Firewall with AES Authentication?

Similar Messages

• WPA2 network authentication with AES Data Encryption

  I have tried unsuccessfully to connect with my university's network....they are running WPA2 with AES data encryption....authentication is Protected EAP (PEAP). Any ideas of the iPhone can connect to something like this?

  You've confirmed my suspicion. We use WPA2-Personal with AES Encryption as well and I just discovered after having bought my iPhone last night, that it will not connect. And yet every other WiFi device I own, including two Windows computers have no issue connecting to the same Access Point. Obviously the issue is with the iPhone and now I'll have to contact Apple to learn how the intend to resolve it.

• 802.1x EAP-PEAPv0 (MSCHAPV2) with computer authentication

  I am a network administrator at seven schools, and a few of these schools are now using 802.1x EAP-PEAPv0 (MSCHAPV2) with computer authentication  only, for wireless security. 
  We are a mixture of 2008 and 2003 (Windows Domain) servers running IAS or NPS for RADIUS.  
  I push out the wireless client’s setting via group policy, and the clients are using WZC. 
  Every now and then, a client will be unable to authenticate/validate during the authentication phase. 
  Some clients this will never happen to and a few it will happen repeatedly. 
  To fix this I have to hard wire the computer and do a gpupdate, even though the computer already had the updates applied previously, and is still part of the domain. 
  Many of our classrooms lack network drops, so wireless is the best for us. 
  Except for this one downfall, it is working great. Any help is appreciated.

  Hi Ryan,
  Thanks for posting here.
  Could you discuss the situation that you mentioned “a client will be unable to authenticate/validate during the authentication phase. 
  Some clients this will never happen to and a few it will happen repeatedly. ”
    in detail ? Can you verify if there is any error or warring that relate with this authentication issue recorded in event log on client and radius server ?
  Only certain computers are facing this issue or all?
  What’s OS running on these client computers?
  According the situation right now , I’d like to share some suggections with you:
  1. An 802.1x client may fail to connect to an Radius server if the Trusted Root CA certificate that issued the Radius server certificate is not installed on
  the client computer. Either verify that the trusted root authority is installed on the client computer or disable certificate validation on the client. To disable certificate validation, access the properties of the connection, and on the Authentication tab,
  click Properties. Click to clear the Validate server certificate check box. EAP-TLS requires the installation of a computer certificate on each RADIUS server and a computer or user certificate, or smart card on all clients. PEAP-MS-CHAPv2 requires the installation
  of a computer certificate on each RADIUS server and the root CA certificates of the issuing CAs of the RADIUS server certificate on each of the client computers.
  2. Verify that Radius is configured for the logging of rejected authentication attempts to the event log. Try the connection again, and then check the system
  event log for an IAS event for the failed connection attempt. Use the information in the log to determine the reason the connection attempt was either rejected or discarded. Logging options are configured on the General tab of the Radius server Properties
  dialog.
  3. Any rejected or discarded connection attempt recorded should identify the Connection Request Policy used. A RADIUS request message is processed only if the
  settings of the incoming RADIUS request message match at least one of the connection request policies. Examine the conditions of the policy identified to see where the request fails.
  4. Determine from the IAS system event log entries whether the authentication failure is for computer auth, user auth, or both. By default, Windows performs
  an 802.1x authentication with computer credentials before displaying the Windows logon screen. Another authentication with user credentials is performed after the user has logged on, and if this fails the machine will be disconnected from the network. Similarly,
  if computer authentication fails but user auth is successful, symptoms will include failure to process login scripts or apply group policies and machine password expiration will not be updated since the user will only be able to logon with cached credentials.
  If you use a smart card for authentication, you can only perform user authentication because smart card usage requires manual entry of a personal identification number (PIN). There is no way to provide the PIN to unlock the smart card certificate during computer
  authentication.
  5. Examine the wireless trace logs captured and search for keywords error, failed, failure, or rejected. This should give an indication as to what point in the
  authentication process the failure occurs.
  Meanwhile, I ‘d like suggest you may start troubleshooting with following the guides below and see if it will help:
  Windows Server 2003 Wireless Troubleshooting
  http://technet.microsoft.com/en-us/library/cc773359(WS.10).aspx
  Troubleshooting Windows Vista 802.11 Wireless Connections
  http://technet.microsoft.com/en-us/library/cc766215(WS.10).aspx
  Thanks.
  Tiger Li
  TechNet Subscriber Support in forum
  If you have any feedback on our support, please contact
  [email protected]
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
  Random computers running Windows XP have this problem.  It does not happen to all of them at once. 
  It is very random.  A computer that has been connecting to the secure network for weeks will all of a sudden not be able to connect. The message is “attempting to authenticate” and it never makes the connection. 
  I checked if logging is turned on and I can see successful events from computers that are working. 
  I can also see failed events from computers that are not ours that tried to connect to our wireless. 
  However for the computers that are having this problem there are no logged events. 
  It is as if they don’t even communicate with the server. 
  Other clients on the same AP are working fine.  I rebooted the IAS service, and RADIUS clients, but this did not help. 
  I also checked all the settings and they are correct, using PEAP, and validating the server certificate is disabled. 
  I did notice that the firewall is also turned on through group policy when the domain is not available.
     Do you think the firewall is blocking the communication? 
  I added an exception to port 1812 UDP and this did not make a difference.

