Mobile Access Server setup

So, I'm setting up a 10.6.1 server in the DMZ to be a Mobile Access Server to reverse proxy mail, calendaring, and web. Couple issues I have:
1. I want to manage this DMZ server from a different internal 10.6.1 Server inside my network. I have turned on Remote Management on the DMZ server, but cannot connect from Server Admin on the internal server to the DMZ server. I need to be able to manage both servers from one Server Admin console. I also need to be able to screen share the DMZ server for access ONLY from the internal server. How do I accomplish this?
2. My internal 10.6.1 server is my Open Directory Master already, and working nicely. But to use Mobile Access Server and reverse proxy services back to the internal server, I need the DMZ server to be aware of my existing directory inside. Would I want to make the DMZ server an Open Directory Replica, or should I use the middle option for Open Directory types called "Connect to another directory"? Obviously, I know that it should NOT be another master.
3. I have purchased and implemented a wildcard cert on my internal 10.6.1 server to use for TLS, HTTPS, etc. I have also told the Open Directory Master to use ssl for the LDAP piece of it (there's a GUI option for that). Figured I might as well secure everything I can a bit more since I purchased the cert. What effect will this have on Question 2 above? Will I need to open a different port for instance on the firewall for LDAP over SSL? Or any issues with creating a Replica or "connect to another OD server" on the OD server in the DMZ to get it to connect to the internal OD Master?
Thanks for all the help here.

To your #1: When you use a firewall to place a device in a DMZ, that device is not part of the internal network. It 'technically' sits on the outside of the firewall at nearly the same place as your external connection.
Some discussions about a firewall use colors to designate the 'data protection' level or 'threat' vector.
(Below was 'borrowed' from http://riskless.com/firewall_configuration.aspx)
* RED Network Interface
This network is the Internet or other untrusted network. IPCop’s primary purpose is to protect the GREEN, BLUE and ORANGE networks and their computers from traffic originating on the RED network. Your current connection method and hardware are used to connect to this network.
* GREEN Network Interface
This interface only connects to the computer(s) that IPCop is protecting. It is presumed to be local. Traffic to it is routed though an Ethernet NIC on the IPCop computer firewall.
* BLUE Network Interface
This optional network allows you to place wireless devices on a separate network. Computers on this network cannot get to the GREEN network except tightly controlled “pinholes”, or via a VPN. Traffic to this network is routed through an Ethernet NIC.
* ORANGE Network Interface
This optional network allows you to place publicly accessible servers on a separate network. Computers on this network cannot get to the GREEN or BLUE networks, except through tightly controlled “DMZ pinholes”. Traffic to this network is routed through an Ethernet NIC.
* The GREEN and RED networks are required
* The ORANGE and BLUE networks are optional
The interface requirements for your RED network will vary depending on your connection to the Internet. The RED network may require an additional Ethernet card and cable.
you can also read up all this from a more neutral article here: http://www.ocmodshop.com/ocmodshop.aspx?a=1526
The point of all this is that, depending on 'where' the dat is comgin from , it either is denied access ,or must be 'punched through' to allow access. Her is a diagram of that process (from a linux firewall called ipcop)
!http://www.ipcop.org/1.4.0/en/admin/images/traffic.png!
Soaccess from inside (your network) to your DMZ device should work without any trouble but from DMZ to inside should require ports to be opened up. On most Firewalls, they call this port access 'Pin Holes' as the DMZ is itself protected by only allowing the ip address of that network into through the firewall. Possibly Your firewall is not doing any kind of Statefull Packet Inspection so all conversations must have a pinhole to come 'back' out of the dmz? Tell us your firewall brand and that might help.
#2: I would use "Connect to another directory". YOu want to limit the amount of data that can be compromised in the DMZ. As I mentioned the DMZ is outside your network, technically naked to the world. I believe that any port that does NOT get routed (forwarded) into your green, will automatically be forwarded to your DMZ, so it will be hammered with all manner of hack and virus vectors.
Peter

