Disable SSL fall-back for Back To My Mac?

Similar Messages

• AP Fall back issue for WLC

  Hi,
  i have two WLC 4402 with same ios 4.2.99.0
  & configured fail over based on below link
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008064a294.shtml#c5
  AP failover occurred but the fall back option like primary WLC comes up it does not register with primary all the ap still in secondary. I enable Fall back option also as per the document.
  could you guide me how i can troubleshoot this issue..
  Thanks..

  hi,
  the meaning is the secondary WLC is not realsing the IP's for client eventhough the SSId match with extract DHCP scope. DHCP scope is not overlap...
  Important.
  Primary box is new one with 4.2.99 but the old box had 4.1.x b4 the failover the old box was working & released the DHCP scope for the client. Once we upgraded the old box with 4.2.99 (Failover we need to have both the box with same version) even it is not releasing the DHCP scope if i used as standalone device also.
  My doubt is
  1. New box if i used as a stand alone it is releasing the DHCP scope for the client
  2. Both the new & old box has the same configuration
  3. If i used old box as a stand alone device why it is not releasing the DHCP scope (with the same IOS & configuration working perfectly on new box)
  4. This issue occured after upgrade the IOS on old box.
  Can anyone help me out at earliest.
  Thanks

• How do I know WinRM uses Kerberos for authentication, and does not fall-back to NTLM?

  Hi,
  How do I know WinRM uses Kerberos for authentication, and does not fall-back to NTLM?
  /SaiTech

  Hi SaiTech,
  Kerberos will be selected by default in an AD domain, The default (assuming the client is in a domain, and is not connecting to itself via 127.0.0.1 or ::1 addresses) is to use Kerberos authentication, and not to fall back to NTLM.
  Please also Note that you may have to take some other steps as well to get non-Kerberos authentication working.  Specifically, you'd have to set up an HTTPS listener on the remote host, or modify the client's TrustedHosts list.
  Refer to:
  WINRM kerberos & Negotiate
  Authentication for Remote Connections
  In addition, you can also use Network Monitor to check the authentication method.
  If there is anything else regarding this issue, please feel free to post back.
  If you have any feedback on our support, please click here.
  Best Regards,
  Anna Wang
  TechNet Community Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• How to disable iCloud for iCal and move events back to your Mac?

  How can I disable iCloud and move my iCal events back to my Mac? I no longer want to store my private calendars in iCloud and want them back on my Mac but I don't know how to do it! Does anyone know what to do? Thanks

  To move your calendars, follow the second set of numbered instructions here:
  http://www.wilmut.webspace.virginmedia.com/notes/icloudmovecalendars.html
  Then you can sign out of iCloud in System Preferences>iCloud.

• How to disable SSL v3 for sun os 5.6 (OAS 4.0.8), I am facing POODLE vulnerability issue?

  my Website is hosted on Sun OS 5.06 (OAS 4.0.8) and using web server : Oracle_Web_Listener/4.0.8. Website is configured to use https for secure pages and it was working fine from last 10 years but suddenly i am getting complaints from my customers that they can not browse site on chrome version 40 and above and firefox 34 and above.
  I searched for this issue and found that there is POODLE attack which may causing this issue. now the only solution i can see is to disable SSL v3 on server.
  Can any help me out with the process or an idea, How to disable SSL V3 on this Olde server? its sun microsystem server.

  Hi Aamir,
     This is old software, been a while since I saw one of these.
      Normally when SSL was setup there were two listeners, one with SSL and one without, in a different port, so you could try to find this second port, which may work without any need to change the configuration.
      Else, try to check on the OAS manager (Usually on port 8888), the HTTP listener -> WWW -> Network, if there is a setup only for the SSL port, you will need to add a new line, with the same configuration, but a different port and the security disabled.
      Also, there may be some setting on the application itself for the url path. If so, when you navigate in the application it will try to redirect you back to the SSL port. In that case you will need to figure out where to change that, which depend on the application itself.
     Found this page on google with the process to setup SSL on OAS 4.0, you need to do the inverse of step 5.
  WoSign Support: SSL Certificates Installation Instruction - Oracle Web Server (OAS 4.0.8)
  Regards,
  Luis