• Frequent disconnect using peap wpa2 with aes and tkip

  I got frequent disconnect for the users on wireless using peap wpa2 with aes and tkip.
  My network is setup with :
  -Wireless controller 4404
  -ACS 4.0
  -28 access point 1131g
  -Peap authentication with active directory windows 2003
  -windows xp - mschap2 with aes- tkip
  when i check only aes on the wireless controller 4404 the network user are able work in a stable condition

  This might similar to the bug where Wireless phones dont associate if WPA2 is configured with both AES/TKIP. In this case try to upgrade the controller.

• Issue with SharePoint foundation 2010 to use Claims Based Auth with Certificate authentication method with ADFS 2.0

  I would love some help with this issue.  I have configured my SharePoint foundation 2010 site to use Claims Based Auth with Certificate authentication method with ADFS 2.0  I have a test account set up with lab.acme.com to use the ACS.
  When I log into my site using Windows Auth, everything is great.  However when I log in and select my ACS token issuer, I get sent, to the logon page of the ADFS, after selected the ADFS method. My browser prompt me which Certificate identity I want
  to use to log in   and after 3-5 second
   and return me the logon page with error message “Authentication failed” 
  I base my setup on the technet article
  http://blogs.technet.com/b/speschka/archive/2010/07/30/configuring-sharepoint-2010-and-adfs-v2-end-to-end.aspx
  I validated than all my certificate are valid and able to retrieve the crl
  I got in eventlog id 300
  The Federation Service failed to issue a token as a result of an error during processing of the WS-Trust request.
  Request type: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
  Additional Data
  Exception details:
  Microsoft.IdentityModel.SecurityTokenService.FailedAuthenticationException: MSIS3019: Authentication failed. ---> System.IdentityModel.Tokens.SecurityTokenValidationException:
  ID4070: The X.509 certificate 'CN=Me, OU=People, O=Acme., C=COM' chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. 'A certification chain processed
  correctly, but one of the CA certificates is not trusted by the policy provider.
  at Microsoft.IdentityModel.X509CertificateChain.Build(X509Certificate2 certificate)
  at Microsoft.IdentityModel.Tokens.X509NTAuthChainTrustValidator.Validate(X509Certificate2 certificate)
  at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token)
  at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()
  at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
  --- End of inner exception stack trace ---
  at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
  at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.BeginGetScope(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
  at Microsoft.IdentityModel.SecurityTokenService.SecurityTokenService.BeginIssue(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.DispatchRequestAsyncResult..ctor(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginDispatchRequest(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.ProcessCoreAsyncResult..ctor(WSTrustServiceContract contract, DispatchContext dispatchContext, MessageVersion messageVersion, WSTrustResponseSerializer responseSerializer, WSTrustSerializationContext
  serializationContext, AsyncCallback asyncCallback, Object asyncState)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginProcessCore(Message requestMessage, WSTrustRequestSerializer requestSerializer, WSTrustResponseSerializer responseSerializer, String requestAction, String responseAction, String
  trustNamespace, AsyncCallback callback, Object state)
  System.IdentityModel.Tokens.SecurityTokenValidationException: ID4070: The X.509 certificate 'CN=Me, OU=People, O=acme., C=com' chain building
  failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. 'A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider.
  at Microsoft.IdentityModel.X509CertificateChain.Build(X509Certificate2 certificate)
  at Microsoft.IdentityModel.Tokens.X509NTAuthChainTrustValidator.Validate(X509Certificate2 certificate)
  at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token)
  at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()
  at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
  thx
  Stef71

  This is perfectly correct on my case I was not adding the root properly you must add the CA and the ADFS as well, which is twice you can see below my results.
  on my case was :
  PS C:\Users\administrator.domain> $root = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\
  cer\SP2K10\ad0001.cer")
  PS C:\Users\administrator.domain> New-SPTrustedRootAuthority -Name "domain.ad0001" -Certificate $root
  Certificate                 : [Subject]
                                  CN=domain.AD0001CA, DC=domain, DC=com
                                [Issuer]
                                  CN=domain.AD0001CA, DC=portal, DC=com
                                [Serial Number]
                                  blablabla
                                [Not Before]
                                  22/07/2014 11:32:05
                                [Not After]
                                  22/07/2024 11:42:00
                                [Thumbprint]
                                  blablabla
  Name                        : domain.ad0001
  TypeName                    : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
  DisplayName                 : domain.ad0001
  Id                          : blablabla
  Status                      : Online
  Parent                      : SPTrustedRootAuthorityManager
  Version                     : 17164
  Properties                  : {}
  Farm                        : SPFarm Name=SharePoint_Config
  UpgradedPersistedProperties : {}
  PS C:\Users\administrator.domain> $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\
  cer\SP2K10\ADFS_Signing.cer")
  PS C:\Users\administrator.domain> New-SPTrustedRootAuthority -Name "Token Signing Cert" -Certificate $cert
  Certificate                 : [Subject]
                                  CN=ADFS Signing - adfs.domain
                                [Issuer]
                                  CN=ADFS Signing - adfs.domain
                                [Serial Number]
                                  blablabla
                                [Not Before]
                                  23/07/2014 07:14:03
                                [Not After]
                                  23/07/2015 07:14:03
                                [Thumbprint]
                                  blablabla
  Name                        : Token Signing Cert
  TypeName                    : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
  DisplayName                 : Token Signing Cert
  Id                          : blablabla
  Status                      : Online
  Parent                      : SPTrustedRootAuthorityManager
  Version                     : 17184
  Properties                  : {}
  Farm                        : SPFarm Name=SharePoint_Config
  UpgradedPersistedProperties : {}
  PS C:\Users\administrator.PORTAL>

• Log on to Infoview with SAP authentication

  Hi Gurus ,
  Please can some one provide me documentation , to configure , Infoview with SAP authentication .
  I have R/3 system where i have a datasource and then one Remote cube in BW . On the cube developed a BEx Query  . I want to log into Infoview using SAP authentication .Now, i am able to login into Infoview using Enterprise as authentication .
  Thanks ,
  Madhu .