Similar Messages

How to setup Mobile Access Server

Hi,
I am trying to setup Mobile Access Server on my Mac Mini Server. The setup I have is a small network behind a Airport Extreme. I would like to give all users access to services using Mobile Access Server and was hoping initial setup was going to take care of that....no such luck.
What do I fill in for the local servers? How do I access this service from the outside the lan? How do I need to configure my Airport (with the other services, it happened almost automatically from the security pane).
Thanks,
Ian

Hi,
In the field for local server you just type in the local dns name for your calendar server, mail server etc... Also select which port you want publish externally and the the correct port your service is actually using on your lan (Selected under advanced tab). Make sure your mobile access server can resolv your hostnames correctly. It should point to an local ip. If an nslookup shows your public ip, you have to correct your local dns server (This is often called split dns configuration.)
To access this from outside your LAN you have setup NAT and permit the port you have configure your mobile access server to be the incomming port. How exactly you do that on the airport I am not sure, but I am sure it is explained in the user manual for the airport.
I found this video about the mobile access server on youtube: http://www.youtube.com/watch?v=_VRgl2bncZU
Hope this helps.
Bernt

Can I use my iPad to connect to a Mobile Access Server on a Mac mini ?

I run a small business and am considering setting up an internal network. The online "features" description for Mobile Access Server (a component of Snow Leopard Server) says I can connect remoetley from an iPod or a Mac. The iPad is not mentioned. can I use my iPad to connect to a Mobile Access Server?

Yes. It's the same as connecting from an iPod touch or iPhone.
Logmeinigniton or teamviewer are a few of the apps you can use.
Teamvewer has free app and you can see if it does what you want.

OTP and Mobile Access Server

Hi Guys,
We are trying to implement a OTP solution for the Mobile Access page. How can the source code be altered or modified to accept the OTP token?
I am trying to follow the following module, but where is it supposed to be put in?
http://code.google.com/p/mod-authn-otp/wiki/Configuration
Regards
AJ

Whoops, forgot to specify that this problem is only for the SMTP portion of MAS. Receiving email through IMAP via the MAS works fine.
Here's a flow using openssl of a successful SMTP transaction through the MAS, in case anyone sees anything obvious:
openssl s_client -starttls smtp -crlf -connect <my MAS server>:587
CONNECTED(00000003)
<key exchange information>
250 DSN
ehlo testing
250-<my MAS server>
250-PIPELINING
250-SIZE 104857600
250-VRFY
250-AUTH PLAIN
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH PLAIN <user key>
235 2.7.0 Authentication Succeeded
mail from: <[email protected]>
250 2.1.0 Ok
rcpt to: <[email protected]>
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
From: Test <[email protected]>
To: Test <[email protected]>
Subject: Blah
Blah!
250 2.0.0 Ok: queued as <mail ID>
quit
221 2.0.0 Bye
closed

Palm Pre cannot access Mobile Access Server

Have a SL Server that iphones access fine for mail, but the Pre will not connect. We are using SSL (GoDaddy cert) and I have tried many configs on the Pre with no results. When I try to sign in it says "unable to validate incoming mail server settings...." Anyone have this same issue?
Thanks,
Paul

Just thought id ask:
I'm trying to use SSL from a certificate I bought from Godaddy. Issue is I can't for the life of me get the intermediates to chain and create a secure connection. Did you run into anything like this when installing your new certificate?
Im running OSX10.6

Mobile Access + Wiki Server via SSL Question

If MAS is running with SSL, does that SSL continue for the entire session? Or just the initial passing of credentials?
I'd like to not have the wiki server running SSL for internal use if MAS encrypts all the traffic. The reason for the question is when connecting to the wiki server via MAS, there is no SSL lock on the browser, telling me it's in the clear.

Mobile Access Server does not provide proxy access to 10.6 server Wiki.
hth,
b.

How to close Mobile Mouse Server?

I was doing an update on the App Mobile Mouse Server and when it weas ready to install it indicated I needed to close the App before it could install the update. The app is not in the dock and I don't know how to close it. Help Please!!!

