Livecycle Connector to Sharepoint behind load balancer

In the environment of our customer, there is a load balancer in front of 2 sharepoint servers.
Then the PDF document is uploaded from the Livecycle server to sharepoint (via the load balancer).
However, occasionally it will fail to place the PDF to the folder specified, and placed on the outermost folder in sharepoint. 
May we have any hint to fix the problem?
Thanks.
Raymond

Trevor,
I'm sorry to say that extending the Default zone to, say, Internet, did not change the behavior... even with the introduction of host header information.  Could it be something to do with my use of ports?  I am very new to SharePoint. Should I
be extending the applications (I have many on the same server) and use host header information in place of using any explicit port information when creating these extended zones?
Tommy S. Armstrong II

Similar Messages

  • Site behind load balancer - Key not valid for use in specified state

    Hi,
    I have created a sharepoint application page to access an active end point on ADFS and establish a fedauth session. All works well in single server. But when the page runs behind load balancer with 2 servers, it fails with key not valid for use in specified
    state exception. Stickiness is enabled on load balancer. verified that.
    I had made few changes to config file in microsoft.identitymodel section to accomodate adfs custom login. This included removing securitytokenhandlers and issuertokenresolvers as well. Is this impacting the encryption/decryption in anyway?
    Any pointers would help.
    Reference point for my application page : http://blog.helloitsliam.com/Lists/Posts/Post.aspx?ID=76

    Hi,
    As I understand, you encountered the error “Key not valid for use in specified state” when ADFS custom login.
    In order to run in Windows Azure Web Sites a Web application which uses WIF for handling authentication, you must change the default cookie protection method (DPAPI, not available on Windows Azure Web Sites) to something that will work in a farmed environment
    and with the IIS’ user profile load turned off.
    1. If you are using the Identity and Access Tools for VS2012, just go to the Configuration tab and check the box “Enable Web farm ready cookies”.
    2. If you want to do things by hand, add the following code snippet in your system.identitymodel/identityConfiguration element:
       <securityTokenHandlers>
         <add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, 
                 System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
          <remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler,
                System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
        </securityTokenHandlers>
    There is a similar case:
    http://stackoverflow.com/questions/19323287/key-not-valid-for-use-in-specified-state-error-for-net-4-5-mvc-4-application
    Best regards,
    Sara Fan
    TechNet Community Support
    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
    [email protected]

  • IPsec on hosts behind load balancing NAT

    Hi,
    I have a problem configuring IPsec tunnel between two sites, with one is using NAT for load balancing of TCP Traffic. I've been working on this for hours but i foung myself in a dead end.
    I have one router using NAT TCP load balancing of telnet traffic(in real deployment i need ftp load balancing, i am using telnet for testing purposes). This router is connected to another router, where multiple hosts are connected. I need to protect the traffic from those hosts to the server that is load balanced using NAT.
    So far i was no able to configure IPSec to work properly with this setup. I have working configuration with IPSec encrypting some traffic not destinated behind NAT, but once I add a line in the traffic specifying access lists on both sides the IPSec stops working(and it wont work from any site of the connection, from behind the NAT or destinated behind the NAT). The access list on the router performing NAT is configured to allow any traffic destinated to some specific addresses and the access list on the router with connected hosts specifies that any connection destinated to the global address, where the server are reachable, should be encrypted.
    On the side where the traffic comes from i allways see a debug output like this:
    ar  1 05:23:54.294: IPSEC(sa_request): ,
      (key eng. msg.) OUTBOUND local= 10.0.10.2, remote= 10.0.10.1,
        local_proxy= 10.0.2.1/255.255.255.255/6/0 (type=1),
        remote_proxy= 195.10.0.1/255.255.255.255/6/23 (type=1),
        protocol= ESP, transform= esp-des esp-sha-hmac  (Tunnel),
        lifedur= 3600s and 4608000kb,
        spi= 0xA42ED8F1(2754533617), conn_id= 0, keysize= 0, flags= 0x400A
    195.10.0.1 is my global address for the FTP server
    on the side where the encryption should be terminated i allways see an output like this:
    *Mar  1 05:23:54.130: map_db_find_best did not find matching map
    *Mar  1 05:23:54.130: IPSEC(validate_transform_proposal): no IPSEC cryptomap exists for local address 10.0.10.1
    But i can see that there is a crypto map for address 10.0.10.1
    RA#sh cryp map
    Crypto Map: "TCP_ENCRYPTION" idb: Serial0/0 local address: 10.0.10.1
    I tried to use some of the NAT traversal techniques for IPSec but without any success.
    If you have any idea what could be the problem or if you need any additional information or debugging output i will be glad for any help.
    Thanks, Adrian

