Internal and external user logins

Similar Messages

• INTERNAL and EXTERNAL users authentication via OAM

  Hi ,
  We have a scenario where in a resource is protected by OAM and we want the internal users in the system to access the resource w/o and authentication , However at the same time we want the external users should be challenged by OAM for credentials .
  How to implement such a scenario ?
  Any ideas would be helpful ..
  Thanks
  Sid

  More details (architecture etc) would be needed to suggest any kind of solution.
  Also content served is static or dynamic ? If content is dynamic then backend component (app) would expect identity to be propagated to it. This could be potential issue if internal user wont authenticate.
  If it is static content then you can make use of rewrite rules / rewrite conditions to filter ip address (internal users should have some ip address range). Although you may have to do multiple url rewrite at apache level to by pass authentication.
  One another solution is to implement zero sign on experience via WNA for internal users. WNA would take advantage of user's login to desktop. Hope this helps.

• OBIEE Download Error - Both Internal and External Users

  I have set up a new Group and Workspace today. External users are getting an error when trying to download OBIEE, and so am I. The browser throws a '500 Internal Server Error' and looks like the link no longer exists or is broken. Please help, thanks!

  Hi,
  I went to beehiveonline.oracle.com/bcentral and accessed the downloads page and was able to download OBEE without any problems.
  The direct link is
  https://beehiveonline.oracle.com/bcentral/action?page=downloadlanding&appId=Oracle+Beehive+Extensions+for+Explorer+Downl…
  What was the URL you were using and where did you find it? There may be an old link I need to correct.
  Phi

• CWMS 2.0MR7 intermittent dead air on call-in and call-back for internal and external users

  Hello,
  I have got a new install of CWMS 2.0MR7 800 users non HA system. During initial testing we noticed that when we call-in or call-back there was a dead air even though the call is connected we don't hear welcome to WebEx....when we hang up and call again it works fine and we hear welcome to WebEx so the issue is intermittent. CUCM version is 8.6
  Can someone please advise how do we go about troubleshooting something like this when the issue is so intermittent?
  Thanks

  Hi,
  Please check the following:
  1. Please check if you are on supported hardware and that no co-resident VMs exist:
  http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_0/Planning_Guide/Planning_Guide_chapter_01011.html#reference_249B138B71324D19B09141D3849EC058
  2. Check if you have any snapshots on any of the virtual machines for the system. If you have captured any snapshots before an upgrade, make sure that you delete them within 24 hours as they cause degradation of system performance and are known to cause audio quality issues.
  3. Please check your network bandwidth for these requirements:
  http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/1_5/Planning_Guide/Planning_Guide_chapter_01.html#reference_267DB686BB224EB7A49DE4C783C912E6
  If you still face the problem, please open a TAC case to troubleshoot the issue further. We will be able to get detailed logs and sniffers to find the cause of the issue.
  Thanks,
  Jyothi

• Delivery report shows status of Pending for external address. Email sent to both internal and external addresses.

  We have an Exchange 2013 on-premise server and seem to have an issue with emails sent to internal and external users at the same time.
  The issue came to light because someone sent an email to 44 recipients, of which one was internal. None of the external recipients received the email. I checked the delivery report in the EAC and found the internal email marked as 'Delivered' and all of
  the external ones marked as 'Pending'. I checked the queues and there were none. I did some testing and sent an email to just one of the external addresses on the list, it arrived. I tried sending the email again to all of the recipients, the external ones
  all showed 'Pending'. I tried it again, but this time excluded the internal email address and all of the 43 external emails were immediately delivered.
  So it seems that the issue only arises when we are sending to both internal and external addresses.
  I then tried a test email to one internal address and one external address. The Delivery report says that the internal address was delivered immediately, while the external address is 'Pending' and gives more information saying: 'Message delivery is taking
  longer than expected. There may be system delays. For more information, contact your helpdesk.'. To add further mystery to this, the email was actually delivered.
  So, I have two concerns:
  First is seems that some emails sent both internally and externally are only arriving internally. This is a huge problem because I don't know how many have been affected. There may be many lost emails we don't know about.
  Second, it looks like I can't trust the delivery report. It says pending for some emails which didn't arrive, but it also says pending for some which did arrive. That is no good at all.
  For info the server is running Windows Server 2012. I have run a Microsoft Update to check if there are any to apply and the only Exchange one is a spam filter update, which I doubt has any bearing but I will apply when I get chance.