  Hi Madhu,
     You can go to help SAP and download the BusinessObjects SAP Kit manual, here is the link for SAP BusinessObjects products.  [http://help.sap.com/content/bobj/bobj/index.htm]
    Link for BusinessObjects XI Integration for SAP Installation Guide (XI3.1SP2) [https://websmp105.sap-ag.de/~sapidb/011000358700000843912009E/xi31_sp2_bip_sap_install.pdf]
    Link for BusinessObjects XI Integration for SAP User's Guide  (XI3.1SP2) [http://help.sap.com/businessobject/product_guides/boexir31SP2/en/xi31_sp2_bip_sap_user_en.pdf]
  I hope this help you.
  Best regards,
     Fede

• SharePoint 2010 with LDAP authentication, using NOVELL eDirectory

  One of my customers needs a SharePoint application that allows people to authenticate with either an Active Directory account (internal staff) or a Novell eDirectory account (external customers).
  Using the following article as a base guide (http://blogs.technet.com/b/speschka/archive/2009/11/05/configuring-forms-based-authentication-in-sharepoint-2010.aspx)
  I configured a claims-based test application that had Windows authentication enabled and Forms based authentication (FBA) enabled (this is on a Windows 2008 server and not a domain controller)
  In the Membership provider name text box I entered "LdapMember"
  In the Role provider name  text box I entered "LdapRole"
  In the web.config for the SharePoint Central Admin, I modified/added the following details right before </system.web>
  <membership>
  <providers>
  <add name="LdapMember"
  type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
  server="ldap.server.address"
  port="389"
  useSSL="false"
  connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
  connectionPassword= "validpassword"
  userDNAttribute="dn"
  userNameAttribute="cn"
  userContainer="OU=people,O=validobject"
  userObjectClass="person"
  userFilter="(ObjectClass=person)"
  scope="Subtree"
  otherRequiredUserAttributes="sn,givenname,cn" />
  </providers>
  </membership>
  <roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider" >
  <providers>
  <add name="LdapRole"
  type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
  server="ldap.server.address"
  port="389"
  useSSL="false"
  connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
  connectionPassword= "validpassword"
  groupContainer="OU=people,O=validobject"
  groupNameAttribute="cn"
  groupNameAlternateSearchAttribute="samAccountName"
  groupMemberAttribute="member"
  userNameAttribute="sAMAccountName"
  dnAttribute="distinguishedName"
  groupFilter="((ObjectClass=group)"
  userFilter="((ObjectClass=person)"
  scope="Subtree" />
  </providers>
  </roleManager>
  I modified the SecurityTokenServiceApplication web.config with these details
  <system.web>
  <membership>
  <providers>
  <add name="LdapMemebr"
  type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
  server="ldap.server.address"
  port="389"
  useSSL="false"
  connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
  connectionPassword= "validpassword"
  userDNAttribute="dn"
  userNameAttribute="cn"
  userContainer="OU=people,O=validobject"
  userObjectClass="person"
  userFilter="(ObjectClass=person)"
  scope="Subtree"
  otherRequiredUserAttributes="sn,givenname,cn" />
  </providers>
  </membership>
  <roleManager enabled="true">
  <providers>
  <add name="LdapRole"
  type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
  server="ldap.server.address"
  port="389"
  useSSL="false"
  connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
  connectionPassword= "validpassword"
  groupContainer="OU=people,O=validobject"
  groupNameAttribute="cn"
  groupNameAlternateSearchAttribute="samAccountName"
  groupMemberAttribute="member"
  userNameAttribute="sAMAccountName"
  dnAttribute="distinguishedName"
  groupFilter="(&amp;(ObjectClass=group))"
  userFilter="(&amp;(ObjectClass=person))"
  scope="Subtree" />
  </providers>
  </roleManager>
  </system.web>
  I modified the web.config of the test application I created with these details
  <roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false">
  <providers>
  <add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
  <add name="LdapRole" type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
  server="ldap.server.address"
  port="389"
  useSSL="false"
  connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
  connectionPassword= "validpassword"
  groupContainer="OU=people,O=validobject"
  groupNameAttribute="cn"
  groupNameAlternateSearchAttribute="samAccountName"
  groupMemberAttribute="member"
  userNameAttribute="cn"
  dnAttribute="dn"
  groupFilter="(&amp;(ObjectClass=group))"
  userFilter="(&amp;(ObjectClass=person))"
  scope="Subtree" />
  </providers>
  </roleManager>
  <membership defaultProvider="i">
  <providers>
  <add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
  <add name="LdapMember" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
  server="ldap.server.address"
  port="389"
  useSSL="false"
  connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
  connectionPassword= "validpassword"
  useDNAttribute="true"
  userDNAttribute="dn"
  userNameAttribute="cn"
  userContainer="OU=people,O=validobject"
  userObjectClass="person"
  userFilter="(ObjectClass=person)"
  scope="Subtree"
  otherRequiredUserAttributes="sn,givenname,cn" />
  </providers>
  </membership>
  With all of this configured, I can go to the new test site, I do see the form where I can choose either Windows authentication or Forms authentication. I can successfully login with Windows authentication, but forms authentication gives me me an error.
  The server could not sign you in. Make sure your user name and password are correct, and then try again.
  I can successfully login to a LDAP management tool, using the same credentials I entered on the form, so I know the username and password being submitted are correct. I get the following items in the event viewer
  8306 - SharePoint Foundation - The security token username and password could not be validated.
  in the SharePoint trace logs - Password check on 'testuser' generated exception: 'System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security token username and password could not be validated. and
  then this:
  Request for security token failed with exception: System.ServiceModel.FaultException: The security token username and password could not be validated.
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message response)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst)
  at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo)
  I monitored the LDAP server and did a packet-trace on the communication happening between the SharePoint server and the LDAP server and it is a bit odd. It goes like this:
  The SharePoint server successfully connects to the LDAP server, binding the ldapserviceid+password
  The LDAP server tells the SharePoint server it is ready to communicate
  the SharePoint server sends an LDAP query to the LDAP server, asking if the name entered in the form authentication page can be found.
  The LDAP server does the query, successfully finds the entered name and sends a success message back to SharePoint
  The LDAP server sends notification that it is done and is closing the connection that was bound to theldapserviceid+password
  The SharePoint server acknowledges the connection is closing
  ... and then nothing happens, except the error on SharePoint
  What I understand is that the SharePoint server, once it gets confirmation that the submitted username exists in LDAP, should attempt to make a new LDAP connection, bound to the username and password submitted in the form (rather than the LDAP service account
  specified in the web.config). That part does not seem to be happening.
  I am at a standstill on this and any help would be greatly appreciated.

