Dealing with resolving internal URLs externally in a non-split DNS scenario

Hi all -
I submitted this yesterday under a different banner but thought I'd try this forum as well.
I have a client who wishes to have internal URLs resolvable from outside the network and they do not have split DNS.  He scenario is this:
UserA sends a link to UserB in an email.  Internally the URL is MySIte.Acme.int.  UserB picks up the email on his mobile device whilst travelling and wants to gain access to it.  However the external namespace of the company is
Acme.com.  Obviously the link will not resolve outside of the corporate network.
So far I have received recommendations for using a VPN, however this is not an option for them.  In a past life I seem to recall something about alternate access mappings (or something like that) and wondered if this was the way to do make the links
resolvable. And, if so, if someone could point me to a good article on how to implement this it would be much appreciated.
Alternatively I was wondering if there is some magic that can be done with URL rewrites or an edge device like UAG or TMG.
Any guidance or suggestions would be greatly appreciated!
Kind regards,
Wren

What I would do is create a new internal DNS zone named Acme.com, create an A record of "mysite" pointing to the IP currently used by mysite.acme.int, and then simply add AAMs (or better yet, replace AAMs as the AAM the user is coming in on is
what will be reflected in that email).
http://blogs.msdn.com/b/sharepoint_strategery/archive/2013/05/25/alternate-access-mappings-explained.aspx
https://technet.microsoft.com/en-us/library/cc263208.aspx
URLRewrite won't work because the Acme.int domain is not resolvable on the Public Internet.
So the plan of action should be:
Go to Central Admin -> Delete -> select Remove SharePoint from IIS Web Site, and then choose the option to Delete the IIS web site. Change the AAM for the Web Application under Application Management -> Configure Alternate Access Mappings. Click
Edit Public URLs, choose the Web Application hosting mysite.acme.int, and then change the Default Zone AAM to https://mysite.acme.com. Go back to Manage Web Applications, highlight the Web Application (you'll see the new AAM reflected here), then click on
Extend. Create a new IIS site, change the port number (likely 443) with the appropriate host header (mysite.acme.com), select Use SSL, then click OK.
So a couple of caveats:
1) All SharePoint servers hosting this Web Application must have the SSL certificate matching mysite.acme.com prior to re-extending it.
2) If you have any hard coded URLs (e.g. to images) on any SharePoint site within mysite.acme.com, you'll break their links and you will need to manually reconfigure them.
3) If you've made any manual changes to the web.config, you will need to recreate those changes. It might be a good idea to grab a copy of the web.config for that Web Application (IIS Site) before deleting the site.
4) Use SSL! You do not want to send NTLM in the clear over the public Internet. It can be easily intercepted and decrypted.
Hope that helps.
Trevor Seward
Follow or contact me at...
&nbsp&nbsp
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

Similar Messages

  • Cisco ISE with both internal and External RADIUS Server

    Hi
    I have ISE 1.2 , I configured it as management monitor and PSN and it work fine
    I would like to know if I can integrate an external radius server and work with both internal and External RADIUS Server simultanously
    So some computer (groupe_A in active directory ) will continu to made radius authentication on the ISE internal radius and other computer (groupe_B in active directory) will made radius authentication on an external radius server
    I will like to know if it is possible to configure it and how I can do it ?
    Thanks in advance for your help
    Regards
    Blaise

