Dealing with resolving internal URLs externally in a non-split DNS scenario
Hi all -
I submitted this yesterday under a different banner but thought I'd try this forum as well.
I have a client who wishes to have internal URLs resolvable from outside the network and they do not have split DNS. He scenario is this:
UserA sends a link to UserB in an email. Internally the URL is MySIte.Acme.int. UserB picks up the email on his mobile device whilst travelling and wants to gain access to it. However the external namespace of the company is
Acme.com. Obviously the link will not resolve outside of the corporate network.
So far I have received recommendations for using a VPN, however this is not an option for them. In a past life I seem to recall something about alternate access mappings (or something like that) and wondered if this was the way to do make the links
resolvable. And, if so, if someone could point me to a good article on how to implement this it would be much appreciated.
Alternatively I was wondering if there is some magic that can be done with URL rewrites or an edge device like UAG or TMG.
Any guidance or suggestions would be greatly appreciated!
Kind regards,
Wren
What I would do is create a new internal DNS zone named Acme.com, create an A record of "mysite" pointing to the IP currently used by mysite.acme.int, and then simply add AAMs (or better yet, replace AAMs as the AAM the user is coming in on is
what will be reflected in that email).
http://blogs.msdn.com/b/sharepoint_strategery/archive/2013/05/25/alternate-access-mappings-explained.aspx
https://technet.microsoft.com/en-us/library/cc263208.aspx
URLRewrite won't work because the Acme.int domain is not resolvable on the Public Internet.
So the plan of action should be:
Go to Central Admin -> Delete -> select Remove SharePoint from IIS Web Site, and then choose the option to Delete the IIS web site. Change the AAM for the Web Application under Application Management -> Configure Alternate Access Mappings. Click
Edit Public URLs, choose the Web Application hosting mysite.acme.int, and then change the Default Zone AAM to https://mysite.acme.com. Go back to Manage Web Applications, highlight the Web Application (you'll see the new AAM reflected here), then click on
Extend. Create a new IIS site, change the port number (likely 443) with the appropriate host header (mysite.acme.com), select Use SSL, then click OK.
So a couple of caveats:
1) All SharePoint servers hosting this Web Application must have the SSL certificate matching mysite.acme.com prior to re-extending it.
2) If you have any hard coded URLs (e.g. to images) on any SharePoint site within mysite.acme.com, you'll break their links and you will need to manually reconfigure them.
3) If you've made any manual changes to the web.config, you will need to recreate those changes. It might be a good idea to grab a copy of the web.config for that Web Application (IIS Site) before deleting the site.
4) Use SSL! You do not want to send NTLM in the clear over the public Internet. It can be easily intercepted and decrypted.
Hope that helps.
Trevor Seward
Follow or contact me at...
  
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.
Similar Messages
-
Cisco ISE with both internal and External RADIUS Server
Hi
I have ISE 1.2 , I configured it as management monitor and PSN and it work fine
I would like to know if I can integrate an external radius server and work with both internal and External RADIUS Server simultanously
So some computer (groupe_A in active directory ) will continu to made radius authentication on the ISE internal radius and other computer (groupe_B in active directory) will made radius authentication on an external radius server
I will like to know if it is possible to configure it and how I can do it ?
Thanks in advance for your help
Regards
BlaiseCisco ISE can function both as a RADIUS server and as a RADIUS proxy server. When it acts as a proxy server, Cisco ISE receives authentication and accounting requests from the network access server (NAS) and forwards them to the external RADIUS server. Cisco ISE accepts the results of the requests and returns them to the NAS.
Cisco ISE can simultaneously act as a proxy server to multiple external RADIUS servers. You can use the external RADIUS servers that you configure here in RADIUS server sequences. The External RADIUS Server page lists all the external RADIUS servers that you have defined in Cisco ISE. You can use the filter option to search for specific RADIUS servers based on the name or description, or both. In both simple and rule-based authentication policies, you can use the RADIUS server sequences to proxy the requests to a RADIUS server.