• Does JSSE implementation of TLSv1 falls back to SSLv3 or SSLv2 if server re

  Does JSSE implementation of TLSv1 falls back to SSLv3 or SSLv2 if server requests.
  I am planning to use TLSv3 protocol for our SSL client implementation. My worry is if I use TLSv3 which being the latest and the new standard, does the Sun's JSSE implementation fallsback to SSLv3 or SSLv2 if the server doesn't accept TLS.
  Can anyone let me know and point me to the right link.
  This highly required as I am not sure what clients use their webserver as.

  If you specify 'TLS' you will get TLS, if you specify 'SSL' you will get TLS or a fallback to SSLV3. You'll never get a fallback to SSLv2 because Sun doesn't support SSLv2 at all except for the initial Hello message.

• Is it possible to only allow HD content when HDCP is present, otherwise fall back to SD?

  For any of the proposed ideas here, you will have to package your content twice, where each stream would require its own license:
  1 package for SD bitrates
  1 package for HD bitrates
  [ Try to play & react if necessary ]
  When the user wants to play HD content, attempt to do a license acquisition for the HD stream.  If it fails with an error code indicating that the device doesn't not have the needed output protection requirements (DRMErrorEvent 3338 – 3342), the client would then fall back and play the SD stream, which would trigger a license acquisition of a license that doesn't require Output Protection enabled.
  [ License Preview ]
  When the user wants to play content, perform a "License Preview" of the HD stream to determine if the license can be consumed & enforced by the device (DRMManager.loadPreviewVoucher()).  If the result of loading this Preview license fails with a DRM Error event around Output Protection requirements (#3338-3342), then play the SD stream.
  [ Leverage an existing front-load license request that you're using to preemptively initialize the DRM system ]
  This is similar to "License Preview", but attempts to front-load that check and retain the result for later use.
  In our whitepaper to optimize "start to playback" experience (http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/devnet/video/pdfs/start-to-p layback-adobe-access.pdf), one of the things we recommended was to front-load a license acquisition on a non-existent content very early in the user workflow (Optimization #2).  Doing this would initialize the DRM system so that when the real license acquisition happened later on, Adobe Access would already be primed.
  To take this a step further, if you have this in place, since you already are doing a license acquisition ahead of time, you could use a policy that requires Output Protection.  In your client, when it attempts to acquire a license, it can record whether or not the operation was successful. If it was successful, the client could have logic to show HD content options to the viewer.  If the acquisition was unsuccessful, then the client could restrict viewing to only the SD content.

  ok great thats what i thought
  How do I check if I am running moutain lion
  about this mack gives me Mac OS X
  Version 10.7.5
  I am running Software UPdate as I type
  assuming that I have Moutain Lion how do I link the two ecternal HD's ?

• Back to my Mac stops working for no reason

  I've been fighting with BTTM for a while now trying to get it to just work normally. I have a computer at my office which I'm attempting to have consistent screen-sharing and ssh access to while I'm in remote locations. It keeps becoming totally unresponsive at random times (I'll see it as Idle for however long it's been, but it's totally unresponsive. The IPv6 hasn't changed, it just refuses to connect). The only workaround I have discovered is disabling BTTM under iCloud preferences on my MB Air that I'm using to access that machine remotely and then re-enabling it. However, this is a pain and I worry about the random dropping of connection breaking things that I'm trying to accomplish. I'd like it to just work without having to mess around with anything else.
  Currently I have it configured such that:
  Both my MB Air and the computer at the office are running Mavericks 10.9.2.
  Both are logged in with the same iCloud account.
  The iCloud account has been added to the list of BTTM users on my Airport Extreme (6th gen.) with firmware vers. 7.7.2 with NAT-PMP enabled.
  I forwarded ports TCP 5900, 3283 & UDP 3283 to the office machine just for shiggles. That machine has a static IP as well. This didn't change anything, it still breaks.
  So what gives? This is frustrating because I'd rather not have to deal with a 3rd party solution, and given that the workaround is on the remote side indicates to me that this isn't a networking issue, but rather a flaw in the BTTM software itself.