Hi,
In the field for local server you just type in the local dns name for your calendar server, mail server etc... Also select which port you want publish externally and the the correct port your service is actually using on your lan (Selected under advanced tab). Make sure your mobile access server can resolv your hostnames correctly. It should point to an local ip. If an nslookup shows your public ip, you have to correct your local dns server (This is often called split dns configuration.)
To access this from outside your LAN you have setup NAT and permit the port you have configure your mobile access server to be the incomming port. How exactly you do that on the airport I am not sure, but I am sure it is explained in the user manual for the airport.
I found this video about the mobile access server on youtube: http://www.youtube.com/watch?v=_VRgl2bncZU
Hope this helps.
Bernt

Mobile Access Services displaying as XML

O.K.
I also have a single machine set up (the new MacMini Server). I am trying to access Address Book Server. I have the service up and the checkbox checked and pointed the internal server to same address as the external
forexample.myserver.org
for testing purposes I have been using a self generated certificate (that also matches the name of the server)
In a web browser (like Safari on the iPhone) I type in https://forexample.myserver.org:8843
I have finally connected to and gotten the secure sign in page...but after logging in the browser gives me this (the code instead of usable interface) and Im STILL locked out of the directories that hold the actual Address Book data (though I can see the directory listing now)...what is up?
Name Size Last Modified MIME Type
.server-uuid 36 2009-Nov-16 22:26 (collection)
addressbooks/ ? 2009-Nov-16 22:36 (collection)
principals/ ? 2009-Nov-16 22:26 (collection)
Properties
Name Value
{DAV:}acl
(access forbidden)
{DAV:}acl-restrictions
<?xml version='1.0' encoding='UTF-8'?>
<acl-restrictions xmlns='DAV:'/>
{DAV:}creationdate
<?xml version='1.0' encoding='UTF-8'?>
<creationdate xmlns='DAV:'>2009-11-16T22:36:24Z</creationdate>
{DAV:}current-user-principal
<?xml version='1.0' encoding='UTF-8'?>
blah blah blah

By single machine I mean I am running the Mobile Access Service on the same physical server that Address Book server is running on (the documentation highly recommends running Mobile Access Server on one machine as a proxy and running your other services with the data (like Address Book) on another)
Mobile Access Service is the service that allows iPhone users to connect to services without needing to go through a vpn.
I don't know what the mechanism is to actually access the data (while there is a section on setting up Mobile Access in the Network Services documentation there is absolutely no explanation for how to get to the data with your iPhone.

OBIEE Security - How to setup SSO-integrated EBS users & mobile access?

I'm looking for the best approach to solution my company's OBIEE Security requirements, they are:
1) Create a standard authentication/security process at an enterprise level
2) Maintain EBS Roles to provide object-level and data-level security in OBIEE
3) EBS Users must go through the EBS portal to get to OBIEE (ie. single signon integration)
4) non-EBS users must go through the OBIEE portal
5) Both EBS and non-EBS users need ability to use the OBIEE iPad mobile application
So for the EBS users, I've implemented the SSO integration between OBIEE 11.1.1.5.0 and EBS R11 based on the Oracle white paper [ID 1343143.1]. I've also set up an Authorization session init block to read the user's EBS Roles and set up object/data level security.
For the non-EBS users, I've kept the default identity store (WLS-LDAP) and authentication provider.
My question is what's the best approach for providing mobile access to the EBS users? Obviously I can't pass an HTML cookie to the iPad for these guys. Assuming these EBS users are in an corporate-LDAP store, I was thinking to setup a dual authentication store that connects to both corporate-ldap(EBS) and the WLS-integrated LDAP(non-EBS).
Will this work? Does anyone have a better approach they'd like to share?