    This is a lab scenario and i want to test for my learning how IPSec would work in such a case.
    I have tried it but IPSec doesnt work with standard configuration. Below is the configuration
    I have configured 2 loopback. on R1: 100.1.1.1
    on R2: 200.1.1.1
    R1:
    crypto isakmp policy 10
     auth pre
     enc des
     hash md5
     group 2
    crypto isakmp key 0 cisco address 10.1.1.1 (R2's IP)
    crypto ipsec transform-set test esp-des esp-md5-hmac
     mode tunnel
    access-list 101 permit ip host 100.1.1.1 host 200.1.1.1
    crypto map test 10 ipsec-isakmp
     mat address 101
     set peer 10.1.1.1
     set transform-set test
    ip route 0.0.0.0 0.0.0.0 10.1.0.2
    R2:
    crypto isakmp policy 10
     auth pre
     enc des
     hash md5
     group 2
    crypto isakmp key 0 cisco address 10.1.3.1 (R2's IP)
    crypto ipsec transform-set test esp-des esp-md5-hmac
     mode tunnel
    access-list 101 permit ip host 200.1.1.1 host 100.1.1.1
    crypto map test 10 ipsec-isakmp
     mat address 101
     set peer 10.1.3.1 (it will be 10.1.3.1-natted ip right ?)
     set transform-set test
    ip route 0.0.0.0 0.0.0.0 10.1.1.2
    Now when i ping from R1:
    ping 200.1.1.1 source 100.1.1.1
    its not successful. Why doesnt it work any idea ?

  • ISE node group behind load balancer

    I'm trying to gather info on distributed deployment w/ multiple PSN nodes.
    Having read through some documents, it looks like you can put multiple PSN's in a node group, and then place the node group behind a load balancer.
    Q1:
    Node group config requires multicast.
    Cisco ACE LB doesn't support multicast, except in brige mode.
    How do people support distributed deployment in node group behind Ciso ACE?
    Q2:
    User guide says: "We recommend that you have two, three, or a maximum of four nodes in a node group."
    http://www.cisco.com/en/US/docs/security/ise/1.1.1/user_guide/ise_dis_deploy.html#wp1134272
    What if we need more than 4 PSN nodes to support our network & user base?
    Q3:
    Has anyone been able to implement distributed deployment between two datacenters behind GSS?
    If GSS isn't possible, we'll be happy to just have it in working state behind ACE LB.
    thx!

    I have had close to zero experience with LBs so my answers will be limited:
    Q1: I don't think the multicast plays any role with the LB. The multicast address is needed for the ISE nodes for replication
    Q2: You will have to create a new node group with a new multicast address
    Q3: No help here
    Couple of other things to remember:
    1. The nodes must be layer 2 adjacent
    2. You must use routed mode...no NAT/SNAT. Each node must be reachable directly from the end clients
    3. You must perform sticky
    4. The Load balancers must be listed as NADs in ISE
    Hope this provides some help to you.
    Thank you for rating!