    Cisco ISE can function both as a RADIUS server and as a RADIUS proxy server. When it acts as a proxy server, Cisco ISE receives authentication and accounting requests from the network access server (NAS) and forwards them to the external RADIUS server. Cisco ISE accepts the results of the requests and returns them to the NAS.
    Cisco ISE can simultaneously act as a proxy server to multiple external RADIUS servers. You can use the external RADIUS servers that you configure here in RADIUS server sequences. The External RADIUS Server page lists all the external RADIUS servers that you have defined in Cisco ISE. You can use the filter option to search for specific RADIUS servers based on the name or description, or both. In both simple and rule-based authentication policies, you can use the RADIUS server sequences to proxy the requests to a RADIUS server.
    The RADIUS server sequence strips the domain name from the RADIUS-Username attribute for RADIUS authentications. This domain stripping is not applicable for EAP authentications, which use the EAP-Identity attribute. The RADIUS proxy server obtains the username from the RADIUS-Username attribute and strips it from the character that you specify when you configure the RADIUS server sequence. For EAP authentications, the RADIUS proxy server obtains the username from the EAP-Identity attribute. EAP authentications that use the RADIUS server sequence will succeed only if the EAP-Identity and RADIUS-Username values are the same.

  • SiteMinder integration with the internal and external facing portals

    Hi ,
    We are in development phase for SiteMinder integration with the internal and external facing portals.The proposed dual authentication scheme which requires both SiteMinder for External facing portal (EFP) and LDAP for Internal portal .is it possible?
    and is it possible to main to diff LDAP directories one is external users and one is for internal users.?
    If you maintain  2 diff(external & internal) LDAP Directories in Siteminder Policy Server  what about  external users which are  not exit in portal data source .
    I appreciate if anyone  can help me for my above query .
    Regards
    Tag

    Hey Tag,
    We do have a physical external Portal and a physical internal portal.  The both the external and internal are connected to 2 LDAP directories.
    For example the External Portal is connected to the Employee LDAP Direcotry and the Customer LDAP Directory.  The Internal Portal is connected to the US Employee LDAP Direcotry and the EMEA LDAP Directory.
    So each one of them is connected to 2 different LDAP Directories.
    I believe that the Siteminder Policy is setup such that the Internal portal has a policy and the External portal has a seperate policy on the same Siteminder Server.  Then each of the Policies is configured to connect to the approiate LDAP Directories.
    You have to maintain the LDAP Directory information in both the portal and Siteminder Policy Server.  It is required in the policy server so that it can authenticate the user and it is required in the Portal server so that it can authorize the user and display content based on thier assigned roles.
    Hope that helps.
    Regards,
    Keith

  • Lync Implementation with different internal and external domain sync

    Hello Experts,
    Having Windows 2012r2 with Lync 2013 frontend and Edge 2012 server on Win2012. Internal domain name is test.local and Internet domain name is : tgroup.com. Internally all the clients are able to sync with frontend
    server using [email protected] or [email protected] Internal CA and External Digicert works fine. But only problem is with external clients who want to communicate through edge server. 
    Edge server has 3 LAN ip address (nat with public IP), 10.10.10.2, 10.10.10.3, 10.10.10.4 and another Internal network interface which has ip 10.10.20.3
    which uses that to communicate with front-end. 
    How to achieve this ?  We dont have reverse proxy configured and we have only two servers. 
    Regards, Ganesh, MCTS, MCP, ITILV2 This posting is provided with no warranties and confers no rights. Please remember to click Mark as Answer and Vote as Helpful on posts that help you. This can be beneficial to other community members reading the thread.

    The reverse proxy is used to publish URL's like the meet and dialin url, the address book url and the lync mobile client (smart phones and tablets) urls. This doesn't impact the external desktop user access as thats via the edge server. There is more to
    it than that but for the sake of keeping this simple lets stick to that for now.
    As far as SIP domains go. Think of your Lync users as having a SIP address similar to email addresses. You wouldn't have a user with an internal email address but with a different external email address. In fact best practice is to have the Lync SIP address
    match the email address.
    My reccomendation is to use the ttgoup.com as a sip domain and not the test.local
    Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
    Lync Sorted blog

  • ILife with both internal and external hard drives?

