx:xx:xx     TLSv1    77                       Application Data
       49 4.907924    Universa_xx:xx:xx     Nearest               TLSv1    141                      Application Data
       50 4.913390    10.switch             10.NPS_Server         RADIUS   379                      Access-Request(1) (id=6, l=333)
       51 4.917535    10.NPS_Server         10.switch             RADIUS   221    0.004145000       Access-Challenge(11) (id=6, l=175)
       52 4.922877    JuniperN_xx:xx:xx     Universa_xx:xx:xx     TLSv1    109                      Application Data
       53 4.923472    Universa_xx:xx:xx     Nearest               TLSv1    61                       Application Data
       54 4.930319    10.switch             10.NPS_Server         RADIUS   299                      Access-Request(1) (id=7, l=253)
       55 4.937348    10.NPS_Server         10.switch             RADIUS   381    0.007029000       Access-Challenge(11) (id=7, l=335)
       56 4.942543    JuniperN_xx:xx:xx     Universa_xx:xx:xx     TLSv1    269                      Application Data
       57 4.944791    Universa_xx:xx:xx     Nearest               TLSv1    125                      Application Data
       58 4.951408    10.switch             10.NPS_Server         RADIUS   363                      Access-Request(1) (id=8, l=317)
       59 4.954022    10.NPS_Server         10.switch             RADIUS   355    0.002614000       Access-Accept(2) (id=8, l=309)
       60 4.981482    JuniperN_xx:xx:xx     Universa_xx:xx:xx     EAP      60                       Success
       61 32.590347   10.switch             10.NPS_Server         RADIUS   361                      Access-Request(1) (id=251, l=315)
       62 62.592420   10.switch             10.NPS_Server         RADIUS   361                      Access-Request(1) (id=251, l=315)
       63 92.595043   10.switch             10.NPS_Backup_Server  RADIUS   361                      Access-Request(1) (id=9, l=315)
       64 122.597856  10.switch             10.NPS_Backup_Server  RADIUS   361                      Access-Request(1) (id=9, l=315)
       65 152.600618  10.switch             10.NPS_Backup_Server  RADIUS   361                      Access-Request(1) (id=9, l=315)

  A belated thanks for your reply.
  Our environment doesn't have NPS accounting configured so that was easy to rule out.
  The mid-day drop outs have stopped after I added "set protocols dot1x authenticator no-mac-table-binding" to our Juniper switches (which prevents mac address aging from clearing the active dot1x client session).
  I believe the above error message occurs because the RADIUS session ID is rejected / ignored because of some quirks in the RADIUS standard.  At the start of a dot1x authentication request a RADIUS session ID is created.  For whatever reason the
  RADIUS/NAP server stops responding and the Juniper switch fails over to the backup RADIUS/NAP server configured.  The session ID is kept (per RADIUS standard) but the backup RADIUS/NAP server doesn't know about the session, so this event: "Network
  Policy Server discarded the request for a user." occurs.
  It would be nice to see a clearer error message "Invalid RADIUS session" or similar.
  There is a Microsoft guide on how to set up RADIUS/NAP servers in a highly available configuration - something to do with RADIUS proxy servers.
  It would be even nicer to see some kind of RADIUS session synchronisation between NAP servers... if it doesn't already exist?
  I am having the same exact issue you posted on here except I have Extreme Network switches. Some of my computers, various hardware, will randomly not authenticate during re-authentication. The switch says that it failed to contact the NPS server so then it
  switches to my backup server. The client has a random time on how long it waits to authenticate so sometimes I end up having the disable/re-enable the port they are connected to so that the session is started again. I see that you basically removed the option
  to force clients to re-authenticate Any downfall disabling that?. Any idea why the NPS server is no longer responding? Are you using Windows Server 2012?

• SNR License Issue. How Can I Disable SNR for all Users?

  Hi,
  I Have an issue with SNR on CUCM 10.5 and with assignement of license type
  I have a cluster with 400 users.
  200 users use ip phone 3905 and should be use an Essential License.
  When system check for assignement of license type , itassign a Basic License instead of an Essential License, because it see that users have SNR Enabled.
  All users in my system have SNR enabled, and I can not disable it. All my user have Enable Mobility unchecked, and all my phone have Device Mobility Off, but system however see SNR enable.
  How can i disable SNR for all users? This is a feature that client don't need.
  I dont' have a sufficent number of licenses for support all 3905 in Basic License.
  thanks for help.
  Andrea

  Well actually, Mobile Identity wouldn't apply to a 3905 unless those phones had another line on a Dual-Mode device like an iPhone or Android phone.  So unless you have either of those in your system you can scratch that idea.  Someone else may chime in here and try to help a bit more as RD/RDP are the main SNR culprits.