  What happens when you uncheck and then re-check the BTMM box in the iCloud preference pane?
  Resolve Back to My Mac status messages in iCloud preferences

• Online banking statement and credit card statements will not display in FF 4.0 on either Win 7 or XP. Falling back to 3.6 fixes problem on both computers and sites.

  After upgrading to FF 4.0 I am not able to access or display my bank statements or credit card statements. I have a laptop running Win 7 and a desktop running Win XP and have same problem on both. Statements are in Adobe PDF. Upgraded Adobe to vers. 10 at banks suggestion but did not help. I have now fallen back to FF 3.6 on both PC's, and it now works on both PC's, one running Adobe Reader 9 and the other running Adobe 10.
  Additionally, my email provider (bbwi.net) "Squirrel Mail" times out and logs me off every 15 minutes or so in FF 4.0, even when I am actively composing mail. Falling back to FF 3.6 also fixed this problem

  1st, you will not be able to activate your PPro1.5 on ANY new computer, see next link for the special version you MUST use
  CS2 (and earlier) Activation Server http://helpx.adobe.com/x-productkb/policy-pricing/creative-suite-2-activation-end-life.htm l
  2nd, you already mentioned Virtual XP, so if a direct install doesn't work, that would be the way to go... or, to just do what SHOULD work from the start, just do Virtual XP

• Error when installing Lion on empy HD: "Couldn't find app store version, falling back to hardcoded"

  I've run in to a problem that is making me tear the hair from my head. I'm hoping for your help!
  Short story:
  I'm trying to install OS X Lion on my 27" iMac.
  I've erased the HD using Disc Tool in recovery.
  HD shows no errors.
  I've tried Internet Recovery (it loads up, but wont start the installation)
  I've tried creating a recovery usb on another similar iMac, and use it on this. Same error, only differance is it keeps "loading" when installing, but nothing happens. Same error in log.
  When I try to start the Reinstall I get an error in the installation log that goes something like this:
  Install Mac OS X Lion[354:9c03] Couldn't find app store version, falling back to hardcoded
  Can not connect to /var/run/systemkeychaincheck.socket: No such file or directory
  Apple Care suggested:
  Trying another network (doesn't work).
  Install with the original Snow Leopard DVD first, then upgrade (can't do that, the DVD is lost and a DVD from another friend is not working)
  What can I do to get around this error?
  Someone suggested buying a usb with Snow Leopard from the apple store. Do I really have to buy a NEW operating system because the recovery doesn't work? Would I have to pay to upgrade to Lion again?

  Follow AppleCare's instructions on re-installing Snow Leopard and re-installing Lion. Your friends disc won't work because the discs are machine specific. You will have to get a replacement set of your original Install Discs from AppleCare for a nominal cost.

• Upgraded to 6.0.2, IBM Lotus Notes doesn't work correctly. Can I fall back to a previous FireFox?

  I've been using previous versions of FireFox for years on XP machines. Recently bought a Win-7 machine and upgraded both to FF 6.0.2. I can't get scroll bars on the side when using my company's IBM Lotus Domino. I've had to drop back to IE, which I do not like. Is there some way to fall back to an earlier version of FF? The site with the problem requires UID/PW to login, so I can't show you the problem I'm experiencing.

