External Authentication with Server 2008 R2

Similar Messages

• I get error message: "An error occurred with the  publication of album...Authentication with server failed...whenever I open a facebook file in my iPhoto. In each file, most of my photos have disappeared. What do I need to do?

  I get error message: "An error occurred with the  publication of album...Authentication with server failed. Please check your login and password information" whenever I open a facebook file in my iPhoto. In each file, most of my photos have disappeared. I am hoping I can retrieve these "lost" files. What do I need to do?

  Message was edited by: leroydouglas
  better yet, try this solution:
  https://discussions.apple.com/message/12351186#12351186

• Anyone got ACS SE 4.2.1 authenticating against server 2008 R2 via LDAP?

  Hi, I'm working on a new network implementation where the customer has ACS SE and wants to use AD for machine based authentication of wired 802.1x clients.
  As the support for 2008 R2 server (64-bit OS used here) using remote agent is not yet released they are attempting to set this up using an LDAP connection. The final goal is to use certificate based authentication, and I have had a message indicating this authentication type may not work due to an issue with binary comparison, so we started with basic username/password accounts first.
  So far the ACS is populating its external user database fields with the domains setup on AD, but user authentication is failing.
  Briefly we started with basic username/password usng MD5-CHAP on XP to an account configured on ACS, that worked fine. Then set up the external user database to use an LDAP connection to AD, and an unknown user policy, this dosent work. It looks like the issue could be do with the LDAP attributes not being set correctly.
  Has anyone used LDAP as an authentication mechanism against 2008 R2 based AD and got it working?

  Aacole,
  The above error message says that your external database that is LDAP doesn't support EAP-MD5 and that is quite true.
  You may check the below listed link for protocol and database compatibility.
  http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/Overvw.html#wp824733
  Since you are using LDAP its only supports EAP-GTC.
  Do let me know if you need any further suggestions.
  Regds,
  JK
  Do rate helpful posts-

• WPA2-Enterprise Radius Authentication Windows Server 2008 R2

  Hello,
  I have tried a few online tutorials for providing secure wireless access.  I currently have a server running Server 2008 R2 that has RRAS, NAP, and AD CS installed on it.  My goal is to create a wireless SSID that utilizes WPA2-Entperise for users
  to connect.  Their AD credentials would need to belong to my "Wireless Users" group.  I have seen tutorials that involved certificates, and some tutorials that simply added the RADIUS clients along with the network/connection policies,
  and then added the settings to the router.  When I've tried both ways, the wireless network never connects to the network.  If I un-check the "Use Windows login credentials" a username/password field pops up.  I enter the credentials
  (tried both username and domain\username) of an account that is part of "Wireless Users".  When I hit OK it sits for a few moments, and then pops back up again.  When I do check "Use Windows login credentials" it says it can't
  connect.
  I have tried different firmware on the router, and I know the router is not the issue.  This server is joined to my domain controller.  It feels like the NAP server is not reaching the domain to authenticate credentials.  Am I doing anything
  wrong that I should be made aware of?  In NAP if I right click the server, the "register in active directory" is greyed out, which I assume is because it's already joined to the domain.
  I appreciate any help you can provide.
  -Ken