  OK, our problem was resolved by removing any information about the ASP.NET role manager. Initially, we had information about a role manager defined in three different web.config files, as well as in the SharePoint Central Administration site, where there
  is the checkbox to Enable Forms Based Authentication (you see this when you first create the new SharePoint app, or afterwards by modifying the Authentication Provider for the app.) In either case, you will see two text boxes, underneath the checkbox item
  for enabling Forms Based Authentication:
  "ASP.NET Membership provider name"
  "ASP.NET Role manager name"
  We entered a name for Membership provider, and left Role manager blank.
  In the web.config for the SharePoint Central Administration site, the SecurityTokenServiceApplication app, and the web app we created with FBA enabled, we entered the following:
  <membership>
  <providers>
  <add name="LdapMember"
  type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
  server="ldap.server.address"
  port="389"
  useSSL="false"
  connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
  connectionPassword="validpassword"
  useDNAttribute="false"
  userDNAttribute="dn"
  userNameAttribute="cn"
  userContainer="OU=people,O=validobject"
  userObjectClass="person"
  userFilter="(ObjectClass=person)"
  scope="Subtree"
  otherRequiredUserAttributes="sn,givenname,cn" />
  </providers>
  </membership>
  <roleManager>
  <providers>
  </providers>
  </roleManager>
  useDNAttribute="false" turned out to be important as well.
  So, for us to get LDAP authentication working between SharePoint 2010 and Novel eDirectory, we had to:
  leave anything related to the role provider blank
  configure the web.config in three different applications, with the proper connection information to reach our Novel eDir
  Ensure that useDNAttribute="false" was used in all three on the modified web.config files.
  Since our eDir is flat and used pretty much exclusively for external users, we had never done any sort of advanced role management configuration in eDir. So, by having role manager details in the web.config files, SharePoint was waiting for information from
  a non-existent role manager.

• ASA , Cisco VPN client with RADIUS authentication

  Hi,
  I have configured ASA for Cisco VPN client with RADIUS authentication using Windows 2003 IAS.
  All seems to be working I get connected and authenticated. However even I use user name and password from Active Directory when connecting with Cisco VPN client I still have to provide these credentials once again when accessing domain resources.
  Should it work like this? Would it be possible to configure ASA/IAS/VPN client in such a way so I enter user name/password just once when connecting and getting access to domain resources straight away?
  Thank you.
  Kind regards,
  Alex

  Hi Alex,
  It is working as it should.
  You can enable the vpn client to start vpn before logon. That way you login to vpn and then logon to the domain. However, you are still entering credentials twice ( vpn and domain) but you have access to domain resources and profiles.
  thanks
  John

• Web Service Call with Basic Authentication does not work

  If I try to use Basic Authentication in my Web Service Client with the automatically created methods
  setUsername(inUserName)
  setPassword(inPassword)
  setAddress(inAddress)
  the application does not make a call. Did I forget something?
  Is it possible to use "Test Method" with Basic Authentication?
  Thank you.

