Handling Case where Same username in Workgroup Mgr & Active Directory

Similar Messages

• Where do i find the Azure Active Directory tenant name?

  Where do i find the Azure AD tenant name? Pretty basic question I know, but everyone seems to assume that the answer to this question is in no need of explaining. I am guessing it is the same as the default domain name of the active directory (xxxx.onmicrosoft.com
  e.g.).
  The following explanation of an AD tenant I found on the internet really worries me. I have only the vaguest idea of what is being discussed.
  Tenants and Subscriptions
  AAD tenants are cloud-based directory service instances and are only indirectly related to Azure subscriptions through identities. That is identities can belong to an AAD tenant and identities can be co-administrator(s) of Azure subscription.
  There is no direct relationship between the Azure subscription and the AAD tenant except the fact that they might share user identities. An example of an AAD tenant may be
  contoso.onmicrosoft.com. An identity in this AAD tenant the same as a user’s
  OrgID.
  Azure subscriptions are different than AAD tenants. Azure subscriptions have co-administrator(s) whose permissions are not related to permissions in an AAD tenant. An Azure subscription can include a number of Azure services and
  are managed using the Azure Portal. An AAD tenant can be one of those services managed using the Azure Portal.

  Directory / Tenant equals the same thing in essence, when someone is asking you your Tenant Name or Directory Name they are probably asking for the *.onmicrosoft.com domain name. This can be found under the 'Domains' Tab. 
  The Company ID or GUID is referring to as the Object ID of the Tenant. You can see this exposed in different areas i.e. Application EndPoints etc. Generally speaking, If you use the name *.onmicrosoft.com you will get a long fine. If your developing applications
  then sometimes they would require the GUID in which case you will most likely be exposed the EndPoint URL an dthe GUID piece in the middle is the Tenant / Directory GUID. 
  James.

• EFS Encrypted Files over home workgroup network via WebDAV avoiding Active Directory fixing Access Denied errors

