How to configure container trust relationships?

Similar Messages

• How to set up trust relationship between oc4j an tomcat

  Howdy
  According to the EJB 2.0 spec., section 19.8.1.1, second paragraph: "EJB containers are required to provide deployers or administrators with the tools to configure trust relationships with intermediate web or EJB containers."
  What tools/methods are available for OC4J?
  To give my question some context:
  I'm trying to set up things so that I have Tomcat (4.1.x) as a servlet container and OC4J (9.0.3) as an EJB container. I wan't Tomcat to authenticate users (using it's JDNI (LDAP) realm, and then have it forward a javax.security.Principal representing the user, when invoking EJB's on OC4J from servlets. One task in that is to make the OC4J instance trust the Tomcat instance, so that OC4J accepts a principal sent from Tomcat as already authenticated.
  I've been unable to find any docs on this subject.
  Any help appreciated.
  best regards Christian Surlykke

  Christian -- Setting up the trust relationship is described in interoperability section of the OC4J v903 Services Guide. I would probably start there.
  Thanks -- Jeff

• How to verify that trust relationship has been set up successfully at client machine ?

  Hello,
  There is trust set up with domain group.Would you please let me know how can I verify that trust relationship has been set up correctly in such a way that i can see the users of trusted group on client machine ?
  Any idea?
  Note :I do not have access on Domain Controller.
  Thanks and Regards,
  Dipti
  Dipti Chhatrapati

  Hi
  As far as I know, trust certificates that have been exchanged between the SharePoint farm and external systems should be visible by going to  the Central Admin->Security->Manage Trusts page.
  Kind Regards
  Bjoern
  http://www.sharepointviking.com
  Twitter: Follow @bjoern_rapp

• NW RFC SDK: Non-SAP to ABAP with username (trust relationship)

  Hello,
  I have a quite challenging non-SAP-to-ABAP RFC scenario with a trust relationship.
  Hereu2019s the scenario:
  An Oracle database server acts as an RFC client and calls RFC function modules in an ABAP server. (I assume the Oracle programmers are going to use NW RFC SDK 7.1 or JCo 3.0 on the Oracle server and call that from their PL/SQL based database application.)
  The challenge is that I donu2019t want to use a single u201Ctechnical useru201D on the ABAP side because that would mean that all the users on the Oracle side would be mapped to one single ABAP user. Also, I donu2019t want to have to store individual ABAP passwords on the Oracle side.
  Instead, I want the ABAP server to trust the RFC client the same way it might
  a) trust a NetWeaver AS Java server after installing the Java serveru2019s certificate in transaction STRUSTSSO2 or
  b) the way it might trust another ABAP server after configuring a trust relationship (transaction SMT1?)
  The ABAP server should accept incoming RFC connections from the Oracle RFC client with just the user name and no password given and run the resulting processes in the ABAP system under the user id given in the RFC call.
  I imagine the ideal solution somehow along the following lines (simplified scenario for a PC-based prototype):
  - I download run a program that creates a certificate file (public key?) which I import into the ABAP system.
  - The same program creates a matching file (private key?) for the RFC client.
  - For reasons of simplicity, let us imagine the RFC client as a stand-alone Java SE application running on a PC.
  - The Java SE application uses the JCo library to connect to the ABAP system.
  - When opening the connection, it passes a username, but no password. Instead, it passes a Base64-encoded string that was generated by our key/certificate generator program.
  - On the ABAP side, the function modules are run under the username used by the Java SE application when establishing the RFC connection.
  Is that possible at all? How would you solve this?
  Thank you very much in advance and best regards,
  Thorsten