Please post the details of the application release, database version and OS.
We have a customer, who has upgraded to EBS R12 recently. With EBS R12 there comes a responsibility that enables users to directly open embedded BI in EBS. When people do LDAP authentication to EBS, they can directly open the OBIEE inside the EBS. But, when the EBS is SSO (OAM+WNA) integrated, OBIEE SSO in EBS does not work. What is the error?
It could be related that OAM generated cookies are not recognized by embedded OBIEE.
Is there a way to do a setup with both OAM SSO enabled to EBS, and EBS-OBIEE SSO is enabled inside EBS ? I do not think there is a single document that covers all the above (I believe you are aware of the individual docs).
For urgent issue, please always log a SR.
Thanks,
Hussein

Deploy sip servlet to Occas5.0(weblogic) occurs exception: com.bea.wcp.sip.engine.server.setup.SipAnnotationParsingException

hi,
I install Occas on OS win7 64bit, jdk 1.6.0.45.
I got the following error message while I start Occas server:
because error occurs when parsing sip related annotations of "testservicecomplexobject-application"
WLST-WLS-1396579151484: com.bea.wcp.sip.engine.server.setup.SipAnnotationParsingException
at com.bea.wcp.sip.engine.server.setup.SipAnnotationData.<init><SipAnnotationData.java:155>
Also, when I deploy a sip servlet package(sar) to the Occas server, after deploy finish, at the deployment manager page,
health term is none.
and also I found many error info in AdminServer/logs/domain.log as below blue font:
####<Apr 4, 2014 11:09:21 AM CST> <Error> <WLSS.Setup> <E76C3BE51B4188> <AdminServer> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1396580961513> <BEA-331210> <Skip SIP related logic, because error occurs when parsing sip related annotations of "b2bua-sip-servlet-1.0.0-SNAPSHOT"
com.bea.wcp.sip.engine.server.setup.SipAnnotationParsingException:
    at com.bea.wcp.sip.engine.server.setup.SipAnnotationData.<init>(SipAnnotationData.java:155)
    at com.bea.wcp.sip.util.DeploymentUtil.getOrCreateAnnotationData(DeploymentUtil.java:74)
    at com.bea.wcp.sip.util.DeploymentUtil.getAnnotationData(DeploymentUtil.java:89)
    at com.bea.wcp.sip.engine.server.SipServerTailModule$1.visit(SipServerTailModule.java:129)
    at com.bea.wcp.sip.engine.server.SipServerTailModule.visitAllContexts(SipServerTailModule.java:112)
    at com.bea.wcp.sip.engine.server.SipServerTailModule.initialize(SipServerTailModule.java:137)
    at com.bea.wcp.sip.engine.server.SipServerTailModule.prepare(SipServerTailModule.java:69)
    at weblogic.application.internal.flow.DeploymentCallbackFlow$1.next(DeploymentCallbackFlow.java:507)
    at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:41)
    at weblogic.application.internal.flow.DeploymentCallbackFlow.prepare(DeploymentCallbackFlow.java:149)
    at weblogic.application.internal.flow.DeploymentCallbackFlow.prepare(DeploymentCallbackFlow.java:45)
    at weblogic.application.internal.BaseDeployment$1.next(BaseDeployment.java:1221)
    at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:41)
    at weblogic.application.internal.BaseDeployment.prepare(BaseDeployment.java:367)
    at weblogic.application.internal.SingleModuleDeployment.prepare(SingleModuleDeployment.java:43)
    at weblogic.application.internal.DeploymentStateChecker.prepare(DeploymentStateChecker.java:154)
    at weblogic.deploy.internal.targetserver.AppContainerInvoker.prepare(AppContainerInvoker.java:60)
    at weblogic.deploy.internal.targetserver.operations.ActivateOperation.createAndPrepareContainer(ActivateOperation.java:207)
    at weblogic.deploy.internal.targetserver.operations.ActivateOperation.doPrepare(ActivateOperation.java:98)
    at weblogic.deploy.internal.targetserver.operations.AbstractOperation.prepare(AbstractOperation.java:217)
    at weblogic.deploy.internal.targetserver.DeploymentManager.handleDeploymentPrepare(DeploymentManager.java:747)