  This is for information to help others
  KEYWORDS:
    - Sharing EFS encrypted files over a personal lan wlan wifi ap network
    - Access denied on create new file / new fold on encrypted EFS network file share remote mapped folder
    - transfer encryption keys / certificates
    - set trusted delegation for user + computer for EFS encrypted files via
  Kerberos
    - Windows Active Directory vs network file share
    - Setting up WinDAV server on Windows 7 Pro / Ultimate
  It has been a long painful road to discover this information.
  I hope sharing it helps you.
  Using EFS on Windows 7 pro / ultimate is easy and works great. See
  here and
  here
  So too is opening + editing encrypted files over a peer-to-peer Windows 7 network.
  HOWEVER, creating a new file / new folder over a peer-to-peer Windows 7 network
  won't work (unless you follow below steps).
  Typically, it is only discovered as an issue when a home user wants to use synchronisation software between their home computers which happens to have a few folders encrypted using windows EFS. I had this issue trying to use GoodSync.
  Typically an "Access Denied" error messages is thrown when a \\clientpc tries to create new folder / new file in an encrypted folder on a remote file share \\fileserver.
  Why such a EFS drama when a network is involved?
  Assume a home peer-to-peer network with 2pc:  \\fileserver  and  \\clientpc
  When a \\clientpc tries to create a new file or new folder on a \\fileserver (remote computer) it fails. In a terribly simplified explanation it is because the process on \\fileserver that is answering the network requests is a process working for a user on
  another machine (\\clientpc) and that \\fileserver process doesn't have access to an encryption certificate (as it isn't a user). Active Directory gets around this by using kerberos so the process can impersonate a \\fileserver user and then use their certificate
  (on behalf of the clienpc's data request).
  This behaviour is confusing, as a \\clientpc can open or edit an existing efs encrypted file or folder, just can't create a new file or folder. The reason editing + opening an encrypted file over a network file share is possible is because the encrypted
  file / folder already has an encryption certificate, so it is clear which certificate is required to open/edit the file. Creating a new file/folder requires a certificate to be assigned and a process doesn't have a profile or certificates assigned.
  Solutions
  There are two main approaches to solve this:
       1) SOLVE by setting up an Active Directory (efs files accessed through file shares)
            EFS operations occur on the computer storing the files.
            EFS files are decrypted then transmitted in plaintext to the client's computer
            This makes use of kerberos to impersonate a local user (and use their certificate for encrypt + decrypt)
       2) SOLVE by setting up WebDAV (efs files accessed through web folders)
             EFS operations occur on the client's local computer
             EFS files remain encrypted during transmission to the client's local computer where it is decrypted
             This avoids active directory domains, roaming or remote user profiles and having to be trusted for delegation.
             BUT it is a pain to set up, and most online WebDAV server setup sources are not for home peer-to-peer networks or contain details on how to setup WebDAV for EFS file provision
           READ BELOW as this does
  Create new encrypted file / folder on a network file share - via Active Directory
  It is easily possible to sort this out on a domain based (corporate) active directory network. It is well documented. See
  here. However, the problem is on a normal Windows 7 install (ie home peer-to-peer) to set up the server as part of an active directory domain is complicated, it is time consuming it is bulky, adds burden to operation of \\fileserver computer
  and adds network complexity, and is generally a pain for a home user. Don't. Use a WebDAV.
  Although this info is NOT for setting up EFS on an active directory domain [server],
  for those interested here is the gist:
  Use the Active Directory Users and Computers snap-in to configure delegation options for both users and computers. To trust a computer for delegation, open the computer’s Properties sheet and select Trusted for delegation. To allow a user
  account to be delegated, open the user’s Properties sheet. On the Account tab, under Account Options, clear the The account is sensitive and cannot be delegated check box. Do not select The account is trusted for delegation. This property is not used with
  EFS.
  NB: decrypted data is transmitted over the network in plaintext so reduce risk by enabling IP Security to use Encapsulating Security Payload (ESP)—which will encrypt transmitted data,
  Create new encrypted file / folder on a network file share - via WebDAV
  For home users it is possible to make it all work.
  Even better, the functionality is built into windows (pro + ultimate) so you don't need any external software and it doesn't cost anything. However, there are a few hotfixes you have to apply to make it work (see below).
  Setting up a wifi AP (for those less technical):
     a) START ... CMD
     b) type (no quotes): "netsh  wlan set hostednetwork mode=allow ssid=MyPersonalWifi key=12345 keyUsage=persistent"
     c) type (no quotes): "netsh  wlan start hostednetwork"
  Set up a WebDAV server on Windows 7 Pro / Ultimate
  -----ON THE FILESERVER------
     1  click START and type "Turn Windows Features On or Off" and open the link
         a) scroll down to "Internet Information Services" and expand it.
         b) put a tick in: "Web Management Tools" \ "IIS Management Console"
         c) put a tick in: "World Wide Web Services" \ "Common HTTP Features" \ "WebDAV Publishing"
         d) put a tick in: "World Wide Web Services" \ "Security" \ "Basic Authentication"
         e) put a tick in: "World Wide Web Services" \ "Security" \ "Windows Authentication"
         f) click ok
         g) run HOTFIX - ONLY if NOT running Windows 7 / windows 8
  KB892211 here ONLY for XP + Server 2003 (made in 2005)
  KB907306 here ONLY for Vista, XP, Server 2008, Server 2003 (made in 2007)
    2 Click START and type "Internet Information Services (IIS) Manager"
    3 in IIS, on the left under "connections" click your computer, then click "WebDAV Authoring Rules", then click "Open Feature"
         a) on the right side, under Actions, click "Enable WebDAV"
    4 in IIS, on the left under "connections" click your computer, then click "Authentication", then click "Open Feature"
         a) on the "Anonymous Authentication" and click "Disable"
         b) on the "Windows Authentication" and click "Enable"
        NB: Some Win 7 will not connect to a webDAV user using Basic Authentication.
          It can be by changing registry key:
             [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WebClient\Parameters]
             BasicAuthLevel=2
         c) on the "Windows Authentication" click "Advanced Settings"
             set Extended Protection to "Required"