  Hello,
  Thanks a lot for your extremely high-quality replies. Iu2019ve been trying to work with them.
  Frankly, just when (after Gregoru2019s and Timu2019s posts) I was hoping that working my way deeply enough into SNC, I would be able to solve my problem, Wolfgang comes along and tells me what Iu2019m aiming at wonu2019t work. Now Iu2019m confused.
  The way I understand Wolfgang, the special trust an AS ABAP can put into another AS ABAP or an AS Java (u201Cremote RFC client, give me one certificate and I will accept every username if they come from youu201D) can not be put into a custom-made remote server software (such as the Oracle server application) acting as the RFC client, because when acting as RFC clients, the remote AS Java or AS ABAP use proprietary elements of the RFC protocol which are not available to me when I program my RFC client in the Oracle application.
  @Wolfgang, is that correct?
  Solution 1: Individual X.509 Certificates
  Instead, I can establish X.509-based trust relationships at the level of individual usernames: create a certificate for each Oracle user, import them into the AS ABAP, map them to an ABAP user, and store the certificate on the Oracle side (Iu2019m still note sure about the different certificates and keys used publicly and privately here).
  Solution 2: AS ABAP as User Management Engine for the Oracle Application
  I can also see an alternative that would spare me the trouble of generating, importing, mapping and storing the certificates: delegate the user management to the AS ABAP and delete the (custom-built) logon and password-checking mechanism in the PL/SQL application:
  Users are created centrally in CUA and distributed along with their passwords into (among others) the AS ABAP.
  When a user logs on to the PL/SQL application, the username and password are sent for validation to an ABAP BAPI.
  If authentication is successful, the AS ABAP returns a SAPLogon ticket which can be stored in the session context of the PL/SQL application and used in subsequent RFC calls. The password (a hash?) would only be transferred once during logon.
  What do you think? Would both solutions work or am I still getting something wrong? Can you see a better alternative that would reduce
  for solution 1 the administrative overhead for synchronization
  for solution 2 the run-time dependency Oracle-ABAP and the change impact on the Oracle applicationu2019s user management concept?
  Thanks a lot,
  Thorsten

• Could you please tell me how to configure NSP as « trusted » system  in the latest trial version of NetWeaver?

  Hi,
  Could you please tell me how to configure NSP as « trusted » system in the latest trial version of NetWeaver?
  Please see the attachment.
  Thanks,
  Marc

  Hi Marc,
  go to transaction STRUSTSSO2, generate a certificate for your system, then add it to certicate list and to ACL for your client.
  There will probabely be  several parameters to set in instance profile if you plan to use SSO.
  Best regards,
  Vincent

• Office Web Apps 2013 + could not establish trust relationship

  We currently have a three tier SharePoint 2013 Farm:
  1. Web Front End Server (Server 2008 R2 Enterprise) - Servername: TEST2SP013.domain.dom
  2. Central Admin Server (Server 2008 R2 Enterprise) - Servername: TEST2SPCA013.domain.dom
  3. SQL Server (Server 2012 Datacenter) - Servername: TESTSQL012.domain.dom
  All Machines are in the same IP/Subnet.
  We are trying to setup a new server (Server 2012 R2 Datacenter) (Servername: TEST022.domain.dom) to run Office Web Apps 2013 in our TEST environment to test the system before rolling in production and have had issues throughout the entire process.
  The technet articles we have used are:
  http://technet.microsoft.com/en-us/library/jj219435.aspx
  http://technet.microsoft.com/en-us/library/ff431687.aspx
  http://technet.microsoft.com/en-us/library/jj219627.aspx
  We finally have what I thought was a correct setup but anytime we try to edit or view a word, excel, powerpoint document within SharePoint 2013, we receive "Sorry, there was a problem and we can't open this document. If this happens again, try opening
  the document in Microsoft Word."
  We found a few How-To Setup Office Web Apps sites where other people provided step-by step instructions:
  blogs.msdn.com/b/sowmyancs/archive/2012/10/29/install-configure-amp-monitor-office-web-apps-2013-for-sp-2013.aspx
  http://www.wictorwilen.se/office-web-apps-2013-securing-your-wac-farm
  http://blogs.technet.com/b/justin_gao/archive/2013/06/30/configuring-office-web-apps-server-communication-using-https.aspx
  We reviewed the ULS logs and found the following error:
  02/14/2014 13:38:40.24  w3wp.exe (0x1C04)                        0x1BB4 Office Web Apps              
   WAC Hosting Interaction        adhsk Unexpected WOPI CheckFile: Catch-All Failure [exception:Microsoft.Office.Web.Common.EnvironmentAdapters.UnexpectedErrorException: HttpRequest failed ---> Microsoft.Office.Web.Apps.Common.HttpRequestAsyncException:
  No Response in WebException ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate
  is invalid according to the validation procedure.     at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult)     at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar)     --- End of
  inner exception stack trace ---     at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)     at Microsoft.Office.Web.Apps.Common.Ht... 7bed0d51-511d-4541-a059-e2f72942e617
  None of the article provide specific step-by-step instructions with using HTTPS in a test environment specifically when it comes to Self-Signed Certs through Active Directory Certificate Services.
  We tried creating a Self-Signed Cert through IIS on the Office Web Apps Box which did not work.
  We tried creating a Cert through Active Directory Certificate Services which did not work.
  We tried adding the Cert through Central Admin > Security > Manage Trust which did not help.
  We verified "get-spwopizone" is set to internal-https
  We can access the Web Apps https://test022/hosting/discovery site and view the XML with no issue on any machine on our network.
  We added our domain to the list of approved domains that can use Office Web Apps as well as add "Domain Users" as the security group that can "EDIT" Office Documents through Office Web Apps. 
  After each step, we tried performing either a system reboot or IIS Reset on the Office Web Appcs and WFE box.
  My Question is how do we generate a certificate (either self-signed through IIS on the Office Web Apps Box or through AD) that will allow this application to work? I read that the Fully Qualified Domain Name needs to be in the SAN field of the Cert but when
  we request it, I have no way of entering this information. I tried following http://technet.microsoft.com/en-us/library/ff625722 to manually request a certificate with a Custom SAN but that did not work either.
  I am assuming the certificate issue is with the New Office Web Apps box. Is this correct?
  -Chris