The RADIUS server sequence strips the domain name from the RADIUS-Username attribute for RADIUS authentications. This domain stripping is not applicable for EAP authentications, which use the EAP-Identity attribute. The RADIUS proxy server obtains the username from the RADIUS-Username attribute and strips it from the character that you specify when you configure the RADIUS server sequence. For EAP authentications, the RADIUS proxy server obtains the username from the EAP-Identity attribute. EAP authentications that use the RADIUS server sequence will succeed only if the EAP-Identity and RADIUS-Username values are the same. -
SiteMinder integration with the internal and external facing portals
Hi ,
We are in development phase for SiteMinder integration with the internal and external facing portals.The proposed dual authentication scheme which requires both SiteMinder for External facing portal (EFP) and LDAP for Internal portal .is it possible?
and is it possible to main to diff LDAP directories one is external users and one is for internal users.?
If you maintain 2 diff(external & internal) LDAP Directories in Siteminder Policy Server what about external users which are not exit in portal data source .
I appreciate if anyone can help me for my above query .
Regards
TagHey Tag,
We do have a physical external Portal and a physical internal portal. The both the external and internal are connected to 2 LDAP directories.
For example the External Portal is connected to the Employee LDAP Direcotry and the Customer LDAP Directory. The Internal Portal is connected to the US Employee LDAP Direcotry and the EMEA LDAP Directory.
So each one of them is connected to 2 different LDAP Directories.
I believe that the Siteminder Policy is setup such that the Internal portal has a policy and the External portal has a seperate policy on the same Siteminder Server. Then each of the Policies is configured to connect to the approiate LDAP Directories.
You have to maintain the LDAP Directory information in both the portal and Siteminder Policy Server. It is required in the policy server so that it can authenticate the user and it is required in the Portal server so that it can authorize the user and display content based on thier assigned roles.
Hope that helps.
Regards,
Keith -
Lync Implementation with different internal and external domain sync
Hello Experts,
Having Windows 2012r2 with Lync 2013 frontend and Edge 2012 server on Win2012. Internal domain name is test.local and Internet domain name is : tgroup.com. Internally all the clients are able to sync with frontend
server using [email protected] or [email protected] Internal CA and External Digicert works fine. But only problem is with external clients who want to communicate through edge server.
Edge server has 3 LAN ip address (nat with public IP), 10.10.10.2, 10.10.10.3, 10.10.10.4 and another Internal network interface which has ip 10.10.20.3
which uses that to communicate with front-end.
How to achieve this ? We dont have reverse proxy configured and we have only two servers.
Regards, Ganesh, MCTS, MCP, ITILV2 This posting is provided with no warranties and confers no rights. Please remember to click Mark as Answer and Vote as Helpful on posts that help you. This can be beneficial to other community members reading the thread.The reverse proxy is used to publish URL's like the meet and dialin url, the address book url and the lync mobile client (smart phones and tablets) urls. This doesn't impact the external desktop user access as thats via the edge server. There is more to
it than that but for the sake of keeping this simple lets stick to that for now.
As far as SIP domains go. Think of your Lync users as having a SIP address similar to email addresses. You wouldn't have a user with an internal email address but with a different external email address. In fact best practice is to have the Lync SIP address
match the email address.
My reccomendation is to use the ttgoup.com as a sip domain and not the test.local
Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
Lync Sorted blog -
ILife with both internal and external hard drives?
I've been considering switching from a homebrew, multi-boot desktop to a MacBook for my primary computer, in part so I can hang out with my family in the living room rather than be exiled to the home office when I want to compute.
But here's my concern: I have media. We have about 50 GB of iTunes; maybe 30 GB of iPhoto; and tons and tons of digital video that would be stored in iMovie. Obviously the libraries are all interlinked. And it's all growing. I also like to rip DVDs and re-encode them for my iPod and AppleTV. Right now, my desktop has 480 GB of internal storage and that's just about enough.
I have discovered that the MacBook only comes with an option up to 250 GB. I absolutely need AppleCare, so I can't get an aftermarket hard drive. (All my Macs break - this one from the office that I'm on right now has a bum DVD drive, and my wife's has needed both fan and logic board replacements.)
While I'm aware of the existence of external hard drives, I'm concerned about Apple's non-external-hard-drive-friendly way of storing iLife data. If I wanted to keep more recent or useful music and photos on the internal drive but older stuff on an external, and still be able to use iLife seamlessly, would that be possible? (I see myself editing recent video in the living room, but then hooking back into the external HD in the office if I need older stuff.)