         NB: Extended protection enhances the windows authentication with 2 security mechanisms to reduce "man in the middle" attacks
    5 in IIS, on the left under "connections" click your computer, then click "Authorization Rules", then click "Open Feature"
         a) on the right side, under Actions, click "Add Allow Rule"
         b) set this to "all users". This will control who can view the "Default Site" through a web browser
         NB: It is possible to specify a group (eg Administrators is popular) or a user account. However, if not set to "all users" this will require the specified group/user account to be used for logged in with on the
  clientpc.
         NB: Any user account specified here has to exist on the server. It has a bug in that it usernames specified here are not validated on input.
    6 in IIS, on the left under "connections" click your computer, then click "Directory Browsing", then click "Open Feature"
         a) on the right side, under Actions, click "Enable"
  HOTFIX - double escaping
    7 in IIS, on the left under "connections" click your computer, then click "Request Filtering", then click "Open Feature"
         a) on the right side, under Actions, click "Edit Feature Settings"
         b) tick the box "Allow double escaping"
       *THIS IS VERY IMPORTANT* if your filenames or foldernames contain characters like "+" or "&"
       These folders will appears blank with no subdirectories, or these files will not be readable unless this is ticked
       This is safe btw. Unchecked (default) it filters out requests that might possibly be misinterpreted by buggy code (eg double decode or build url's via string-concat without proper encoding). But any bug would need to be in IIS basic
  file serving and this has been rigorously tested by microsoft, so very unlikely. Its safe to "Allow double escaping".
    8 in IIS, on the left under "connections" right click "Default Web Site", then click "Add Virtual Directory"
         a) set the Alias to something sensible eg "D_Drive", set the physical path
         b) it is essential you click "connect as" and set
  this to a local user (on fileserver),
         if left as "pass through authentication" a client won't be able to create a new file or folder in an encrypted efs folder (on fileserver)
               NB: the user account selected here must have the required EFS certificates installed.
                          See
  here and
  here
          NB: Sharing the root of a drive as an active directory (eg D:\ as "D_Drive") often can't be opened on clientpcs.
        This is due to windows setting all drive roots as hidden "administrative shares". Grrr.
         The work around is on the \\fileserver create an NTFS symbollic link
            e.g. to share the entire contents of "D:\",
                  on fileserver browse to site path (iis default this to c:\inetpub\wwwroot)
                  in cmd in this folder create an NTFS symbolic link to "D:\"
                  so in cmd type "cd c:\inetpub\wwwroot"
                  then in cmd type "mklink /D D_Drive D:\"
          NB: WebDAV will open this using a \\fileserver local user account, so double check local NTFS permissions for the local account (clients will login using)
           NB: If clientpc can see files but gets error on opening them, on clientpc click START, type "Manage Network Passwords", delete any "windows credentials" for the fileserver being used, restart
  clientpc
    9 in IIS, on the left under "connections" click on "WebDAV Authoring Rules", then click "Open Feature"
         a) click "Add authoring rules". Control access to this folder by selecting "all users" or "specified groups" or "specified users", then control whether they can read/write/source
         b) if some exist review existing allow or deny.
             Take care to not only review the "allow access to" settings
             but also review "permissions" (read/write/source)
         NB: this can be set here for all added virtual directories, or can be set under each virtual directory
    10 Open your firewall software and/or your router. Make an exception for port 80 and 443
         a) In Windows Firewall with Advanced Security click Inbound Rules, click New Rule
               choose Port, enter "80, 443" (no speech marks), follow through to completion. Repeat for outbound.
            NB: take care over your choice to untick "Public", this can cause issues if no gateway is specified on the network (ie computer-to-computer with no router). See "Other problems+fixes"
  below, specifically "Cant find server due to network location"
         b) Repeat firewall exceptions on each client computer you expect to access the webDAV web folders on
  HOTFIX - MAJOR ISSUE - fix KB959439
    11 To fully understand this read "WebDAV HOTFIX: RAW DATA TRANSFERS" below
        a) On Windows 7 you need only change one tiny registry value:
             - click START, type "regedit", open link
             -browse to [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MRxDAV\Parameters]
             -on the EDIT menu click NEW, then click DWORD Value
             -Type "DisableEFSOnWebDav" to name it (no speech marks)
             -on the EDIT menu, click MODIFY, type 1, then click OK 
             -You MUST now restart this computer for the registry change to take effect.
        b) On Windows Server 2008 / Vista / XP you'll FIRST need to
  download Windows6.0-KB959439 here. Then do the above step.
           NB microsoft will ask for your email. They don't care about licence key legality, it is more to keep you updated if they modify that hotfix
    12 To test on local machine (eg \\fileserver) and deliberately bypass the firewall.
          a) make sure WebClient Service is running
              (click START, type "services" and open, scroll down to WebClient and check its status)
          b) Open your internet software. Go to address "http://localhost:80" or "http://localhost:80"
              It should show the default "IIS7" image.
              If not, as firewall and port blocking are bypassed (using localhost) it must be a webDAV server setting. Check "Authorization Rules" are set to "Allow All Users"           
          c) for one of the "virtual directories" you added (8), add its "alias" onto "http://localhost/"
                  e.g. http://localhost/D_drive
              If nothing is listed, check "Directory Browsing" is enabled
    13 To test on local machine or a networked client and deliberately try and access through the firewall or port opening of your router.
          a) make sure WebClient Service is running
              (click START, type "services" and open, scroll down to WebClient and check its status)
          b) open your internet software. Go to address "http://<computer>:80" or "http://<computer>:80".
                eg if your server's computer name is "fileserver" go to "http://fileserver:80"
                It should show the default "IIS7" image. If not, check firewall and port blocking. 
                Any issue ie if (12) works but (13) doesn't,  will indicate a possible firewall issue or router port blocking issue.
         c) for one of the "virtual directories" you added (8), add its "alias" onto "http://<computername>:80/"