    at weblogic.deploy.internal.targetserver.DeploymentManager.prepareDeploymentList(DeploymentManager.java:1216)
    at weblogic.deploy.internal.targetserver.DeploymentManager.handlePrepare(DeploymentManager.java:250)
    at weblogic.deploy.internal.targetserver.DeploymentServiceDispatcher.prepare(DeploymentServiceDispatcher.java:159)
    at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.doPrepareCallback(DeploymentReceiverCallbackDeliverer.java:171)
    at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.access$000(DeploymentReceiverCallbackDeliverer.java:13)
    at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer$1.run(DeploymentReceiverCallbackDeliverer.java:46)
    at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Caused By: java.lang.LinkageError: loader constraint violation: when resolving overridden method "antlr.debug.LLkDebuggingParser.removeMessageListener(Lantlr/debug/MessageListener;)V" the class loader (instance of weblogic/utils/classloaders/ChangeAwareClassLoader) of the current class, antlr/debug/LLkDebuggingParser, and its superclass loader (instance of sun/misc/Launcher$AppClassLoader), have different Class objects for the type antlr/debug/MessageListener used in the signature
    at java.lang.Class.getDeclaredMethods0(Native Method)
    at java.lang.Class.privateGetDeclaredMethods(Class.java:2436)
    at java.lang.Class.privateGetPublicMethods(Class.java:2556)
    at java.lang.Class.getMethods(Class.java:1412)
    at com.bea.wcp.sip.engine.server.setup.SipAnnotationData.classAnnotationParsing(SipAnnotationData.java:344)
    at com.bea.wcp.sip.engine.server.setup.SipAnnotationData.jarAnnotationParsing(SipAnnotationData.java:288)
    at com.bea.wcp.sip.engine.server.setup.SipAnnotationData.annotationParsing(SipAnnotationData.java:223)
    at com.bea.wcp.sip.engine.server.setup.SipAnnotationData.<init>(SipAnnotationData.java:144)
    at com.bea.wcp.sip.util.DeploymentUtil.getOrCreateAnnotationData(DeploymentUtil.java:74)
    at com.bea.wcp.sip.util.DeploymentUtil.getAnnotationData(DeploymentUtil.java:89)
    at com.bea.wcp.sip.engine.server.SipServerTailModule$1.visit(SipServerTailModule.java:129)
    at com.bea.wcp.sip.engine.server.SipServerTailModule.visitAllContexts(SipServerTailModule.java:112)
    at com.bea.wcp.sip.engine.server.SipServerTailModule.initialize(SipServerTailModule.java:137)
    at com.bea.wcp.sip.engine.server.SipServerTailModule.prepare(SipServerTailModule.java:69)
    at weblogic.application.internal.flow.DeploymentCallbackFlow$1.next(DeploymentCallbackFlow.java:507)
    at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:41)
    at weblogic.application.internal.flow.DeploymentCallbackFlow.prepare(DeploymentCallbackFlow.java:149)
    at weblogic.application.internal.flow.DeploymentCallbackFlow.prepare(DeploymentCallbackFlow.java:45)
    at weblogic.application.internal.BaseDeployment$1.next(BaseDeployment.java:1221)
    at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:41)
    at weblogic.application.internal.BaseDeployment.prepare(BaseDeployment.java:367)
    at weblogic.application.internal.SingleModuleDeployment.prepare(SingleModuleDeployment.java:43)
    at weblogic.application.internal.DeploymentStateChecker.prepare(DeploymentStateChecker.java:154)
    at weblogic.deploy.internal.targetserver.AppContainerInvoker.prepare(AppContainerInvoker.java:60)
    at weblogic.deploy.internal.targetserver.operations.ActivateOperation.createAndPrepareContainer(ActivateOperation.java:207)
    at weblogic.deploy.internal.targetserver.operations.ActivateOperation.doPrepare(ActivateOperation.java:98)
    at weblogic.deploy.internal.targetserver.operations.AbstractOperation.prepare(AbstractOperation.java:217)
    at weblogic.deploy.internal.targetserver.DeploymentManager.handleDeploymentPrepare(DeploymentManager.java:747)
    at weblogic.deploy.internal.targetserver.DeploymentManager.prepareDeploymentList(DeploymentManager.java:1216)
    at weblogic.deploy.internal.targetserver.DeploymentManager.handlePrepare(DeploymentManager.java:250)