  I've searched in "Event Viewer" on the NPS server, and came across an interesting error.  I have Google'd the error, and there are only a select few articles about it.  If I try to connect, often times I will get two information events:
  Event ID 4400 "A LDAP connection with domain controller DC-VPN-IIS-01.dc.cooper.org for domain COOPER is established."
  And now...the issue
  Event ID 6273
  Network Policy Server denied access to a user.
  Contact the Network Policy Server administrator for more information.
  User:
  Security ID: COOPER\LAPTOP3-W7$
  Account Name: host/laptop3-w7.dc.cooper.org
  Account Domain: COOPER
  Fully Qualified Account Name: COOPER\LAPTOP3-W7$
  Client Machine:
  Security ID: NULL SID
  Account Name: -
  Fully Qualified Account Name: -
  OS-Version: -
  Called Station Identifier: c0c1c074bfb6
  Calling Station Identifier: 00216a902b70
  NAS:
  NAS IPv4 Address: 172.16.4.2
  NAS IPv6 Address: -
  NAS Identifier: c0c1c074bfb6
  NAS Port-Type: Wireless - IEEE 802.11
  NAS Port: 11
  RADIUS Client:
  Client Friendly Name: CiscoAP
  Client IP Address: 172.16.4.2
  Authentication Details:
  Connection Request Policy Name: Use Windows authentication for all users
  Network Policy Name: Connections to other access servers
  Authentication Provider: Windows
  Authentication Server: dc-vpn-iis-01.dc.cooper.org
  Authentication Type: EAP
  EAP Type: -
  Account Session Identifier: -
  Logging Results: Accounting information was written to the local log file.
  Reason Code: 65
  Reason: The Network Access Permission setting in the dial-in properties of the user account in Active Directory is set to Deny access to the user. To change the Network Access Permission setting to either Allow access or Control access through NPS Network Policy, obtain the properties of the user account in Active Directory Users and Computers, click the Dial-in tab, and change Network Access Permission.
  Clearly, when I try to connect, it's completely bypassing the network policy I created, but going to the "Connections to other access servers", which by default denys access.  I've tried everything....removed and re-added the security policy...added
  2 network policies for wireless.  Does anyone know why the network policy I create for wireless is not being recognized?

• How do I use long path names ("\\?\UNC\...") with Server 2008 roaming profiles?

  Hey folks!
  I administrate a Windows Server 2008 R2 SP1 Domain with about 40 users on
  Windows 7 SP1 clients. Because the users often switch between the many PCs, I am using Roaming Profiles which tend to produce errors with different application-specific paths and files inside the users profiles.
  As one of many example, our standard mail application Thunderbird produces paths and files according to folders/subfolders and mails in a user's mailbox. Another one is Microsoft Office's Auto Recovery files which reside in a user's profile and can
  get very long.
  These paths and filenames often extend the allowed max. path of about 256 characters, when (on log on or off) the synchronization process between the client and the server takes place, leading to errors in the event log and a notification to the user about
  the conflict:
  "Event ID 1509 - Windows cannot copy file \\server\share\users\user123.v2\AppData\Roaming\looooong to location C:\Users\user123\AppData\Roaming\looooong. DETAIL - The filename or extension is too long."
  In the long run this leads to different file versions on different clients which - in the case of Thunderbird - leads to missing mails.
  After extensive searches and lectures of forums - including this - I haven't found a solution for this problem.
  So my question is if there's a way to use the extended max path with roaming profiles and if so how do I get it to work?
  I tried changing the profile path of a test user in the Active Directory user preferences from "\\server\share\profiles\test_user" to something like "\\?\UNC\server\share\profiles\test_user" without any changes in the system's behavior.
  Also I think that because this is such a fundamental problem somebody must have come up with a solution for it...
  Thanks in advance,
  Nico

  Hi,
  Thanks for your posting.
  The Event 1509 can happen if the destination path of the users profile is on a server with a long name and share folder name. For detail information, please refer to:
  User profile cannot be loaded with Event ID 1509, DETAIL - The filename or extension is too long
  http://blogs.technet.com/b/win7/archive/2011/02/15/user-profile-cannot-be-loaded-with-event-id-1509-detail-the-filename-or-extension-is-too-long.aspx
  User profile cannot be loaded with Event ID 1509, DETAIL - The filename or extension is too long
  http://support.microsoft.com/kb/2536571
  Hope this helps.
  Regards.
  Vivian Wang
  TechNet Community Support

• External Authentication with Java Card through HSM

  Hi All,
  How to do External Authentication process in Javacard through HSM (Hardware Security Module). Does any HSM supports this?
  My requirement is to store the Card KMC in HSM and i should authenticate the terminal application with the Java Card through HSM.
  Does anyone have the idea on this. Because i should not expose the Card KMC to outside world.