                 eg if alias is "C_driver" and your server's computer name is "fileserver" go to "http://fileserver:80/C_drive"
                 A directory listing of files should appear.
  --- ON EACH CLIENT ----
  HOTFIX - improve upload + download speeds
    14 Click START and type "Internet Options" and open the link
          a) click the "Connections" tab at the top
          b) click the "LAN Settings" button at the bottom right
          c) untick "Automatically detect settings"
  HOTFIX - remove 50mb file limit
    15 On Windows 7 you need only change one tiny registry value:
        a) click START, type "regedit", open link
        b) browse to [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WebClient\Parameters]
         c) click on "FileSizeLimitInBytes"
         d) on the EDIT menu, click MODIFY, type "ffffffff", then click OK (no quotes)
  HOTFIX - remove prompt for user+pass on opening an office or pdf document via WebDAV
   16 On each clientpc click START, type "Internet Options" and open it
           a) click on "Security" (top) and then "Custom level" (bottom)
           b) scroll right to the bottom and under "User Authentication" select "Automatic logon with current username and password"
           SUCH an easy fix. SUCH an annoying problem on a clientpc
     NB: this is only an issue if the file is opened through windows explorer. If opened through the "open" dialogue of the software itself, it doesn't happen. This is as a WebDAV mapped drive is consdered a "web folder" by windows
  explorer.
  TEST SETUP
    17 On the client use the normal "map network drive"
              e.g. server= "http://fileserver:80/C_drive", tick reconnect at logon
              e.g. CMD: net use * "http://fileserver:80/C_drive"
           If it doens't work check "WebDAV Authoring Rules" and check NTFS permissions for these folders. Check that on the filserver the elected impersonation user that the client is logging in with (clientpc
  "manage network passwords") has NTFS permissions.
    18 Test that EFS is now working over the network
         a) On a clientpc, map network drive to http://fileserver/
         b) navigate to a folder you know on the \\flieserver is encrypted with EFS
         c) create a new folder, create a new file.
             IF it throws an error, check carefully you mapped to the WebDAV and not file share
                i.e. mapped to "http://fileserver" not "\\fileserver"
             Check that on clientpc the required efs certificate is installed. Then check carefully on clientpc what user account you specified during the map drive process. Then check on the \\fileserver this
  account exists and has the required EFS certificate installed for use. If necessary, on clientpc click START, type "Manage Network Passwords" and delete the windows credentials currently in the vault.
         d) on clientpc (through a webDAV mapped folder) open an encrypted file, edit it, save it, close it. On the \\fileserver now check that file is readable and not gobble-de-goup
         e) on clientpc copy an encrypted efs file into a folder (a webDAV mapped folder) you know is not encrypted on \\fileserver. Now check on the \\fileserver computer that the file is readable and not gobble-de-goup (ie the
  clientpc decrypted it then copied it).
          If this fails, it is likely one in IIS setting on fileserver one of the shared virtual directories is set to: "pass through authentication" when it should be set to "connect as"
          If this is not readable check step (11) and that you restarted the \\fileserver computer.
    19 Test that clients don't get the VERY annoying prompt when opening an Office or PDF doc
        a) on clientpc in windows explorer browse to a mapped folder you know is encrypted and open an office file and then PDF.
              If a prompt for user+pass then check hotfix (16)
    20 Consider setting up a recycling bin for this mapped drive, so files are sent to recycling bin not permanently deleted
        a) see the last comment at the very bottom of
  this page: 
  Points to consider:
     - NB: WebDAV runs on \\fileserver under a local user account, so double check local NTFS permissions for that local account and adjust file permissions accordingly. If the local account doesn't have permission, the webDAV / web folder share won't
  either.
    - CONSIDER: IP Security (IPSec) or Secure Sockets Layer (SSL) to protect files during transport.
  MORE INFO: HOTFIX: RAW DATA TRANSFERS
  More info on step (11) above.
  Because files remain encrypted during the file transfer and are decrypted by EFS locally, both uploads to and downloads from Web folders are raw data transfers. This is an advantage as if data is intercepted it is useless. This is a massive disadvantage as
  it can cause unexpected results. IT MUST BE FIXED or you could be in deep deep water!
  Consider using \\clientpc to access a webfolder on \\fileserver and copying an encrypted EFS file (over the network) to a web folder on \\fileserver that is not encrypted.
  Doing this locally would automatically decrypt the file first then copy the decrypted file to the non-encrypted folder.
  Doing this over the network to a web folder will copy the raw data, ie skip the decryption stage and result in the encrypted EFS file being raw copied to the non-encrypted folder. When viewed locally this file will not be recognised as encrypted (no encryption
  file flag, not green in windows explorer) but it will be un-readable as its contents are still encrypted. It is now not possible to locally read this file. It can only be viewed on the \\clientpc
  There is a fix:
        It is implimented above, see (11) above
        Microsoft's support page on this is excellent and short. Read "problem description" of "this microsoft webpage"
  Other problems + fixes
    PROBLEM: Can't find server due to network location.
       This one took me a long time to track down to "network location".
       Win 7 uses network locations "Home" / "Work" / "Public".
       If no gateway is specified in the IP address, the network is set to '"unidentified" and so receives "Public" settings.
       This is a disaster for remote file share access as typically "network discovery" and "file sharing" are disabled under "Public"
       FIX = either set IP address manually and specify a gateway
       FIX = or  force "unidentified" network locations to assume "home" or "work" settings -
  read here or
  here
       FIX = or  change the "Public" "advanced network settings" to turn on "network discovery" and "file sharing" and "Password Protected Sharing". This is safe as it will require a windows
  login to gain file access.
    PROBLEM: Deleting files on network drive permanently deletes them, there is no recycling bin
         By changing the location of "My Contacts" or similar to the root directory of your mapped drive, it will be added to recycling bin locations
        Read
  here (i've posted a batch script to automatically make the required reg files)
  I really hope this helps people. I hope the keywords + long title give it the best chance of being picked up in web searches.