  If internal cert then you will have to add certificate from OWA to tursted certificates in each sharepoint server plus add the certificate from central admin in Sharepoint through manage trust. Also you will need to install p7b file (file that contains
  path to root certificate to verify each intermediate certificate) for internal cert to each sharepoint server to not get certificate error.
  sachin

• How to Configur Oracle System

  Hi,
  I configured SAP R/3 System on portal.
  and also i created transactinoal iveiw using R/3.
  Let me know how to connect oracle system and how to create iview to show date which there in oracle date base.
  For example
  i want to show of EMP table in oracle on portal iview.
  please help..
  regards
  praksh..

  Hi
  You can connect to a database using a JDBC iview already present in PCD or you can create a portal archive file which contains a servlet or JSP using simple JDBC API of java   .the portal component that can be used is abstract portal component or jsp dynpage but as you wite code in java you can do the same thing here.Register drivers in system before you connect it and then deploy the portal component using Netwever developer studio or uploading archive straight away through pcd inspector .Just use ip address in code if it is a distributed data base which must be in same domain as portal otherwise need to build trust relationship between two domains.hope this helps you please do not forget to give points
  with regards
  subrato kundu

• How to configure Email output in SD

  Dear friends Pls sent me details of how to configure email output in SD module.
  <REMOVED>
  Thanks & Regards,
  <REMOVED>

