Firewall Issue for Client Login

I am trying to setup a mobile user between my mac mini server and MBAir (SL both). I have the user created on the server as a mobile user etc but I cant connect the MBA to the server with the firewall active. As soon as I turn off the firewall it sees the server again (Login Options, general login etc).
However in either case Sync Home doesn't work and nothing happens.
Is there a firewall setting that I am missing that would resolve the first issue (it also does the same when I try to connect to the server from my old MBPro - nothing unless Firewall is off)
Thanks

Hi Dhamodaran
MSDE2000 refers to Microsoft SQL desktop edition. The demo database would have been selected during the SAP Business One Server installation process. Did you select default or custom? Go to Control Panel, select SAP Business One Server and uninstall. Then from the installation for SAP, run the server setup again and choose custom. You will get a list of databases to choose from. Make sure at least one is selected from the list and complete the installation. Try log on as manager again.
Kind regards
Peter Juby

Similar Messages

  • Greeting Picture for Client Login?

    Hello All.
    I used to use MacAdministrator by Hi-Resolution to control authenticationa and user prefs under OS9/AppleShare IP. Now that I've migrated OSX Server, which does everything I was using MacAdmin for, I miss the ability to have a picture splash upon log-in. I'd use the picture for reminders and update it with announcements, etc. It would close after a few seconds or a mouse click. Is there a way to have OSX Server do this with client machines?
    Thanks
    Dan Porvin

    Might a simple applescript be appropriate?
    I'm thinking something on the order of:
    on run
    set loginAnnounce to display dialog "You are nice, and people like you!" buttons {"Ok"} default button "Ok"
    end run
    If you save it as an application you'll be able to make it a login item.
    There's no pretty picture, but you get your message in the user's face, and force them to interact with it.

  • How to resolve hostname/firewall issue for 9iAS 9.0.2.0.1?

    Hi,
    I am going to install 9iAS 9.0.2.0.1 on Solaris 5.8, and noticed something in the installation guide ((iAS release Notes Addendum p2-13) saying
    "Oracle9iAS does not support changing hostname and ip after installation"
    My questions are:
    1. My server is behind firewall, the hostname is ONLY available inside the firewall, How can my customers get access from outside of the firewall? Is it possible to chnage the hostname in this respect?
    if so could you provide me more info?
    2. Does it means I have the use the exact same hostname in my URL (like http://HOSTNAME_1.domain_1:1810 ) as in the hosts ot nodename files? For this example the hosts/nodename files looks like this:
    123.234.0.56 HOSTNAME_1.domain_1 HOSTNAME_1 mid_tier_host
    Thanks

    Alex,
    OC4J 9.0.3 and Reports 9.0.2 are not certified to work together, and there are known problems.
    regards,
    Stewart

  • Security Issues for Remote Login to ECC Server

    Hi,
    I have configured the saprouter so that people can remotely access the SAP ECC Servers outside the local area network. The saprouttab file contains the following entry:
    P * * *
    The parameter login/no_automatic_user_sapstar has also been set to a value 1.
    The user DDIC and SAP* can only be accessed using the master password, which is provided at installation time.
    Is my network secure enough? Or do I need to take into account some more steps / measures?
    Regards.

    Hello,
    Generally its not recommended to open up your network in the manner you have mentioned, however if its a requirement you cannot deny here is what first comes to my mind:
    Use the 'S * * *' instead of 'P * * *' (unless you are using ITS/J2EE and letting people access using HTTP(S)) , this will ensure that people are able to access only SAP protocol and not any other protocol
    Use the following link to understand options of saprouter table.
    http://help.sap.com/saphelp_47x200/helpdata/en/4f/992dfe446d11d189700000e8322d00/frameset.htm
    Also,
    It will be a good idea to allow access only to a particular IP Address i.e. the SAP Application Server instead of the entire IP range.
    instead of
    S * * *
    something like:
    S * <sap server ip address> *
    Regards,
    Siddhesh

  • Client login and purchasing

    I want to switch my photography website from Zenfolio to Behance Pro but before I do I want to confirm that Behance provides the capability to have client login and purchasing capabilities. I've not explored Behance in minute detail, but I just don't have anymore time! Perhaps for this type of site it's better to work through Adobe Muse?