  What probably happens is that processes are using those mounts. And that those processes are not killed before the mounts are unmounted. Is there anything that uses those mounts?

• Windows 2012 R2 Active Directory Domain Services and Remote Desktop services Role on the same server.

  Findings: 
  Currently, Windows 2012 R2   AD DS role and RDS With Broker services can only seem to coexist properly in a new domain not an existing domain. Any attempt to add to an existing domain causes internal database user access denied issues and any attempt to
  adjust rights and circumvent is dubious at best.
  The escalation technician said it best. Out of 50 clients that want to do this, they end up not being able to help 5 right off the bat for whatever reason. As for the other 40 they might be able to help by running reports, adjusting rights and trying to add
  the roles until it works.  This can end up being a 20 day process. Basically they are playing whack-a-mole with user rights and permissions until something sticks.
  We tried creating an OU where any other domain policies would not be inherited to see if that was the issue, a fresh install with different sequence of adding the Roles, no effect.
  Given the errors I witnessed when running procmon and then trying to add the roles, the NT System and the Windows Internal database user had access denied issues on 100+ registry keys when trying to add the roles. After that the system is not behaving normally.
  The errors displayed almost mirror the errors that would occur on Windows 2012 when those two roles would be added which of course is officially NOT supported on that system.
  This blog needs serious revision:
  http://blogs.msdn.com/b/rds/archive/2013/07/09/what-s-new-in-remote-desktop-services-for-windows-server-2012-r2.aspx
  This is the excerpt from that blog: Single server RDS deployment including Active Directory. We now support running our RD Connection Broker role service on the same physical instance as an Active Directory Domain Controller.  In addition, we published
  guidelines for how RD Session Host could be used without the RD Connection Broker.
  Microsoft Support was curteous and helpful and they were the ones who advised cutting our losses, which mirrored my hunch after seeing what was transpiring in the system.  They refunded my money for the support call. 
  For me, it was an opportunity to find out if there was any way to configure Windows 2012 R2 in the Same manner that it was setup as Windows 2008 R2 and lay that to rest. The coexistence is poorly implemented. It is as if there was a reaction from all the deprecation
  of bread and butter features such as shadowing in TS and the coexistence of AD DS and RDS to where those features were re-added haphazardly. (I have no complaints on shadowing on Windows 2012 R2 it works, just do not like having to go to server manager to
  use it).
  I opted for virtualizing the Domain controller to eliminate the incompatibility issues and that is what I will be doing from now on. I found free solutions for backing up and reporting for virtual machines as well as the suggested procedures for configruing
  a Domain controller as a virtual machine on a Hyper-V environment and I will be sticking to those. Thus far the setup has been operational.
  I am not allergic to virtualization, but for really small setups it adds additional time and considerations but if that is how it has to be done, so be it. Windows 2008 R2 days are numbered and since we can usually squeeze 5-7 years on quality server equipment,
  buying a Windows 2008 R2 setup now is a borderline disservice in my opinion.
  Hopefully someone finds this useful and saves some time.