  Thank you for your answer.
  But: I already read this article. And it doesn't help me.
  I use the following code:
              getMyServiceClient1().setUsername(inUserName);
              getMyServiceClient1().setPassword(inPassword);With this code I always get a java.lang.NullPointerException.
  The methods setUsername and setPassword are definded as follows:
  public void setUsername(String inUserName) {
          myStub._setProperty(Stub.USERNAME_PROPERTY, inUserName);
    public void setPassword(String inPassword) {
          myStub._setProperty(Stub.PASSWORD_PROPERTY, inPassword);
    }But if I look at the methods which are generated automatically by Sun Java Studio Creator I cannot find _setProperty.
  I also found this thread in your forum:
  http://swforum.sun.com/jive/thread.jspa?forumID=123&threadID=54773

• How do I protect my JNLP, my JARs etc. (with Basic Authentication)???

  hi all,
  i know that there is a FAQ ( [see here|http://lopica.sourceforge.net/faq.html#obfuscate] ) answering a related question with "You can use an obfuscator...". ok, but is there really no other solution?
  this is the simplified folder structure of my application on the server:
  [application]
    [etc]
      xyz.xml
    [jars]
      myapp.jar
    launch.jnlp
  website.jsp
  initial start and basic authentication:*
  my first idea was to secure everything underneath "application" with basic authentication via my web.xml (yes, i'm aware of the security concerns). this means everybody can access my website (here: website.jsp) which contains a start button that links to "launch.jnlp". as soon as the user clicks on it, the browser opens its standard authentication dialog since launch.jsp is in a protected area. after entering the correct credentials the jnlp-file is downloaded and java web start takes over control. first of all it seems as it tries to access the same jnlp-file again (??? --> probably in order to check for changes in the jnlp file --> this is certainly not the case for the initial startup) and then wants to download the relevant jar (myapp.jar). because both resources are protected jws opens its own basic authentication dialog where i have to enter the same credentials the second time. as far as i know, there is no solution to pass the credentials between the browser and the jvm.
  second start and basic authentication:*
  if the user starts my application for the 2nd, 3rd, ... time via desktop-link (set in jnlp-file) there is no need for accessing my website with a browser. therefore only the authentication dialog of jws gets displayed. so far, so good!
  and now the actual problem:*
  during runtime my application (signed with verisign certificate and having all permissions) uses commons-vfs and commons-httpclient to access resources on the same server (e.g. etc/xyz.xml). since they're underneath the protected "application" directory as well, my application needs the same credentials the user already entered in the authentication dialog of jws. now i could retrieve these credentials by calling Authenticator.requestPasswordAuthentication() within my application and passing them to vfs and httpclient. however, doing so opens up jws' authentication dialog again. grrr!!! is there a way to prevent this?
  related thougts:*
  i know i could disable jws' default Authenticatior and set my own Authenticator which might be able to return already entered credentials without opening the dialog a second time. however, it seems that even with <property name="javaws.cfg.jauthenticator" value="none" /> jws still opens its own dialog when acessing the JNLP file and the relevant JARs during the startup/download phase. of course, who else if not jws could handle that phase? my application might not even be downloaded at this point. so i guess setting my own Authenticator would not be a solution either (at least not if i want to secure my jnlp and my jars, too). quite the contrary, it would have to open another dialog... :-(
  my current solution:*
  for the moment i use jws' default Authenticatior which allows me to easily protect all my stuff on the server side (jnlp, jar, etc). i can live with the two login dialogs at the initial startup. and instead of querying the credentials from jws' default Authenticatior at runtime, i set two system properties for username and password in the (protected) jnlp-file, query them at runtime and hand it to vfs and httpclient. this prevents the 2nd (or 3rd) dialog but is definitely not a great solution. most of all i'm not happy with the fact that this somehow "destroys" the container-based security advantage of easily configuring authorized users via a separate mechanism e.g. tomcat-users.xml. now there has to be one master-password that has to be set in the jnlp-file! grrr!
  a possible alternative:*
  i'm not sure but would it be better to secure everything with form-based authentication on the website, and dynamically generate username and password into the jnlp-file? but what happens when the admin changes the password on the server and the user starts its application via desktop-link??? in case of basic authentication i think jws would popup the login dialog again. however, if i use the old username and password generated into the jnlp it won't work. i think the user then has to access the website again. this is not good at all! :-(
  the only real solution:*
  should i write a small application which can be downloaded by everybody and on startup queries the user's credentials, validates them with the help of our server, and uses the javax.jnlp-api to download the secured JARs of my real application? this seems so much overkill! does anybody have experiences with this approach? how difficult is it to implement the whole download/update stuff with javax.jnlp?
  WHAT HAVE I MISSED???
  AM I COMPLETELY WRONG???
  WHAT IS THE EASIEST WAY???
  AND WHAT IS THE BEST WAY???
  thank you so much,
  stephan

  Not sure, whether I understood correctly, what you wanna do - but up to now I can't see any problem.
  if you have a structure like this:
  /ctxroot/
         launch.jnlp
         /app/
             *.jar
             *.whateveryou may use in your web.xml:
       <servlet>
            <servlet-name>JnlpDownloadServlet</servlet-name>
            <servlet-class>jnlp.sample.servlet.JnlpDownloadServlet</servlet-class>
       </servlet>
       <servlet-mapping>
            <servlet-name>JnlpDownloadServlet</servlet-name>
            <url-pattern>*.jnlp</url-pattern>
            <url-pattern>/app/*</url-pattern>
       </servlet-mapping>
       <security-constraint>
            <web-resource-collection>
                 <web-resource-name>Application</web-resource-name>
                 <url-pattern>/app/*</url-pattern>
                 <http-method>GET</http-method>
                 <http-method>POST</http-method>
            </web-resource-collection>
            <auth-constraint>
                 <role-name>bla</role-name>
                 <role-name>fahsel</role-name>
            </auth-constraint>
            <user-data-constraint>
                 <transport-guarantee>CONFIDENTIAL</transport-guarantee>
            </user-data-constraint>
       </security-constraint>
       <security-constraint>
            <web-resource-collection>
                 <web-resource-name>Subscription</web-resource-name>
                 <url-pattern>*.jnlp</url-pattern>
            </web-resource-collection>
            <user-data-constraint>
                 <transport-guarantee>CONFIDENTIAL</transport-guarantee>
            </user-data-constraint>
       </security-constraint>
       <login-config>
            <auth-method>BASIC</auth-method>
            <realm-name>whatever-realm</realm-name>
       </login-config>
       <security-role><role-name>bla</role-name></security-role>
       <security-role><role-name>fahsel</role-name></security-role>
  ...Than you may use the Service stuff like:
       BasicService bs = (BasicService)ServiceManager.lookup("javax.jnlp.BasicService");
       URL codeBase = bs.getCodeBase();
       URL pu = new URL(codeBase.toString() + "whatever.bla");
       HttpURLConnection res = (HttpURLConnection) pu.openConnection();
       res.setInstanceFollowRedirects(true);
       res.setRequestMethod("GET");
       res.setConnectTimeout(10 * 60 * 1000);
       res.connect();
       String enc = res.getContentType();
  ...Where is the problem? If you wanna intercept certain "calls" to an app resource, just use a filter, which decides, whether to answer the request directly by itself or to pass it to the JnlpDownloadServlet ...