    Hello - to address your questions:
    1) For "client login," you can create a password-protected page for clients. When you give them the link to this, they'll be required to enter a password.
    2) While we don't have an e-commerce feature on ProSite, you can mark specific images as "for sale" by using this feature:
    More on this here: https://behancenetwork.zendesk.com/entries/21953670-How-can-I-mark-my-work-as-for-sale-on- Behance-
    Let me know if anything else comes up.

  • Certificates issued by communications server for client authentication

    Hi,
    we ran into problem with those certificates, that are being issued by the lync server itself.  In our enteprise we have CX600 and CX3000 phones, and i know that certificate authentication is required for the phones to work (both for registrar and webservice).
    However, now that users have lync installed, they have their communications server certificate assigned as well. The problem is when a user needs to sign a document with the certificate from our private CA, for most of the users, word or excel suggests to
    use a certificate issued by communications server, not our ent CA. Maybe there is a way for LYNC to trust private enteprise CA and not give out its own certificates and STILL use certificate authentication?
    Thanks!

    Facing almost the same issue, Lync (server) issues ClientAuth certs from "Communication Server", (btw
    is not trusted of course), and in turns forces users to make a selection of which VPN cert to use when dialing in, instead of only one ClientAuth cert installed, they now have 2 ClientAuth certs installed, which our internal CA's should care about and NOT
    the Lync (server).
    Don’t get how an MS product of this caliber can be built without proper PKI integration, how can it NOT utilize internally issued certs for client authentication???
    Not the first though, SCCM and OSD is another example....
    However, are you saying that Lync communication can’t be used without certificate authentication,
    without the user being spammed with credential prompts?
    Trying to get clarification on this…

  • Client context error message while configuring for social login and personalization

    Hi,
    I am getting the below exception while configuring for social login and personalization.
    27.12.2012 11:21:25.463 *ERROR* [127.0.0.1 [1356587485463] GET /etc/cloudservices/facebookconnect/sample_fb.login.html/callback/connect HTTP/1.1] com.day.cq.wcm.core.impl.designer.DesignerImpl No design at /etc/design/cloudservices. Using default.
    27.12.2012 11:21:46.549 *ERROR* [127.0.0.1 [1356587485463] GET /etc/cloudservices/facebookconnect/sample_fb.login.html/callback/connect HTTP/1.1] com.adobe.granite.auth.oauth.impl.oauth2.Oauth2Helper Problems while creating connection.
    27.12.2012 11:21:46.549 *WARN* [127.0.0.1 [1356587485463] GET /etc/cloudservices/facebookconnect/sample_fb.login.html/callback/connect HTTP/1.1] com.adobe.granite.auth.oauth.impl.oauth2.Oauth2Helper token was null or not in UNAUTHORIZED state:1
    27.12.2012 11:21:46.549 *ERROR* [127.0.0.1 [1356587485463] GET /etc/cloudservices/facebookconnect/sample_fb.login.html/callback/connect HTTP/1.1] com.adobe.granite.auth.oauth.impl.servlet.OAuthProfileImportServlet requestAccessToken: could not retrieve user
    27.12.2012 11:21:46.549 *ERROR* [127.0.0.1 [1356587506549] GET /etc/cloudservices/facebookconnect/sample_fb.login.html HTTP/1.1] com.day.cq.wcm.core.impl.designer.DesignerImpl No design at /etc/design/cloudservices. Using default.
    27.12.2012 11:21:48.455 *ERROR* [127.0.0.1 [1356587508455] GET /etc/clientcontext/default/contextstores/profiledata/loader.json HTTP/1.1] org.apache.sling.engine.impl.SlingRequestProcessorImpl service: Uncaught SlingException org.apache.sling.api.SlingException: An exception occurred processing JSP page /libs/cq/personalization/components/profileloader/command/load/load.json.jsp at line 41
    at org.apache.sling.scripting.jsp.jasper.servlet.JspServletWrapper.handleJspExceptionInterna l(JspServletWrapper.java:574)
    at org.apache.sling.scripting.jsp.jasper.servlet.JspServletWrapper.handleJspException(JspSer vletWrapper.java:499)
    at org.apache.sling.scripting.jsp.jasper.servlet.JspServletWrapper.service(JspServletWrapper .java:451)
    at org.apache.sling.scripting.jsp.JspServletWrapperAdapter.service(JspServletWrapperAdapter. java:59)
    Thanks,
    Shankar .A

