CUP 8.6.4 Calendar Presence integration - Authentication failure on server

Similar Messages

• Email authentication failure, password/server settings NOT changed

  Scenario: I've been using Thunderbird for years now to connect to Verizon and download my email.  Server settings have always been:
  POP3
  incoming.verizon.net port 110
  connection security none
  authentication method encrypted password
  SMTP
  outgoing.verizon.net port 25
  connection security none
  authentication method password, transmitted insecurely (oops)
  Suddenly when I try to get my email, it stops and tells me there's an authentication failure.  I've seen this happen before with Verizon when a server is down or messed up or whatever (pretty poor message for a service interruption, but whatev).  So I decided to wait it out, but when it didn't clear up after several hours, went to the website where I was able to log in (huh?) and decided to change my password for the hell of it.  Guess what?  New password doesn't work in the email client.  Quelle surprise. 
  Sooo, I find THIS page (https://www22.verizon.com/Support/Residential/internet/highspeed/email/setup+and+use/questionsone/86...) which tells me a lot of malarkey about server settings.  I tried changing the incoming to their recommended settings, and it looks like there's no server communications a-tall.
  Can someone tell me what's amiss, and while you're at it, tell me where in a just and well-ordered universe a service provider changes server settings without notifying users well in advance?  Extra points for creativity.

  These are the new settings and they do work in Thunderbird.
  Mail server settings
  Incoming mail server (POP3)        pop.verizon.net       
  Incoming Server Port Numbers: 995
  Outgoing mail server  (SMTP)       smtp.verizon.net
  Outgoing Server Port Numbers: 465 
  Connection security:   SSL/TLS      for POP & SMTP
  The change you are probably missing as it wasn't on that page:
  Make sure your Authentication method is set to  "Normal password"  for  POP & SMTP

• Mail Server Relay Authentication Failure in Server Admin

  I need to set up Mail Server to relay through my ISP.  I know that I can authenticate to smtp.comcast.net:587 using my account and TLS usnig a mail client.
  However, when I use Server Admin to configure my server's SMTP to send all outgoing email through this relay (Server Admin>Mail>Settings>General>
  Rely outgoing mail through host: smtp.comcast.net:587
           Authenticate to rely with user name: user
  I get the SMTP error:
  SASL authentication failed: cannot authenticate to server smtp.comcast.net[76.96.62.117]: no mechanism available
  There are no toggles on Server Admin to specify TLS or SSL or anything for authentication.
  Does anyone know how to tell Server Admin how to authenticate an SMTP relay to smtp.comcast.net using TLS, which is apparently what comcast expects?

  Wow, this is an obscure solution, but it works. According to this thread, the problem is that:
  Although Comcast advertises "AUTH LOGIN PLAIN", the Postfix SASL library won't do plain text auth by default. It needs to be told it's okay with:
  smtp_sasl_security_options = noanonymous
  Solution:
  $ su -
  $ cd /etc/postfix
  $ cp main.cf main.cf.no_smtp_sasl_security_options
  $ echo 'smtp_sasl_security_options = noanonymous' >> ./main.cf
  $ serveradmin stop mail
  $ serveradmin start mail
  I'm not sure how often /etc/postfix/main.cf is overwritten, but presumably this happens every time you change and save Mail settings in Server Admin, so you must redo these steps every time you change the Mail server if you want to use smtp.comcast.net as your mail relay.
  AAPL, would you please add a toggle to handle this in Server Admin?

• Integrating CUPS with Exchange for Calendaring

  Hi,
  I have a query about the certificates work when integrating CUPS and Exchange for calendaring information.
  I have a front-end exchange server with OWA installed and this is the one I'll use to connect CUPS to.  However, the exchange server can only have one certificate and this certificate has the external name of the server - ie.  owa.domain.com
  Obviously my CUPS server will be connecting to the server internally but the internal name of the server is exchange.domain.local which doesn't match the certificate name therefore will give an error.
  How do we get CUPS to accept the external certificate when connecting to the internal side of the server.
  THanks,
  Neil

  We had the same problem, we ended up creating an internal DNS entry that used the external name to allow it to function correctly. 