    I've been considering switching from a homebrew, multi-boot desktop to a MacBook for my primary computer, in part so I can hang out with my family in the living room rather than be exiled to the home office when I want to compute.
    But here's my concern: I have media. We have about 50 GB of iTunes; maybe 30 GB of iPhoto; and tons and tons of digital video that would be stored in iMovie. Obviously the libraries are all interlinked. And it's all growing. I also like to rip DVDs and re-encode them for my iPod and AppleTV. Right now, my desktop has 480 GB of internal storage and that's just about enough.
    I have discovered that the MacBook only comes with an option up to 250 GB. I absolutely need AppleCare, so I can't get an aftermarket hard drive. (All my Macs break - this one from the office that I'm on right now has a bum DVD drive, and my wife's has needed both fan and logic board replacements.)
    While I'm aware of the existence of external hard drives, I'm concerned about Apple's non-external-hard-drive-friendly way of storing iLife data. If I wanted to keep more recent or useful music and photos on the internal drive but older stuff on an external, and still be able to use iLife seamlessly, would that be possible? (I see myself editing recent video in the living room, but then hooking back into the external HD in the office if I need older stuff.)
    What solutions are out there for integrating data stores on both internal and external hard drives into an iLifestyle?
    Thanks!

    Sascha Segan1 wrote:
    .. What solutions are out there for integrating data stores on both internal and external hard drives into an iLifestyle?
    all iApps (iPhoto, iTunes, iM08) support usage of external drives as 'mass storage' devices.. you can tell all apps which drive to use for the Libraries.. there some tools out there, which even allow the usage of 2/many different Libraries in iTunes/iPhoto..
    for iM in detail: the Projects are small files, and should stay internal (allthough I'm discribing a 'hack' on my site: http://karsten.schluter.googlepages.com/im08tricks Project Library (and Events) on External Harddrive); the Events (=GBs) could be located on as much ext. HDDs as you want..
    but ...
    all iApps are single-user .. you can NOT 'share' Libraries to 2/many different users; the idea of a 'media server' which hosts/shares all kind of data to all kind of users is not 'on concept' of iLife ..

  • Dealing with Small internal macbook pro hard drive

    I'm a bit behind on the newest technology. I'm looking at getting a new macbook pro retina and will prob have either the 128 or 256 gig internal drive. Seems like not a lot of space. So my question is, is it feasible to put entire programs on an external drive?
    Can I say, put photoshop or final cut pro x completely on an external USB 3.0 drive, or will these programs run too slow? Do programs like these need to be installed on the internal drive, with the large files on an external drive?
    Or is this possible with maybe a thunderbolt external drive? Thanks.

    i'm running into the same predicament myself.  i got the 256gb retina and it's already almost full (only 6gb available).  my iphoto library alone is 200gb.  i've spent almost 2 days consolidating photos into what stays on the retina and what goes on the external.  i'm thinking i should have just got the 512gb and called it a day.
    2 days to save $600, and i'm still done consolidating.  as for your original question, i don't think you can put a program on the external, it must reside where the OS is.
    which brings up a question, how big is the actual program anyway?  it can't be THAT big, compared to the files it loads.  why not just put the program on the internal, and the large files on the external?

  • Help dealing with Firewall, and URL Services

    All,
    We have recently installed the PDK URL Services for Portal to help
    fulfill a requirement to enable Single Sign-On to access web sites
    outside our client's network. We have hit a snag though, in that the
    client has in place a firewall that challenges the browser at each
    request to access an outside site. URL Services does not seem equipped
    to handle these extra challenges in addition to the Single Sign-On
    Username and Password requirements.
    Has anyone dealt effectively with this problem? Is there an effective
    remedy or technique using SSO /URL Services providers that will allow
    this to take place? Can we more effectively use the built in proxy
    services to help us with this?
    We are currently using the latest URL Services download under Portal
    3.0.9.8.2 on Solaris.
    Thanks in advance for any help on this, our need is urgent, and time is
    short.
    Stuart Dautrich

    Stuart,
    I guess you're currently in touch with the appropriate people for this issue now.
    It would be great if you share your experience and tips with other users too.
    Thanks,
    Mohana

