How to disable SSLv3 and RC4 on Lync Server Access Edge?

Similar Messages

• The Lync Server Access Edge service not starting (ipconfig / certificate problem?)

  hey guys,
  I am trying to install lync server 2010 for the first time. After installing everying i have a problem on the edge server, the Lync Server Access Edge services doesn't want to start and is giving specific error:
  The Lync Server Access Edge service terminated with service-specific error %%-2146762480.
  i have searched in the forums, i only read that it might have something to do with the ip config or the certificates, but i have no idea what exactly.
  I have the following servers:
  sql server (domain member)
  Archive server (domain member)
  Monitoring server (domain member)
  and the edge server (not a domain member)
  this edge server has two nics, one with a internal address and one with a public address.
  for the internet side i used an internal AD CA for a certificate, for the external side i used a go daddy certificate.
  does anyone has any idea? i am happy to provide additional information.
  thx, JW

  Hey Tim,
  thanks for helping me. I am using one IP address externally. And if i understand correctly i am using port 443, 444 and 5061 (as suggested automatically by the topology builder)
  internally i used an internal CA and external i used a godaddy multidomein certificate,  as we are planning to use multiple domains on it.  i used the wizard from the setup. i ran a request. In the wizard i see then the follwing Subject names and
  subject alternate names:
  sip.domain1.xx
  webconf.domain1.xx
  and then in the next screen i can check other domains, so i checked also the other domains:
  domain2.xx
  domain3.xx
  domain4.xx
  domain1.xx  (also the first domain is here and i checked it to be sure)
  while i was gathering this information i noticed that the certificate wizard says that the external ede certifciate status = invalid. So there is my problem mostlikely. Although i do not understand why it is invalid.
  So when using 1 ip address externally you will need to change the ports in your topology.
  Under Edge Pools - > Right click your edge pool and click edit, down near the bottom make sure "Enable seperate FQDN and ip address for web etc...) is UNCHECKED.
  the first FQDN, sip.domain.com port 443(TLS), the other 2 for webconf and av just change the port numbers. so when you request your 2 certs the only names will be the pool FQDN and sip.domain and your other sip domains. on your router/gateway open the 3
  ports you selected from Outbound -> Inbound. for your external DNS sip.domain -> external IP address going to your firewall/gateway.
  note that your edge server is not on the domain so you will need to edit your hosts file and add your frontend pool/server internal ip address and FQDN server name.
  When you get "invalid" for the certificate what cert is it? the internal CA or GoDaddy?

• How to disable SSLv3 and keep only TLS for LDAP connection.

  Hi,
  I'm planning to keep only TLSv1.2 for LDAP connections.
  I tried to set LDAP_OPT_SSL_INFO in LDAP Session Options using a SecPkgContext_ConnectionInfo Structure with dwProtocol SP_PROT_TLS1_2_CLIENT(as described here -  https://social.msdn.microsoft.com/Forums/en-US/7544226d-97e1-4dae-a377-e382c2281e91/how-to-set-up-tls-in-ldap-connection?forum=vcgeneral),
  but it returns LDAP_PARAM_ERROR.
  I tried to call this function directly after ldap_sslinit/ldap_init and before ldap_connect() - without success, I tried to use other parameters with default values, I tried to initialize them by 0/other possible values - and also no success.
  How I can do this?
  Thanks for your advices.

  LDAP_PARAM_ERROR
  https://msdn.microsoft.com/en-us/library/aa367026(v=vs.85).aspx

• SharePoint 2013 How to disable Drag and Drop Functionality

  Hi,
  In SharePoint 2013 in document library we have default behavior of drag and drop documents in document library. How to disable drag and drop documents in document library?

  Hi,
       As a work around, you can edit the Drag and Drop js as to remove the drag and drop functionality, edit the document library page (default
  page) place the content editor web part on top of the library include the modified Drag and Drop js file in the content editor web part, Please save the Drag and Drop js file to other location (probably Site Assets library etc).
  Hope it helps!!!  
  Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. Thanks, Ajeet

• Does Anyone Knows How To Disable The "Check For Updates" Option in Adobe Edge Code and Reflow?