  A possible cause is a problem with the file places.sqlite that stores the bookmarks and the history.
  *http://kb.mozillazine.org/Bookmarks_history_and_toolbar_buttons_not_working_-_Firefox
  *https://support.mozilla.com/kb/Bookmarks+not+saved#w_places-database-file
  See also:
  *http://kb.mozillazine.org/Lost_bookmarks
  *http://kb.mozillazine.org/Backing_up_and_restoring_bookmarks_-_Firefox
  *http://kb.mozillazine.org/Profile_backup

• SRM7 WF Fall Back Agents

  I would like to configure the fall back agents for the 'Manager of Manager' shopping cart approval process to be the originating users manager.  Not all departments in our organization have multiple levels of management but we would still like a second level of approval when the shopping cart amount is greater than 50K.  It works when there are multiple managers defined in the org structure, but I get an Agent Determination error when there is only one manager defined.  
  Is there a quick way to do this? 
  Thanks
  Jon

  Saravanan,
  I figured out how to get it to determine the originators first level manager and direct the work item there. 
  The business requirement is for carts over $50K there needs to be a director level approval.  In most cases in our organization, the director is the second level manager so the manager of manager agent determination process works perfect.  However some departments have one manager/director and only three employees so there is no organizational second level of approval that can be used.  In these cases, the manager is the director and needs to approve the cart twice.  Using the fall back agent method seems the best approach for these occurances.
  Jon.

• ISE admin , PSN and monitoring node fail-over and fall back scenario

  Hi Experts,
  I have question about ISE failover .
  I have two ISE appliaces in two different location . I am trying to understand the fail-over scenario and fall-back scenario
  I have gone through document as well however still not clear.
  my Primary ISE server would have primary admin role , primary monitoring node and secondary ISE would have secondary admin and secondary monitoring role .
  In case of primary ISE appliance failure , I will have to login into secondary ISE node and make admin role as primary but how about if primary ISE comes back ? what would be scenario ?
  during the primary failure will there any impact with users for authentication ? as far as PSN is available from secondary , it should work ...right ?
  and what is the actual method to promote the secondary ISE admin node to primary ? do i have to even manually make monitoring node role changes ?
  will i have to reboot the secondary ISE after promoting admin role to primary  ?

  We have the same set up across an OTV link and have tested this scenario out multiple times. You don't have to do anything if communication is broken between the prim and secondary nodes. The secondary will automatically start authenticating devices that it is in contact with. If you promote the secondary to primary after the link is broke it will assume the primary role when the link is restored and force the former primary nodes to secondary.

• Fall back systemwhen multiple SAP systems trying to acheive SSO with BOEXI

  Friends,
  I need a small clarification on ' SSO between BOE XI 3.1 and SAP BI 7' Scenario,
  Say when multiple users log on through their  SAP EP Portals or Netwever Portals, they use their tokens generated by their respective EP portals which are passed through the 'Web application server' hosting BOE environment.
  1) When  its a Single EP portal , we can have have a fall back system. when we register  its logical name in the CMC of BOE Environment , a typical SNC.But what's the fall back system for multiple SAP systems?
  2) Also Whether there are any pit falls via token method  when more than one SAP system communicating to BOE?
  3) Do we have any documentation for this?
  Thanks ,
  Sivakanth.