  • Ex2010 -Probem with sending internal and external e-mail

    Hi
    In night we have a problem with time sync on VMWare Host so our Exchange Environment stopped working. Edge server (Ex 2010 SP3 full update) stopped transfer e-mails to mailbox server (Ex 2010 SP3 full update). After time synchronization e-mails were
    treansfered to mailbox server. Users was able to send e-mail inside and outside but after 20-40 minutes users cannot send e-mails - between themselves and outside.
    I don't see any e-mails in mailbox queues or using get-messagetrackinlog. I sent e-mail to our test e-mail mailbox on gmail and outlook.com. They wrere not be delivered by mailbox server. I can't find it using get-messagetrackinglog or in mailbox qeue.
    What was happen? How to solve this problem?

    Hi,
    Please disable 3rd party AVs for a little while as Ed mentioned.
    Also check whether there is any related error message in App Log.
    Thanks
    Mavis Huang
    TechNet Community Support

  • Providing external url for the fqdn for webfeed returns error in eventlog that shows internal url is being used - how to change to the external url?

    I've got my Rdweb accessible on both my internal and external network by using split dns locally to resolve the external url (remote.domain.com/rdweb) to resolve and everything works fine. However users don't want to use the rdweb interface (as it is slower
    than just clicking on a rdp shortcut.
    Following the notes at http://social.technet.microsoft.com/wiki/contents/articles/14488.distribution-of-remote-apps-and-desktops-in-windows-server-2012.aspx - I've tried to set up the webfeed on a Win7+ machine but when I enter the external url that
    is protected by an SSL cert the eventlog shows that the internal address is being used and it doesn't match the certificate. - "There is a problem with this connection's security certificate.
    The remote computer cannot be authenticated due to problems with its security certificate.                        
    Security certificate problems might indicate an attempt to fool you or intercept data you send to the remote computer.                       
    Windows cannot continue setting up this connection. Contact your workplace administrator for assistance.                         
    Connection name:
    Connection URL: https://internalservername/rdweb/feed/webfeed.aspx
    How do I set the servers to use the external address rather than the internal one - i'm assuming it's similar to exchange's
    Set-webservicesvirtualdirectory command but I can't find the equivalent command documented anywhere.
    http://absoblogginlutely.net

    Hi,
    Thank you for posting in Windows Server Forum.
    Please check below mention point. 
    •  Create a relevant DNS entry in the mentioned zone to point to the RDS environment’s internal IP address
    •  Create a relevant DNS entry in external DNS to point to the firewall which is publishing RDS’s external IP address
    •  You can use the below mention script to change the FQDN of the RDP files provided by RD Web Access / RemoteApp and Desktop connection feed. 
    Change published FQDN for Server 2012 or 2012 R2 RDS Deployment
    http://gallery.technet.microsoft.com/Change-published-FQDN-for-2a029b80
    In addition please check below mention thread.
    How do I change the URL to the Remote Web Access server in Windows Server 2012?
    http://social.technet.microsoft.com/Forums/windowsserver/en-US/67dfab70-7e10-4e0b-a3c8-63ce776f2355/how-do-i-change-the-url-to-the-remote-web-access-server-in-windows-server-2012?forum=winserverTS
    Apart from this, also check the settings under; IIS in RDWeb Server as per below mention path.
    Expand the default Website >Pages >Application Settings >DefaultTSGateway >
    Enter the external address (FQDN) of the RD Gateway in the Value Field.
    Hope it helps!
    Thanks,
    Dharmesh

  • Internal and external switches on server 2012 r2

    this is driving me nuts.
    I have a vm with an internal and external switch.
    I am trying to get backups to route to the host machine using the internal switch only.
    I've gone all over priorities and the routes are all fine but the data will constantly go over the external switch.
    If i disable external switch traffic goes over internal switch just fine.
    I've read about the automatic detection of least cost routing on the internal switch but just can not get it to run correctly.
    please help
    Doug