• Windows Integrated Authentication on an ABAP data source

  Dear Experts,
  I have to implement Windows Integrated Authentication in my portal. By using Kerberos & SPNEGO, we can implement very easily if portal user id & windows (ADS) user id is same. But my scenario is windows id & portal id is different & data source is already configured as ABAP. Can you suggest me how we can achieve this requirement.
  Regards,
  VENU

  Hi,
  isnt the property krb5principalname used to define the mapping of the user ID when you cannot use the AD standard samaccountname?
  I think that the mapped user ID (as provided by krb5principalname) must be identically with the ABAP userID. When the ABAP user ID isn't present in the LDAP information, SSO won't be possible. Somehow he needs to publish the ABAP user ID into the AD.
  SAP Help:
  http://help.sap.com/SAPHELP_NW70EHP1/helpdata/EN/43/4c363ac31e30f3e10000000a11466f/frameset.htm
  http://help.sap.com/SAPHELP_NW70EHP1/helpdata/EN/43/4c3725aeaf30b4e10000000a11466f/frameset.htm
  br,
  Tobais

• Adobe PDF/Acroforms & Digital signatures/Integrity/Authentication/Non repudiation

  Hi folks,
  I have been investigation the feasibility of using PDF as a customer-facing data collection mechanism, starting with Acroforms for a pilot, initially at least (we may consider XFA/Livecycle in a later phase).
  I've got a demo application up and running using the FDF toolkit, presenting PDF forms to the web user, collecting and processing/storing the collected data etc.
  My question is around how this process can be secured.
  (Q1) (This may be strictly a web dev question, please ignore if considered not relevant here) : If the web application communicates over HTTPS, then the conversation between client & server is secure (encrypted at least, so that others cant sniff the content?) - but it does not necessarily authenticate the end user to the server?
  (Q2) If we wish to ensure that the FDF data Submitted from the PDF form (via submit button to an ASP.NET url) is (a) known to be authentic from a particular known user, and (b) signed in some way to be non-repudiatable ... how can be do this with FDF ? If we re-generate a flat PDF document from the data they entered, is there any digital signature mechanism that can be employed for the public end-user to "sign" the PDF document in a manner that ensure Integrity/Authentication/Non repudiation ?
  any pointers to Adobe or Third party toolkits, products etc. ?
  best regards & thanks,
  Aidan.

  Q1. That's right. But if the form includes fields for a username/password, this could be sent along with the rest of the data and used to authenticate the user. Or you could use other common means, but as you said, this has nothing to do with Acrobat.
  Q2. FDF can contain digital signature data. So the form would have to contain a signature field and the user would have to sign it. Assuming a self-signed signature, it's up to you whether to trust such a signature. The signed PDF is constructed from the original PDF that was served by concatenating the appended saves contained in the FDF. You can then validate the signature.
  George

• SSRS and SharePoint Integration Authentication Issue

  We recently turned on SSRS for our SharePoint 2010 Test Environment.  We are using an account that has rights to SharePoint as a site collection administrator, the feature is enabled on the site collection and site level, it has access to the SQL instance
  to pull the reports.  The report config file specifies NTLM authentication.  It acts as if it will configure and goes through the SP Central Administration steps successfully.  When I try to deploy a report, I receive the following error:
  Exception encountered for SOAP method GetSystemProperties: System.Net.WebException: The request failed with HTTP status 401: Unauthorized.     at Microsoft.SqlServer.ReportingServices2010.RSConnection2010.SetConnectionProtocol()    
  at Microsoft.SqlServer.ReportingServices2010.RSConnection2010.SoapMethodWrapper`1.ExecuteMethod(Boolean setConnectionProtocol) 1afe9dfd-9846-4194-bddf-fcb0ded634be
  06/14/2012 15:37:43.03  w3wp.exe (0x1E78)                        0x1754 SQL Server Reporting Services  SOAP Client Proxy            
   0000 High     Exception encountered for SOAP method GetSystemProperties: System.Net.WebException: The request failed with HTTP status 401: Unauthorized.     at Microsoft.SqlServer.ReportingServices2010.RSConnection2010.SetCo
  If I turn on trusted accounts, it works, but then it argues when the report loads because our reports use windows integrated authentication.  We would prefer to have windows integrated authentication to control who can see reports by their
  login name.  Any ideas?  I feel like I have exhausted options.