    at weblogic.deploy.internal.targetserver.DeploymentServiceDispatcher.prepare(DeploymentServiceDispatcher.java:159)
    at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.doPrepareCallback(DeploymentReceiverCallbackDeliverer.java:171)
    at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.access$000(DeploymentReceiverCallbackDeliverer.java:13)
    at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer$1.run(DeploymentReceiverCallbackDeliverer.java:46)
    at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
>
####<Apr 4, 2014 11:09:21 AM CST> <Error> <WLSS.Engine> <E76C3BE51B4188> <AdminServer> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1396580961523> <BEA-330004> <Failed to deploy SIP application "b2bua-sip-servlet-1.0.0-SNAPSHOT"
java.lang.NullPointerException
    at com.bea.wcp.sip.engine.server.setup.SipDeploymentDescriptor.<init>(SipDeploymentDescriptor.java:285)
    at com.bea.wcp.sip.engine.server.setup.SipDeploymentDescriptor.parse(SipDeploymentDescriptor.java:148)
    at com.bea.wcp.sip.engine.server.CanaryContext.initContext(CanaryContext.java:396)
    at com.bea.wcp.sip.engine.server.CanaryContext.<init>(CanaryContext.java:334)
    at com.bea.wcp.sip.engine.server.CanaryServer.installContext(CanaryServer.java:1001)
    at com.bea.wcp.sip.engine.server.SipService.setupSipServletContext(SipService.java:126)
    at com.bea.wcp.sip.engine.server.SipServerTailModule$1.visit(SipServerTailModule.java:130)
    at com.bea.wcp.sip.engine.server.SipServerTailModule.visitAllContexts(SipServerTailModule.java:112)
    at com.bea.wcp.sip.engine.server.SipServerTailModule.initialize(SipServerTailModule.java:137)
    at com.bea.wcp.sip.engine.server.SipServerTailModule.prepare(SipServerTailModule.java:69)
    at weblogic.application.internal.flow.DeploymentCallbackFlow$1.next(DeploymentCallbackFlow.java:507)
    at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:41)
    at weblogic.application.internal.flow.DeploymentCallbackFlow.prepare(DeploymentCallbackFlow.java:149)
    at weblogic.application.internal.flow.DeploymentCallbackFlow.prepare(DeploymentCallbackFlow.java:45)
    at weblogic.application.internal.BaseDeployment$1.next(BaseDeployment.java:1221)
    at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:41)
    at weblogic.application.internal.BaseDeployment.prepare(BaseDeployment.java:367)
    at weblogic.application.internal.SingleModuleDeployment.prepare(SingleModuleDeployment.java:43)
    at weblogic.application.internal.DeploymentStateChecker.prepare(DeploymentStateChecker.java:154)
    at weblogic.deploy.internal.targetserver.AppContainerInvoker.prepare(AppContainerInvoker.java:60)
    at weblogic.deploy.internal.targetserver.operations.ActivateOperation.createAndPrepareContainer(ActivateOperation.java:207)
    at weblogic.deploy.internal.targetserver.operations.ActivateOperation.doPrepare(ActivateOperation.java:98)
    at weblogic.deploy.internal.targetserver.operations.AbstractOperation.prepare(AbstractOperation.java:217)
    at weblogic.deploy.internal.targetserver.DeploymentManager.handleDeploymentPrepare(DeploymentManager.java:747)
    at weblogic.deploy.internal.targetserver.DeploymentManager.prepareDeploymentList(DeploymentManager.java:1216)
    at weblogic.deploy.internal.targetserver.DeploymentManager.handlePrepare(DeploymentManager.java:250)
    at weblogic.deploy.internal.targetserver.DeploymentServiceDispatcher.prepare(DeploymentServiceDispatcher.java:159)
    at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.doPrepareCallback(DeploymentReceiverCallbackDeliverer.java:171)
    at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.access$000(DeploymentReceiverCallbackDeliverer.java:13)
    at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer$1.run(DeploymentReceiverCallbackDeliverer.java:46)
    at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Can anyone give some suggession?
Thanks in advance!
BR//Margin