    All settings below.
    backup traffic should run from 192.168.200.4 > 192.168.200.2 over internal NIC
    VM Settings
    Ethernet adapter Ethernet 3:
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter #3
       Physical Address. . . . . . . . . : 00-15-5D-37-0E-04
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 192.168.200.4(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.240
       Default Gateway . . . . . . . . . :
       NetBIOS over Tcpip. . . . . . . . : Enabled
    Ethernet adapter Ethernet:
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter
       Physical Address. . . . . . . . . : 00-15-5D-37-0E-01
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 192.168.100.4(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.100.1
       DNS Servers . . . . . . . . . . . : 192.168.100.3
       NetBIOS over Tcpip. . . . . . . . : Enabled
    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination        Netmask          Gateway       Interface  Metric
              0.0.0.0          0.0.0.0    192.168.100.1    192.168.100.4    261
            127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
            127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
      127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        192.168.100.0    255.255.255.0         On-link     192.168.100.4    261
        192.168.100.4  255.255.255.255         On-link     192.168.100.4    261
      192.168.100.255  255.255.255.255         On-link     192.168.100.4    261
        192.168.200.0  255.255.255.240         On-link     192.168.200.4    276
        192.168.200.4  255.255.255.255         On-link     192.168.200.4    276
       192.168.200.15  255.255.255.255         On-link     192.168.200.4    276
            224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
            224.0.0.0        240.0.0.0         On-link     192.168.100.4    261
            224.0.0.0        240.0.0.0         On-link     192.168.200.4    276
      255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      255.255.255.255  255.255.255.255         On-link     192.168.100.4    261
      255.255.255.255  255.255.255.255         On-link     192.168.200.4    276
    ===========================================================================
    Persistent Routes:
      Network Address          Netmask  Gateway Address  Metric
              0.0.0.0          0.0.0.0    192.168.100.1  Default
    ===========================================================================
    HOST Settings
    Ethernet adapter vEthernet (Internal-NIC):
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #2
       Physical Address. . . . . . . . . : 00-15-5D-37-0E-02
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::744b:bbc1:e067:5592%48(Preferred)
       IPv4 Address. . . . . . . . . . . : 192.168.200.2(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.240
       Default Gateway . . . . . . . . . :
       DHCPv6 IAID . . . . . . . . . . . : 805311837
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-15-79-97-A0-D3-C1-05-24-BF
       DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                           fec0:0:0:ffff::2%1
                                           fec0:0:0:ffff::3%1
       NetBIOS over Tcpip. . . . . . . . : Enabled
    Ethernet adapter Ethernet Host:
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : HP Ethernet 1Gb 4-port 331FLR Adapter #4
       Physical Address. . . . . . . . . : A0-D3-C1-05-24-BF
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::3412:1255:61dc:3e3c%12(Preferred)
       IPv4 Address. . . . . . . . . . . : 192.168.100.2(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.100.1
       DHCPv6 IAID . . . . . . . . . . . : 211866561
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-15-79-97-A0-D3-C1-05-24-BF
       DNS Servers . . . . . . . . . . . : 8.8.8.8
       NetBIOS over Tcpip. . . . . . . . : Enabled
    Ethernet adapter Ethernet Host:
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : HP Ethernet 1Gb 4-port 331FLR Adapter #4
       Physical Address. . . . . . . . . : A0-D3-C1-05-24-BF
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::3412:1255:61dc:3e3c%12(Preferred)
       IPv4 Address. . . . . . . . . . . : 192.168.100.2(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.100.1
       DHCPv6 IAID . . . . . . . . . . . : 211866561
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-15-79-97-A0-D3-C1-05-24-BF
       DNS Servers . . . . . . . . . . . : 8.8.8.8
       NetBIOS over Tcpip. . . . . . . . : Enabled
    Active Routes:
    Network Destination        Netmask          Gateway       Interface  Metric
              0.0.0.0          0.0.0.0    192.168.100.1    192.168.100.2    276
            127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
            127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
      127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
          169.254.0.0      255.255.0.0         On-link     169.254.45.46    276
        169.254.45.46  255.255.255.255         On-link     169.254.45.46    276
      169.254.255.255  255.255.255.255         On-link     169.254.45.46    276
        192.168.100.0    255.255.255.0         On-link     192.168.100.2    276
        192.168.100.2  255.255.255.255         On-link     192.168.100.2    276
      192.168.100.255  255.255.255.255         On-link     192.168.100.2    276
        192.168.200.0  255.255.255.240         On-link     192.168.200.2    261
        192.168.200.2  255.255.255.255         On-link     192.168.200.2    261
       192.168.200.15  255.255.255.255         On-link     192.168.200.2    261
            224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
            224.0.0.0        240.0.0.0         On-link     169.254.45.46    276
            224.0.0.0        240.0.0.0         On-link     192.168.100.2    276
            224.0.0.0        240.0.0.0         On-link     192.168.200.2    261
      255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      255.255.255.255  255.255.255.255         On-link     169.254.45.46    276
      255.255.255.255  255.255.255.255         On-link     192.168.100.2    276
      255.255.255.255  255.255.255.255         On-link     192.168.200.2    261
    ===========================================================================
    Persistent Routes:
      Network Address          Netmask  Gateway Address  Metric
              0.0.0.0          0.0.0.0    192.168.100.1  Default
    Doug Hardy

