Licensing Requirements for External Users

Similar Messages

• Licensing requirements for AD users.

  Hi,
  Suppose a company has 500 employees and from which only 300 use server software to authenticate. 300 CALS are enough, right?
  Does each user in AD require a cal? even if they are non-active?
  Cheers

  Hello,
  for licensing questions please contact Microsoft support or your local reseller. They will support you with the correct information.
  AD itself and configured users doesn't require licenses but the server itself requires a license for the used OS version. So you can configure as much user accounts you like.
  Logging on to a device must be licensed with a per user or per device license.
  If you use Remote desktop servers, they also have RDS CALs.
  Best regards
  Meinolf Weber
  MVP, MCP, MCTS
  Microsoft MVP - Directory Services
  My Blog: http://blogs.msmvps.com/MWeber
  Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
  Twitter:  

• SQL Licensing Requirement for E-Commerce

  Hi Experts,
  Does anyone know the SQL licensing requirements for E-Commerce/Web CRM components?  Is it within Microsoft licensing guidelines to setup just a single user CAL for all users on the website, or do we need multiple user CALS or a Processor CAL?
  Thanks in Advance,
  Aaron

  Hi AAron,
  You will need a SQL CPU License for the webserver or indeed if you plan to use a single server.
  Regards
  Earl

• Is license required for Oracle 10g client on production

  Is license required for Oracle 10g client on production?

  Standard disclaimer: We don't represent Oracle. Your situation may be different because of specific wording in your particular Oracle contract, because of differences in licensing regimes over the years, because of laws in your particular country, etc. If you have a serious licensing question, you really need to address it to Oracle Sales. Explaining that some guy on the internet told you it was OK is going to be cold comfort if you're ever audited by Oracle and they disagree with my interpretation...
  In general, no, you don't need a separate client license. The database is generally licensed to support a number of named users and/or all the users that a certain hardware configuration can support. Assuming the person using the Oracle client is connecting to a properly licensed database (and that they are one of the named users if that is the licensing regime), you shouldn't need a separate license.
  There may be slightly different rules if we're talking about developers connecting to the database because of the "Oracle Programmer" set of licenses that appears on pricing sheets that I've never fully understood.
  Justin

• Excel Services Connectivity on Sharepoint 2013 for external user

  Currently , external user is able to refresh the data on sharepoint site through browser. the data connection is pointing the one of the external data source. But how can an external user (Internet user which accessing sharepoint through internet) download
  a copy of excel in sharepoint library and open the excel workbook with data refresh ability at client machine ?
  Do we need client machine to be able to access / ping the external data source? 
  Thanks.

  Thanks for the response.
  They want to perform data analysis and design their own report with own template , for example : to remove subtotal from the powerpivot tables which we cannot change the formatting at the excel services at browser level.
  So if i understand correctly, we need to get the client machine to be able to access to the database server directly to get the access to the cube for data analysis although we had this odc file connection setup, am i right?
  For internal user, network team should open port / access for them to access database server directly.
  For external user, either to open public access to the database server directly or setup a VPN connection for the external user to access the database server in their secure network.
  Let me know if i understand this correctly.
  Thanks.

• Lyncdiscover reports HTTP 500 Internal Server Error for external users

  Hello,
  I have a problem providing lyncdiscover information for external Lync users. The same address works internal (prompts for file download) so I believe the problem is UAG/TMG providing the site which is not my cup of tea. I have a working external lyncdiscover
  for other domain in the same Lync + UAG/TMG server environment. I have also checked the public DNS records few times and everything should be fine. Firewall also shouldn't be an issue since it reports the internal server error, right? Any suggestions what
  should I check?

  more information based on Lync Autodiscover Web Service Remote Connectivity Test.
  Testing HTTP authentication methods for URL https://lyncdiscover.domain1.com/Autodiscover/AutodiscoverService.svc/root/user.
  HTTP authentication methods successful.
  Additional Details
  Testing HTTP content for URL https://lyncdiscover.domain1.comi/?sipuri=[email protected] has
  token="User".
  HTTP content isn't verified.
   <label for="testSelectWizard_ctl12_ctl06_ctl00_ctl04_tmmArrow">Tell
  me more about this issue and how to resolve it</label>
  Additional Details
  HTTP 200 status received from server, but no token="User".
  Elapsed Time: 203 ms.
  The same result goes for the other domain that provides the lyncdiscover information correctly for external users. It doesn't seem to solve the root cause but might help to understand
  the problem.

• How many large install licenses required for a 5.x deployment?