  Can you please elaborate on how to avoid using Kerberos and use the Secure Store to access our external SQL data? In our test environment, we have SharePoint 2013 Ent, SQL 2012 Ent. I am trying to use PowerView to access a Direct Query data model created
  in SSAS tabular mode. My connection from SharePoint to the model is successful but fails with a reporting service error:
  Cannot create a connection to data source 'EntityDataSource'.
  <detail><ErrorCode xmlns="rsErrorOpeningConnection</ErrorCode><HttpStatus">http://www.microsoft.com/sql/reportingservices">rsErrorOpeningConnection</ErrorCode><HttpStatus xmlns="400</HttpStatus><Message">http://www.microsoft.com/sql/reportingservices">400</HttpStatus><Message
  xmlns="Cannot">http://www.microsoft.com/sql/reportingservices">Cannot create a connection to data source 'EntityDataSource'.</Message><HelpLink xmlns="http://go.microsoft.com/fwlink/?LinkId=20476&EvtSrc=Microsoft.ReportingServices.Diagnostics.Utilities.ErrorStrings&EvtID=rsErrorOpeningConnection&ProdName=Microsoft%20SQL%20Server%20Reporting%20Services&ProdVer=11.0.3000.0</HelpLink><ProductName">http://www.microsoft.com/sql/reportingservices">http://go.microsoft.com/fwlink/?LinkId=20476&amp;EvtSrc=Microsoft.ReportingServices.Diagnostics.Utilities.ErrorStrings&amp;EvtID=rsErrorOpeningConnection&amp;ProdName=Microsoft%20SQL%20Server%20Reporting%20Services&amp;ProdVer=11.0.3000.0</HelpLink><ProductName
  xmlns="Microsoft">http://www.microsoft.com/sql/reportingservices">Microsoft SQL Server Reporting Services</ProductName><ProductVersion xmlns="11.0.3000.0</ProductVersion><ProductLocaleId">http://www.microsoft.com/sql/reportingservices">11.0.3000.0</ProductVersion><ProductLocaleId
  xmlns="1033</ProductLocaleId><OperatingSystem">http://www.microsoft.com/sql/reportingservices">1033</ProductLocaleId><OperatingSystem xmlns="OsIndependent</OperatingSystem><CountryLocaleId">http://www.microsoft.com/sql/reportingservices">OsIndependent</OperatingSystem><CountryLocaleId
  xmlns="1033</CountryLocaleId><MoreInformation">http://www.microsoft.com/sql/reportingservices">1033</CountryLocaleId><MoreInformation xmlns="<Source>Microsoft.ReportingServices.ProcessingCore</Source><Message">http://www.microsoft.com/sql/reportingservices"><Source>Microsoft.ReportingServices.ProcessingCore</Source><Message
  msrs:ErrorCode="rsErrorOpeningConnection" msrs:HelpLink="http://go.microsoft.com/fwlink/?LinkId=20476&amp;EvtSrc=Microsoft.ReportingServices.Diagnostics.Utilities.ErrorStrings&amp;EvtID=rsErrorOpeningConnection&amp;ProdName=Microsoft%20SQL%20Server%20Reporting%20Services&amp;ProdVer=11.0.3000.0"
  xmlns:msrs="Cannot">http://www.microsoft.com/sql/reportingservices">Cannot create a connection to data source 'EntityDataSource'.</Message><MoreInformation><Source>Microsoft.AnalysisServices.AdomdClient</Source><Message></Message><MoreInformation><Source>mscorlib</Source><Message>Access
  is denied.
  </Message></MoreInformation></MoreInformation></MoreInformation><Warnings xmlns="http://www.microsoft.com/sql/reportingservices" /></detail>