Hi,
I changed my jvm from sun jdk to latest jrockit and the issue was solved :)

Remote Update Server setup

Using the AUSST tool to set up a remote update server on Windows Server 2012R2 which is IIS 8.5.
Working through this document: http://helpx.adobe.com/creative-cloud/packager/update-server-setup-tool.html#Preparing a web server to use as the update server
Have reached the point where it says "Add the httpHandles for the zip, xml, crl, dmg, and sig extension in the web.config file as shown here:"
I have added the lines specified to the web.config file, here is the complete file:
configuration>
    <system.web>
        <compilation targetFramework="4.5" />
        <membership>
            <providers>
                <add name="WebAdminMembershipProvider" type="System.Web.Administration.WebAdminMembershipProvider" />
            </providers>
        </membership>
        <httpModules>
            <add name="WebAdminModule" type="System.Web.Administration.WebAdminModule"/>
        </httpModules>
        <authentication mode="Windows"/>
        <authorization>
            <deny users="?"/>
        </authorization>
        <identity impersonate="true"/>
       <trust level="Full"/>
       <pages validateRequest="true"/>
       <globalization uiCulture="auto:en-US" />
           <httphandlers>
             <add path="*.zip" verb="*" type="system.web.staticfilehandler" />
             <add path="*.xml" verb="*" type="system.web.staticfilehandler" />
             <add path="*.crl" verb="*" type="system.web.staticfilehandler" />
             <add path="*.dmg" verb="*" type="system.web.staticfilehandler" />
             <add path="*.sig" verb="*" type="system.web.staticfilehandler" />
           </httphandlers>
    </system.web>
    <system.webServer>
        <modules>
            <add name="WebAdminModule" type="System.Web.Administration.WebAdminModule" preCondition="managedHandler" />
        </modules>
        <validation validateIntegratedModeConfiguration="false" />
    </system.webServer>
</configuration>
But when I try to access the web site I get this: " The configuration section 'httphandlers' cannot be read because it is missing a section declaration "
Clearly I am a newbie in IIS (and indeed on Web Development of any sort).
Could someone please point out the no-doubt-obvious mistake?
Thanks.