  I have been trying to determine the correct license requirement for a 5.x install. There will be 1 primary server and six secondary servers. It is very clear that I need the base license for each ACS instance, but the documentation notes that for greater than 500 devices (IPs) that a large install license is needed for each ACS deployment. Does this mean that each ACS appliance instance will require a unique Large Install license or I only need one license (presumably installed on primary) and that will cover the IP requirements for all my secondaries?

  On a single license is required for a deployment.
  The large install license is installed on the primary and gets replicated to all the secondaries in the deployment that are connected to that primary

• Access to my Office 365 third-party app for external user : "a User account is not registered for the account"

  In my third-party web application of Office 365, I want to have access to the contacts, events and emails of all the users from the organizations who installed my app. The thing is I don't want that all these users have to grant me access, I just want one
  admin of the org to grant access for my app and then be able to retrieve the data I need for all the users.
  To test for one organization, I logged in as the admin and proceed to the Oauth2 authentication to retrieve the access token and in the first request (the GET one to retrieve an authorization code) i add the parameter
  prompt=admin_consent.
  With this access token, I can access the data (emails, contact, event) of the admin
  for instance for the contacts
  uri: https://outlook.office365.com/ews/odata/Users(adminemail)/Contacts
  but not the data of the other users of this org with this uri
  uri: https://outlook.office365.com/ews/odata/Users(useremail)/Contacts
  The only thing I can do is retrieve an access token for each user but it supposed that each user has to authorize the access to the app but it's very cumbersome. So, i don't see what enables the parameter prompt=admin_consent and how to use it. Does anybody
  know what it does?
  And my question is: how can I do to access the data of all the users of one organization when the access has been granted by one admin?
  Thank you!

      
  This was answered on StackOverflow by Dushyant Gill.  http://stackoverflow.com/questions/25316175/access-to-my-office-365-third-party-app-for-external-user-a-user-account-is-n/25316678#25316678
  You are sending the OAuth request to a tenant specific endpoint of Azure AD. Note the {key_provided} part of your Url - that part represents the tenantid or a registered domain name of an Azure AD tenant. Azure AD throws this error is the user signing in
  is not a user in that tenant.
  Multi-tenant applications like yours have two options:
  Perform home realm discovery yourself and send the SSO request to the correct tenant-specific endpoint of Azure AD: when a new Azure AD organization signs-up for your application, record its tenant ID, and registered domain names. On your login page, ask
  the user for their email and try to discover what Org they belong to using the suffix the email.
  Use the common endpoint of Azure AD. Instead of the {key_provided} part of the URL, use 'common'. In this case Azure AD will determine the user's tenant and sign-in the user. The token that your application will receive will still be from the user's tenant
  (iss claim).
  2 is more convenient for apps. However #1 has an advantage when the user's Organization has customized their sign-in page with the company logo etc - in the case of #1 the user will directly be taken to the customized and familiar sign-in page.
  I recommend a combination of the two: try determining the user's organization and sending them to the tenant specific SSO endpoint. If you're not able to - send them to the common endpoint.

• Exchange 2007 - The server don't send dsn message for external users

  Hello,
  Our exchange 2007doesn't send dsn message for external users but for internals it is ok, I check my configuration but all seems to be ok
  Have you any idea please?
  Thx

  Hi,
  To narrow down the cause, let's firstly try to check the following configuration:
  Get-TransportConfig |fl
  Get-RemoteDomain | select identity, NDREnabled
  Get-SystemMessage
  Thanks,
  Angela Shi
  TechNet Community Support

• How to secure BSP applications for external users on the internet?

  I posted this question under Enterprise Portal forum but got no response. I am hoping some of you experts in this area can help.
  We have developed BSP applications and set them up as iViews in Enterprise Portal 6. Our portal implementation will be used by external users.
  We have security concerns that the access to the BSPs  allows external users direct access to the R/3 system. We were told that we should use ITS application instead of BSP application for external users.
  Do any of you have any insight into how we could work around the security problem with BSP applications, or BSP applications in EP6? Your help will be greatly appreciated.

  In sense they are correct as to whether it is more secure or not would have to be a call by people who are more of an expert than myself.
  But I can see there point the BSP runs directly on the system and uses the system security where as the ITS is basically just an RFC call. However for us we use a 620 server with BSP's and make RFC calls to our R/3 systems thus keeping people of the R/3 directly - however we are not opened to the Internet.
  If your message is answered please remember to mark it solved so others searching in the future can find the solved ones quicker - just click on the yellow star.