  • ISE behind load balancer

    I have a question regarding ISE profiling servers that are placed behind a load balancer:
    If you have a ISE environment where both computers and users are being authenticated, and Machine Access Restriction (MAR) is enabled (so users can only authenticate on a previously authenticated machine), are the ISE servers aware of all succesfull computer authentications handled by the other ISE servers?
    For example:
    There are 2 ISE appliances (ISE01 and ISE02) behind a load balancer.
    A user starts up his computer, and computer authentication is handled by ISE01 (and the authentication is successful). At the moment the user logs in on that computer, the load balancer chooses ISE02 to authenticate the user.
    Will ISE02 be aware that the corresponding computer was already succesfully authenticated on ISE01, so that the user is able to log in? Or will it deny the user authentication because it thinks the computer is not (yet) authenticated and Machine Access Restrictions is enabled?
    Kind regards,
    Bert

    >> they are independant servers that just replicate their configuration.
    So a user should authenticate always with the same ISE.
    Moreover a load balancer kills profiling since profiling requires you to span some traffic to an ISE <<
    Not entirely correct.  Policy Service nodes are most certainly supported behind a load balancer which is the intention of a node group. This is often the preferred method for high availability and scaling.  In addition to supporting load distribution of RADIUS and other requests, members of a node group maintain a heartbeat to determine if a peer member should fail.  If so, the Monitoring node is queried to determine if there are any transient sessions which may require clean-up via RADIUS COA to help ensure that an endpoint is left in a defunt auth state.  LB functionality will depend on load balancer used.  Cisco ACE for example supports stickiness of RADIUS transactions based on source IP, Calling-Station-ID, or Framed-IP-Address.
    The impact of LB on profiling or other Policy Service node functions depends on the service/probe in question.  For services like client provisioning, posture, and central web auth, https redirection always occurs back to the node which terminated the RADIUS session, so LB is transparent provided direct access is permitted to the real IP for redirected https trnasactions (RADIUS tranasactions would be sent to virtual IP).
    Specific to profiling, SNMP Queries can be triggered and will be sent by Policy Service node that received the RADIUS Accounting Start packet (assumes RADIUS probe enabled) or SNMP Trap (assumes SNMP Trap probe enabled).  SPAN is only one data collection method used primarily for HTTP or DHCP capture.  Methods other than SPAN/RSPAN are available to capture this data, but if used, then it is correct that there is no specific mechansim to move SPANs from one interface to another in case of NIC or node failure.  I believe intelligent taps are available that can accomplish this, or else traffic can be mirrored to multiple nodes at the cost of duplicating profile data.
    As noted, replication of MAR cache will be added to ACS 5.4, and no, this feature is not altogether trivial due to the number of transactions and updates that must be replicated and kept in sync across each node performing RADIUS services. 
    /CH

  • Livecycle connector for sharepoint Set Document Content for Office documents

    Hi,
    I'm trying to figure out how the LiveCycle 9.5 connector for sharepoint works. It all works like a charm, exept for the set document content activity in a LiveCycle process.
    When I have a file named  test.txt on my Sharepoint server, and I execute the process with the "set document content" activity to replace the content with the content of the same test.txt files' content which I changed for the experiment, it gets updated without any problems.
    Yet, when I have a file named  test.docx on my Sharepoint server, and I try to replace the content with that of the content of the same test.docx file with altered content, the document content doesn't get updated to the new content.
    Is there a certain configuration that I need to do, to make this work or is this a known issue of the connector?
    Thanks in advance for your answer
    Kind Regards,
    Ronald Kamp
    Junior Flex/Java/LiveCycle Consultant at iDA MediaFoundry.

    Hi Ronald,
    I could not get this reproduced at my end. We were successfully able to replace contents of a .docx file as well.
    Can you please attach the livecycle process along with the thread in case issue has not yet been resolved at your side?
    Thanks
    Raghu

  • A question about the SharePoint services load balancer

    Let's consider a farm with one WFE and two app servers, A and B. Both app servers are running the Managed Metadata Service (MMS). 
    User requests a page from the WFE, which talks to the database server. The operation needs information from the MMS, so the WFE requests information from the round robin load balancer for SharePoint web services. Let's say server A is down. 
    Here's my question - what happens next?
    a) The round robin load balancer tells the WFE the MMS is on servers A & B. The WFE tries server A, fails, and returns a failure. 
    b) The round robin returns servers A & B. The WFE tries server A, which fails. The WFE then tries server B.
    c) The round robin returns either A or B, depending on which is next in rotation. The WFE tries the server returned. If the server returned is A, the WFE returns a failure. 
    d) The round robin returns either A or B, depending on which is next in rotation. The WFE tries the server returned. If the server returned is A, the WFE queries the round robin service again.
    e) The round robin knows server A is down, returns only server B to the WFE. 
    Philo Janus, MCP Bridging business & Technology: http://www.saintchad.org/ Telecommuter? http://www.homeofficesurvival.com/ Author: Pro InfoPath 2007 & Pro InfoPath 2010 Pro PerformancePoint 2007 Pro SQL Server Analysis Services 2008 Building Integrated
    Business Intelligence Solutions