• I forgot my iCloud password, and i can not reset it with email authentication, when i do it, i don't receive any mail from Apple

  I forgot my iCloud password, and i can not reset it with email authentication, when i do it, i don't receive any mail from Apple

  If you don't know your password, don't know your security questions and don't have a rescue address or don't receive a reset email, you should contact AppleCare who will initially try to assist you with a reset email or if unsuccessful will pass you to the security team to reset your security questions for you.
  If you are in a region that doesn't have international telephone support try contacting Apple through iTunes Store Support.

• Invoking an external web service through a JCD with Basic Authentication

  Group,
  I am trying to invoke an external web service (written in ASP.Net) from a jcd (5.1.2). The web service is guarded by Basic Authentication. I have entered the crudentials into the External Web service environment component and deployed the project. I receive the following error from the .invoke() method:
  request requires HTTP authentication: Unauthorized
  I have tried the same request through SoapUI using the same crudentials and get back the response correctly. Has anyone tried invoking an external web service with basic authentication through a jcd in 5.1.2 before?
  One other item of note. I have another jcd calling a different external web service deployed on the same domain. I hope that this isn't interfering with the execution of this service as it doesn't require any crudentials to execute.

  Hey Chris.
  I am just starting to write a jcd that calls an external web service but cannot find any sample code nor instructions on how to do it in the supplied documentation. Could you send me a code sample from your one?
  Cheers
  Matt

• Getting SPWeb.CurrentUser as null with Windows Authentication (AD), when configured for Claims Authentication