  Hi
  Idoc Def :Standard SAP format for electronic data interchange between systems (Intermediate Document). Different message types (such as delivery confirmations or purchase orders) normally represent different specific formats, the IDoc types. However, multiple message types with related content can be assigned to one IDoc type: For example, the IDoc type ORDERS01 transfers the "logical" message types ORDERS (purchase order) and ORDRSP (order confirmation).
  Idocs are of two types basic type and the extension type .we need to configure the system settings for this process .
  IDOC (Intermediate Document) - A data holder.
  IDOC is divided in to three parts.
  Control Record
  Data Record
  Status Record
  Control record (Table: EDIDC):
  - Every IDOC has only one Control Record
  - Each Control Record contains header information like:
  o IDOC Number
  o Direction of IDOC: Inbound or Outbound
  o Date and Time of creation of IDOC
  o Date and time when the IDOC was last modified.
  o Message Type of IDOC
  o IDOC type and extension of IDOC
  o Sender and Receiver Partner
  Data record – (Table: EDID4):
  - Data Record contains Data to be processed.
  - Every IDOC has one data record with multiple segments in hierarchy.
  - Segments and Hierarchy of Segments are defined by IDOC Type and Extension.
  - IDOC created has to strictly follow the hierarchy; else IDOC fails with Syntax error.
  - Segments which are repetitive have qualifiers attached to it
  Status record – (Table: EDIDS):
  - Status Record describes the status of IDOC.
  - Each IDOC contains one status Record with multiple status information.
  - Status at each level is appended to IDOC. E.g. When IDOC is created in SAP, Status is “This IDoc has been generated through a test transaction”, When the IDOC is added to system it is “IDOC added”, “IDOC ready to be transferred to Application”……
  - Status should always be read bottom-up. Status at the top is the latest status.
  - Some Example of Status Records:
  o Inbound:
  § 53 - IDOC successfully posted
  § 51 – IDOC Failed
  § 64 - IDOC ready to be transferred to Application
  o
  Outbound:
  § 30 – IDOC ready for Dispatch
  § 03 – IDOC passed to port OK
  § 12 – IDOC Dispatched
  § 16 – Functional Acknowledgement Positive
  § 17 – functional Acknowledgement Negative
  IDoc Type: Defines the segments and hierarchy of segments
  o Transaction Code:
  § WE30 – To create, change or display the IDOC type and the extension.
  § WE31 – To create the Segment
  - IDOC type defines the segments to be used in the IDOC.
  - It also defines the hierarchy and syntax of the segments.
  - IDOC extension is nothing but to add segments to standard IDOC types.
  - Transaction WE31 allows you to create segments.
  - Program RSEIDOC3 documents the use of each IDOC type.
  Segments:
  Attributes of a Segment:
  - Mandatory Segment: If checked, this segment should always exist in the IDOC.
  - Minimum Number:
  - Maximum Number: Maximum number of times this segment can be repeated in IDOC. -
  Parent Segment: Parent of this segment
  - Hierarchy level: Level of hierarchy.
  Segment Definition (WE31):
  Messsage Type: Defines the type of data in the IDOC
  o Transaction Code:
  § WE81 – To create, change or display the Message type and the extension.
  § WE82 – Using this transaction you can link Message Type, IDOC Type, IDOC Extension and version.
  - Message type identifies the type of data IDOC holds. E.g. Orders (ORDERS), Delivery (DESADV), Invoice (INVOICE). It also defines what needs to be done with the data in the IDOC, in case of Inbound IDOC, and which data to be extracted in case of Outbound IDOC.
  - Message Type is linked to a process code, which in turn is linked to a Function Module. This function module extracts from or posts data to SAP depending on direction of IDOC.
  - Relation between Message Type, IDOC type and IDOC extension needs to define. Without this relation Message type or IDOC type cannot be used.
  Message Type Create, Change or Display (WE81):
  Setup link between Message Type, IDOC Type, IDOC Extension and Version (WE82)
  Process Code: Function Module is linked to a process code. This function module in executed for inbound or outbound IDOC.
  o Transaction Codes:
  § WE41 – Outbound Process Code
  § WE42 – Inbound Process Code
  - Process codes are linked to a Function Module.
  - Relationship is Message Type is linked to a Process Code which is linked to a Function Module.
  - In case if you are using a stand alone code to trigger an IDOC, you need not define a process code.
  RFC Destination: System definition of destination.
  o Transaction Code: SM59
  - RFC destination identifies the destination of IDOC.
  - In case of ALE:
  o In ALE the communication mode is IDOC to IDOC, hence the type used is R/3 Connections.
  o It is the destination SAP system which will receive the IDOC.
  o In RFC destination you define the destination SAP system details like System, Login and Password.
  Go thr below links:
  http://help.sap.com/printdocu/core/Print46c/en/data/pdf/BCMIDALEIO/BCMIDALEIO.pdf
  http://help.sap.com/printdocu/core/Print46c/en/data/pdf/BCMIDALEPRO/BCMIDALEPRO.pdf
  http://help.sap.com/printdocu/core/Print46c/en/data/pdf/CABFAALEQS/CABFAALEQS.pdf
  http://help.sap.com/printdocu/core/Print46c/en/data/pdf/BCSRVEDISC/CAEDISCAP_STC.pdf
  Sail

• Set-IRMConfiguration failed with error "Cou ld not establish trust relationship for the SSL/TLS secure channel."