    Hi Shankar,
    Any luck with this issue. I am also seeing the same issue
    Thanks
    Pushparajan

  • Firewall rule for Novell Client

    My company recently purchased McAfee Desktop Firewall and I'm trying to
    configure the rules prior to deployment but I'm having trouble getting
    the Novell Client to cooperate. I've tried having the firewall "learn"
    the client, addresses, ports, protocols, etc. but have had no luck.
    My company is running a mix of Win2k/XP computers as well as Win95/98
    computers so any assistance in creating a firewall rule to allow the
    clients to log in is greatly apprecaited.
    Thanks!
    Ash

    Excellent, thanks!!
    > For NetWare connectivity over IP, you need ports TCP,UDP 524 and 427
    > which are NCP over IP and SLP.
    >
    >
    > --
    > Edison Ortiz
    > Novell Product Support Forum SysOp
    > (No Email Support, Thanks !)

  • BO4 Crystal Client Login Issues

    Hi Experts,
    We have recently installed BO4.0 and are using Crystal CE / 2011, and the installation went smooth [both for client and server]. What happens is when we connect to our BO server for development purpose using Crystal Client Application it gives us the error as
    "SAP Business Objects Enterprise Cannot log you on now, pls try later"
    Regards,
    Ankeet Pujara

    Hi Denis,
    This is happening on the client machine... before we start development!!!
    Regards,
    Ankeet Pujara

  • Minimum NAT/firewall settings for iChat audio/video to work?

    I've read the docs on teh ports and firewall issues but it is still unclear to me.
    I have
    1. An OS X Server 10.5.2 connected to the internet behind a router with NAT and running a firewall. NAT and of course the firewall are under my control. I've opened up the iChat Server SSL port (5223) on the OS X Server's firewall. I've put a 5223 redirect on the router to my OS X Server system. iChat is configured on this system and several users have permission to use iChat. The NAT table on the router is restricted, only ports I want to serve (e.g. 25, 22, 5223) are redirected to my server, the rest of incoming connections are blocked at the NAT (safer that way).
    2. An OS X 10.5.2 client behind a NAT setup in another part of the world.
    3. An OS X 10.5.2 client behind a NAT setup in another part of the world.
    Both clients I can manage the firewall of the client, but I cannot manage anything on the router.
    WIth this set up on both systems users have successfully connected to my OS X Server's iChat server using SSL. Text chat works. So I can assume that iChat Server works, that the permissions and login is OK, that SSL is OK.
    But neither audio not video works. I cannot establish an audio or video connection because the connection fails. The iChat connection log says
    2008-02-21 20:49:53 +0100: user@fqdn2: Error -8 (Did not receive a response from 0x18c09b30.)
    there is nothing in appfirewall.log on the client.
    The clients should work OK behind NAT. But my guess is that the server needs more than what I am giving it. However, I have been unable to find out what a minimum set of NAT redirects and firewall ports open is that would enable me to let these two clients do voice chat via my OS X Server at that other location.
    Any tip for information on how to set up the server side minimally and safely would be welcome.
    Thanks,
    G

    Hi,
    Several things.
    1) iChat server does in fact use an SSL Login on port 5223 (Tiger does not do the SSL but is still on the same port.
    This does not allow the other data on port 5220 that the Jabber side of iChat needs.
    Apple Doc http://docs.info.apple.com/article.html?artnum=93208 see item 6
    2) It also ignores the fact iChat uses a completely different set of ports to the A/V Chat
    So an AIM Login is port 5190 in those mentioned in item 6
    port 5297, 5298 and 5353 are the Bonjour ones.
    That leaves 5060, 5678, 16384-16403 for A/V chats in Tiger
    5678, 16393-16402 in Leopard
    The pics and Table are for Panther and Tiger. See the Table at the bottom http://www.ralphjohns.co.uk/pantherports.html
    The changes from Tiger to Leopard in the port Usage for A/V chats is documented here http://docs.info.apple.com/article.html?artnum=306688 (Hence the none use of port 5060 and the smaller groupfor the actual A/V Chats)
    3) Check out the two server forums for Leopard > iChat Server http://discussions.apple.com/forum.jspa?forumID=1235
    And Tiger/OS X Server 10.4 > Collaboration Services http://discussions.apple.com/forum.jspa?forumID=700 as they maybe other issues that I am not aware of on the Server side.
    So Leopard Jabber/iChat Server needs 14 ports
    5220, 5222, 5223 on TCP and
    5678, 16393-16402 on UDP
    Tiger needs the A/V ports to include 5060 and extend the group to 20 ports (16384-16403)
    I hope this helps.
    8:44 PM Sunday; February 24, 2008