What solutions are out there for integrating data stores on both internal and external hard drives into an iLifestyle?
Thanks!Sascha Segan1 wrote:
.. What solutions are out there for integrating data stores on both internal and external hard drives into an iLifestyle?
all iApps (iPhoto, iTunes, iM08) support usage of external drives as 'mass storage' devices.. you can tell all apps which drive to use for the Libraries.. there some tools out there, which even allow the usage of 2/many different Libraries in iTunes/iPhoto..
for iM in detail: the Projects are small files, and should stay internal (allthough I'm discribing a 'hack' on my site: http://karsten.schluter.googlepages.com/im08tricks Project Library (and Events) on External Harddrive); the Events (=GBs) could be located on as much ext. HDDs as you want..
but ...
all iApps are single-user .. you can NOT 'share' Libraries to 2/many different users; the idea of a 'media server' which hosts/shares all kind of data to all kind of users is not 'on concept' of iLife .. -
Dealing with Small internal macbook pro hard drive
I'm a bit behind on the newest technology. I'm looking at getting a new macbook pro retina and will prob have either the 128 or 256 gig internal drive. Seems like not a lot of space. So my question is, is it feasible to put entire programs on an external drive?
Can I say, put photoshop or final cut pro x completely on an external USB 3.0 drive, or will these programs run too slow? Do programs like these need to be installed on the internal drive, with the large files on an external drive?
Or is this possible with maybe a thunderbolt external drive? Thanks.i'm running into the same predicament myself. i got the 256gb retina and it's already almost full (only 6gb available). my iphoto library alone is 200gb. i've spent almost 2 days consolidating photos into what stays on the retina and what goes on the external. i'm thinking i should have just got the 512gb and called it a day.
2 days to save $600, and i'm still done consolidating. as for your original question, i don't think you can put a program on the external, it must reside where the OS is.
which brings up a question, how big is the actual program anyway? it can't be THAT big, compared to the files it loads. why not just put the program on the internal, and the large files on the external? -
Help dealing with Firewall, and URL Services
All,
We have recently installed the PDK URL Services for Portal to help
fulfill a requirement to enable Single Sign-On to access web sites
outside our client's network. We have hit a snag though, in that the
client has in place a firewall that challenges the browser at each
request to access an outside site. URL Services does not seem equipped
to handle these extra challenges in addition to the Single Sign-On
Username and Password requirements.
Has anyone dealt effectively with this problem? Is there an effective
remedy or technique using SSO /URL Services providers that will allow
this to take place? Can we more effectively use the built in proxy
services to help us with this?
We are currently using the latest URL Services download under Portal
3.0.9.8.2 on Solaris.
Thanks in advance for any help on this, our need is urgent, and time is
short.
Stuart DautrichStuart,
I guess you're currently in touch with the appropriate people for this issue now.
It would be great if you share your experience and tips with other users too.
Thanks,
Mohana -
Ex2010 -Probem with sending internal and external e-mail
Hi
In night we have a problem with time sync on VMWare Host so our Exchange Environment stopped working. Edge server (Ex 2010 SP3 full update) stopped transfer e-mails to mailbox server (Ex 2010 SP3 full update). After time synchronization e-mails were
treansfered to mailbox server. Users was able to send e-mail inside and outside but after 20-40 minutes users cannot send e-mails - between themselves and outside.
I don't see any e-mails in mailbox queues or using get-messagetrackinlog. I sent e-mail to our test e-mail mailbox on gmail and outlook.com. They wrere not be delivered by mailbox server. I can't find it using get-messagetrackinglog or in mailbox qeue.
What was happen? How to solve this problem?Hi,
Please disable 3rd party AVs for a little while as Ed mentioned.
Also check whether there is any related error message in App Log.
Thanks
Mavis Huang
TechNet Community Support -
I've got my Rdweb accessible on both my internal and external network by using split dns locally to resolve the external url (remote.domain.com/rdweb) to resolve and everything works fine. However users don't want to use the rdweb interface (as it is slower
than just clicking on a rdp shortcut.