• The driver is not configured for integrated authentication

  my code is :
  String connectionUrl = "jdbc:sqlserver://169.254.35.45:1486;" +
  "databaseName=ipec;"+"integratedSecurity=true";
  Connection con = null;
  Statement stmt = null;
  try
  // Establish the connection to the principal server.
  Class.forName("com.microsoft.sqlserver.jdbc.SQLServerDriver");
  System.out.println("driver loaded");
  con = DriverManager.getConnection(conne ctionUrl);
  System.out.println("Connected to the principal server.");
  but this throws an SQL exception that : Driver is not configured for integrated authentication.
  I've placed the sqljdbc_auth.dll in
  catalina_root/common/lib where the driver jar file is placed....
  but its still givin the same error............
  replies are welcomed.............
  thank you,
  shibhs

  shibhs wrote:
  but this throws an SQL exception that : Driver is not configured for integrated authentication.
  I've placed the sqljdbc_auth.dll in
  catalina_root/common/lib where the driver jar file is placed....
  but its still givin the same error...........I know this is an old message but I have just had the same problem and it seemed to mean that the driver couldn't find the auth dll. When I put in the windows\system32 directory, the integrated authentication worked fine.
  Rgrds
  Peter
  Edited by: P_Tootill on Jul 3, 2008 3:26 AM

• Error with integrated authentication (sql server)

  Hi,
  I need to connect Lumira 1.23 with sql server instances (of sql 2008 and 2012). In this case I need to use windows users and it seems there is a problem with the integrated authentication.
  In some blogs and articles I have seen that the sqljdbc_auth.dll file has to be copied in one or more folder but I haven't clear this point.
  Can anybody help to fix the problem?
  Thanks in advance.
  Regards.

  I am very new to SQL Server and I am trying to access sql server from my .net web application. The environment is Windows 8 and SQL Server  2012 
  I have tried some of the blog solutions but could not open SQL Server Configuration tool in windows 8.
  Hi Sraven,
  According to your description, SQL Server Configuration Manager is a snap-in for the Microsoft Management Console program and not a stand-alone program, SQL Server Configuration Manager not does not appear as an application when running Windows
  8. To open SQL Server Configuration Manager, in the Search charm, under
  Apps, type SQLServerManager11.msc (for SQL Server 2012) or
  SQLServerManager10.msc for (SQL Server 2008), and then press Enter.
  In addition, there is a similar issue about connect .NET4.0 C# application to SQL Server 2012 database, you can review the following article.
  http://visualstudiomagazine.com/articles/2013/11/01/hooking-aspnet-apps-into-sql-server-2012.aspx
  Regards,
  Sofiya Li
  If you have any feedback on our support, please click here.
  Sofiya Li
  TechNet Community Support

• WebLogic 10gR3 and Windows Integrated Authentication

  Hi:
  I have an intranet web application running on WebLogic 10gR3 and would like to make use of the Windows Integrated Authentication (SSO, SPNEGO, Active Directory) so that the intranet users don't have to log in to access the web application.
  In weblogic, I've managed to create an ActiveDirectoryAuthenticator and can see all the users and groups from Active Directly. Also created a NegotiateIdentityAsserter with both WWW-Authenticate.Negotiate and Authorization.Negotiate options.
  When I set the web.xml login-config to BASIC, the browser shows the login dialog and authentication happens through AD. I've changed the login-config to CLIENT_CERT as suggested by the documentation:
  <login-config>
       <auth-method>CLIENT-CERT</auth-method>
  </login-config>but I'm getting the following error:
  Error 401--Unauthorized
  From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
  10.4.2 401 Unauthorized
  The request requires user authentication. The response MUST include a
  WWW-Authenticate header field (section 14.46) containing a challenge
  applicable to the requested resource. The client MAY repeat the request
  with a suitable Authorization header field (section 14.8). If the request
  already included Authorization credentials, then the 401 response indicates
  that authorization has been refused for those credentials. If the 401
  response contains the same challenge as the prior response, and the user
  agent has already attempted authentication at least once, then the user
  SHOULD be presented the entity that was given in the response, since
  that entity MAY include relevant diagnostic information. HTTP access
  authentication is explained in section 11.Help is highly appreciated
  Albert
  Edited by: albertattard on Jul 13, 2009 3:40 PM
  Edited by: albertattard on Jul 13, 2009 3:42 PM