  • Client Login Procedure

    Our business involves sending out topical economic and financial research in multiple daily e-mails to our clients. We wish to prevent e-mail forwarding of this research to non-clients. While there seems to be nothing to prevent e-mail forwarding itself, we hope to control access to our research by using attached PDF files.
    The solution seems to be Policy Server, but I have an initial question about client login. What exactly does it mean that clients must log in to Policy Server before they are allowed to view a PDF sent to them? Is this done automatically when the client tries to open a PDF, or must they do this prior to attempt opening the file, and must they do this before every PDF file sent to them (we send several every day). If the latter, most of our clients would object to this extra step each time. And does this mean we need to open our firewall to the server for all clients?
    Thanks

    [email protected] wrote:
    > Thanks Justin
    >
    > This helps a lot for us to move forward with this solution. I'm wondering, however, just how stable a server is going to be outside a firewall. I wonder if there is a port forwarding solution that would open up the firewall just to policy server requests, but still, it sounds like a not very secure situation. There must be something within an LDAP server that will secure the server.
    >
    > Thanks for your help!
    >
    > Carl Steen
    One other thing...the web application should be configured to run SSL (https). This is a
    requirement of Policy Server and will encrypt all communication between the client and server.
    Regarding your security concerns...Policy Server doesn't need to be running on a computer outsite
    the firewall...it just needs to be accessible from outside the firewall. This is how many corporate
    websites are set up.
    Justin Klei
    Cardinal Solutions Group
    www.cardinalsolutions.com

  • Internet access for clients

    GuysNeed some assistance on providing internet access at a branch site for clients. Any thoughts and suggestions welcome and appreciatedWe have a number of branch offices connected over ISP managed MPLS network, any-2-any. I am looking at implementing some kind of internet access at the branch offices, either wired or wireless. We manage all the L1 and L2 connectivity at the sites, and the L3 side at our hub offices, of which we have 2, mainly for internet traffic etc, which isnt provided by our MPLS ISPCurrently all internet traffic for all sites goes to our data centre and is routed out through our firewall. Routing isnt an issue here, its more the best way to set this up securely.My initial thoughts were to set aside a whole bunch of ports on a seperate PVLAN that would connect the clients to the network (I am not conerned about the clients talking to each other, as long as they cant reach the local vlans). But the problem may lie at the firewall end, as I will need to specify specific hosts for port 80, 443 traffic only. Would a seperate DHCP scope, of say a /28, allowing 16 hosts only be an idea? Then I wouldnt have to mess around with firewall changes for different hosts all the timeThanks

    Hi,
    How are things going?
    I agree with Darshana. You could connect to Internet by using a router. Router can be configured to enable all users in a network to share a single connection to the Internet. Routing and Remote Access of windows server provides built-in
    routing services that can be used to connect an organization to the Internet through a routed connection to an ISP.
    You can also configure a windows server as a NAT server in your network. A network address translator is an IP router that can translate IP addresses and TCP or UDP port numbers of packets as they are being forwarded. NAT translates private
    IP addresses to external, public IP addresses. Then the computers of LAN can access Internet.
    Best Regards,
    Tina
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