    When a Service Application is down, the application load balancer removes that endpoint from the load balancer. When it becomes available again, it adds it back. This way the WFE would just contact the MMS endpoint that was available, not try and timeout
    against an unavailable endpoint.
    Trevor Seward
    Follow or contact me at...
    &nbsp&nbsp
    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

  • SharePoint Service Load Balancing

    Hi,
    I used to install small farm with all services on one App Server. I have question about having multiple App Servers.
    Can we install/start same the service on multiple app server for redundancy ? If so, how the load balancing is managed ?
    If that true for all services (Search, Excel...)
    Thank you

    The Topology Service uses Round Robin.
    Trevor Seward
    Follow or contact me at...
    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

  • Access Manager 6 2005Q1 naming service behind load balancer

    Access Manager is running on box A & box B using the Sun Web Server as its front end web server. Box A & B both have a complete install of Sun Web Server, Access Manager, and Directory Server. The Directory servers are set up to replicate changes between each other. Our Policy Agents are running on box C & box D under the Apache web servers.
    Users will access applications on box C/D via https. The policy agents on box C/D should redirect the user to box A/B (via a load balancer VIP)for authentication. The redirect will be https. Once authenticated the user should be redirected back to box C/D.
    All subsequent communications between the Agents on box C/D to AM on box A/B (via load balancer VIP) are http.
    The load balancer VIP is setup in active/failover mode so all requests go to one server. We implemented it this way because our load balancers do not support SSL with cookies.
    The data returned to the agent from a call to the naming service contains the host name of our AM hosts instead of the load balancer VIP. Subsequent calls from the agent to AM bypass the load balancer and go directly to one of the AM hosts.
    We are looking to upgrade our load balancers to a version that supports cookies with ssl in order to take advantage of the second AM host.
    How do we configure AM so the values returned by the naming service contain the load balancer VIP instead of the actual AM host names?

    Bernhard,
    We have upgraded our Web PA to version 2.1-09. One of your previous replies stated the com.iplanet.am.naming.ignoreNamingservice property was not availalbe in the PA agent properties but only in the Java SKD. Indeed we do not see such a key in the new Web PA AMAgent.properties.
    Can you please explain how to configure the AMAgent.properties and/or the Access Manager server (or properties) so that subsequent calls to the services (returned by the call to the naming service) get directed thru the load balancer? Below are the setting in our AMAgent and AMConfig properties files
    AMAgent.properties
    com.sun.am.namingURL = https://lb-mydomain.com:443/amserver/namingservice
    com.sun.am.policy.am.loginURL = https://lb-mydomain.com:443/amserver/UI/Login
    AMConfig.properties
    com.iplanet.am.server.protocol=https
    com.iplanet.am.server.host=am.mydomain.com
    com.iplanet.am.server.port=443
    com.iplanet.am.console.protocol=https
    com.iplanet.am.console.host=lb-mydomain.com
    com.iplanet.am.console.port=443
    com.iplanet.am.profile.host=lb-mydomain.com
    com.iplanet.am.profile.port=443
    com.iplanet.am.naming.url=https://lb-mydomain.com:443/amserver/namingservice
    com.iplanet.am.notification.url=https://lb-mydomain.com:443/amserver/notifica
    tionservice
    If we set com.iplanet.am.server.host=lb-mydomain.com we get an exception when trying to start the AM web container. I don't know if this may be partof our issue or not. Please comment.
    Thanks,
    Craig