  Hi All,
  We recently migrated to SP 2013 from SP 2010. We are using most of the OOB features, with a few custom code. We have implemented a custom ASP.NET Membership Provider that authenticates against a web service. This was working fine on SP 2010.
  The entire code base was migrated to SP 2013 (with .net fw 4.5, etc) and any issues Compile / Runtime were fixed. However, we are stuck at one bug, which seems to be occuring only while trying to login with Windows Authentication. When a user tries to login
  with Forms Authentication, the error is never noticed.
  Scenrio: Login as Windows Authentiction.
  Result: The user is signed into the system and is authenticated against the AD. For random page loads - it throws access denied (even though he is a site collection admin). While attaching a debugger, we found that, at times the SPWeb.CurrentUser is null (weird).
  At the same time, the HttpContext.Current.Request.IsAuthenticated returns true. Which means the User is Authenticated, but not available in the SPWeb.CurrentUser object. 
  Attached are couple of ULS Logs that we found. The line which says IsAuthenticated=True, UserIdentityName=, ClaimsCount=0 is a little disturbing. Can you please let me know what is happening here? I am not able to access the root site (http://win2012d2:1234/)
  however, i am able to access (http://win2012d2:1234/SitePages/Home.aspx) just fine, without any issues.
  Please note, this error is only when the user is logged into sharepoint as a windows user. The forms user faces no such issues.
  ULS Logs:
  Name=Request (GET:http://win2012d2:1234/)
  Non-OAuth request. IsAuthenticated=True, UserIdentityName=, ClaimsCount=0
  Application error when access /, Error=Exception of type 'System.ArgumentException' was thrown.  Parameter name: encodedValue  
   at Microsoft.SharePoint.Administration.Claims.SPClaimEncodingManager.DecodeClaimFromFormsSuffix(String encodedValue)    
   at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKey(IClaimsIdentity claimsIdentity, String encodedIdentityClaimSuffix)    
   at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKey(String encodedIdentityClaimSuffix)    
   at Microsoft.SharePoint.Utilities.SPUtility.GetFullUserKeyFromLoginName(String loginName)    
   at Microsoft.SharePoint.ApplicationRuntime.SPHeaderManager.AddIsapiHeaders(HttpContext context, String encodedUrl, NameValueCollection headers)    
   at Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.PreRequestExecuteAppHandler(Object oSender, EventArgs ea)    
   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()    
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
  Getting Error Message for Exception System.ArgumentException: Exception of type 'System.ArgumentException' was thrown.  Parameter name: encodedValue    
   at Microsoft.SharePoint.Administration.Claims.SPClaimEncodingManager.DecodeClaimFromFormsSuffix(String encodedValue)    
   at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKey(IClaimsIdentity claimsIdentity, String encodedIdentityClaimSuffix)    
   at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKey(String encodedIdentityClaimSuffix)    
   at Microsoft.SharePoint.Utilities.SPUtility.GetFullUserKeyFromLoginName(String loginName)    
   at Microsoft.SharePoint.ApplicationRuntime.SPHeaderManager.AddIsapiHeaders(HttpContext context, String encodedUrl, NameValueCollection headers)    
   at Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.PreRequestExecuteAppHandler(Object oSender, EventArgs ea)    
   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()    
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
  [Forced due to logging gap, Original Level: Verbose] Looking up {0} site {1} in the farm {2} 
  Unknown SPRequest error occurred. More information: 0x80070005
  SPRequest.GetPageListId: UserPrincipalName=, AppPrincipalName= ,bstrUrl=http://win2012d2:1234/
  System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)), StackTrace:   
   at Microsoft.SharePoint.SPContext.get_ListId()    
   at Microsoft.SharePoint.SPContext.get_List()    
   at Microsoft.SharePoint.WebControls.ScriptLink.InitJs_Register(Page page)    
   at Microsoft.SharePoint.WebControls.ScriptLink.RegisterForControl(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, Boolean injectNoDefer, Boolean controlRegistration, Boolean loadInlineLast,
  Boolean ignoreFileNotFound)    
   at Microsoft.SharePoint.WebControls.ScriptLink.Register(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, String uiVersion, String ctag)    
   at Microsoft.SharePoint.WebControls.ScriptLink.Register(String uiVersion, Control ctrl, Page page, String name, Boolean localizable, Boolean defer)    
   at Microsoft.SharePoint.WebControls.ScriptLink.Register(Control ctrl, Page page, String name, Boolean localizable, Boolean defer)    
   at Microsoft.SharePoint.WebControls.ScriptLink.GetOnDemandScriptKey(String strKey, String strFile, Boolean registerDependencies, Control ctrl, Page page)    
   at Microsoft.SharePoint.WebControls.ScriptLink.RegisterOnDemand(Control ctrl, Page page, String strKey, String strFile, Boolean localizable)    
   at Microsoft.SharePoint.WebControls.ScriptLink.RegisterOnDemand(Page page, String strFile, Boolean localizable)    
   at Microsoft.SharePoint.WebControls.ScriptLink.RegisterForControl(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, Boolean injectNoDefer, Boolean controlRegistration, Boolean loadInlineLast,
  Boolean ignoreFileNotFound)    
   at Microsoft.SharePoint.WebControls.ScriptLink.Register(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, String uiVersion, String ctag)    
   at Microsoft.SharePoint.WebControls.ScriptLink.RegisterOnDemand(Control ctrl, Page page, String strKey, String strFile, Boolean localizable)    
   at Microsoft.SharePoint.WebControls.ScriptLink.OnLoad(EventArgs e)    
   at System.Web.UI.Control.LoadRecursive()    
   at System.Web.UI.Control.LoadRecursive()    
   at System.Web.UI.Control.LoadRecursive()    
   at System.Web.UI.Control.LoadRecursive()    
   at System.Web.UI.Control.LoadRecursive()    
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)    
   at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)    
   at System.Web.UI.Page.ProcessRequest()    
   at System.Web.UI.Page.ProcessRequest(HttpContext context)    
   at System.Web.HttpServerUtility.ExecuteInternal(IHttpHandler handler, TextWriter writer, Boolean preserveForm, Boolean setPreviousPage, VirtualPath path, VirtualPath filePath, String physPath, Exception error, String queryStringOverride)    
   at System.Web.HttpServerUtility.Execute(String path, TextWriter writer, Boolean preserveForm)    
   at System.Web.HttpServerUtility.Transfer(String path)    
   at Microsoft.SharePoint.Utilities.SPUtility.TransferToErrorPage(String message, String linkText, String linkUrl)    
   at Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.ErrorHandler(HttpApplication app, Boolean errorIsOnErrorPage)    
   at Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.ErrorAppHandler(Object oSender, EventArgs ea)    
   at System.EventHandler.Invoke(Object sender, EventArgs e)    
   at System.Web.HttpApplication.RaiseOnError()    
   at System.Web.HttpApplication.PipelineStepManager.ResumeSteps(Exception error)    
   at System.Web.HttpApplication.BeginProcessRequestNotification(HttpContext context, AsyncCallback cb)    
   at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context)    
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)    
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)    
   at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus)    
   at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus)    
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)    
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
  SPRequest.OpenWeb: UserPrincipalName=, AppPrincipalName= ,bstrUrl=http://win2012d2:1234/
  System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)), StackTrace:   
   at Microsoft.SharePoint.SPWeb.InitWeb()    
   at Microsoft.SharePoint.SPWeb.get_WebTemplateConfiguration()    
   at Microsoft.SharePoint.WebControls.ScriptLink.InitJs_Register(Page page)    
   at Microsoft.SharePoint.WebControls.ScriptLink.RegisterForControl(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, Boolean injectNoDefer, Boolean controlRegistration, Boolean loadInlineLast,
  Boolean ignoreFileNotFound)    
   at Microsoft.SharePoint.WebControls.ScriptLink.Register(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, String uiVersion, String ctag)    
   at Microsoft.SharePoint.WebControls.ScriptLink.Register(String uiVersion, Control ctrl, Page page, String name, Boolean localizable, Boolean defer)    
   at Microsoft.SharePoint.WebControls.ScriptLink.Register(Control ctrl, Page page, String name, Boolean localizable, Boolean defer)    
   at Microsoft.SharePoint.WebControls.ScriptLink.GetOnDemandScriptKey(String strKey, String strFile, Boolean registerDependencies, Control ctrl, Page page)    
   at Microsoft.SharePoint.WebControls.ScriptLink.RegisterOnDemand(Control ctrl, Page page, String strKey, String strFile, Boolean localizable)    
   at Microsoft.SharePoint.WebControls.ScriptLink.RegisterOnDemand(Page page, String strFile, Boolean localizable)    
   at Microsoft.SharePoint.WebControls.ScriptLink.RegisterForControl(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, Boolean injectNoDefer, Boolean controlRegistration, Boolean loadInlineLast,
  Boolean ignoreFileNotFound)    
   at Microsoft.SharePoint.WebControls.ScriptLink.Register(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, String uiVersion, String ctag)    
   at Microsoft.SharePoint.WebControls.ScriptLink.RegisterOnDemand(Control ctrl, Page page, String strKey, String strFile, Boolean localizable)    
   at Microsoft.SharePoint.WebControls.ScriptLink.OnLoad(EventArgs e)    
   at System.Web.UI.Control.LoadRecursive()    
   at System.Web.UI.Control.LoadRecursive()    
   at System.Web.UI.Control.LoadRecursive()    
   at System.Web.UI.Control.LoadRecursive()    
   at System.Web.UI.Control.LoadRecursive()    
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)    
   at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)    
   at System.Web.UI.Page.ProcessRequest()    
   at System.Web.UI.Page.ProcessRequest(HttpContext context)    
   at System.Web.HttpServerUtility.ExecuteInternal(IHttpHandler handler, TextWriter writer, Boolean preserveForm, Boolean setPreviousPage, VirtualPath path, VirtualPath filePath, String physPath, Exception error, String queryStringOverride)    
   at System.Web.HttpServerUtility.Execute(String path, TextWriter writer, Boolean preserveForm)    
   at System.Web.HttpServerUtility.Transfer(String path)    
   at Microsoft.SharePoint.Utilities.SPUtility.TransferToErrorPage(String message, String linkText, String linkUrl)    
   at Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.ErrorHandler(HttpApplication app, Boolean errorIsOnErrorPage)    
   at Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.ErrorAppHandler(Object oSender, EventArgs ea)    
   at System.EventHandler.Invoke(Object sender, EventArgs e)    
   at System.Web.HttpApplication.RaiseOnError()    
   at System.Web.HttpApplication.PipelineStepManager.ResumeSteps(Exception error)    
   at System.Web.HttpApplication.BeginProcessRequestNotification(HttpContext context, AsyncCallback cb)    
   at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context)    
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)    
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)    
   at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus)    
   at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus)    
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)    
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)