  • Microsoft !!! please remove stuff which your top specialists are incapable of deploying them so they avoid dealing with them

    Microsoft !!!  please remove stuff which your top specialists are incapable of deploying them so they avoid dealing with them !!!
    have someone deploy SSTP VPN scenario completely ? have you encountered "revocation server offline" annoying error?
    have you read microsoft defective chapters which are about PKI & ADCS in MCITP & MCSE books ?
    have you read Brian comar books ? have you seen deficiencies in his book ?
    we are network trainers.  in all killing problem we encounter in PKI scenarios, you don't find any useful thing in MS books. seems they themselves avoid dealing with them because maybe they themselves know thay themselves are unable to deploy what themselves
    have been created & delivered.
     if you don't believe, begin to deploy the following simple scenario & lok how you will end in the damn error " revocation server offline...."
    i have been working on this problem for months but still no result. start deploy it yourself to find what i say.
    i have done any suggestion & workaround you may think, so please first deploy it yourself & then if you get result & deployed all steps & it worked, tell me. 
    before starting any task, first read my previous threat to find out more:
    revocation server offline

    The way how you ask questions here, how do you expect to get any help here?
    Vadims Podāns, aka PowerShell CryptoGuy
    My weblog: en-us.sysadmins.lv
    PowerShell PKI Module: pspki.codeplex.com
    PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
    Check out new: SSL Certificate Verifier
    Check out new:
    PowerShell File Checksum Integrity Verifier tool.
    do you have dare to test it ? do you have dare to deploy such simple scenario & you will end up in damn " revocation function offline " message. 
    don't forget that i need to deploy that without deploying OCSP. i want to deploy that by configuring CDP extension of issued certificates.
    i have tested any suggestion you may give me. i have spend months on this. damn with windows operation system , such a pure code !