  Hi Neil,
  According to the description, I find a related KB on Exchange 2010:
  https://support.microsoft.com/kb/2694474?wa=wsignin1.0
  It has the similar situation as yours.
  This issue occurs because a function in a message tracking component tries to obtain the information for the recipient instead of the external recipient.
  Please try to upgrade to the latest Exchange update to check whether this issue can be solved.
  Also please check whether Throttling has been set.
  Please run "Get-TransportService | fl" to check the MaxOutboundConnections parameter value.
  More details to see:
  Message throttling 
  http://technet.microsoft.com/en-us/library/bb232205(v=exchg.150).aspx
  Thanks
  If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Mavis Huang
  TechNet Community Support

• SharePoint 2013 - Office Web Apps - Internal and External Use

  I have successfully installed SharePoint 2013 and Office Web Apps on Azure VMs inside an Azure Virtual Network (IaaS model). Everyting is working well. However, my testing has shown that external users and internal users can't use Office Web Apps at the
  same time.
  Office Web Apps, installed on its own vm, accomodates an external and internal URL quite well. However, SharePoint 2013 appears to only allow one setting for WOPI Zone, either internal or external but not both. I've set the WOPI zone to Internal-HTTPS (Set-SPWOPIZone
  –Zone “internal-https”). OWA works just fine if accessed from inside the Azure Virtual Network. However, if I try to access from outside the Virtual Network, from the Internet, Office Web Apps fails. The exact oppisite is also true. I can set WOPI Zone to
  External-HTTPS and accessing from the Internet works fine, but accessing inside the Virtual Network fails.
  Am I missing something? I, obviously, want Office Webs Apps to function properly for both internal and external users simultaneously.
  I appreciate any help anyone can provide here.
  Glenn

  Hi Glenn,
  To have both the use of Internet and Internal available to your end-users, you first need to configure AAM setting. Open Central Administration > Application Management > Configure alternate access mappings. Let's say there is an existing web application
  named http://sharepoint and my end-users from local network are able to access it using the URL http://sharepoint (root site collection). Here you need to add the Internet URL by select the web application and click Edit Public URLs. Add the Internet domain
  to the web application, e.g http://sharepoint.abc.com. You don't necessarily have to edit binding setting in IIS. Before continuing next steps, make sure you are able to access http://sharepoint.abc.com from the Internet while being able to access http://sharepoint
  from local network (aka Internal).
  On the machine where Office Web App (OWA) Server 2013 is installed, open PowerShell to add OWA module and use the following command to re-create a new OWA server farm if you've completed configuring it previously.
  New-OfficeWebAppsFarm -InternalUrl "http://owa" -ExternalUrl "http://owa.abc.com" -EditingEnabled.
  In this case, I'm not using SSL certificate to encrypt data over the Internet. You can use Internet-public IP of the OWA server like -ExternalUrl "http://198.xxx.xxx.xx". Add CertifcateName parameter if you want to use whether CA-issued certificate
  or self-signed certificate.
  On your SharePoint machine, you need to re-bind all WFE machines to WAC farm using the cmdlet New-SPWOPIBinding. Next, you need to set the WOPI zone for both internal and external.
  Set-SPWOPIZone -zone "external-http"
  Note: I'm not all using certificate in my guidance. But the steps to have it configured is just to add more parameter. 
  I've recently successfully deployed OWA multi-server farm for both internal and internet uses for two big clients. In real-world scenario, ideally OWA should be published through firewall (Forefront UAG, TMG, F5...etc). Please let me know if you still have
  issues after following my steps. My email: [email protected]
  Regards,
  -T.s
  Thuan Soldier
  A 23-year-old man loving Microsoft technologies and making crazy ideas on business journey.
  SharePoint Vietnam |
  Blog | Twitter