• WHY  PGA  IS  REQUIRED  FOR  EVERY USER  ?

  Good Morning Everyone ;
  I have a question  about PGA.
  WHY  PGA IS REQUIRED FOR  EVERY USER ?
  What i got from google ..
  Even though the parse information for SQL or PL/SQL may already be available in library cache of shared pool,
  the value upon which the user want to execute the select or update statement cannot be shared.
  I cant realize it   Can anyone show clear  example , if  possible ?
  DB Version is  10.2.0.4.0
  OS : oracle linux 5.5
  Thanks in advance ..

  Thanks aman and heok.
  My Question :
  Your explanation is clear. I think i am getting little bit confused.
  Could you please clarify little more ?
  >> session 1 :
  user is HR
  SQL>select * from tab1  ORDER BY name;
  >> session 2 :
  user is scott
  SQL>select * from tab1 where ORDER BY name;
  >> session 3 :
  user is USER1
  SQL>select * from TAB1 where ORDER BY name;
  >> session 4 :
  user is USER2
  SQL>select * from TAB1 where ORDER BY name;
  IS this right aman ?
  Already sql statements are avail in SGA ,Even though all above users needs same information.
  Oracle does sorting operation in PGA. If PGA exceeds , oracle will use temporary tablespace .
  Thanks heok and aman.

• Is separate licensing required for Report Builder 3.0 ?

  Is separate licensing required for Report Builder 3.0 ?

  No report Builder 3.0 is just the client side light-weight component to work with published reports & does not need any specific license however the server over which the reports are published (Eventually) must be appropriately licensed
  Good Luck! Please Mark This As Answer if it solved your issue. Please Vote This As Helpful if it helps to solve your issue

• License required for evaluating 3.5.1?

  Is a license required for evaluatiing coherence 3.5.1?
  After following the Getting Started instructions (extract from zip, java -jar coherence.jar), I expect to see a running cacheserver, instead I get this and the process exits:
  2009-08-28 10:42:08.648/0.757 Oracle Coherence 3.5.1/461 <Info> (thread=main, me
  mber=n/a): Loaded operational configuration from resource "jar:file:/C:/coherenc
  e/lib/coherence.jar!/tangosol-coherence.xml"
  2009-08-28 10:42:08.655/0.764 Oracle Coherence 3.5.1/461 <Info> (thread=main, me
  mber=n/a): Loaded operational overrides from resource "jar:file:/C:/coherence/li
  b/coherence.jar!/tangosol-coherence-override-dev.xml"
  2009-08-28 10:42:08.655/0.764 Oracle Coherence 3.5.1/461 <D5> (thread=main, memb
  er=n/a): Optional configuration override "/tangosol-coherence-override.xml" is n
  ot specified
  2009-08-28 10:42:08.661/0.770 Oracle Coherence 3.5.1/461 <D5> (thread=main, memb
  er=n/a): Optional configuration override "/custom-mbeans.xml" is not specified
  Oracle Coherence Version 3.5.1/461
  Grid Edition: Development mode
  Copyright (c) 2000, 2009, Oracle and/or its affiliates. All rights reserved.
  Registered Licenses:
  Software : Oracle Coherence: Grid Edition
  Licensee : n/a
  License Key : 0xF0A800CC0000011290D2E0B874855B8F
  License Type : production
  Software : Oracle Coherence: Data Client
  Licensee : n/a
  License Key : 0x00A800CC0000011295888F24BC6C730B
  License Type : production
  Software : Oracle Coherence: Real-Time Client
  Licensee : n/a
  License Key : 0x10A800CC0000011290D2E11674855B90
  License Type : production
  This appears to be different behaviour than previous versions (>= version 3.3) and not what is described in the documentation.
  can anyone advise?
  thanks
  Edited by: bish on Aug 28, 2009 11:45 AM

  There was a regression introduced in 3.5.1 where the Main-class attribute of the Coherence.jar was changed to a different main class leading to this effect.
  The workaround is to specify the main class as part of the command line.
  Assuming your current directory is the coherence home directory:
  Start a cache server:
  java -cp lib/coherence.jar com.tangosol.net.DefaultCacheServer Start the command line:
  java -cp lib/coherence.jar com.tangosol.coherence.component.application.Console And the above is basically what the coherence.sh/.cmd and cache-server.sh/.cmd scripts do.
  Edited by: Christer Fahlgren on Aug 31, 2009 10:06 AM