  Hi, experts 
  I'm trying to configure a lab environment according tutorial http://www.msexchange.org/articles-tutorials/exchange-server-2010/compliance-policies-archiving/rights-management-server-exchange-2010-part3.html
  After completing configuration, I execute cmdlet Set-IRMConfiguration -InternalLicensingEnabled $true, but get error
  The remote certificate is invalid according to the validation procedure. ---> The underlying connection was closed: Cou
  ld not establish trust relationship for the SSL/TLS secure channel. ---> Failed to get Server Info from https://exhv-65
  94/_wmcs/certification/server.asmx.
      + CategoryInfo          : InvalidOperation: (:) [Set-IRMConfiguration], Exception
      + FullyQualifiedErrorId : C810E449,Microsoft.Exchange.Management.RightsManagement.SetIRMConfiguration
  Then I run cmdlet Test-IRMConfiguration -Sender [email protected] and get error
  Results : Checking Exchange Server ...
                - PASS: Exchange Server is running in Enterprise.
            Loading IRM configuration ...
                - PASS: IRM configuration loaded successfully.
            Retrieving RMS Certification Uri ...
                - PASS: RMS Certification Uri: https://server1/_wmcs/certification.
            Verifying RMS version for https://server1/_wmcs/certification ...
                - WARNING: Failed to verify RMS version. IRM features require AD RMS on Windows Server 2008 SP2 with the
            hotfixes specified in Knowledge Base article 973247 (http://go.microsoft.com/fwlink/?linkid=3052&kbid=973247)
             or AD RMS on Windows Server 2008 R2.
            Microsoft.Exchange.Security.RightsManagement.RightsManagementException: Failed to get Server Info from https:
            //server1/_wmcs/certification/server.asmx. ---> System.Net.WebException: The underlying connection was clos
            ed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authenticatio
            n.AuthenticationException: The remote certificate is invalid according to the validation procedure.
               at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest async
            Request, Exception exception)
               at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest async
            Request)
               at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
               at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest async
            Request)
               at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
               at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest async
            Request)
               at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
               at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequ
            est asyncRequest)
               at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
               at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Obje
            ct state)
               at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
               at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
               at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
               at System.Net.ConnectStream.WriteHeaders(Boolean async)
               --- End of inner exception stack trace ---
               at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
               at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request)
               at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
               at Microsoft.Exchange.Security.RightsManagement.SOAP.Server.ServerWS.GetServerInfo(ServerInfoRequest[] req
            uests)
               at Microsoft.Exchange.Security.RightsManagement.ServerWSManager.ValidateServiceVersion(String featureXPath
               --- End of inner exception stack trace ---
               at Microsoft.Exchange.Security.RightsManagement.ServerWSManager.ValidateServiceVersion(String featureXPath
               at Microsoft.Exchange.Management.RightsManagement.IRMConfigurationValidator.ValidateRmsVersion(Uri uri, Se
            rviceType serviceType)
               at Microsoft.Exchange.Management.RightsManagement.IRMConfigurationValidator.TryGetRacAndClc()
            OVERALL RESULT: PASS with warnings on disabled features
  From the error message, this issue seem to related with SSL/TLS connection. So I go back to check configuration and find out a difference to tutorial. Current SCP url is https://server1/_wmcs/certification, but in tutorial it is https://server1:433/_wmcs/certification.
  On my opinion, I don't think it is the real reason.
  So, how can I resolve this error? Could you give me some suggestion? Thanks in advance.
  System Info:
  Windows Server 2008 R2 + Exchange Server 2010 SP3 RTM

  Hi
  Please have a try with the solution on this KB article
  “Error message when you try to test access from the Microsoft Dynamics CRM E-mail Router: "Incoming Status: Failure - The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel"”
  http://support.microsoft.com/kb/954584/en-us
  Cheers
  Zi Feng
  TechNet Community Support

• The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

  I tried to redeem a digital download copy of a movie and was presented the following error: 
  The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
  Any guesses on what it is and how to resolve it?
  Thanks

  Hi
  Abhilash Francis,
  Could you tell us your scenario?  What's your project? Is it a WCF service?
  Looks like this is not a code issue.
  Just from the error information,
  it seems that you do not configure the service certificate very well so as to Server was unable to process request.
  I am not completely sure  what the real scenario is, but it might be a problem of that It is a WCF services application,  please check these following articles to configure the service certificate.
  If not, please feel free to let me know.
  How to: Configure an IIS-hosted WCF service with SSL
  Could not establish trust
  relationship for the SSL/TLS secure channel
  Hope this helps.
  Best regards,
  Kristin
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• How to configure SCSM exchange connector when exchange server is in different domain.

  We installed/configured SCSM in ABC domain and now need to use exchange connector for incident alert mail.
  But exchange server is in different domain, say XYZ.
  How do we configure?
  Thanks,
  Abhilash