• Non-Web Server Publishing Rule for Internal and External

  Hi there,
  I have a problem with my TMG and publishing SSH for Internal and External users to an internal Server.
  Network:
  Internal Network
  SSH Server, 10.10.10.25
  Internal DNS record "ssh.domain.com" pointing to 10.10.10.254
  TMG Server, 10.10.10.254/192.168.0.254
  External Network
  External DNS record "ssh.domain.com pointing to 192.168.0.254
  I want my users (internal AND external) using their SSH client to connect to ssh.domain.com and TMG to forward the request to the SSH server. Note that internal clients and the SSH server are in the same network.
  I have created a custom "SSH Server" protocol with inbound TCP for port 22 and created a Non-Web Server publishing rule.
  Traffic Tab: SSH Server Protocol
  From Tab: Internal, External
  To Tab: 10.10.10.25, original client
  Networks Tabs: Internal, External
  External users cann connect without a problem, all fine here. Internal users get a timout. The TMG Log says: Denied Connection (Default Rule,
  The policy rules do not allow the user request) and doesn´t recognize this is an inbound request. The log gives me dest IP 10.10.10.254 and protocol SSH and not 10.10.10.25 and SSH Server.
  I read a lot of networking rules and NAT/Routing, tried a bit but never got a success.
  Can you help me fix or working around this and tell me whats going on there and if there a limitations in TMG I don´t know yet?
  Regards,
  Sascha

  Hi,
  According to your description, it seems that request was denied by the TMG rules so the request from the internal users
  could not be forwarded to the SSH server. I would appreciate it if you can post the logs to us and the results of running ipconfig/all on the TMG server.
  In addition, maybe you can change the firewall policy only from
  External and add another firewall policy for the internal user to see if the issue persists.
  More information:
  Creating and using a server protocol
  TMG
  Back to Basics - Part 1: Server Publishing Rules
  Best regards,
  Susie

• Use Same URL for Internal and External Access for CRM 2015 IFD

  I have setup a CRM2015 server for IFD access.
  ADFS and CRM are on separate servers.
  CRM server all roles
  ADFS 2.0 server.
  Using the internal URL I am able to access CRM without entering my details (as expected)
  Using the external URL I am authenticated by ADFS as expected and can sign in.
  We have an internal domain domain.local
  We have an external domain domain.com (the certificate is for *.domain.com)
  We have a DNS zone created internally for domain.com.
  CRM URLs
  internal : internalcrm.domain.com
  External : externalcrm.domain.com
  I would like all users to use the same link regardless of them being internal or external, but I would like so that any user who is on the domain is automatically logged in without entering their username and
  password. What is the best way to do this?
  I have tried creating a cname record on the internal domain.com zone pointing externalcrm.domain.com to internalcrm.domain.com but that didn't work, I still get the ADFS sign in page.
  Thanks

  So fair warning, what you're asking for isn't really a supported deployment method of CRM.
  That said, you should be able to do some DNS trickery internal to your network that points your "crm.domain.com" to "crm.domain.local" and then hopefully CRM will treat the connection as if it came from an internal network.
  Otherwise, you're likely going to have to accept that everyone gets the ADFS login page internal and external to your network.
  The postings on this site are solely my own and do not represent or constitute Hitachi Solutions' positions, views, strategies or opinions.

• Can I split my itunes music library between and internal and external hard drive?

  Is it possible to have music on the two different drives and still be able to make playlists from both drives to put on my ipod?  Here's my situation:  I'm using a Dell 32 bit computer running Vista Home Premium SP2 which I share with other users.  I have a large itunes library (40g+ of music only) that's starting to hog the hard disk space from other users. If possible, I would like to split off part of my itunes library to an external hard drive while still having access to the entire library for my ipod. Ideally I would like to have all my downloaded songs on both the internal and external drives so I'll have backups in case a drive fails, while putting all the music I have hard copies of solely on the external drive. Any help on how this can be done would be appreciated.