  • RMI firewall issue - opening port 1099 is not enough

    Hello,
    We have a distributed java desktop app that uses RMI with callbacks to communicate amongst the clients. It all works really well at our dev site and at 2 trial sites.
    We are about to deploy out to more customer sites - so I have been doing more testing with firewalls etc and discovered some issues. Our customers are small businesses and typically have between 1 and 10 desktop clients that connect to the server via RMI. These customers are "very NOT technical", so we need to give them set-and-forget firewalls etc.
    This is all on a LAN, with RMI using port 1099. On the firewalls (of the various PCs) we open ports 1099 (RMI) and 5432 (for the Postgres DB).
    Also, I was using "CurrPorts" and "SmartSniff" to monitor the traffic at each PC - so I had a reasonable view of proceedings.
    Basically, opening port 1099 on the server is necessary, but it is NOT ENOUGH. The RMI moves off to ports other than 1099, and the server firewall does not allow the connection.
    Procedure ...
    (1) start the "server" app - which starts the RMI registry - the "localhost" desktop app also starts and it works well to both the database and the RMI.
    (2) start another client - it connects to the DB Server, but NOT the RMI server.
    (3) open the server firewall to all traffic for a few seconds - then the client connects successfully.
    From CurrPort logging I could watch the RMI comms progress over those first few minutes ...
    Initially the comms do include port 1099 on the initial call to the server, but there after there are always 2 or 3 "channels" open, but not to 1099.
    I notice that the Postgres DB keeps using port 5432 for all of its active channels - so it does not have the same firewall issue.
    After we have opened the firewall for a few seconds - to enable the link - then we can turn the client on and off and the client re-connects without issue - so it would seem to be only an issue with the initial connection.
    I am sure that this is all completely standard and correct RMI behavior.
    QUESTIONS:
    1. Can RMI be "forced" to always use port 1099 for connections, and not move to other ports? (like the database uses 5432)
    2. Are there any suggestions for getting around this seemingly standard RMI behaviour?
    Other comments ...
    The firewall lets me open individual ports (say 1099) - BUT I can not justify opening ALL ports.
    The firewall lets me open all ports to an application, say "C:\Program Files\Java\jre6\bin\java.exe", but that app will occasionally change at a customer's site as they will update their java version and suddenly our app will stop working.
    Any guidance is appreciated.
    Many Thanks,
    -Damian

    1. Can RMI be "forced" to always use port 1099 for connectionsYes. Export all your servers on the same port. See UnicastRemoteObject constructor that takes an int, or UnicastRemoteObject.exportObject(int). If the RMI Registry is a separate process you can't re-use 1099 for this purpose, but see below.
    2. Are there any suggestions for getting around this seemingly standard RMI behaviour?Yes. Start the RMI Registry in the same JVM as the code, then you only need to use 1099 for everything.
    If you are using server socket factories, make sure they have an equals() method, or use the same instance for all remote objects.

  • How to setup remote web/client login to my BO XI 4.0 server in Bangalore?

    I have setup BO XI 4.0 server with Win 2008 R2 in Bangalore. But I'm not able to configure remote login to this server.
    For example, To connect Interactive Analysis - Desktop from a remote system to my server installed in different machine.
    Any thoughts what needs to be done? I tried wdeploy with no impact on result.
    Thanks,
    Madhu

    This maybe a firewall issue. I would recommend to check the XI 4.0 installation guide on how to configure your server and enable access over a firewall.
    Talking to your network team as proposed by the previous poster is the first step.
    Regards,
    Stratos