  Hi Sivakanth,
  the normal scenario for SSO is the following:
  When you said ''back end system ', i did not get it.
  Enterprise Portal -
  (iView)-------> BOE -
  > SAP BI <- This is your backend system
  Well Could I define more than one logical name there in SNC tab of CMC.?
  I assume you have the following situation:
  (EP1, EP2, EP3) -
  > BOE -
  > (SAP BI 1, SAP BI 2, SAP BI n)
  You can define more than one entitlement systems in the BOE CMC and also configure for each one of them for SNC. Please note that we are talking about server trust and NOT client trust here. It is all about letting your sap system and the boe system trust each other. If you have your portal with client SNC configured (ie. the user logs using a certificate and an SAP logon ticket is created) it is NOT necessary to configure SNC in the CMC (Please refer to the section "Configuring SAP Server-Side Trust" in the installation guide for the integration kit for SAP) side.
  Back to the SSO scenario now: When a user connects from an enterprise portal on the BOE system the logon ticket, generated from the portal, is forwarded to the back-end system, which is defined in the portal iView the user is currently navigating through. If it is a Crystal Enterprise iView then you just have to select the appropriate system alias of your back-end system in the System drop down menu when creating the iView. For URL iViews you must utilize the relevant openDocument parameters. If you do not define anything at all when creating the iView then BOE tries to authenticate the logon ticket against the SAP BI system you selected to be the default one in the "Authentication->SAP->Options" tab of the CMC.
  If what you want is just to distribute the load between your SAP back-end systems then you should consider utilizing an SAP cluster for your pursposes. As explained before BOE will not distribute the requests evenly on the back-end systems. It will try to contact either the system defined in the request (iView) or the default system. To be honest I am not sure what happens if the explicitely defined system is not available but I think that an error message is what you should expect then. I do not think that in this case the BOE system tries to use the system defined as default.
  Another part is what kind of security is defined in BEX querys..as i read from SAP IK guide, we can import all the roles which are defined at ABAB level.
  Will there be any security threats to SAP data via this method.
  It is true that you can import all roles in your BOE system. But keep the following four things in mind:
  1) You can restrict on the BOE side the users which are authorized to logon in the CMC and import the roles (normally only the BOE administrator is authorized to do this)
  2) Importing a role means that an SAP user can try to logon the BOE. Still the logon process can only be succesfull only if the SAP user has special authorization on the SAP side (Please check the Appendix "Authorizations" in the installation guide of the integration Kit for SAP.
  3) You can restrict the access to data by assigning authorizations only for specific infoareas/infoproviders. In order to partially restrict data access in a given infoprovider (e.g infocube or multiprovider) you can utilize authorization variables in your BW query.
  4) You can further restrict access on specific reports either on the BOE side or on the portal side (by rstricting access to the defined iViews).
  For sure you must invest some time to define and implement your security concept.
  More over could you please answer other 2 questions in my original question.
  2) Also Whether there are any pit falls via token method when more than one SAP system communicating to BOE?
  3) Do we have any documentation for this?
  2) As long as your portals, the back-end systems and your BOE system are configured correctly for SSO this should not be a problem. Well just a tip based on my experience: be sure to use full qualified domain names for your systems in the iView definitions. And do not forget SSO works only if all systems are in the same domain.
  3) As said in my previous posting the netweaver documentation regadring SSO setup maybe interesting for you. As far as I know the multiple systems scenario is not contained explicitely in any official BOBJ documentation. I assume that you already went through the installation guide for the integration kit for SAP.
  Please tell me if you have a completely different scenario in mind
  Regards,
  Stratos
  Edited by: Efstratios Karaivazoglou on Mar 22, 2009 12:27 AM

• Remote Connection using Back to my Mac for Time Capsule?

  How do I connect to my Time Capsule and connected usb drive/printer now that Back to my Mac for Mobile Me is disabled and iCloud is running Back to my Mac?
  More information:
  I used to use the Mobile Me's version of Back to my Mac to enable connecting with my time Capsule, but how is this done now that iCloud has taken over Back to my Mac and I have upgraded to Lion.
  I have a Feb2011 MBP and a 2010 minimac the macmini is always connected to the time capsule, but I would like to be able to connect directly to the time capsule without having to go through the macmini.
  Thank you for your help

  It is possible but I am not sure it is worth the hassle..
  Your key issue here is public IP for your network.. if you have a static ip you are fine.. but very few people have this. It also depends on how the TC is setup.. is it the main router for the network or plugged into a modem router which has the role of main router, even if you use the TC as a secondary router.
  Without more info..
  1. This is easy if you have a static public IP and the TC is the main router and gets the public IP on the wan port.. just go to disk sharing in the airport utility manual setup and check for wan (internet access).
  2. If you have a dynamic IP, then you will have to sort out how you are going to find that IP.. the normal method to use dyndns account is not directly applicable because the TC has no client. It is possible to set up dyn dns but you will need to purchase your own domain name.
  3. You may find it easier to use standard router and bridge the TC. A standard router can be setup to port forward 548 AFP files service to the TC ip address. You may or maynot be able to access the printer. Certainly would be easier if the printer has IPP services. And is a true network printer.
  4. Use vpn.. get a vpn router so you can setup proper vpn endpoints.. then you use VPN service to access your local network.. this is far more secure and will work with dyndns just fine.