  Hi:
  I have an intranet web application running on WebLogic 10gR3 and would like to make use of the Windows Integrated Authentication (SSO, SPNEGO, Active Directory) so that the intranet users don't have to log in to access the web application.
  In weblogic, I've managed to create an ActiveDirectoryAuthenticator and can see all the users and groups from Active Directly. Also created a NegotiateIdentityAsserter with both WWW-Authenticate.Negotiate and Authorization.Negotiate options.
  When I set the web.xml login-config to BASIC, the browser shows the login dialog and authentication happens through AD. I've changed the login-config to CLIENT_CERT as suggested by the documentation:
  <login-config>
       <auth-method>CLIENT-CERT</auth-method>
  </login-config>but I'm getting the following error:
  Error 401--Unauthorized
  From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
  10.4.2 401 Unauthorized
  The request requires user authentication. The response MUST include a
  WWW-Authenticate header field (section 14.46) containing a challenge
  applicable to the requested resource. The client MAY repeat the request
  with a suitable Authorization header field (section 14.8). If the request
  already included Authorization credentials, then the 401 response indicates
  that authorization has been refused for those credentials. If the 401
  response contains the same challenge as the prior response, and the user
  agent has already attempted authentication at least once, then the user
  SHOULD be presented the entity that was given in the response, since
  that entity MAY include relevant diagnostic information. HTTP access
  authentication is explained in section 11.Help is highly appreciated
  Albert
  Edited by: albertattard on Jul 13, 2009 3:40 PM
  Edited by: albertattard on Jul 13, 2009 3:42 PM