  If you manually manage your itues library, you can store parts of it on an external drive, or on an internal drive.  Just keep in mind that in iTunes that you must set a default location for iTunes to manage it's files, and that will be the default location for iTunes to store anything it downloads.  You would need to manuay manage moving things from there if tht is not where you want them stored.
  Perhaps a "better" solution would be for you to invest a little mone into 2 external drives.  One to hold your entire iTunes library, and the second to be your off-line backup of the first.  This is the method I have gone with and I like how it works for me.  My entire iTunes library is on an external (portable) 320GB drive.  Then, when iTunes is not running, I will clone my external drive onto a second drive I happen to have, this way if I have any failure of my primary drive, I lose at most about a weeks worth of content.  For me, I purchase little content during a week, but I do move a fairly large volume of podcasts.  With the entire library being on the external drive, if I ever have to swap to using my backup drive iTunes wil just think that it hasn't run and downloaded anything for a week, and all the "lost" content will be re-downloaded automatically.  This won't work for apps or purchased content, but for subscribed podcasts, it is great.

• Setup internal and external DNS namespaces best practice

  Is external name space (e.g. companydomain.com) and internal name space (e.g. corp.companydomain.com or companydomain.local) able to run on the same DNS server (using Microsoft Windows DNS servers)?
  MS said it is highly recommended to use a subdomain to handle internal name space - say corp.companydomain.com if the external namespace is companydomain.com.  How shall this be setup?  Shall I create my ADDS domain as corp.companydomain.com directly
  or companydomain.com then create a subdomain corp?
  Thanks in advanced.
  William Lee
  Honf Kong

  Is external name space (e.g. companydomain.com) and internal name space (e.g. corp.companydomain.com or companydomain.local)
  able to run on the same DNS server (using Microsoft Windows DNS servers)?
  Yes, it is technically feasible. You can have both of them running on the same DNS server(s). Just only your public DNS zone can be published for external resolution.
  MS said it is highly recommended to use a subdomain to handle internal name space - say corp.companydomain.com
  if the external namespace is companydomain.com.  How shall this be setup?  Shall I create my ADDS domain as corp.companydomain.com directly or companydomain.com then create a subdomain corp?
  What is recommended is to avoid having a split-DNS setup (You internal and external DNS names are the same). This is because it introduces extra complexity and confusion when managing it.
  My own recommendation is to use .local for internal zone and .com for external one.
  This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
  Get Active Directory User Last Logon
  Create an Active Directory test domain similar to the production one
  Management of test accounts in an Active Directory production domain - Part I
  Management of test accounts in an Active Directory production domain - Part II
  Management of test accounts in an Active Directory production domain - Part III
  Reset Active Directory user password

• Internal and External different set of menu for ESS

  Hi
  We have 2 portal server - Internal and External. The Portal are being used not.
  We are planning to implement ESS now in Portal. We are planning to provide two different set of options when the same user access internally and externally.
  For example, User XYZ access internally he will get menus ABCDE but the same user access from external he only gets manu AB.
  If anyone has implemented with similar concepts or know how to do it technically, kindly advice.
  Thanks
  Yuva

  Let us assume we have 3 internal groups :
  internalGroup_1 -> Role A, Role B
  internalGroup_2 -> Role C, Role D,
  internalGroup_3 -> Role E,
  and 2 external group :
  externalGroup_1 -> Role A,
  externalGroup_2 -> Role B,
  We add similar user under a group. and then roles are assigned to groups. in above example Role A , Role B is assigned to internalGroup_1.
  We can have a single user id in which is attached to interalGroup_1, interalGroup_2, interalGroup_3 , externalGroup_1and interalGroup_2.
  When user logon to Internal portal he will see role A, B,C,D and E
  and when user logon to internal  poral he will see role A,B.
  provided A,B,C,D,E roles should exist in internal protal and role A,B exist in External portal. You can use transport roles from external portal to internal portal.

• All my hard drives (internal and external) have a small lock in the lower left corner of the icon and I don't have permissions to access. Permissions are set to 'Custom' in the get info window and I can't change them.

  All my hard drives (internal and external) have a small lock in the lower left corner of the icon and I don't have permissions to access. I have 3 user accounts set up and I cannot access any of them.   Permissions are set to 'Custom' in the get info window and I can't change them. Originally I had Snow Leopard installed on one hard drive and 10.5.8 installed on another.   I started to have some problems accessing data between them and so I tried changing the permissions on ONE hard drive partition.   The next thing I know, all my drives are locked (except the ones with the systems on them), the small lock appeared in the lower left corner of the drive icons and I don't have permissions to access any of them.   In the get info window, permissions are set to 'Custom' and I can't change them.