  • Unable to activate internal and external urls at the same time

    Hi,
    We have Configured EBS R12 in DMZ setup as described in Figure F-9 of metalink note 380490.1 ,Option 2.4: Using Reverse Proxy with no External Web Tier.
    refering to 726953.1 Case History: Implementing a Reverse Proxy Alone in the DMZ Configuration - R12.
    but Not able to activate internal and external urls at the same time in this configuration. Only the node where last autoconfig was run getting activated as web node.
    When trying to accees the url of the other node it gets redirected to the url (where autoconfig is last run).and for this error observed is Error Code:502 Proxy Error.The specified Secure Sockets Layer (SSL) port is not allowed.(12204).
    For both external and internal services are UP.opmn status is live no error.
    Using Apache as reverse proxy.
    EXTERNAL Reverse proxy settings:
    s_login_page http://LONWEB01.process.com:81/OA_HTML/AppsLogin
    <TIER_DB oa_var="s_isDB">NO</TIER_DB>
    <TIER_ADMIN oa_var="s_isAdmin">NO</TIER_ADMIN>
    <TIER_WEB oa_var="s_isWeb">YES</TIER_WEB>
    <TIER_FORMS oa_var="s_isForms">YES</TIER_FORMS>
    <TIER_NODE oa_var="s_isConc">NO</TIER_NODE>
    <TIER_FORMSDEV oa_var="s_isFormsDev">YES</TIER_FORMSDEV>
    <TIER_NODEDEV oa_var="s_isConcDev">NO</TIER_NODEDEV>
    <TIER_WEBDEV oa_var="s_isWebDev">YES</TIER_WEBDEV>
    INTERNAL Middle Tier settings:
    s_login_page http://stprojapp01.test.com:8005/OA_HTML/AppsLogin
    <TIER_DB oa_var="s_isDB">NO</TIER_DB>
    <TIER_ADMIN oa_var="s_isAdmin">YES</TIER_ADMIN>
    <TIER_WEB oa_var="s_isWeb">YES</TIER_WEB>
    <TIER_FORMS oa_var="s_isForms">YES</TIER_FORMS>
    <TIER_NODE oa_var="s_isConc">YES</TIER_NODE>
    <TIER_FORMSDEV oa_var="s_isFormsDev">YES</TIER_FORMSDEV>
    <TIER_NODEDEV oa_var="s_isConcDev">YES</TIER_NODEDEV>
    <TIER_WEBDEV oa_var="s_isWebDev">YES</TIER_WEBDEV>
    Are we missing anything....
    Thanks & Regards

    Hi,
    Finally it's resolved...Following is the solution thought to share in the forum:
    The configuration of the E-Business Suite environment for DMZ requires profile options hierarchy type to be set
    to SERVRESP.
    To change the profile options hierarchy type values to SERVRESP, execute the following SQL script as
    shown below:
    sqlplus / @/patch/115/sql/txkChangeProfH.sql SERVRESP
    After successfully completing the above sql script, run Autoconfig in all nodes to complete the profile options configuration.
    It's resolved after doing this..

  • ITunes randomly stops playing purchases that have previously viewed on the same hardware. It has an error message about HD. How can this issue be resolved?  What information is available besides the "learn more" option that does not deal with the problem?

    iTunes randomly stops playing purchases that have previously viewed on the same hardware. It has an error message about HD. How can this issue be resolved?  What information is available besides the "learn more" option that does not deal with the problem?
    Many people have the same problem. However, there is little or nothing readily available to users. This problem has existed for two or more years. Does anyone have anything to offer about this disturbing problem?

    Thanks for the suggestion kcell. I've tried both versions
    9.0.115 and 9.0.124 and both fail with the policy permission error.
    I also tried with and without your crossdomain.xml file but
    with the same result. It looks like this file is intended for URL
    policy, instead of socket policy. Recently Adobe separated the two.
    When I run with the files installed on my dev PC, it does
    work, which makes sense because the flash player isn't loaded from
    an unknown domain.
    I did get one step closer. If a crossdomain.xml in the server
    root exists and the socketpolicy file is loaded from the app folder
    then the first two warnings disappear. The logs now show:
    OK: Root-level SWF loaded:
    https://192.168.2.5/trunk/myapp.swf
    OK: Policy file accepted: https://192.168.2.5/crossdomain.xml
    OK: Policy file accepted:
    https://192.168.2.5/trunk/socketpolicy.xml
    Warning: Timeout on xmlsocket://192.168.2.5:843 (at 3
    seconds) while waiting for socket policy file. This should not
    cause any problems, but see
    http://www.adobe.com/go/strict_policy_files
    for an explanation.
    Warning: [strict] Ignoring policy file with incorrect syntax:
    xmlsocket://192.168.2.5:993
    Error: Request for resource at xmlsocket://192.168.2.5:993 by
    requestor from https://192.168.2.5/trunk/myapp.swf is denied due to
    lack of policy file permissions.
    Which basically says, everything is okay, but you stay out
    anyway.
    PS: I found the XML schema files here:
    http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security_02.html
    and the socket policy schema:
    http://www.adobe.com/xml/schemas/PolicyFileSocket.xsd.
    UPDATE: When serving up the policy file on port 843 using the
    example perl script then the socket connection seems to be accepted
    and the connect succeeds. After that flex hangs trying to logon to
    the IMAP server.