• Only one UPN suffix works with OAM plugin for RSA-integrated Authentication

  Only one UPN suffix works with OAM plugin for RSA-integrated Authentication while others give "CredentialsRejected" error
  =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-
  Has anyone seen this before and might know the answer? Any suggestions? Thanks!
  I have setup an OAM authentication scheme that uses a custom plugin to use RSA ACE server - all pretty much exactly as it is outlined in the chapter called "Integrating the RSA SecurID Authentication Plug-in" in Oracle Access Manager Integration Guide. Here's the problem:
  Everything works fine when I use a particular UPN suffix to login to the RSA Securid Login form that is presented, eg. [email protected], but if I create another user that uses a different UPN suffix as defined in Active Directory, (eg. [email protected]), the credentials are rejected. This happens before the secuirid.pl script even gets a chance to run. After hitting "POST" the user is present with the same login screen he was just at, as expected during an authentication failure.
  More info:
  - I have performed successful anonymous ldap queries for both users in Active Directory using LDP. Both users exist in the same domain and in the same OU. If I change the UPN (in AD and the RSA database) to something different from the "good" one, on either user, it fails. If I change the UPN to the "good one" on either user (in AD and the RSA database) it works.
  - if I test users with either the "good" or the "bad" UPN via the RSA agent tester that sits on the OAM box, both of them show as authenticating successfully. However, it doesn't work for the "bad" UPN when I try to access via a web browser on a remote client (but does work with the "Good" UPN)
  - I am not using SSL in any of this yet, it's all http://
  - yes, I already got rid of the "-w" parameter in the first line of the perl script, as per the "login can fail if the Login Attribute Contains an "@" Character in Integration Guide Troubleshooting section
  - here's an example of the settings in rsa securid authentication scheme:
  action:/OracleAccessManager/securid-cgi/securid.pl
  form:/OracleAccessManager/securid-forms-adforest/securid-std-login.html
  creds:login password domain newpin newpin2
  passthrough:yes
  authn_securid fullformdir="C:\apache\Apache2\htdocs/OracleAccessManager/securid-forms-adforest/",machine="MyComputer.mydomain.com:80"
  credential_mapping obMappingBase="%domain%",obMappingFilter="(&(objectclass=user)(userPrincipalName=%login%))"
  Environment:
  OAM 7.0.4.3
  RSA Ace Server 5.2
  Windows 2003 domain with multiple UPNs defined in Active Direcory Domains and Trusts
  Error as seen in the oblog.log for the webgate on the server that holds the RSA login pages and perl script:
  Message^A plugin for the authentication scheme SecurID Authentication has denied authentication for credentials ([email protected]
  password=(omitted) domain=dc=ourdomain,dc=com newpin= newpin2= Resource=/OracleAccessManager/securid-cgi/securid.pl RequesterIP=10.250.1.2 Operation=POST).
  ReqReq^POST /OracleAccessManager/securid-cgi/securid.pl HTTP/1.1 ReqProto^HTTP/1.1 ReqHost^www.MyComputer.mydomain.com. ReqStatLine^
  ReqStatus^200 ReqRawUri^/OracleAccessManager/securid-cgi/securid.pl ReqUri^/OracleAccessManager/securid-cgi/securid.pl
  ReqFilename^C:/apache/Apache2/htdocs/OracleAccessManager/securid-cgi/securid.pl ReqPath^ ReqArgs^
  2009/07/13@15:19:49.665000 45688 46472 AUTHENTICATION ERROR 0x00001515
  \Oblix\coreid\palantir\webgate\src\authentication_event_handler.cpp:1361 "Authentication failed" HTTPStatus^401
  authenticationSchemeName^SecurID Authentication AuthenticationStatus^majorCode = 11[CredentialsRejected], minorCode = 47[AuthnPluginDenied],
  StatusMsg = , GSN = 0, needInfo = NONE Creds^[email protected] password=(omitted) domain=dc=ourdomain,dc=com newpin= newpin2=
  Resource=/OracleAccessManager/securid-cgi/securid.pl RequesterIP=10.250.1.2 Operation=POST
  Only error seen in log produced by the RSA agent that sits on the Access server:
  [20804] 12:27:08.915 File:ACNETSUB.C Line:326 # CheckServerAddress: server 0 detected from address 10.250.88.100
  [20804] 12:27:08.915 File:udpmsg.c Line:968 # Entering decrypts_ok_legacy()
  [20804] 12:27:08.915 File:udpmsg.c Line:999 # decrypts_ok_legacy: decrypt() wpcode1 failed; wpcode0 next ***********
  [20804] 12:27:08.915 File:udpmsg.c Line:1089 # Leaving decrypts_ok_legacy(), result=1
  [20804] 12:27:08.915 File:ACEXPORT.C Line:820 # Entering AceGetUserData()
  [20804] 12:27:08.915 File:ACEXPORT.C Line:833 # Leaving AceGetUserData() return: ACE_SUCCESS
  [20804] 12:27:08.915 File:ACEXPORT.C Line:579 # Entering AceGetAuthenticationStatus()
  [20804] 12:27:08.915 File:ACEXPORT.C Line:592 # Leaving AceGetAuthenticationStatus() return: ACE_SUCCESS

  What are the logs you see at the ACE server end? You can try passing an additional parameter debug="true" to the authn_securid plug-in - it should generate some more logs at the access server - I think in apps\common\bin.
  Also does "ReqHost^www.MyComputer.mydomain.com" look right in the logs?
  -Vinod

• JavaMail Exchange Server Windows Integrated Authentication

  I need to send an email using Java Mail by Exchange Server that uses Windows Integrated Authentication.
  Is it possible? If so how?
  (I read some old posts and I get some info but I have to sure is it possible or not just sending mail)

  Hi, jeff81.
  I had same problem with Win2003 server. Try this:
  Start -> Settings -> Control Panel -> Administrative Tools -> Services
  then select "PROPERTIES/LOGON" for necessary service.
  Change "Local System account" to your user account.
  Make sure that user account have necessary grants.
  ps. sorry my poor english :(

• Exchange 2013 CU1 Outlook Web App LogOff with Basic or Windows Integrated Authentication