Following the notes at http://social.technet.microsoft.com/wiki/contents/articles/14488.distribution-of-remote-apps-and-desktops-in-windows-server-2012.aspx - I've tried to set up the webfeed on a Win7+ machine but when I enter the external url that
is protected by an SSL cert the eventlog shows that the internal address is being used and it doesn't match the certificate. - "There is a problem with this connection's security certificate.
The remote computer cannot be authenticated due to problems with its security certificate.
Security certificate problems might indicate an attempt to fool you or intercept data you send to the remote computer.
Windows cannot continue setting up this connection. Contact your workplace administrator for assistance.
Connection name:
Connection URL: https://internalservername/rdweb/feed/webfeed.aspx
How do I set the servers to use the external address rather than the internal one - i'm assuming it's similar to exchange's
Set-webservicesvirtualdirectory command but I can't find the equivalent command documented anywhere.
http://absoblogginlutely.netHi,
Thank you for posting in Windows Server Forum.
Please check below mention point.
• Create a relevant DNS entry in the mentioned zone to point to the RDS environment’s internal IP address
• Create a relevant DNS entry in external DNS to point to the firewall which is publishing RDS’s external IP address
• You can use the below mention script to change the FQDN of the RDP files provided by RD Web Access / RemoteApp and Desktop connection feed.
Change published FQDN for Server 2012 or 2012 R2 RDS Deployment
http://gallery.technet.microsoft.com/Change-published-FQDN-for-2a029b80
In addition please check below mention thread.
How do I change the URL to the Remote Web Access server in Windows Server 2012?
http://social.technet.microsoft.com/Forums/windowsserver/en-US/67dfab70-7e10-4e0b-a3c8-63ce776f2355/how-do-i-change-the-url-to-the-remote-web-access-server-in-windows-server-2012?forum=winserverTS
Apart from this, also check the settings under; IIS in RDWeb Server as per below mention path.
Expand the default Website >Pages >Application Settings >DefaultTSGateway >
Enter the external address (FQDN) of the RD Gateway in the Value Field.
Hope it helps!
Thanks,
Dharmesh -
Internal and external switches on server 2012 r2
this is driving me nuts.
I have a vm with an internal and external switch.
I am trying to get backups to route to the host machine using the internal switch only.
I've gone all over priorities and the routes are all fine but the data will constantly go over the external switch.
If i disable external switch traffic goes over internal switch just fine.
I've read about the automatic detection of least cost routing on the internal switch but just can not get it to run correctly.
please help
DougAll settings below.
backup traffic should run from 192.168.200.4 > 192.168.200.2 over internal NIC
VM Settings
Ethernet adapter Ethernet 3:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter #3
Physical Address. . . . . . . . . : 00-15-5D-37-0E-04
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.200.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.240
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter
Physical Address. . . . . . . . . : 00-15-5D-37-0E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.100.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.100.1
DNS Servers . . . . . . . . . . . : 192.168.100.3
NetBIOS over Tcpip. . . . . . . . : Enabled
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.100.1 192.168.100.4 261
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.100.0 255.255.255.0 On-link 192.168.100.4 261
192.168.100.4 255.255.255.255 On-link 192.168.100.4 261
192.168.100.255 255.255.255.255 On-link 192.168.100.4 261
192.168.200.0 255.255.255.240 On-link 192.168.200.4 276
192.168.200.4 255.255.255.255 On-link 192.168.200.4 276
192.168.200.15 255.255.255.255 On-link 192.168.200.4 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.100.4 261
224.0.0.0 240.0.0.0 On-link 192.168.200.4 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.100.4 261
255.255.255.255 255.255.255.255 On-link 192.168.200.4 276
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.100.1 Default
===========================================================================
HOST Settings
Ethernet adapter vEthernet (Internal-NIC):
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #2
Physical Address. . . . . . . . . : 00-15-5D-37-0E-02
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::744b:bbc1:e067:5592%48(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.200.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.240
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 805311837
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-15-79-97-A0-D3-C1-05-24-BF
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Ethernet Host:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP Ethernet 1Gb 4-port 331FLR Adapter #4