  Hi Mohamed,
  According to your description, my understanding is that the error occurred when users login with Windows Authentication.
  From the error message, I recommend to check if the anonymous access is enabled for the web application.
  And please also make sure that the users all are available and have permission to access the site.
  Here is a similar thread for you to take a look:
  http://social.technet.microsoft.com/Forums/en-US/28623bdc-a2f0-4876-9be4-9a764f106366/getting-spwebcurrentuser-as-null-with-windows-authentication-ad-when-configured-for-claims?forum=sharepointdevelopment
  Best regards.
  Thanks
  Victoria Xia
  TechNet Community Support

• Windows 7 Home Premium with 802.1x problems with the Authentication

  We have problems with  OS Windows 7 Home Premium 802.1x, the message in ACS:
  EAP-TLS or PEAP authentication failed during SSL handshake
  ACS v4.1
  We have OS Windows 7 Professional and doesn´t have problems with the authentication.
  I hope that you can help me
  Regards

  We were investigated with specialist people of OS Windows and the conclusion was that the Home Premium Version has restrictions about authentication and domain (Active Directory). So we need change the version of OS (Proffessional for example).
  If you had another tip, please tell me and I try it for resolve this issue, if not we have to change the OS.
  Regards

• Error 18452 "Login failed. The login is from an untrusted domain and cannot be used with Windows authentication" on SQL Server 2008 R2 Enterprise Edition 64-bit SP2 clustered instance

  Hi there,
  I have a Windows 2008 R2 Enterprise x64 SP2 cluster which has 2 SQL Server 2008 R2 Enterprise Edition x64 SP2
  instances.
  A domain account "Domain\Login" is administrator on both physcial nodes and "sysadmin" on both SQL Server instances.
  Currently both instances are running on same node.
  While logging on to SQL Server instance 2 thru "Domain\Login" using "IP2,port2", I get error 18452 "Login failed. The login is from an untrusted domain and cannot be used with Windows authentication". This happened in the past
  as well but issue resolved post insatllation of SQL Server 2008R2 SP2. This has re-occurred now. But it connects using 'SQLVirtual2\Instance2' without issue.
  Same login with same rights is able to access Instance 1 on both 'SQLVirtual1\Instance1' and "IP1,port1" without any issue.
  Please help resolve the issue.
  Thanks,
  AY

  Hello,
  I Confirm that I encountred the same problem when the first domain controller was dow !!
  During a restarting of the first domain controller, i tried to failover my SQL Server instance to a second node, after that I will be able to authenticate SQL Server Login but Windows Login returns Error 18452 !
  When the firts DC restart finishied restarting every thing was Ok !
  The Question here : Why the cluster instance does'nt used the second DC ???
  Best Regards     
  J.K