  Hi,
  Megaa1207 wrote:
  My requirement is to store the Card KMC in HSM and i should authenticate the terminal application with the Java Card through HSM.If you cannot create a functional module for your HSM to perform external authenticate, you can use the PKCS11 libraries (cryptoki) to perform the primitive operations to generate your KDC's and to use them for generating session keys and cryptograms. All the sensitive data will be able to stay secured inside the HSM. You would perform the cryptographic operations on the derivation data and store the result as a key object inside the HSM. There is quite a lot of documentation on the PKCS11 operations on the RSA web site.
  Cheers,
  Shane

• External Authentication with LDAP

  Has anyone integrated external authentication of Essbase with LDAP? I've searched discussion groups, websites with no luck, and of course, Essbase documentation doesn't help either. Any additional documentation will help.Thanks in advance!

  Thanks for the info. Is this sample code part of the default implementation that comes installed with the product (essldap.dll)? Or is this something completely different.Also, has anyone done anything similar in visual basic? We have a shortage of v c++ skills around here.Thanks again!

• External authentication with 9.0.1.0.0

  I cannot get external authentication to work over Oracle Net
  with 9i …
  e.g.,
  sqlplus /@s2b …
  ERROR:
  ORA-01004: default username feature not supported; logon denied
  [Cause: An attempt was made to use automatic logon on a system
  not supporting this feature.
  Action: Provide the complete username and password to log on to
  Oracle.
  <http://download-
  east.oracle.com/otndoc/oracle9i/901_doc/network.901/a90150.pdf>
  advanced security guide
  This error indicates that the connection was not over SSL. Look
  at the tnmsnames.ora file to verify the protocol value of the
  net service name that youi are using. The value must be TCPS and
  not TCP.]
  The error messages imply that I have Advanced Security turned
  on, but I do not. .. it's not even part of the installation.
  sqlplus username/passwd@s2 does work
  as does
  sqlplus / [using ORACLE_SID]
  REMOTE_OS_AUTHENT is set to TRUE in the init<SID>.ora file.
  Does anyone know if this feature has been decremented in 9i? It
  definitely does work on our 8.1.7 installations.
  Thanks,
  Dick Wieland

  Yes, I have done that (i.e., edited the initSID.ora file and
  done a shutdown then startup). I can use external authentication
  when I bypass the tnsnames.ora file by going in directly with
  the ORACLE_SID parameter.
  Dick

• External authentication with OID

  I know that OID 10g is capable of performing external authentication against AD, Sun OneDirectory, Novell eDirectory and openLDAP, but what about something else like Oracle Virtual Directory?
  As I understand, there is an out of the box script that will create and external authentication plugin that calls a few procedures from the auth_external package. The auth_external package also an out-of-the-box package with a few procedures (authenticate_user and change_passwd) I've seen so far. I haven't looked in the ODS schema, but I'm assuming this auth_external package is wrapped and not generally viewable.
  Anyone out there have any ideas, how this auth_external package works, or better yet... does anyone know if the out-of-the-box solution for external authentication will work with any LDAP directory (in this case a virtual one)?
  Thanks.

  Can someone from Oracle please comment on this? is "AUTH_EXTERNAL" package "out of box" or do we have to write it?
  I am following instructions from
  http://download.oracle.com/docs/cd/B14099_19/idmanage.1012/b14082/plugin_cust_ext_auth.htm
  LINE/COL ERROR
  143/9 PL/SQL: Statement ignored
  143/19 PLS-00201: identifier 'AUTH_EXTERNAL.AUTHENTICATE_USER' must be
  declared
  241/11 PL/SQL: Statement ignored
  241/11 PLS-00201: identifier 'AUTH_EXTERNAL.CHANGE_PASSWD' must be
  declared
  251/11 PL/SQL: Statement ignored
  251/11 PLS-00201: identifier 'AUTH_EXTERNAL.RESET_PASSWD' must be
  declared
  LINE/COL ERROR
  -------- -----------------------------------------------------------------

• Outlook 2007 on terminal services with server 2008 repeatedly crashes

  I updated my clients server 2008 to SP2 from SP1 and it kills Outlook. I previously (a month ago) did a complete uninstall of SP2 along with all updates that were installed that day, re-installed Office 2007 Standard and it worked just fine.
  I have turned off DEP, ran some registry items that ive found online and spent hours on this!  The server is working great as SP2 fixed a lot of "weird" issues. BUT Outlook and ONLY Outlook is crashing whenever you start the program.  It
  will not even let me try and start a new message, reply, etc.  It stops at send/receive and usually at 66%
  any help would be wonderful!