Physical Address. . . . . . . . . : A0-D3-C1-05-24-BF
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::3412:1255:61dc:3e3c%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.100.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.100.1
DHCPv6 IAID . . . . . . . . . . . : 211866561
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-15-79-97-A0-D3-C1-05-24-BF
DNS Servers . . . . . . . . . . . : 8.8.8.8
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Ethernet Host:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP Ethernet 1Gb 4-port 331FLR Adapter #4
Physical Address. . . . . . . . . : A0-D3-C1-05-24-BF
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::3412:1255:61dc:3e3c%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.100.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.100.1
DHCPv6 IAID . . . . . . . . . . . : 211866561
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-15-79-97-A0-D3-C1-05-24-BF
DNS Servers . . . . . . . . . . . : 8.8.8.8
NetBIOS over Tcpip. . . . . . . . : Enabled
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.100.1 192.168.100.2 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.45.46 276
169.254.45.46 255.255.255.255 On-link 169.254.45.46 276
169.254.255.255 255.255.255.255 On-link 169.254.45.46 276
192.168.100.0 255.255.255.0 On-link 192.168.100.2 276
192.168.100.2 255.255.255.255 On-link 192.168.100.2 276
192.168.100.255 255.255.255.255 On-link 192.168.100.2 276
192.168.200.0 255.255.255.240 On-link 192.168.200.2 261
192.168.200.2 255.255.255.255 On-link 192.168.200.2 261
192.168.200.15 255.255.255.255 On-link 192.168.200.2 261
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.45.46 276
224.0.0.0 240.0.0.0 On-link 192.168.100.2 276
224.0.0.0 240.0.0.0 On-link 192.168.200.2 261
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.45.46 276
255.255.255.255 255.255.255.255 On-link 192.168.100.2 276
255.255.255.255 255.255.255.255 On-link 192.168.200.2 261
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.100.1 Default
Doug Hardy -
Microsoft !!! please remove stuff which your top specialists are incapable of deploying them so they avoid dealing with them !!!
have someone deploy SSTP VPN scenario completely ? have you encountered "revocation server offline" annoying error?
have you read microsoft defective chapters which are about PKI & ADCS in MCITP & MCSE books ?
have you read Brian comar books ? have you seen deficiencies in his book ?
we are network trainers. in all killing problem we encounter in PKI scenarios, you don't find any useful thing in MS books. seems they themselves avoid dealing with them because maybe they themselves know thay themselves are unable to deploy what themselves
have been created & delivered.
if you don't believe, begin to deploy the following simple scenario & lok how you will end in the damn error " revocation server offline...."
i have been working on this problem for months but still no result. start deploy it yourself to find what i say.
i have done any suggestion & workaround you may think, so please first deploy it yourself & then if you get result & deployed all steps & it worked, tell me.
before starting any task, first read my previous threat to find out more:
revocation server offlineThe way how you ask questions here, how do you expect to get any help here?
Vadims Podāns, aka PowerShell CryptoGuy
My weblog: en-us.sysadmins.lv
PowerShell PKI Module: pspki.codeplex.com
PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
Check out new: SSL Certificate Verifier
Check out new:
PowerShell File Checksum Integrity Verifier tool.
do you have dare to test it ? do you have dare to deploy such simple scenario & you will end up in damn " revocation function offline " message.
don't forget that i need to deploy that without deploying OCSP. i want to deploy that by configuring CDP extension of issued certificates.
i have tested any suggestion you may give me. i have spend months on this. damn with windows operation system , such a pure code ! -
Unable to activate internal and external urls at the same time
Hi,
We have Configured EBS R12 in DMZ setup as described in Figure F-9 of metalink note 380490.1 ,Option 2.4: Using Reverse Proxy with no External Web Tier.
refering to 726953.1 Case History: Implementing a Reverse Proxy Alone in the DMZ Configuration - R12.
but Not able to activate internal and external urls at the same time in this configuration. Only the node where last autoconfig was run getting activated as web node.
When trying to accees the url of the other node it gets redirected to the url (where autoconfig is last run).and for this error observed is Error Code:502 Proxy Error.The specified Secure Sockets Layer (SSL) port is not allowed.(12204).
For both external and internal services are UP.opmn status is live no error.
Using Apache as reverse proxy.