• Outlook Anywhere proxy changed from Basic to NTLM for external users

  I have a Exchange 2013 environment that is also running Exchange 2010 coexistence (migrating). What is happening is autodiscover is handing out NTLM for the proxy settings and not basic. However when it is using NTLM we seem to get the password prompt over
  and over. If I manually changed it to Basic then it works fine, but when autodiscover goes again it changes back to NTLM and prompts that the Administrator made a change and you need to restart Outlook.
  I checked Outlook Anywhere and all my servers have Basic set for external users and NTLM set for internal.
  I only have a few mailboxes on 2013 and 2010 mailboxes seem not to have a problem.
  Here is an output for Outlook Anywhere on all six servers:
  Identity                           : CAS01\Rpc (Default Web Site)
  ExchangeVersion                    : 0.10 (14.0.100.0)
  ExternalClientAuthenticationMethod : Basic
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Basic, Ntlm}
  Identity                           : CAS02\Rpc (Default Web Site)
  ExchangeVersion                    : 0.10 (14.0.100.0)
  ExternalClientAuthenticationMethod : Basic
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Basic, Ntlm}
  Identity                           : CAS03\Rpc (Default Web Site)
  ExchangeVersion                    : 0.10 (14.0.100.0)
  ExternalClientAuthenticationMethod : Basic
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Basic, Ntlm}
  Identity                           : EXCH2K13-01\Rpc (Default Web Site)
  ExchangeVersion                    : 0.20 (15.0.0.0)
  ExternalClientAuthenticationMethod : Basic
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}
  Identity                           : EXCH2K13-02\Rpc (Default Web Site)
  ExchangeVersion                    : 0.20 (15.0.0.0)
  ExternalClientAuthenticationMethod : Basic
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}
  Identity                           : EXCH2K13-03\Rpc (Default Web Site)
  ExchangeVersion                    : 0.20 (15.0.0.0)
  ExternalClientAuthenticationMethod : Basic
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}

  Hi,
  Please refer to the following KB to set the Outlook Anywhere settings on Exchange Server 2013 Client Access servers:
  http://support.microsoft.com/en-us/kb/2834139
  If it doesn’t work with the resolution above, please do the following checking in ADSI Edit:
  1. In Adsiedit, expand Configuration-->CN=Services -> CN=Microsoft Exchange -> CN=domain -> CN=Administrative Groups -> CN=Exchange Administrative Group -> CN=Databases.
  2. Right-click the listed database > Properties.
  3. Check whether the msExchHomePublicMDB value is set to an available value. Please change the value to <not set>.
  4. Click OK.
  Then check whether the issue persists.
  Regards,
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Winnie Liang
  TechNet Community Support

• Lync 2013 - Address Book Synchronization Issues for External Users

  I recently deployed Lync Server 2013 in my organization. Everything works fine except for the address book synchronizing issues and the mobility access. I would really appreciate if someone could share their knowledge as I have done lot of troubleshooting,
  not sure if I have missed something. Please note my setup below for the External Web Services.
  Lync Front End:
  Listening: 8080 4443
  Published: 80 443
  I have published my External Web Services URL and the following ports are open: 4443, 443, 8080
  When I look at the Lync Client Configuration, ABS Server External URL is pointing to https://lyncexternalweb.domain.com:443/abs/handler. However, GAL Status is still pointing to my internal Front End FQDN: https://internal.domain.com:443/abs/handler.  
  For machines that are joined to the domain, the address books synchronizes with no issues. For machines that are not joined to the domain and for external users, GALContacts and GALContacts.DB files are not event generated for the users profiles. 

  Hi Anthony,
  Please note the findings below:
  1. I was checking the Lync Client configuration on one of the PC that is not joined to the domain, still on the domain network via site to site VPN connection. I noticed that the Connected Lync Server varies: sipinternal.domain.com, sipexternal.domain.com,
  lync.domain.com (Pointing to the Edge Server IP).  
  2. Edge Server External Settings: Single IP address with the FQDN set to lync.domain.com for all 3 services and the following ports configured. Access Edge Service: 5061, Web Conferencing Edge Service: 444, A/V Edge Service: 443 with NAT enabled public
  IPv4 address. I have checked the replication status between the Front End and Edge Server, it is up to date.
  3. In regard to the https://lyncdiscover.domain.com, I don't have the lyncdiscover.domain.com published, but it is pointing to the NAT enabled public IPv4 address which is assigned for A/V Edge Services.
  4. For the port forwarding, I am using the Cisco Meraki router. 
  Please advise if there are there is something that I am missing.
  Thanks!