• Changing the default keyboard language for all users via command line

  I have about 250 computers, that I set the wrong default language on.
  I am hoping someone here can help me. I have 3 keyboard languages installed in my labs,
  En-English (United States)
  Fr-French (Canada)
  En-English (Canada)
  I'd like to make the Fr-French (Canada) the default keyboard language for all users that login I have tried the following xml but it's not working. I do not see the problem any help would be appreciated.
  I tried to run it by doing this
  control intl.cpl,, /f:"FR-DefaultKeyboard.xml"
  The following code below is called FR-DefaultKeyboard.xml file.
  <gs:GlobalizationServices xmlns:gs="urn:longhornGlobalizationUnattend">
  <!--User List-->
  <gs:UserList>
  <gs:User UserID="Current"/>
  </gs:UserList>
  <!--User Locale-->
  <gs:UserLocale>
  <gs:Locale Name="FR-CA" SetAsCurrent="true"/>
  </gs:UserLocale>
  </gs:GlobalizationServices>

  <gs:GlobalizationServices xmlns:gs="urn:longhornGlobalizationUnattend">
  <gs:UserList>
  <gs:User UserID="Current" CopySettingsToDefaultUserAcct="true" CopySettingsToSystemAcct="true"/>
  </gs:UserList>
  <gs:InputPreferences>
  <!--English US EN-->
  <gs:InputLanguageID Action="add" ID="0409:00000409" Default="false"/>
  <!--French CA CA FR-->
  <gs:InputLanguageID Action="add" ID="0c0c:00000c0c" Default="true"/>
  <!--English CA EN-->
  <gs:InputLanguageID Action="add" ID="1009:00001009" Default="false"/>
  </gs:InputPreferences>
  </gs:GlobalizationServices>
  This worked, thank you

• Dedicated analog POTS line for the user

  Hi Experts
  yesterday ....... i post the discussion about how i can reserve one analog telephone line for one of my user so whenever he make outgoing call his calls go through one particular analog line and never found busy tone .... in reply to my this query one guy tell me to use partitions and CSS ... my question is lets say if i create new partition name " test" and assign my user to this partition so he can only use it  whenever he makes PSTN dialing so his call goes through this partition and reached my GW but my GW have five different analog line's how GW came to know that the first line is reserved for all of the calls coming from this user which is assigned to this partition.
  i have CUCM 8.5 and GW is Cisco 2800 series ......... i dont want my user to dial any extra digit or PIN
  Regards
  Salman

  Hi,
  I assume that this is MGCP gateway
  Please, try to do the following to achieve your requirment:
  Create a partition named "TEST" and associate this partition with your all access CSS say XYZCSS
  Create a Route Group (TEST-RG) and add one of the five analog line which you want to isolate for this user. (analog line i.e. AALN/Sx/SUx/y@abc)
  Create a Route List (TEST-RL) and select the TEST-RG group.
  Create a Route Pattern (Pattern .!) select Route Partition "TEST", choose the Gateway/Route List "TEST-RL" ans save
  In gateway configuration for End-Point please select the Calling Search Space "XYZCSS" and the attendant DN will the user's DN
  Assign the users DN in TEST Route Partition and configure the CSS as XYZCSS (this CSS will have all the other partition to rreach internal user and including the TEST partition)
  Try by configuring as per the above suggestion, if you have any issue please quota me. This user will able to dial the digit directly without adding any prefix or extra digit.
  I hope this will help you or will drive you to right direction.
  Thanks
  Selvarathnam

• Can't exec /bin/sh for single user

  Hi,
  When I boot up my iMac G5 it sits on the gray screen with the apple and spinning "doing something" icon, and then goes to a terminal window telling me:
  "can't exec /bin/sh for single user: Input/output error"
  It started doing this last night after multiple beachball of death situations. Anyone have any ideas? Or is it time for this old machine to be put out to pasture?
  Thanks
  Mungo

  Hi Mungo,
  invalid key length is a serious issue that can sometimes be fixed by "heavy duty" utilites like DiskWarrior and Drive Genius.
  If you don't have enough room to re-install the OS, though, you have seriously overfilled it and they may not be able to deal with the problem either.
  You should always aim to keep at least 15% free space on the drive, preferably more. On my 250 Gig internal drive, for example, I see the beginning of stability and speed problems when I get down to below around 30 gigs of free space. It varies a bit depending on what you use your Mac for, but my own preference is to always aim for 50 Gigs free on this 250 Gig drive.
  You have to fix the "keys out of order" problem before you even think of re-installing the OS.
  The best solution is to reformat the drive. It is unlikely that it actually needs replacing. However I still think you should buy another drive, but an external one, if you don't have one already.
  My approach to your problem would be:
  1) Go and buy a nice big external firewire drive if you don't have one already (ideally at least twice the size of your internal).
  2) Install OSX on the external drive (You may want to partition it into two volumes first, keeping one partition to store a "cloned backup" of your internal and one for general usage, overflow storage, etc)
  3) Boot from the external HD and copy across your precious stuff from the internal drive to the external. (If you have created two partitions on the external you could use the excellent utility "SuperDuper" to "clone" the internal to the second partition - the one witout the OS installed on it)
  4) Reformat the internal drive, preferably using the single "zeroing" option.
  5) Re-install the OS and software on your internal drive
  6) Copy back your data (documents, music, movies etc) to your internal but make sure you leave plenty of free space on it. If you have a large music library , or lots of movies, for example, you might want to keep them on the external, rather than putting them back)
  7) From now on use one partition of your external drive for regular "cloned" backups of the internal and the other for general storage overflow etc.
  Cheers
  Rod