EXTERNAL Reverse proxy settings:
s_login_page http://LONWEB01.process.com:81/OA_HTML/AppsLogin
<TIER_DB oa_var="s_isDB">NO</TIER_DB>
<TIER_ADMIN oa_var="s_isAdmin">NO</TIER_ADMIN>
<TIER_WEB oa_var="s_isWeb">YES</TIER_WEB>
<TIER_FORMS oa_var="s_isForms">YES</TIER_FORMS>
<TIER_NODE oa_var="s_isConc">NO</TIER_NODE>
<TIER_FORMSDEV oa_var="s_isFormsDev">YES</TIER_FORMSDEV>
<TIER_NODEDEV oa_var="s_isConcDev">NO</TIER_NODEDEV>
<TIER_WEBDEV oa_var="s_isWebDev">YES</TIER_WEBDEV>
INTERNAL Middle Tier settings:
s_login_page http://stprojapp01.test.com:8005/OA_HTML/AppsLogin
<TIER_DB oa_var="s_isDB">NO</TIER_DB>
<TIER_ADMIN oa_var="s_isAdmin">YES</TIER_ADMIN>
<TIER_WEB oa_var="s_isWeb">YES</TIER_WEB>
<TIER_FORMS oa_var="s_isForms">YES</TIER_FORMS>
<TIER_NODE oa_var="s_isConc">YES</TIER_NODE>
<TIER_FORMSDEV oa_var="s_isFormsDev">YES</TIER_FORMSDEV>
<TIER_NODEDEV oa_var="s_isConcDev">YES</TIER_NODEDEV>
<TIER_WEBDEV oa_var="s_isWebDev">YES</TIER_WEBDEV>
Are we missing anything....
Thanks & RegardsHi,
Finally it's resolved...Following is the solution thought to share in the forum:
The configuration of the E-Business Suite environment for DMZ requires profile options hierarchy type to be set
to SERVRESP.
To change the profile options hierarchy type values to SERVRESP, execute the following SQL script as
shown below:
sqlplus / @/patch/115/sql/txkChangeProfH.sql SERVRESP
After successfully completing the above sql script, run Autoconfig in all nodes to complete the profile options configuration.
It's resolved after doing this.. -
iTunes randomly stops playing purchases that have previously viewed on the same hardware. It has an error message about HD. How can this issue be resolved? What information is available besides the "learn more" option that does not deal with the problem?
Many people have the same problem. However, there is little or nothing readily available to users. This problem has existed for two or more years. Does anyone have anything to offer about this disturbing problem?Thanks for the suggestion kcell. I've tried both versions
9.0.115 and 9.0.124 and both fail with the policy permission error.
I also tried with and without your crossdomain.xml file but
with the same result. It looks like this file is intended for URL
policy, instead of socket policy. Recently Adobe separated the two.
When I run with the files installed on my dev PC, it does
work, which makes sense because the flash player isn't loaded from
an unknown domain.
I did get one step closer. If a crossdomain.xml in the server
root exists and the socketpolicy file is loaded from the app folder
then the first two warnings disappear. The logs now show:
OK: Root-level SWF loaded:
https://192.168.2.5/trunk/myapp.swf
OK: Policy file accepted: https://192.168.2.5/crossdomain.xml
OK: Policy file accepted:
https://192.168.2.5/trunk/socketpolicy.xml
Warning: Timeout on xmlsocket://192.168.2.5:843 (at 3
seconds) while waiting for socket policy file. This should not
cause any problems, but see
http://www.adobe.com/go/strict_policy_files
for an explanation.
Warning: [strict] Ignoring policy file with incorrect syntax:
xmlsocket://192.168.2.5:993
Error: Request for resource at xmlsocket://192.168.2.5:993 by
requestor from https://192.168.2.5/trunk/myapp.swf is denied due to
lack of policy file permissions.
Which basically says, everything is okay, but you stay out
anyway.
PS: I found the XML schema files here:
http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security_02.html
and the socket policy schema:
http://www.adobe.com/xml/schemas/PolicyFileSocket.xsd.