  • CF 10 Load-Balancing with Remote Instances

    I was reading an article on Clustering/LB/HA using CF8, but have not found any updates for CF10.
    Using VM VirtualBox to setup a few virtual servers, I am looking to setup a load balancing of ColdFusion 10 on 2 remote instances. The goal would be have ColdFusion Cluster Manager be able to point http request to one of the two servers based on load/availability. Not really having a hardware cluster/failover setup, just managing resources on two CF instances instead of a standalone.
    The servers are Windows Server 2008 R2 with IIS7.5 and ColdFusion 10 Enterprise on installed on 3 of these machines. Let's call them CF-LBManager, CF-Web1, and CF-Web 2. In the CF Docs, they show the Cluster Manager adding the local CF instance and "if you want" a remote instance. However, this scenario would require the main instance to be running and not fail for it to direct to the other instance.
    I am trying to set this up now with CF-LBManager as just a manager of the requests coming in. In the Enterprise Manager >> Instance Manager, the local instance is shown and I add the two remote instances with the correct Remote Port, JVM Route, etc. I also made sure the <Cluster>...</Cluster> block was added to the two remote instances (CF-Web1 and CF-Web2) \runtime\conf\server.xml file too, Jetty Services also is running. Now under the Enterprise Manager >> Cluster Manager I add the two remote instances to the cluster, not the local instance on CF-LBManager with Multicast Port and Sticky Sessions enabled. On Submit, I get a green message "You must restart all the server instances and any configured webservers for these changes to take effect.". I go ahead and reboot the servers and come back.
    I now browse to the ColdFusion page as a test on CF-Web1 and CF-Web2 to make sure CF is running properly, they do. I then browse the IP of the CF-LBManager, however it only returns the local IIS web site and not redirect to one of the two cluster members. I am not seeing any message on the coldfusion-out.log on the remote instances. Am I not setting this up correctly or not enabling the Cluster Manager to take over and pass along the requests to those in the cluster?

    Unfortunatley I don't have a lot of experience with CF10 on Windows, but if you are running CF behind IIS I think  you will need to update the Tomcat connector configuraiton to do load balancing. I'm not sure if re-running the wsconfig tool on all of the servers will do this or not, but that is what I would suggest trying first. If that doesn't work you will need to update the Tomcat connector configuraiton manually. You can find more information on load balancing with the Tomcat connector here: http://tomcat.apache.org/connectors-doc/generic_howto/loadbalancers.html.

  • OAM Webgate Ip validation problem caused by load balancer...

    Hi all,
    In my topology, i have 5 webgates on 5 OHS web servers running in reverse proxy mode . Those web servers are behind load balancer. Since load balancer is working in proxy mode, all requests seems to be coming from load balancer vip and this prevents ip validation at webgate side . Does anybody think that it is possible to solve this issue without changing load balancer configuration..
    Regards,

    Hi,
    Randat, how can i reconfigure ip validation against x-forwarded-for? A custom authz plugin, or only a configuration change ? I'll keep on searching on this solution, but if you can share your solution , it'll be appriciated..
    Ambarishmitra, i want to use ip validation but since all requests are coming from single ip i can't distinguish client ip's, that's my problem..
    Thank you both,
    Regards..

  • The load balancer is not provisioned error when attempting to deploy a SP 2013 App

    Hello:
    I am in VS 2013 with SP 2013 colocated on same Win 2008 R2 server.  I opened a SP 2013 App and directly hit F5 and got this error:
    Error occurred in deployment step 'Install app for SharePoint': The load balancer is not provisioned. Verify the load balancer was provisioned successfully before retrieving endpoint addresses.  When creating the project, the first screen asks for a
    site to deploy to, and I just took the default, which was http://<servername> for the colocated server.
     I googled this and could not find a solution.  Would anyone have any direction?
    thank you
    Harvey
    Regards, Harvey

    Hi Harvey Flaisher,
    Based on the error message, this seems to be a service application not working issue.
    Please check the ULS log or Event log to check in which service application the error occurs, like BCS, secure store service, app management service, then re-provision the service application using PowerShell command, or re-create the service application
    from UI to check the result.
    Thanks,
    Qiao Wei
    TechNet Community Support