  Hi,
  I'm marking the reply as answer as there has been no update for a couple of days.
  If you come back to find it doesn't work for you, please reply to us and unmark the answer.
  Thanks,
  Melon Chen
  Forum Support
  Come back and mark the replies as answers if they help and unmark them if they provide no help.
  If you have any feedback on our support, please click
  here

• Exchange 2013 S/MIME with Server 2008 R2

  So I am trying to configure S/MIME on my 2013 Exchange server, but the process in which I need to export the rootca is vague and only applies to Server 2012/Windows 8 because of the export-certificate command.  
  http://technet.microsoft.com/en-us/library/hh848628.aspx
  My domain consists of a single DC/CA and member server that hosts Exchange.  Both servers are on Server 2008 R2, and I have installed PowerShell v4.0 on my DC to try an export the certificate but it continues to fail with:
  export-certificate : The term 'export-certificate' is not recognized as the name of a cmdlet, function, script file,
  or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and
  try again.
  The examples given to set up the export are equally vague:
  PS C:\>$cert= (Get-ChildItem -Path cert:\CurrentUser\My\EEDEF61D4FF6EDBAAD538BB08CCAADDC3EE28FF) <--What path is this referencing??If anybody has experience doing this I would greatly appreciate some guidance.Mike

  I was able to figure out the export portion.  I needed to select both of my Root CA's certificates then run through the export wizard and export to .sst was available.  Now the problem I'm having is when attempt to import the certs into Exchange
  2013.
  [PS] C:\>Set-SmimeConfig -SMIMECertificateIssuingCA (Get-Content rootca1.sst -Encoding Byte)
  Starting a command on the remote server failed with the following error message : The WinRM client sent a request to the remote WS-Management service and was notified that the request size exceeded the configured MaxEnvelopeSize quota.
  For more information, see the about_Remote_Troubleshooting Help topic.
      + CategoryInfo          : OperationStopped: (exchange.contoso.com:String) [], PSRemotingTransportExcept
     ion
      + FullyQualifiedErrorId : JobFailure
      + PSComputerName        : exchange.contoso.com

• Server 2008 R2 standard guest license with Server 2008 R2 datacenter Host

  Hello Experts,
  I have Windows Server 2008 R2 Datacenter edition based server. Now I want to know that do I have to buy license to activate the guest OS in the VMs like for Server 2008 R2 standard edition, or I can use it for free like in the case of AVMA in server 2012 R2 as it has keys for essentials standard and datacenter edition of server 2012 that can be used with AVMA in order to activate the guest OS license for Free..
  Thanks
  This topic first appeared in the Spiceworks Community

  Hello Experts,
  I have Windows Server 2008 R2 Datacenter edition based server. Now I want to know that do I have to buy license to activate the guest OS in the VMs like for Server 2008 R2 standard edition, or I can use it for free like in the case of AVMA in server 2012 R2 as it has keys for essentials standard and datacenter edition of server 2012 that can be used with AVMA in order to activate the guest OS license for Free..
  Thanks
  This topic first appeared in the Spiceworks Community

• Networking Problems with Server 2008 r2

  Has anyone been able to successfully install Windows Server 2008 on a Mini Server running Lion? I know the native Boot Camp assistant only supports Windows 7, but I was able to install it using 3.0.1. I've been able to get it running but can't get Windows to recognize my network adapter. Any ideas?