  • 451 4.7.0 Timeout waiting for client input

    My organization is running Small Business Server 2008 with Exchange.  After installing Exchange users reported not reciveing emails from Comcast and a few other domains.  Looking at the logs, domains including gmail and comcast are unable to deliver email to our Exchange mailboxes.  They receive an error message like the following.
    Technical details of temporary failure:
    Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 451 451 4.7.0 Timeout waiting for client input (state 18).
    Other domains send just fine. Any ideas what is causing the 451 4.7.0 connection timeout error message?  The following is an example SMTPReceive log.
    2009-06-08T23:15:11.964Z,,+,,
    2009-06-08T23:15:11.964Z,,SMTPSubmit SMTPAcceptAnySender SMTPAcceptAuthoritativeDomainSender AcceptRoutingHeaders,Set Session Permissions
    2009-06-08T23:15:11.964Z,,"220 remote.domain.com Microsoft ESMTP MAIL Service ready at Mon, 8 Jun 2009 16:15:11 -0700",
    2009-06-08T23:15:12.027Z,,<,EHLO smtp3.mail.com,
    2009-06-08T23:15:12.027Z,,250-remote.domain.com Hello [123.12.123.123],
    2009-06-08T23:15:12.027Z,,250-SIZE 10485760,
    2009-06-08T23:15:12.027Z,,250-PIPELINING,
    2009-06-08T23:15:12.027Z,,>,250-DSN,
    2009-06-08T23:15:12.027Z,,>,250-ENHANCEDSTATUSCODES,
    2009-06-08T23:15:12.027Z,,>,250-STARTTLS,
    2009-06-08T23:15:12.027Z,,>,250-AUTH,
    2009-06-08T23:15:12.027Z,,>,250-8BITMIME,
    2009-06-08T23:15:12.027Z,,>,250-BINARYMIME,
    2009-06-08T23:15:12.027Z,,>,250 CHUNKING,
    2009-06-08T23:15:12.105Z,,<,STARTTLS,
    2009-06-08T23:15:12.105Z,,>,220 2.0.0 SMTP server ready,
    2009-06-08T23:15:12.105Z,,*,,Sending certificate
    2009-06-08T23:15:12.105Z,,*,CN=remote.domain.com,Certificate subject
    2009-06-08T23:15:12.105Z,,*,CN=ecf-DOMAINSERVER-CA,Certificate issuer name
    2009-06-08T23:15:12.105Z,,*,,Certificate serial number
    2009-06-08T23:15:12.105Z,DOMAIN\Windows SBS Internet Receive DOMAIN,,20,,*,,Certificate thumbprint
    2009-06-08T23:15:12.105Z,DOMAIN\Windows SBS Internet Receive DOMAIN,,21,,,*,remote.domain.com;domain.com;DOMAIN.local,Certificate alternate names
    2009-06-08T23:15:12.355Z,,EHLO smtp3.mail.com,
    2009-06-08T23:15:12.355Z,,250-remote.domain.com Hello [123.12.123.123],
    2009-06-08T23:15:12.355Z,,250-SIZE 10485760,
    2009-06-08T23:15:12.355Z,,250-PIPELINING,
    2009-06-08T23:15:12.355Z,,250-DSN,
    2009-06-08T23:15:12.355Z,,250-ENHANCEDSTATUSCODES,
    2009-06-08T23:15:12.355Z,,250-AUTH,
    2009-06-08T23:15:12.355Z,,250-8BITMIME,
    2009-06-08T23:15:12.355Z,,>,250-BINARYMIME,
    2009-06-08T23:15:12.355Z,,>,250 CHUNKING,
    2009-06-08T23:15:12.433Z,,<,MAIL From:<[email protected]> SIZE=52018,
    2009-06-08T23:15:12.433Z,DOMAIN\Windows SBS Internet Receive DOMAIN,,,,,,,receiving message
    2009-06-08T23:15:12.433Z,,250 2.1.0 Sender OK,
    2009-06-08T23:15:12.496Z,,RCPT To:<[email protected]>,
    2009-06-08T23:15:12.496Z,,250 2.1.5 Recipient OK,
    2009-06-08T23:15:12.496Z,,DATA,
    2009-06-08T23:15:12.496Z,,354 Start mail input; end with <CRLF>.<CRLF>,
    2009-06-08T23:15:20.277Z,,451 4.7.0 Timeout waiting for client input,
    2009-06-08T23:15:20.277Z,,,Local
    2009-06-08T23:16:03.276Z,,451 4.7.0 Timeout waiting for client input,
    2009-06-08T23:16:03.276Z,,,Local

    I had a similar issue with fortigate firewall. I could not able to resolve this issue with fortigate. Fortunately I had a Cisco PIX firewall in my stock. Eventhough it is not a best practise I have replaced the fortigate firewall with Cisco PIX mail flow
    started perfectly without any issues.
    If any fortigate experts are seeing this forum please suggest what has to be done for solving this issue.
    I have escalated this case to fortigate and they resolved the issue by executing the following commands on the fortigate firewall.
    set tcp-mss-sender1452
    set tcp-mss-receiver1452
    Santhosh Sivaraman MCITP: Microsoft Exchange Server 2007/2010 | MCSE/MCSA

Maybe you are looking for