  Cannot configure trust at AD level. But in the config article, following points are given.. but not clear on first 2 steps. Also, we did not find option to "navigate to certificate template and right click certificate templates".
  sorry, i dont have much exp with certificates. If steps are described little more clear, would be helpful.
  a.     If your Service Manager management server does not have a trusted relationship with the Exchange Server, open Certificate Services and create a duplicate copy of the Web Server Certificate Template. Ensure that Private Key Export and Publish
  in AD are selected, and then add Read and Enroll permission to Authenticated Users.
  b.     In Certificate Services, navigate to Certificate Template and right-click Certificate Templates. Click New and then click Certificate Template to Issue. Select the template that you created in the previous step.
  c.     In Exchange Server, open the Microsoft Management Console and add the Certificates snap-in for the local computer. Right-click the Personal logical store, and then hover over All Tasks.
  d.     Select Request for New certificate and in the Certificate Enrollment wizard, select Active Directory Enrollment Policy and select the template that you created previously. When you select the certificate, you can click More Information to type
  the Exchange Server’s FQDN name as the common name in the Subject tab. You can also type the FQDN name as the Friendly Name in the General tab.
  Thanks,
  Abhilash

• RFC Trust Relationship - Authentication

  Hello Experts,
  Could anyone tell me what really happens behind the scenes when you setup the RFC Trust Relationship on ABAP systems?
  Do the trusted system certifcate imported to the trusting system?
  Do the systems exchange the certificates/keys while authentication?
  Is there any help document available giving more details about what happens behind the scenes of RFC trust relationship configuration and how the single sign on possible?
  One on-site consultant said that the systems exchange the certificates, and another consultant said that they exchange keys and the data is encrypted. If there is no SNC enabled how is the data is encrypted.
  And also I do not see the trusted system certificate in trusting system "certifcate list".
  My assumption is adding 2 systems to RFC trust relationship neither adds trusted system certificate into the trusting system nor exchange keys between systems for RFC Call. The calling system(trusted system) gets authenticated based on S_RFCACL authorization in trusting system.
  Please share your thoughts or any relevant help documents
  Thanks,
  Himadama

  Hi
  Please go to this link :
  http://help.sap.com/saphelp_nw70ehp1/helpdata/en/47/95443fbee8700fe10000000a42189d/frameset.htm
  it also has clear doucmentation and steps to setup a trusted relationship:
  pay attention to the following three pointers from the above link for using trusted RFC
  "●      A user in the target system
  ●      Authorizations for the applications he or she needs to use in the target system
  ●      Authorization for the object S_RFCACL
  This authorization object regulates a useru2019s right to log onto a system via a trusted connection"
  Regards

• How to configure SCCM 2007 to deliver apps to DMZ servers

  I'm needing some clarification and assistance here.  I'm providing some background as well.  This is my first foray in to this process, so the simpler and more thorough the explanations are, the better it will be for me.
  We're running Config. Mgr. 2007 in Mixed Mode (can't go Native at this point) in our corporate domain.  We also have 20 servers in our DMZ.  Some are in workgroups.  The rest are members of one
  of three AD Domains in the DMZ.  There is no trusted relationship with our internal corporate domain or between the domains in the DMZ.  I want to use SCCM to distribute a limited number of applications to all the DMZ servers, automating the process
  like we are currently doing, inside our firewall.  
  Here's the limited understanding I have from reviewing other posts, along with additional questions.  Please feel free to correct any misconceptions and also fill in the blanks.
  I'f I get the process correctly, the client is manually installed on DMZ servers.  They will communicate over port 80 (HTTP).  A SLP is required, which can be set up as part of the client command-line
  installation.  Alternatively we can set up a secondary site in the DMZ which will communicate over port 1433 to our internal network.
  The questions I have are these.  What box does the SLP have to be defined on if we not using a secondary site?  Also, is it a component of the client installation that is enabled on one server in the DMZ, or is it inside the firewall?  How
  are DMZ servers directed to it?
  If we use a secondary site in the DMZ, how does that affect our overall configuration?  Currently we're using a single SCCM server, no children.
  Thanks in advance for your assistance and information
  Thanks, Dino

  Here's a good guide to get you started :
  http://blog.coretech.dk/wp-content/uploads/The-complete-guide-to-System-Center-Updates-Publisher-2011-V1.01.pdf
  Benoit Lecours | Blog: System Center Dudes

• RDS Trust relationship issue

  Hi,
  We have 3 domains
  DOM1.domain.local (top domain)
  DOM2.DOM1.domain.local (sub domain)
  DOM3.DOM1.domain.local (sub domain)
  When we setup a brand new RDS 2012 server in DOM2 we can't add users from DOM3 and vica versa.
  When we install a RDS 2012 server in DOM1 we can't add users from DOM2 and DOM3.
  The error message says that the network path was not found. And to check for a two-way trust. 
  We can't change settings on the trust relationship, because it is a child domain, it will always be a two-way trust. (the validation works without any problem)
  Adding users from the other subdomain to the local group "Remote Desktop Users" isn't a problem. But that doesn't work any more in server 2012.
  Anyone an idea?
  Regards
  Stijn