  Hi,
  Thank you for posting in Windows Server Forum.
  Do you need any other assistance?
  Based on your description, you are describing your story of successfully implementing RDS server with AD role and more regarding all RDS related scenario. For shadowing feature, you can use with command also. Below is the syntax to shadow a session.
  mstsc /v:<ServerName> /shadow:<SessionID>
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  TechNet Community Support

• Item wise Invoice cancellation in case of same IR document

  MM Guru’s,
  I have an issue for one of my PO, when I look at Purchase order in PO history tab page by selecting chronolg.order and observed that initially GR was posted for qty – 1 (as same as PO qty&price) with price - 11.941.000 and material document created successfully.
  Later IR was posted by user for amount - 11.491.000 and IR document created - successfully.
  Based on my analysis I understand that the IR posted by user amount - 11.491.000 has been entered wrongly while posting invoice hence there is a difference of amount which I can able to view in PO history tab page.
  Since the PO has two line items and for item 2 IR is posted by user correctly only for item 1 user posted with wrong amount.
  When I cancel the invoice document in MR8M both the items in IR are getting canceled.
  My requirement is I need to cancel IR item wise.
  Please let me know is there any transaction I can able to cancel the IR item wise.
  I look forward to your valuable input.
  Regards,
  Kumar.S

  Jurgen,
  We have a separate accounts team specifically for posting invoices.
  In this case IR has been posted by user manually in T code MIRO.
  We have also case where IR posted via Workflow/EDI/Batchjob..
  Yes as u said rightly it was a typo while entering invoice.
  I have given the same solution but wanted to know if we have item wise IR cancellation in standard SAP.
  Regards,
  Kumar .S

• Multiple LDAPS with same username!

  Hi,
  we have a case where we need to connect to multiple LDAP servers and configure SPNego for Kerberos authentication of portal. we have a problem in case of user names. some user names are same in both LDAPs. LDAPs are portal are positioned as (Landscape convension)
  LDAP1: xxxx.yyyy
  LDAP2: ssss.yyyy
  Portal  : pppp.gggg.yyyy
  where as gggg.yyyy is a trusted domain for both xxxx.yyyy and ssss.yyyy.
  we have login problem in same user case. (same user exist in xxxx.yyyy and ssss.yyyy). I haven't gone into details yet like logs and all troubleshooting stuff. Before doing all this just want to know your views whether I can do this or not. If I can achieve any suggentions how to proceed further?
  Regards
  Ravindra

  Hi,
  Kerberose (Spnego) is possible with multiple ADS data sources. Check SAP Note 1007227 and the below link.
  http://help.sap.com/saphelp_nw70/helpdata/en/45/40a320773a7527e10000000a114a6b/content.htm
  Regards
  Deb

• I purchased OS X Lion on my laptop and if I use the same username on my desktop it should just download not make me pay again, yet it is still saying "BUY APP" not "INSTALL." What do I do?

  I purchased OS X Lion on my laptop and if I use the same username on my desktop it should just download not make me pay again, yet it is still saying "BUY APP" not "INSTALL." What do I do?

  Hi...
  How to re download apps from the Mac App Store:
  Open the App Store. From the menu bar click Store > Sign In
  Click Purchases from the top of the App Store window.
  Select which apps you want to re download. Then right or control click where you see Installed  then click Install.
  Make sure and use the same Apple ID used for the original purchase.
  Mac App Store: Backing up your app purchases

• Hi all, Please suggest a case where there is a requirement for new SOAP sender adapter module. I wanted to develop a module but in my current project i am unable to find any such requirement.

  Hi all, Please suggest a case where there is a requirement for new SOAP sender adapter module. I wanted to develop a module but in my current project i am unable to find any such requirement. So please give me inputs for the same..
  Thank you,
  Vinay Kumar A

  You can try converting a synchrnous soap call to asynchronous using a custom module
  Here your module will send a response back to the sender system and make an asynchronous call forward

• Workaround to adding two e-mail alias accounts with same username.