• Preference Panes - Install for all users, after the fact?

  Is there any way to get an already installed Pref Pane to install for all other users once it has been installed for the main account? I am hoping for a way that doesn't require uninstalling the current Pref Pane and reinstalling, some have settings I don;t wan't to lose for the main account.
  PowerMac G4 Dual 1.25, MacBook 1.83   Mac OS X (10.4.7)   2 Gb RAM : 250 Maxtor, 80 & 250 WD int. drives : Mighty Mouse : dual mon.

  Thanks for the reply.
  The app (Bamboo Dock) has installed in the root applications folder. When I'm logged in as the administrator I can see the proper icon in the apps folder and run it. however, when I log on as my son I can see the app but the icon is the default icon with the A and the pencil on and the app won't run.
  I didn't have a choice where to install and the app did not ask me if I wanted to install for all users.
  I was wondering if I could run the installer app from the terminal with sudo, then I would be giving the installer app the authority to write the receipt? I don't know if this would work or how to do it if it would.
  Stuart

• Getting mail authentication errors for outlook user sending mail

  When Outlook 2010 user attempts to use port 587 to send mail (to himself at this point), we see the following in the server logs:
  (User in question can attach to file shares on the same server just fine from his Windows laptop)
  Outlook config for outbound server is "port: 587, encryption TLS"
  When we connect, we get "connection interrupted by server"
  Tried other encryption methods - outlook 2010 states that server does not support the other methods (None, SSL)
  SMTPD Logs
  Jul 29 22:22:58 <servername>.l-n-l.com postfix/smtpd[2306]: connect from <Outlook Client Name>[<Outlook ClientAddr>]
  Jul 29 22:22:58 <servername>.l-n-l.com postfix/smtpd[2306]: error: validate response: error: Authentication server failed to complete the requested operation.
  Jul 29 22:22:58 <servername>.l-n-l.com postfix/smtpd[2306]: error: validate response: authentication failed for user=colin (method=DIGEST-MD5)
  Jul 29 22:22:58 <servername>.l-n-l.com postfix/master[1407]: warning: process /usr/libexec/postfix/smtpd pid 2306 killed by signal 6
  Jul 29 22:22:58 <servername>.l-n-l.com postfix/master[1407]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling
  Jul 29 22:24:12 <servername>.l-n-l.com postfix/smtpd[2270]: timeout after END-OF-MESSAGE from localhost[127.0.0.1]
  Jul 29 22:24:12 <servername>.l-n-l.com postfix/smtpd[2270]: disconnect from localhost[127.0.0.1]
  Meanwhile: Mac clients are able to connect to smptd submission port to send mail with no problems. Based on what the logs say, it appears that the Mac mail is using a different authentication mechanism.
  Client config for outbound server is "use custom port: 587, Use SSL:Checked, Authentication: MD5 Challenge-Response"
  Jul 29 22:19:12 <servername>.l-n-l.com postfix/smtpd[2261]: connect from <Mac Client Name>[<MacClientAddr>]
  Jul 29 22:19:12 <servername>.l-n-l.com postfix/smtpd[2261]: 721FCEC991: client=<Mac Client Name>[<MacClientAddr>], sasl_method=CRAM-MD5, sasl_username=<username>@l-n-l.com
  Jul 29 22:19:12 <servername>.l-n-l.com postfix/cleanup[2267]: 721FCEC991: message-id=<[email protected]>
  Jul 29 22:19:12 <servername>.l-n-l.com postfix/qmgr[1800]: 721FCEC991: from=<[email protected]>, size=573, nrcpt=1 (queue active)
  Jul 29 22:19:12 <servername>.l-n-l.compostfix/smtpd[2270]: connect from localhost[127.0.0.1]
  Jul 29 22:19:12 <servername>.l-n-l.com postfix/smtpd[2270]: E722AEC9A0: client=localhost[127.0.0.1]
  Jul 29 22:19:12 <servername>.l-n-l.com postfix/cleanup[2267]: E722AEC9A0: message-id=<[email protected]>
  Jul 29 22:19:12 <servername>.l-n-l.com postfix/qmgr[1800]: E722AEC9A0: from=<[email protected]>, size=994, nrcpt=1 (queue active)
  Jul 29 22:19:12 <servername>.l-n-l.com postfix/smtp[2268]: 721FCEC991: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.55, delays=0.06/0.01/0.01/0.48, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as E722AEC9A0)
  Jul 29 22:19:12 <servername>.l-n-l.com postfix/qmgr[1800]: 721FCEC991: removed
  Jul 29 22:19:13 <servername>.l-n-l.com postfix/pipe[2273]: E722AEC9A0: to=<[email protected]>, relay=dovecot, delay=0.13, delays=0/0.01/0/0.12, dsn=2.0.0, status=sent (delivered via dovecot service)
  Jul 29 22:19:13 <servername>.l-n-l.com postfix/qmgr[1800]: E722AEC9A0: removed
  Jul 29 22:20:12 <servername>.l-n-l.com postfix/smtpd[2261]: disconnect from <Mac Client Name>[<MacClientAddr>]
  Running OS X 10.8.4 with Server 2.2.1.
  Any thoughts on what I need to do to make OSX Server mail play nice with Outlook over the submission port?
  Thanks in advance!!