  Hi,
  After referring your post, I can understand that you can’t able to add users from another domain.
  Can cross-domain user can able to login successfully?
  In your situation, I will suggest you to change Trust type to cross-forest trust.
  Understanding when to Create a Forest Trust:
  http://technet.microsoft.com/en-us/library/cc771397.aspx
  How to Configure Cross-Forest Administration:
  http://technet.microsoft.com/en-us/library/bb232078(v=exchg.80).aspx
  Refer below post (Answered By :Mark McNichols):
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/b243ec10-ae0c-4501-94b7-acd3a4d1e90e/rds-and-sid-error-with-twoway-trust
  The article which is described in above post by Mark McNichols (KB972133):
  http://support.microsoft.com/kb/972133
  Might This Helps!
  Thanks.

• Getting Error The trust relationship between the primary domain and the trusted domain failed in SharePoint 2010

  Hi,
  SharePoint 2010 Backup has been taken from production and restored through Semantic Tool in one of the server.The wepapplication of which the backup was taken is working fine.
  But the problem is that the SharePoint is not working correctly.We cannot create any new webapplication ,cannot navigate to the ServiceApplications.aspx page it shows error.Even the Search and UserProfile Services of the existing Web Application is not working.Checking
  the SharePoint Logs I found out the below exception
  11/30/2011 12:14:53.78  WebAnalyticsService.exe (0x06D4)         0x2D24 SharePoint Foundation          Database                     
   8u1d High     Flushing connection pool 'Data Source=urasvr139;Initial Catalog=SharePoint_Config;Integrated Security=True;Enlist=False;Connect Timeout=15' 
  11/30/2011 12:14:53.78  WebAnalyticsService.exe (0x06D4)         0x2D24 SharePoint Foundation          Topology                     
   2myf Medium   Enabling the configuration filesystem and memory caches. 
  11/30/2011 12:14:53.79  WebAnalyticsService.exe (0x06D4)         0x12AC SharePoint Foundation          Database                     
   8u1d High     Flushing connection pool 'Data Source=urasvr139;Initial Catalog=SharePoint_Config;Integrated Security=True;Enlist=False;Connect Timeout=15' 
  11/30/2011 12:14:53.79  WebAnalyticsService.exe (0x06D4)         0x12AC SharePoint Foundation          Topology                     
   2myf Medium   Enabling the configuration filesystem and memory caches. 
  11/30/2011 12:14:55.54  mssearch.exe (0x0864)                    0x2B24 SharePoint Server Search       Propagation Manager          
   fo2s Medium   [3b3-c-0 An] aborting all propagation tasks and propagation-owned transactions after waiting 300 seconds (0 indexes)  [indexpropagator.cxx:1607]  d:\office\source\search\native\ytrip\tripoli\propagation\indexpropagator.cxx 
  11/30/2011 12:14:55.99  OWSTIMER.EXE (0x1DF4)                    0x1994 SharePoint Foundation          Topology                     
   75dz High     The SPPersistedObject with
  Name User Profile Service Application, Id 9577a6aa-33ec-498e-b198-56651b53bf27, Parent 13e1ef7d-40c2-4bcb-906c-a080866ca9bd failed to initialize with the following error: System.SystemException: The trust relationship between the primary domain and the trusted
  domain failed.       at System.Security.Principal.SecurityIdentifier.TranslateToNTAccounts(IdentityReferenceCollection sourceSids, Boolean& someFailed)     at System.Security.Principal.SecurityIdentifier.Translate(IdentityReferenceCollection
  sourceSids, Type targetType, Boolean forceSuccess)     at System.Security.Principal.SecurityIdentifier.Translate(Type targetType)     at Microsoft.SharePoint.Administration.SPAce`1.get_PrincipalName()    
  at Microsoft.SharePoint.Administration.SPAcl`1.Add(String princip... 
  11/30/2011 12:14:55.99* OWSTIMER.EXE (0x1DF4)                    0x1994 SharePoint Foundation          Topology                     
   75dz High     ...alName, String displayName, Byte[] securityIdentifier, T grantRightsMask, T denyRightsMask)     at Microsoft.SharePoint.Administration.SPAcl`1..ctor(String persistedAcl)    
  at Microsoft.SharePoint.Administration.SPServiceApplication.OnDeserialization()     at Microsoft.SharePoint.Administration.SPIisWebServiceApplication.OnDeserialization()     at Microsoft.SharePoint.Administration.SPPersistedObject.Initialize(ISPPersistedStoreProvider
  persistedStoreProvider, Guid id, Guid parentId, String name, SPObjectStatus status, Int64 version, XmlDocument state) 
  11/30/2011 12:14:56.00  OWSTIMER.EXE (0x1DF4)                    0x1994 SharePoint Foundation          Topology                     
   8xqx High     Exception in RefreshCache. Exception message :The trust relationship between the primary domain and the trusted domain failed.   
  11/30/2011 12:14:56.00  OWSTIMER.EXE (0x1DF4)                    0x1994 SharePoint Foundation          Timer                        
   2n2p Monitorable The following error occured while trying to initialize the timer: System.SystemException: The trust relationship between the primary domain and the trusted domain failed.       at System.Security.Principal.SecurityIdentifier.TranslateToNTAccounts(IdentityReferenceCollection
  sourceSids, Boolean& someFailed)     at System.Security.Principal.SecurityIdentifier.Translate(IdentityReferenceCollection sourceSids, Type targetType, Boolean forceSuccess)     at System.Security.Principal.SecurityIdentifier.Translate(Type
  targetType)     at Microsoft.SharePoint.Administration.SPAce`1.get_PrincipalName()     at Microsoft.SharePoint.Administration.SPAcl`1.Add(String principalName, String displayName, Byte[] securityIdentifier, T grantRightsMask,
  T denyRightsMask)     at Microsoft.SharePoint.Administrati... 
  11/30/2011 12:14:56.00* OWSTIMER.EXE (0x1DF4)                    0x1994 SharePoint Foundation          Timer                        
   2n2p Monitorable ...on.SPAcl`1..ctor(String persistedAcl)     at Microsoft.SharePoint.Administration.SPServiceApplication.OnDeserialization()     at Microsoft.SharePoint.Administration.SPIisWebServiceApplication.OnDeserialization()    
  at Microsoft.SharePoint.Administration.SPPersistedObject.Initialize(ISPPersistedStoreProvider persistedStoreProvider, Guid id, Guid parentId, String name, SPObjectStatus status, Int64 version, XmlDocument state)     at Microsoft.SharePoint.Administration.SPConfigurationDatabase.GetObject(Guid
  id, Guid parentId, Guid type, String name, SPObjectStatus status, Byte[] versionBuffer, String xml)     at Microsoft.SharePoint.Administration.SPConfigurationDatabase.GetObject(SqlDataReader dr)     at Microsoft.SharePoint.Administration.SPConfigurationDatabase.RefreshCache(Int64
  currentVe...
  Please guide me on the above issue ,this will be of great help
  Thanks.