  I have two e-mail addresses (aliases) (for example [email protected] and [email protected]) running under one (same) username "jimmy" and the same password on the same mail server (basically one e-mail account with two e-mail address aliases). I wanted to have both added to my iPad running iOS 5. I added the first without a problem, but when I tried to add the second one, the iPad complained that an account with the username "jimmy" already exists and gave me a prompt window with two options, "Cancel" and "Edit". Cancel was supposed to cancel the whole e-mail account creating procedure and take me back to Settings/Mail, and "Edit" was supposed to take me back to editing this e-mail account so I could change it (select another username). It turned out that both "Cancel" and "Edit" threw me out of the editing procedure and put me back into Settings/Mail. Seems like a bug.
  I managed to use a workaround to add my second e-mail address account (alias) to the iPad 2 with the same account username. I started creating the second account and filled in all the information but I intentionally mystyped the username as "jimmo". Now when I tapped "Done" the iPad wanted to verify the account (as normal) but soon warned me that either the username or password were incorrect and that the account may not work correctly, but it did allow me to add it.  I then went in and edited this second account and changed it's incoming mail server username to "jimmy".
  Now I have both e-mail addresses (aliases) using one account correctly set-up. Just thought I'd write this in case anyone would encounter the same problem/bug.

  EDIT: When using Mail application to check e-mails I am getting sporadic "Cannot Get Mail: The user name or password for "<name_of_account> is incorrect." The password is correct and it works when I retry. If I disable one of the accounts in the Settings/Mail (set to Inactive) then the other one (using the same password on the same server) works without hiccups. They definitely have to work on this bug and fix it.

• Transferring from Tiger to Leopard across 2 macs: need same username?

  Hi, I just got a new (well second hand) Macbook running Leopard to replace my iBook G4 running Tiger.
  The Macbook's main admin account is named, simply enough, "Admin" (short username and home directory 'admin' lowercase).
  The iBook's main admin account is my first name.
  Now, I read up on how to transfer files, and I decided I'm not going to use Migration Assistant, but transfer all data I need manually.
  I have a wireless network and now it's being shared between the ibook and macbook. I already copied some files that way and it's easy and fast enough for me to do it like that, rather than through firewire or ethernet.
  Also, I mainly need to transfer actual documents, and music, and movies, etc. - I don't mind creating new preferences and settings for applications on Leopard as I start using the macbook (also seen as they're running on different systems!), so I don't need to copy everything in the Library. I read that I can still manually transfer entire folders of application support data, like ical, addressbook, etc. Email is all on gmail so no problem there either.
  But am I missing something? anything in the /Documents, /Music, or /Application Support folders that may create problems if transferred across two accounts with different names, and not just two different systems?
  What about permissions? once I copy stuff to a new account, will that account fully 'own' the data that's copied?
  In short - should I change the 'Admin' username on the macbook with leopard to match the old 'firstname' account on the ibook with tiger?
  In that case, how should I do that - better to create a new admin account on the leopard macbook, or just change the name of the current one (I see it's possible on leopard now from System Prefs)?
  One last thing - the macbook was reformatted completely just days before being sold to me, so right now I don't feel the need to erase the disk again and start from scratch. I don't know which erase option was used, but all the applications run fine and there's only basic preferences and no data in the home folders, so I can start using it straight away.
  Is another complete reformatting still advised, so that I can set my own options? (like, I don't know, zero out all data the max amount of times?)
  Cos if it's better to do that, then I wouldn't mind doing it now before I transfer all the files. (I have external HD for backup, so I could still do it later, but it'd be more of a pain).
  I apologise if this seems like an obvious or redundant question, but I really am not sure what to do -- also because previously, whenever I upgraded from one mac to the other, I always used the same username, but the two macs were always running the same system, so I simply transfered the whole home folder from one machine to the other, something I guess I should NOT do now as it's different systems and different machines (PPC vs. Intel).
  Many thanks in advance for any suggestions!

  pepita,
  I had no problems migrating an entire HOME folder from a PPC Mac to my Intel one(s). YMMV. What you want to avoid are any plugins, etc., that might contain PPC code. Since these tend not to be stored in one's HOME folder, you should be OK.
  Even if you migrate folders piece-meal, it is far better to maintain the same short name. For this purpose, it would probably be best to simply create the account, making it an admin account, then delete the old one. One thing you want to be certain to do is get rid of any account with a name that may conflict with "system" accounts. In your case, this means that account with a name of "admin." That's a big no-no. Another one to avoid is "guest," especially in Leopard (which already has a working guest account that can be turned off and on).
  Some applications maintain links to libraries based on their full path, which would include a user's short name. This is the main reason for keeping the same short name. If files/folders are copied from somewhere to a new account (while logged into that new account), ownership will automatically be correct.
  Scott

• Ip pools behavior, simultaneously login same username

  I notice that, the ip-pool system does not function properly when a username is used twice @ the same moment. the 2nd user gets the same ip address assigned & i see a : nas port re-used: message in the log. ACS 3.0 windows.
  Can i get this to work ? how ? upgrade necessary ?