  Make sure you have proper network setting (VPN etc) when accessing server share.
  Regards, Ravikumar P

• NVGRE with Server 2008 R2 guest VM - NetVirtualizationLookupRecord not created

  First question -- is using a Windows 2008 R2 SP1 VM guest supported with Windows 2012 R2 hosts using HV-NVGRE and HV-NVGRE Gateways?
  I did some testing and at first I couldn't get connectivity with the 2008 R2 guest. I later found that SCVMM 2012 R2 didn't create the NetVirtualizationLookupRecord for the 2008 R2 guest. After I manually created one (matching the VM's mac address,
  CA, CustomerID, and PA) I was able to get the guest to communicate with other VM's on the same NVGRE subnet. However, I can't get the 2008 R2 guest to connect to my NVGRE gateway (which works fine with 2012 R2 VM guests).
  Is this a known issue and/or are there other manual steps required to make a 2008 R2 VM guest work with NVGRE networks and gateways?
  Thanks
  Mark
  <table> <tbody> <tr> <td colspan="3"><b>Mark E. Smith</b><br/> Practice Manager, Unified Communications<br/> Capax Global Consulting<br/> My Blog - <a href="http://blogs.capaxglobal.com/markesmith">http://blogs.capaxglobal.com/markesmith</a><br/>
  </td> </tr> <tr> <td valign="top"><img title="MCM" src="http://marksmith.netrends.com/Public%20Document%20Library/MCP/MCM_E14.gif"> <img title="MCITP" src="http://marksmith.netrends.com/Public%20Document%20Library/MCP/MCITP_E14.gif">
  <img title="MCTS" src="http://marksmith.netrends.com/Public%20Document%20Library/MCP/MCTS_E14.gif"> </td> </tr> </tbody> </table>

  Hi Ralph,
  First, I can't answer your question about the supportability of WNLB within an NVGRE network. Microsoft Support would have to answer that. That said, I haven't tested WNLB within NVGRE mainly because I personally don't recommend using it EVER. There are so
  many known issues/limitations with WNLB that I just tell folks to not even consider it. If you want to read about them, I blogged a few years ago about this (along with another solution) -- it's dated but you can read here:
  http://marksmith.netrends.com/Lists/Posts/Post.aspx?ID=111
  That said, NVGRE does have some limitations when it comes to what I would call "non-typical" IP protocols (generally anything other than TCP, ICMP, and UDP). For example, I've seen VRRP and CARP not work in a NVGRE network when playing
  with some clustered load balancers. I suspect that the issue with WNLB is with its use of mac addresses, under its various network configs (multicast, unicast, etc.)
  Due to all of the issues around WNLB, if it were me, I wouldn't even spend the time on it. Look at some of the VM Network load balancers or even try to make the Centos LB work.
  Hope that helps.
  Mark
  <table> <tbody> <tr> <td colspan="3"><b>Mark E. Smith</b><br/> Practice Manager, Unified Communications<br/> Capax Global Consulting<br/> My Blog - <a href="http://blogs.capaxglobal.com/markesmith">http://blogs.capaxglobal.com/markesmith</a><br/>
  </td> </tr> <tr> <td valign="top"><img title="MCM" src="http://marksmith.netrends.com/Public%20Document%20Library/MCP/MCM_E14.gif"> <img title="MCITP" src="http://marksmith.netrends.com/Public%20Document%20Library/MCP/MCITP_E14.gif">
  <img title="MCTS" src="http://marksmith.netrends.com/Public%20Document%20Library/MCP/MCTS_E14.gif"> </td> </tr> </tbody> </table>

• ACS 4.1 External DB with Windows 2008 AD

  I have the following scenario:
  - ACS ver 4.1.1.23 on Windows 2003 Standard with SP2, Domain controller server
  - The main AD database is running on Windows 2008
  Does anybody knows if I still need to upgrade from 4.1.X.Y to 4.2.X.Y to be able to authenticated users against Windows 2008 AD database?
  Or I only need the 4.2 upgrade when the ACS is installed on a Windows 2008 server?
  Thanks in advanced.
  Oscar Perez

  If ACS is on member server you need to upgrade it to 4.2 patch 9 to make acs work with 2008 DC.
  2008 DC support is included from 4.2 patch 4 but I recommend to go for patch 9.
  Regards,
  ~JG
  Do rate helpful posts