  Ok - so I think I have it almost all sussed. So for all 3 of you who might be reading this, here is what is going on.
  1) As I expected, this has nothing to do with the FQDN/Outlook problem. I actually rejoiced when I finally got far enough to have that problem with my Outlook 2007 and 2010 clients. And I don't like the recommended fix for that either. There is another way - more on that in a minute.
  2) This problem was all about authentication methods. At present, I have OS X Mail Server set for plain text and APOP only. I will be working to fix this soon - but at present I am unable to find any other combination that permits both Mac Mail and Outlook clients to authenticate properly. Mac Mail wants to use CRAM-MD5 by default. Outlook is so incompatible with CRAM-MD5 that even when there are other authentication methods available on the mail server, if CRAM-MD5 is selected on the Server then Outlook fails miserably no matter how you configure the Outlook client. Caveat: this is my own observation and I still have some experimenting to do. If you know otherwise (or can confirm more definitively), then please speak up!
  So here is the working configuration at present:
     A) Mail Server authentication set to Custom with PlainText and APOP selected, all others blank.
     B) Firewall permits inbound from ports 25 (for mail from "outside"), 587 (submission for authenticated users, TLS) 993 (SSL IMAP), and 995 (SSL POP).
     C) Mac POP Clients:
        i) For retrieval (POP) In advanced settings, use Port 995, Check "Use SSL", Select APOP for authentication.
        ii) For submission (SMTP) : Set port 587 (only), Set Authentication to "Password"
      D) Outlook 2007,2010,2013 clients
         i) For retrieval (POP), Set "Require secure logon using SPA"
        ii) In "More Settings/Outgoing Server" set it to require authentication with same credentials as inbound
       iii) In "More Settings/Advanced"
           a) Turn on Encryption for the POP3, this should change the port to 995 automatically. If it does not, fix that too.
           b) Set outgoing server to 587
           c) Set TLS for the encryption type (nothing else will work here)
  Once you do 2.A, 2.B, 2.D, you will THEN, finally encounter the FQDN problem.
  3) So Apple and a lot of folks here in the forums resolve the FQDN problem by removing one of the restrictions:
      Remove "reject_non_fqdn_helo_hostname" from "smtpd_helo_restrictions" in your postfix main.cf file.
  I have at least 2 problems with this:
     A) It removes yet another little bit of security from the setup
     B) It involves non-GUI changes to the config...which is dangerous if you use the GUI, as changes within the GUI will often result in overwrites to your changes outside the GUI. So you can easily lose this fix without being aware of it until one of your Outlook users starts screaming.
  The problem is really with Outlook and Windows not sending the FQDN in the first place. So how about we force them to do that instead? It turns out not to be too hard. I found a thread somewhere that goes into this and it works. Further, the solution remains on through reboots AND also can be made part of an automated deployment of a standard config. The only gotcha is you have to edit the registry...so you have to be careful. You only need to do this ONCE though, and the two entries are easy to find.
    C) Under HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/services/Tcpip/Parameters
         i) Set Hostname to the FQDN of your host (replace HOST with HOST.domain.com - or .net, or whatever)
        ii) Set NV Hostname to the FQDN of your host
        iii) Close Regedit and Reboot to have the changes take effect
  Once you do this, the FQDN problem for Outlook users goes away.
  So I am looking for suggestions to make the SMTP submission more secure. Aside from that, things are working - and I have had to make ZERO changes to config files outside of the Server GUI - a plus as far as I am concerned.