  There is suddenly a lock icon on my external backup drive!
  Custom Permissions

• Internal and External application tier File move

  Hi all,
  I am new oracle apps R12 with 3 tier instance.
  We are created the oracle apps R12 instance with 3 tier. Two tier is Application tier and one tier is Database tier.
  The data base tier is common for both application tier. The issue is, we are moved the all customized Development works into only one application tier (i.e. Internal tier). So we are not moved the all customized Development work into second application tier (i.e. External tier).
  My question is, we are not moving all customized work into both application tier means , is there any issue will occur ?
  How can we handle my customized works both application tiers( i.e. Internal and external tiers) ?
  Please help,
  Thanks,
  Prab.

  Hi;
  They are questioning me why we have to do that.Answer is easy, You can mention for ebs stability all nodes should be on same level :) If they push you more please show metalink notes which is already sharing by Hussein Sawwan. If they still persist say them you will go wiht SR and confirm wiht support ;)
  PS:Please dont forget to change thread status to answered if it possible when u belive your thread has been answered, it pretend to lose time of other forums user while they are searching open question which is not answered,thanks for understanding
  Regard
  Helios

• Internal and External Encryption

  Hi,
  I'm currently struggling at some probably basic encryption question. I hope someone can give me a hint...
  I've got a customer migrating from Notes to Exchange 2013.
  They are running a PGP gateway which takes care of external encryption.
  In Notes they used to user-enforce encryption (PGP or S/MIME) by a button or adding "#" in the beginning of the subject field.
  As the Notes guy told me, they are manipulating the Mail header so the original un-encrypted mail is delivered to the encryption gateway for external encryption if the mail is addressed to internal and external recipients. Internally it is encrypted by Notes
  itself.
  My question is, how can I achieve something similar with exchange and such a gateway? Is there a way to encrypt mails internally by utilizing
  an internal Server 2008 PKI and externally by the encryption gateway (while addressing the mail to internal and external recipients at the same time)?
  Thanks!

  Hi Pano,
  Unfortunately you cannot have all of these under one solution. There is no All in One feature at least that I know of.
  However if you want your users to be able to read encrypted data when they are not in the corporate network AD RMS can still help you with this. If what you wanted to encrypt emails that are sent to external organisations you can either establish coexistence
  by implementing TUDs and TPDs or use S/MIME for those. I doubt that company sensitive data would be sent out to external parties hence AD RMS might still help.
  If S/MIME is used bear in mind that these messages cannot be decrypted during e-discovery searches however AD RMS protected messages can be. AD RMS provides protection to the document and can be incorporated with Exchange Transport Rules.
  Cheers
  CK

• SiteMinder integration with the internal and external facing portals

  Hi ,
  We are in development phase for SiteMinder integration with the internal and external facing portals.The proposed dual authentication scheme which requires both SiteMinder for External facing portal (EFP) and LDAP for Internal portal .is it possible?
  and is it possible to main to diff LDAP directories one is external users and one is for internal users.?
  If you maintain  2 diff(external & internal) LDAP Directories in Siteminder Policy Server  what about  external users which are  not exit in portal data source .
  I appreciate if anyone  can help me for my above query .
  Regards
  Tag

  Hey Tag,
  We do have a physical external Portal and a physical internal portal.  The both the external and internal are connected to 2 LDAP directories.
  For example the External Portal is connected to the Employee LDAP Direcotry and the Customer LDAP Directory.  The Internal Portal is connected to the US Employee LDAP Direcotry and the EMEA LDAP Directory.
  So each one of them is connected to 2 different LDAP Directories.
  I believe that the Siteminder Policy is setup such that the Internal portal has a policy and the External portal has a seperate policy on the same Siteminder Server.  Then each of the Policies is configured to connect to the approiate LDAP Directories.
  You have to maintain the LDAP Directory information in both the portal and Siteminder Policy Server.  It is required in the policy server so that it can authenticate the user and it is required in the Portal server so that it can authorize the user and display content based on thier assigned roles.
  Hope that helps.
  Regards,
  Keith