  Sorry, my apologies, I thought this change would be automatic but then wondered how on earth ACS would figure out different session if they have the same port number.
  Researched the bug a bit more and what they did in 3.2 was add another option under each NAS. Go under the Netowrk Config section and click on the specific NAS, scroll down and you'll see a checkbox for "Replace RADIUS Port info with Username from this AAA Client". Check this, and ACS will then use the username rather than the port info for this NAS to define different sessions.
  Having said that though, I don't think this is going to work for you because this relies on different usernames being used, which in your case it isn't. The bug seems to have been created (and fixed) for NAS's that don't include a NAS port in their requests at all, and so ACS can now use the username as the definer for each session. The caveat to this bug though is that usernames have to be unique, if the same user logs in they'll get assigned the same IP address out of the pool.
  The crux of all this is that if you're using the same username on the same NAS, and that NAS is using the same port number, how is ACS supposed to know this is for different sessions?

• Any reliable cases where larger block sizes are useful?

  So I did some googling around to read up on 16kb or larger blocksizes. I found a series of articles by Jonathan Lewis and Richard Foote (plus other DBAs whose posts I trust ) debunking the usage of larger blocksize. I have not been able to find a single article, blog post, forum post, with a legitimate case where a larger block size actually improves performance. Its hard to google this stuff because the good stuff is buried beneath all the trash.
  So have any of the Oak Table people and other guys who write articles where they do quality testing find cases where larger block sizes are useful?
  I don't have a specific need. I'm just curious. Every time I  look this up I get buried in generic copy and paste blog posts that copy the docs, the generic test cases that were debunked, by the guys above, and other junk. So its hard to look for this.

  Guess2 wrote:
  So I did some googling around to read up on 16kb or larger blocksizes. I found a series of articles by Jonathan Lewis and Richard Foote (plus other DBAs whose posts I trust ) debunking the usage of larger blocksize. I have not been able to find a single article, blog post, forum post, with a legitimate case where a larger block size actually improves performance. Its hard to google this stuff because the good stuff is buried beneath all the trash.
  So have any of the Oak Table people and other guys who write articles where they do quality testing find cases where larger block sizes are useful?
  Lurking in the various things I've written about block sizes there are a couple of comments about using different block sizes (occasionally) for LOBs - though this might be bigger or smaller depending on the sizes of the actual LOBs and the usage pattern: it also means you automatically separate the LOB cache from the main cache, which can be very helpful.
  I've also suggested that for IOTs (index organized tables) where the index entries can be fairly large and you don't want to create an overflow segment you may get some benefit if the larger block size typically allows all rows for a give (partial) key value to reside in just one or two blocks.  The same argument can apply, though with slightly less strength for "fat" indexes (i.e. ones you've added columns to in order to avoid visiting the table for very impoartant time-critical queries).  The drawback in these two cases is that you're second-guessing, and to an extent choking, the LRU algorithms, and you may find that the gain on the specific indexes is obliterated by the loss on the rest of the caching activity.
  Regards
  Jonathan Lewis

• I have a iphone 5 and I can login with my apple id to purchase music. However, when I try to login into icloud using the very same username and password that I use in the apple store it does not work to enter icloud, so what what gives???

  I have a iphone 5 and I can login with my apple id to purchase music. However, when I try to login into icloud using the very same username and password that I use in the apple store it does not work to enter icloud, so what what gives???

  I could do that, however when I select the icloud button (or whatever the heck it is) I am asked to enter the apple id and password. So if you are suppose to create another one for icloud you'd think it would give you the option at this point which would be logical.

• I have 3 different accounts and passwords for Apple. 1 for iTunes, 1 for iCloud, and 1 for my iCloud email. It is annoying to remember these 3 different usernames and passwords. Can I make all 3 accounts the same username and password?

  I would like to use my iCloud email address as the username.
  Is this possible?

  No.  Apple will not merge Apple IDs, and you can't use the same username and password for multiple IDs.

• My mobile me expired and I want to use the same username for icloud. How?

  My mobile me expired and I want to use the same username for icloud. How?
  When I registered for me.com, they kept saying the my username is already taken which is true since I registered for [email protected] previously and the subscription has expired.
  How can I get apple to delete my mobile me account completely?

  http://howto.cnet.com/8301-11310_39-20119371-285/how-to-transfer-your-mobileme-a ccount-to-icloud/
  and
  http://www.apple.com/mobileme/transition.html
  should assist you in questions