  • How to monitor targets which are controlled by LOAD BALANCING mechanism

    Hi,
    I have installed Enterprise Manager 10.1.0.3 and upgraded it to 10.1.0.5. Then i have applied the Application plug-in patch for managing Oracle Applications.In my environment, we have two concurrent managers and four forms servers which are using Load Balancer.Please let me how to manage these concurrent managers and forms servers in that scenario.Would highly appreciate your suggestions regarding the same.Thanks in advance.
    Regards,
    Vamsi Manyam

    This note shows how to configure OEM behind a load balancer.
    The question was how to use OEM, not behind a load balancer, to monitor other targets which are behind one or different load balancers.
    For example, to monitor :
    Forms on server A and B behind load balancer LB1.
    Forms on server C and D behind load balancer LB1.
    Forms on server E and F behind load balancer LB2.
    Gary

  • Does ADFS work with SharePoint 2013 with WFEs SSL-offloaded to a F5 load balancer?

    Currently we are implementing a SharePoint 2013 Production environment with 2 WFEs load-balanced by F5.  SSL is offloaded to F5 and is currently working fine with Integrated Windows Authentication with NTLM.  We would like to implement ADFS 3.0
    later for Single Sign-on, and we are wondering if ADFS supports SSL offload.  
    Do we need to bind the certificate to the WFEs as well to use ADFS?  
    Thank you!

    Just got it confirmed that ADFS supports SSL offload.  There is no direct communication between SharePoint and ADFS server during the authentication process.  It is always the browser that's talking to ADFS server. We just need to do the following:
    Configure SharePoint URLs in ADFS as replying parties with https.
    Configure AAM in SharePoint to make sure internal URL is http and public URL is https.

  • Site not accessible from the Load balanced web front end server - sharepoint 2010

    I have a production environment with 2 WFE's(sp-wfe1 & sp-wfe2), 2 APP's and 2 SQL clustered VM's.
    2 WFE's are load balanced using hardware load balancer.
    An A-Record(PORTAL) is created in DNS for the virtual IP of the load balancer which points to the 2 WFE's.
    A web application is created on the WFE's on port 80.
    alternative access mapping is configured and the load balanced record "http://PORTAL" is used under the default zone.
    Under IIS I have edited the bindings for the sharepoint site at port 80 and added the HOSTNAME as PORTAL.
    Result: The site is accessible from outside the server and works fine.
    ISSUE: The site is not accessible within the WFE's(sp-wfe1 & sp-wfe2).
    When I browse the site from the WFE's server it ask for the credentials and when I enter the credentials and click OK it ask the credentials again and again and in the end displays a blank page.
    Kindly help me in this issue because I am clueless and couldn't find anything helpful on the internet. 
    Regards,
    Mudassar
    MADDY-DEV Forum answers from Microsoft Forum

    Loop back check.
    http://www.harbar.net/archive/2009/07/02/disableloopbackcheck-amp-sharepoint-what-every-admin-and-developer-should-know.aspx

Maybe you are looking for

  • Redundancy for startup class.

    Hi, I have a startup class in weblogic server. This class acts as a daemon inside weblogic server. What happens if this class goes down due to an exception after a while ? does the weblogic server brings it up again or can we configure it or is it ju

  • Database navigation problems

    I have a problem with displaying records from my database where I wish to navigate through the records. I use a framset where I gather the search data in a form on the left side of the page and display the database results in a frame on the right han

  • IR webclient: error when uncompressing data retrieved: *Data Error*!

    A small (?) number of IR webclient 931 installations we notice the next error when processing: " error when uncompressing data retrieved: *Data Error*! " It does not seem to be user or permission/provision related. Does anyone have an idea how to sol

  • HELP! I am FREAKING OUT about this.

    HELP! I am FREAKING OUT about this. Sorry about the caps, i composed the question elsewhere and am pasting. Please someone offer mer some help on this! RE: my sweet old OS 9. MY SYSTEM IS NOT CRASHED BUT MY MOUSE ARROW IS FROZEN. THIS OCCASSIONALLY H

  • Have Apple published a manual for the iPad with OS6

    Have Apple published a manual for the iPad with OS6