  Hi all,
  Exchange 2013 CU1 has a new OWA LogOff behaviour when Basic or Windows Integrated Authentication is configured. When clicking the LogOff Button you receive the message "Close All your Browser Windows.." but OWA does not sign out. This is not the
  case when using Formbased Authentication...
  The problem in our case is the OWA publishing over the Internet via TMG. When publishing via TMG, only Basic and NTLM authentication is supported. This means you have to change the Authentication for the OWA Virtual Directory to basic or Windows Integrated.
  OK so far, now we can use the TMG Authentication Form. but... TMG is not able to Catch the OWA LogOff. So we will still receive "Close all your Browser Settings.." and no log out from OWA.
  It is a known issue that TMG cannot catch the OWA Logoff with the Exchange 2013 CU1 Release..So my Question:
  Does anyone get that "Real LogOut" fixed via TMG or directly on the CAS Server for Exchange 2013 CU1?
  I know another possibility is to activate Form Based Authentication on the CAS Servers and external users directly authenticate against the CAS Server without pre-authentication at TMG Level, but this of course does not provide the highest security
  we can have.

  Hi SLShare,
  As far as I know, if there is no TMG involved, with Exchange 2013 when the user signs out of mail, the authentication tokens are cleared and the user will be presented with the
  Login Screen.  There will not be a need to click on "Close Window" or any other pop ups that may appear.
  Therefore, you may ask the TMG forum about this question and see whether there are still some other workaround we can temporary bypass this issue. For your convenience:
  Forefront TMG and ISA Server Forum - TechNet - Microsoft
  http://social.technet.microsoft.com/Forums/forefront/en-US/home?forum=Forefrontedgegeneral
  Thanks,
  If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Simon Wu
  TechNet Community Support

• IE Integrated authentication not working with Windows 2003 clients

  Hi,
  I have a website on a windows 2008 R2 server on IIS. It is accessible through the Windows 7/windows 2008 internet explorers with integrated authentication. when the same user logged in a windows 2003 server and try to open this site, popping up the username/password
  prompt. Even if giving the right username/pw, it doesnt accept.
  IE integrated authentication is enabled in the client. Is there any restriction in windows 2003/xp clients to use integrated authentication on a site published in IIS7 over a windows 2008?
  Thanks for any help.

  This may help
  http://forums.iis.net/t/1167697.aspx?Making+Windows+Authentication+work+on+IIS7+it+worked+on+IIS6
  Generally www.iis.net is a good place for solving similar task and problems.
  Regards
  Milos

• ODAC integrated authentication

  Hello all,
  I've been searching for several hours to see if I can nail down a solution to a problem I've been having -- any help is much appreciated.
  I've installed ODAC (full install, all components) with xcopy onto a dev box that I'm working on. I'm trying to get integrated windows authentication working with this install, but I've had no luck at all.
  What I heard in various places was that I needed sqlnet.authentication_services=(nts) within my sqlnet.ora file. Well unfortunately said file doesn't exist in my install, since I believe I'm dealing with an install that doesn't have an oracle home to begin with. Is there anything that can be done here? Anyone with some more insight into this?
  Thanks,
  Aaron

  Hi,
  When we configure integrated authentication we have to configure high availability. Performance is very important.
  In theory, LDAP query to login is execute once per session, but, what happens when LDAP fails?
  If you have configured more than one LDAP server there are several parameters you must set to have a good performance.
  Refer to the following page:
  http://help.sap.com/saphelp_ep60sp2/helpdata/en/89/ed92be4e414f86ab8ac040010d5396/frameset.htm
  Please check the integrity of following parameters and set it
  addecuately:
  - ume.ldap.access.action_retrial
  - ume.ldap.access.default_switch
  - ume.ldap.connection_pool (all values)
  For details please check the following pages:
  http://help.sap.com/saphelp_ep60sp2/helpdata/en/2c/39b5b40066c84daf46250900b04178/content.htm
  http://help.sap.com/saphelp_ep60sp2/helpdata/en/63/14f5b51a6eff429f2d8b2063400e82/content.htm
  You can also check the following SAP Note: 829965
  Hope this help you,
  Damian