  Does Anyone Knows How To Disable The "Check For Updates" Option in Adobe Edge Code and Reflow?
  Thanks in Advance

  I don't think there is a way for Edge Code. I'm not sure about Reflow.
  Why don't you just upgrade? That will stop the notifications.
  Randy

• How to disable SSLv3 on SSL enabled NodeManager (wls12.1.1 with jRockit)

  how to disable SSLv3 on SSL enabled NodeManager (wls12.1.1 with jRockit)

  Hi,
  Add the following Java option in the StartNodemanger.sh file
  Steps to disable SSLv3 protocol on Weblogic:
  1.  The weblogic.security.SSL.protocolVersion command-line argument lets you specify which protocol is used for SSL connections.
  2.  After enabling/configuring the SSL for weblogic server, append the following option to the JAVA_OPTIONS variable
          -Dweblogic.security.SSL.protocolVersion=TLS1
       NOTE: If you don’t specify the above property, by default it takes SSLv3.
  Check the below Links for more information
  http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec1046921.aspx
  http://docs.oracle.com/cd/E17904_01/web.1111/e13707/ssl.htm#SECMG494
  CVE-2014-3566 - Instructions to Mitigate the SSL v3.0 Vulnerability (aka "Poodle Attack") in Java SE
  Additional Info
  Poodle Vulnerability CVE-2014-3566
  CVE-2014-3566 - Instructions to Mitigate the SSL v3.0 Vulnerability (aka "Poodle Attack") in Java SE
  Hope it helps

• How to Install XI and EP on Single server

  Hi,
  How to install XI and EP on same server. I tried to install XI then EP . After EP installed then iam not able to access XI j2ee engine . I think some where port conflicts . I gave system number for XI : 00 and EP : 02
  Can any one help for this. Where did i made mistake.
  Thanks
  Kristene

  Hi Kristene,
  I have installed XI and EP on the same server (for test purposes) without any problems, so it should be possible. I installed them in a different order (first EP then XI), but I don't think that matters much.
  The only real difference is that I kept the system number the same.
  What do you mean exactly with not being able to access the XI j2ee engine? How did you try to access it?
  Regards,
  Martin

• How to Check if you are running Lync Server Evaluation or Licensed Version

  I was not sure if our Lync environment was running Evaluation Version of the Lync Front End server or the Volume Licensed Version. I was looking to migrate from PoC to production so I had to make sure that the services didn’t stop in the middle of production.
  A simple cmdlet to verify this: Get-CsServerVersion
  1. When run it will attempt to
  2. Read the registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Real-Time Communications\{A593FD00-64F1-4288-A6F4-E699ED9DCA35}\Type
  3. Based on that registry value, the cmdlet will then report back the version number of the software and the Lync Server licensing information the local computer and report back one of the following:
  o That the Lync Server volume license key has been installed on the computer, meaning that no updating is necessary.
  o That the Lync Server evaluation license key has been installed, meaning that the computer must be updated.
  o That no volume license key is required on the computer. Updating from the evaluation version to the licensed version is only required on Front End Servers, Directors, and Edge Servers.
  What if Evaluation Version is installed and you have to upgrade to Licensed Version?
  1. Log on to the computer as a local administrator
  2. Click Start, click All Programs, click Microsoft Lync Server 2013, and then click Lync Server Management Shell.
  3. In the Lync Server Management Shell, type the following command and then press ENTER:
  o msiexec.exe /fvomus server.msi EVALTOFULL=1 /qb
  o Note that you might need to specify the full path to the file server.msi. This file can be found in the Setup folder of the Lync Server Volume media installation files.
  4. After Setup finishes running, type the following from the command prompt and then press ENTER:
  o Enable-CsComputer
  o Repeat this procedure on any other Front End Server, Director, or Edge Server running an evaluation copy of Lync Server
  o This procedure should also be performed on any Branch Office Servers that were deployed by using the Lync Server media installation files
  Using Get-CsServerVersion will also show you
  1. What Version Number you are running
  2. What patches has been installed

  Hi,
  I couldn't find direct way of saying whether node manager is running or not but here is the work around. Using WLST when you say "startNodeManager", if the node manager is running this command throw an output saying "node manager is already running". Let me know if this solution works for you, if it works then I can give you java program for this if required or you can use "WLST JAVA Mode".
  Thanks.
  Vijay Bheemineni.

• How to use audio and mic with multipoint server with out it crashing on you

  how to use audio and mic with multipoint server with out it crashing on you when i use them to make calls thru my station (zero client) at the same time it crashes on me and i need to restart the multipoint is there a setting i may have mist that enable's
  them to work at the same time and if posible can i use a non USB device 

  Look for "Single Sign-on Using Kerberos in Java" in google or on Sun's web site. Maybe this paper will help you.
  Claude

• How to determine is it SMB - Remote SAM server access , false positive?

  How to determine is it SMB - Remote SAM server access , false positive?

  5583-0 right?
  I would say that there are different types of false positives. Do you mean, how do I determine if what what was seen actually represents an attempt to access the SAM database? I would start by looking at MySDN (or whatever Cisco is calling it these days...intellishield?). It's often not very up to date and missing information, but it's an easy thing to check. Here's the link for this sig:
  https://intellishield.cisco.com/security/alertmanager/ipsSignature?signatureId=5583&signatureSubId=0
  If you look at the benign triggers, you'll see that it suggests that this only matters if the source is external. It's up to you whether to research any further. If you really want to inspect the signature further, you'll have to add one of the "log packets" actions. This will save a network trace when it fires again and then you can open it up in Wireshark, which understands SMB and will probably decode it enough for you to verify whether it actually was an attempt to access the "Remote SAM server".