UPDATE: When serving up the policy file on port 843 using the
example perl script then the socket connection seems to be accepted
and the connect succeeds. After that flex hangs trying to logon to
the IMAP server. -
Single URL for internal and external CRM access when using IFD
Hello,
At one of our client site I have setup IFD on CRM 2011. This IFD is behind TMG. My client is a big corporation therefore all CRM components including CRM, ADFS and SQL are on separate servers.
I have configured IFD using single url https://orgname.contoso.com Their IT staff wants to know why can't they use single URL for internal and external access where internal users are nto prompted for authentication
when logging on to the CRM server. I know you can do URL re-write in ADFS but they want to know the reason "why internal users can't use the same IFD URL and don't get prompted for their credentials". Text below is from their IT staff.There are several approaches to your question. You need to set up both an internal and an external relying party trust. If you use the external URL, it will always direct you to the signin page, if you use the internal URL, it will resolve you single
sign on.
I've configured IFD for CRM multiple times, and this is how it works. CRM looks at the URL. If you use the external URL (org.domain.com), it will prompt for credentials. So what you are asking for, a single URL that works single sign on internally and prompts
externally really isn't possible.
What I recommend is:
1. make the external URL available internally
2. Configure all outlook clients against the external URL, that way you won't have to reconfigure when someone goes internal to external
3. Have users who are primarily internal use the internal URL for the web client, which will resolve single sign on
4. Have users who are primarily external use the external URL for the web client
For #1, since you only need to enter the credentials when you first configure CRM, it is in all effects single sign on.
One thing I haven't tried that may work is using IIS redirect internally to redirect the external URL to the internal URL. There is also a powershell script in the IFD guide that you can use to make the outlook client switch between the internal and external
URL's, but nothing that will give you a single URL that works as the internal relying party trust when internal and the external relying party trust when you are external. -
I'm trying to transfer music from iTunes on an old PC (Windows Vista Home Basic) that uses an external storage device to store the files to a new PC (Windows 7 Starter) that will use that same external storage device. I am also dealing with the new iTunes 11. How can I accomplish this successfully? What folder does iTunes use to store the data in? I've tried several things. Home Sharing caused duplicates but not all songs or apps transfered. It is a large library! I've tried just setting the path in the Advanced Tab of iTunes preferences of the new computer with the external drive connected the same as the path when the external drive is connected to the old computer. This was the best solution so far but still a few artists missing and some apps. Any suggestions?
Here are typical layouts for the iTunes folders:
With iTunes 11 you might also have a Home Videos folder inside iTunes Media.
In the simplest cases you copy the entire iTunes folder from <User's Music> on the source computer to <User's Music> on the target machine, install iTunes, and it "just works"TM.
If the media folder (inside the red outline) has been split out to a separate location then you can copy the library folder (outside the red outline) as before and connect the drive holding the media so that it has exactly the same path as before. If the drive appears as D: on one system and E: on the other then the library won't be able to find the media.
The crucial file is iTunes Library.itl - this contains a record of the tracks that have been added to the library, ratings, play counts, playlists etc.
See also: Make a split library portable.
tt2
Maybe you are looking for
-
Problem with Dynamically accessing EJB Class objects in WL 7.0 SP1
I am trying to build a component which has the ability to instantiate and execute an known EJB method on the fly. I have managed to build the component but when I try and execute it I get a ClassNotFoundException. I know that the EJB I am trying to i
-
Memory overflow in RSA3 but not in FM on which datasource created
Hi I am getting the short dump in the generic datasource extraction ( To extract CDPOS and CDHDR data) which is based on a FM. when i directly execute the FM its not giving any dump and giving me correct data, but when execute through RSA3, it gives
-
Have an iPhone 4 that is now shutting off randomly including during calls. The iPhone is roughly about five months old. When the iPhone shuts down and tries to restart it usually take two or three times before it stays on, but when it does it sometim
-
How to find out email id from CUA ?
Hi, I would like to have a list of user id with email from CUA. Is there any table/report from where I can get both ? All users are maintained with user id and email into SU01. Thanks...
-
64 bit and 32 bit architecture
Hello, I've been trying to understand the principal of MDT 64bit architecture and MDT 32 bit architecture. The architecture refers to the WIM boot image I'm adding to WDS (Boot image: Add Boot image) or to the MDT? If to MDT in what manner? The reaso