  • Single URL for internal and external CRM access when using IFD

    Hello,
    At one of our client site I have setup IFD on CRM 2011. This IFD is behind TMG. My client is a big corporation therefore all CRM components including CRM, ADFS and SQL are on separate servers.
    I have configured IFD using single url https://orgname.contoso.com Their IT staff wants to know why can't they use single URL for internal and external access where internal users are nto prompted for authentication
    when logging on to the CRM server. I know you can do URL re-write in ADFS but they want to know the reason "why internal users can't use the same IFD URL and don't get prompted for their credentials". Text below is from their IT staff.

    There are several approaches to your question.  You need to set up both an internal and an external relying party trust. If you use the external URL, it will always direct you to the signin page, if you use the internal URL, it will resolve you single
    sign on.
    I've configured IFD for CRM multiple times, and this is how it works. CRM looks at the URL. If you use the external URL (org.domain.com), it will prompt for credentials. So what you are asking for, a single URL that works single sign on internally and prompts
    externally really isn't possible.
    What I recommend is:
    1. make the external URL available internally
    2. Configure all outlook clients against the external URL, that way you won't have to reconfigure when someone goes internal to external
    3. Have users who are primarily internal use the internal URL for the web client, which will resolve single sign on
    4. Have users who are primarily external use the external URL for the web client
    For #1, since you only need to enter the credentials when you first configure CRM, it is in all effects single sign on.
    One thing I haven't tried that may work is using IIS redirect internally to redirect the external URL to the internal URL. There is also a powershell script in the IFD guide that you can use to make the outlook client switch between the internal and external
    URL's, but nothing that will give you a single URL that works as the internal relying party trust when internal and the external relying party trust when you are external.

  • I'm trying to transfer music from iTunes on an old PC that uses an external storage device to a new PC (Windows 7) that will use that same external storage device.  I am also dealing with new iTunes 11.  How do I do this??  What folder does iTunes use?

    I'm trying to transfer music from iTunes on an old PC (Windows Vista Home Basic) that uses an external storage device to store the files to a new PC (Windows 7 Starter) that will use that same external storage device.  I am also dealing with the new iTunes 11.  How can I accomplish this successfully?    What folder does iTunes use to store the data in?  I've tried several things.  Home Sharing caused duplicates but not all songs or apps transfered.  It is a large library! I've tried just setting the path in the Advanced Tab of iTunes preferences of the new computer with the external drive connected the same as the path when the external drive is connected to the old computer.  This was the best solution so far but still a few artists missing and some apps. Any suggestions?

    Here are typical layouts for the iTunes folders:
    With iTunes 11 you might also have a Home Videos folder inside iTunes Media.
    In the simplest cases you copy the entire iTunes folder from <User's Music> on the source computer to <User's Music> on the target machine, install iTunes, and it "just works"TM.
    If the media folder (inside the red outline) has been split out to a separate location then you can copy the library folder (outside the red outline) as before and connect the drive holding the media so that it has exactly the same path as before. If the drive appears as D: on one system and E: on the other then the library won't be able to find the media.
    The crucial file is iTunes Library.itl - this contains a record of the tracks that have been added to the library, ratings, play counts, playlists etc.
    See also: Make a split library portable.
    tt2

Maybe you are looking for