• How to disable Save and SaveAs Button in Adobe Reader ??

  I am having Dynamic XML Form (XFA based) designed on LC Designer ES2
  I Want to disable Save and SaveAs button  whenever it would be opened in Adobe Reader only.
  Other way around, i want to provide only facility to save form programmatically through Javascript to apply validation.
  Plz help
  Thnx in advance..!!

  I can apply folder level java script ...But How to handle this way on CLIENT SIDE..???

• How to disable drag and drop feature for a document library?

  Hi
  How can I disable drag and drop feature for a document library? Do I have an option to disable it from the SharePoint's feature set?
  Or can I disable it using a script? If so, how?
  Regards
  Paru

  Hi,
  According to your post, my understanding is that you want to disable drag and drop feature for a document library.
  Drag and drop in SharePoint 2013 is a feature that depends on HTML5, which requires version of browser, SharePoint by default doesn’t has feature to disable or enable this.
  You can try disabling the drag and drop feature by disabling an add-on in Internet Explorer, or
  using Internet Explorer 9 or lower.
  Here is a similar thread for your reference:
  https://social.msdn.microsoft.com/Forums/office/en-US/8961ff07-039d-47b0-ae7d-8e24af96234a/2013-doc-library-settings-turn-off-drag-and-drop-and-findsearchfilter-on-metadata-columns?forum=sharepointcustomization
  http://community.office365.com/en-us/f/154/t/228079.aspx
  More information:
  The Solution to SharePoint 2013 Drop and Drag Not Working
  SharePoint 2013 Drag and Drop Upload Not Working
  Best Regards,
  Linda Li
  Linda Li
  TechNet Community Support

• How to Disable VRFY and RCPT

  How does one disable VRFY and RCPT on Ironport AsyncOS for Email Security 7.6 and what is the impact? I understand an attacker can perform an account enumeration and verify whether e-mail accounts exist and a spammer can automate the method to perform a directory harvest attack and send spam emails.
  Thanks

  There are three SMTP commands that apply here.
  VRFY - not implemented by ESA. ESA will respond "250 ok" to everything
  EXPN - not implemented by ESA. ESA always responds "500 command not recognized"
  RCPT - can't be "disabled" as there is no other way to specify envelope recipients.
  I would recommend that you set up LDAP Accept and DHAP (Directory Harvest Attack Prevention). That will allow the ESA to stop dictionary attacks. Once too many bad recipients have been tried the appliance will reject all recipients from that IP address for an hour.
  DHAP is normally best set up to function during the SMTP conversation and to drop connections. If you enable it during the work queue your appliance can get bogged down with undeliverable outgoing messages from all the bounces. Dropping the connection can help with botnets since they usually don't waste time by re-queuing messages to be tried later.

• How to disable graphics and/or java in Firefox 23.0.1

  In previous versions of Firefox, like 19.0, it is a simply matter to disable graphics and/or java. Simply go to Firefox "Tools", "Options", "Content", unclick "Load images Automatically", unclick "Enable JavaScript".
  With Firefox 23.0.1, I don't see that as a option. How do I easily disable and enable the graphics and javascript?
  I am aware that "Adblock" has some capabilities to do some of this. Although I find Adblock more complicated and have not been able to achieve my goals with it.
  This is very important to me.

  "In Firefox 23, as part of an effort to simplify the Firefox options set and protect users from unintentially damaging their Firefox,"
  Are you kidding? so you mean to tell me that it helps users by requiring them to download third party addons(memory leaks and all) just to do something that use to be as simple as clicking a button?
  If i have to use untrusted third party add-ons that i need to download to my computer i may as well just ,i don't know, Download a new browser while im at it.
  If anything they should have just made it EASIER to find so users could EASILY undo what they EASILY done.
  it's hogwash to say "just use addons" I try to keep my add-ons and extensions to the bare necessities for a reason. And coming from a user who until recently was stuck with dialup(because there was no other options) the ability to remove images is key. That and if im in a public setting i don't want to put my facebook images on display.
  Overall, HUGE mistake by firefox.

• How to disable block and delete button in me22n transaction

  Hi experts !,
  as per my requirement i want to disable delete and block button in me23n . for this i wrte my logic but problem
  is when my logic satisfies then i want to disabele those two buttons . those block button function code is 'MEPO1211LOCK'
  if it is screen field we can use loop at screen and input = 0 . but here it is funtion code how to disable this funtion code as per
  condition .
  i tried this  SET PF-STATUS ' pf status name ' EXCLUDING ' fucntion code name  '.  also but not working ..
  if any one have any idea pls share ......

  Hello Experts,
  I have similar requirement. Please help....