  I have same error. Verified for trust , ports , cleaned up cache.. nothing has helped. 
  The problem is caused by User profile Synch Service:
  UserProfileProperty_WCFLogging :: ProfilePropertyService.GetProfileProperties Exception: System.SystemException:
  The trust relationship between the primary domain and the trusted domain failed.       at System.Security.Principal.SecurityIdentifier.TranslateToNTAccounts(IdentityReferenceCollection sourceSids,
  Boolean& someFailed)     at System.Security.Principal.SecurityIdentifier.Translate(IdentityReferenceCollection sourceSids, Type targetType, Boolean forceSuccess)     at System.Security.Principal.SecurityIdentifier.Translate(Type
  targetType)     at Microsoft.SharePoint.Administration.SPAce`1.get_PrincipalName()     at Microsoft.SharePoint.Administration.SPAcl`1.Add(String principalName, String displayName, SPIdentifierType identifierType, Byte[]
  identifier, T grantRightsMask, T denyRigh...        
  08/23/2014 13:00:20.96*        w3wp.exe (0x2204)                      
          0x293C        SharePoint Portal Server              User Profiles                
          eh0u        Unexpected        ...tsMask)     at Microsoft.SharePoint.Administration.SPAcl`1..ctor(String persistedAcl)    
  at Microsoft.Office.Server.Administration.UserProfileApplication.get_SerializedAdministratorAcl()     at Microsoft.Office.Server.Administration.UserProfileApplication.GetProperties()     at Microsoft.Office.Server.UserProfiles.ProfilePropertyService.GetProfileProperties()
  Please let me know if you any solution found for this?
  Regards,
  Kunal