I'm on 2012 R2 too.
ISAPI Module is not available by default. Choose to add ISAPI features (and Server Side Includes) using the Server Manager, Add Roles and Features, Web Server, Web Server, Application Development. I chose both ISAPI options as well as Server Side Includes - not sure which is needed.
Added Server Side Includes (as well as the ISAPI .xml .crl .zip .dmg .sig ) entries in Add Module Mappings (as per https://forums.adobe.com/thread/951308?tstart=0)
My HTTP Handlers section is as follows:
        <httpHandlers>
            <add path="*.xml" verb="*" type="System.Web.StaticFileHandler"/>
            <add path="*.crl" verb="*" type="System.Web.StaticFileHandler"/>
            <add path="*.zip" verb="*" type="System.Web.StaticFileHandler"/>
            <add path="*.dmg" verb="*" type="System.Web.StaticFileHandler"/>
            <add path="*.sig" verb="*" type="System.Web.StaticFileHandler"/>
      <add verb="*" path="*.rules" type="System.Web.HttpForbiddenHandler" validate="true"/>
      <add verb="*" path="*.xoml" type="System.ServiceModel.Activation.HttpHandler, System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" validate="false"/>
            <add path="*.svc" verb="*" type="System.ServiceModel.Activation.HttpHandler, System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" validate="false"/>
            <add path="trace.axd" verb="*" type="System.Web.Handlers.TraceHandler" validate="True"/>
            <add path="WebResource.axd" verb="GET" type="System.Web.Handlers.AssemblyResourceLoader" validate="True"/>
            <add path="*.axd" verb="*" type="System.Web.HttpNotFoundHandler" validate="True"/>
            <add path="*.aspx" verb="*" type="System.Web.UI.PageHandlerFactory" validate="True"/>
            <add path="*.ashx" verb="*" type="System.Web.UI.SimpleHandlerFactory" validate="True"/>
            <add path="*.asmx" verb="*" type="System.Web.Services.Protocols.WebServiceHandlerFactory, System.Web.Services, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" validate="False"/>
            <add path="*.rem" verb="*" type="System.Runtime.Remoting.Channels.Http.HttpRemotingHandlerFactory, System.Runtime.Remoting, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" validate="False"/>
            <add path="*.soap" verb="*" type="System.Runtime.Remoting.Channels.Http.HttpRemotingHandlerFactory, System.Runtime.Remoting, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" validate="False"/>
            <add path="*.asax" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
            <add path="*.ascx" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
            <add path="*.master" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
            <add path="*.skin" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
            <add path="*.browser" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
            <add path="*.sitemap" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
            <add path="*.dll.config" verb="GET,HEAD" type="System.Web.StaticFileHandler" validate="True"/>
            <add path="*.exe.config" verb="GET,HEAD" type="System.Web.StaticFileHandler" validate="True"/>
            <add path="*.config" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
            <add path="*.cs" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
            <add path="*.csproj" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
            <add path="*.vb" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
            <add path="*.vbproj" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
            <add path="*.webinfo" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
            <add path="*.licx" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
            <add path="*.resx" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
            <add path="*.resources" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
            <add path="*.mdb" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
            <add path="*.vjsproj" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
            <add path="*.java" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
            <add path="*.jsl" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
            <add path="*.ldb" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
            <add path="*.ad" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
            <add path="*.dd" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
            <add path="*.ldd" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
            <add path="*.sd" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
            <add path="*.cd" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
            <add path="*.adprototype" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
            <add path="*.lddprototype" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
            <add path="*.sdm" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
            <add path="*.sdmDocument" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
            <add path="*.mdf" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
            <add path="*.ldf" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
            <add path="*.exclude" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
            <add path="*.refresh" verb="*" type="System.Web.HttpForbiddenHandler" validate="True"/>
            <add path="*" verb="GET,HEAD,POST" type="System.Web.DefaultHttpHandler" validate="True"/>
            <add path="*" verb="*" type="System.Web.HttpMethodNotAllowedHandler" validate="True"/>
        </httpHandlers>
You should be able to get a web page with "0001" printed on it when you access your servers website from another PC.
I used the default paths so this was my URL:
http://server.ucd.ie/Adobe/CS/webfeed/oobe/aam20/win/updaterfeed.xml

10.5.1 Server Setup - Help Make it all Work!

Hello Everyone, I currently have a new MacMini running 10.5.1 with our Calendar, Wiki and File Sharing. I have recently just returned from the Mac OS 10.5 Training Session from Chicago Columbia College and was astonished at what their demo servers did versus what mine has never done lol. We are a small tech company and there isn't much yet in the way of documentation or training or even training materials for Leopard Server. So I wanted to share some of what we learned from the training seminar and hopefully someone will know the proper answers to my questions. This is going to be a bit long winded but I think it's important to convey my questions/concerns.
1. Ok initial setup of our Leopard server requires you to input a host name and then the domain name. Well after the first install of Leopard we found as I have read amongst the posts for the past 2 hours that if you place let's say macmini in the host-name field then place domain.com in the domain field. After the server setup is complete Leopard Server wants you to chat, vpn, and browse to http://macmini.domain.com/groups as well as mail. This is all well and good if you have access to DNS like I do and can easily make changes to the MX & A records but if your a typical SMB user then you won't and this means that once your e-mail is setup and your ready to start using your server anyone you e-mail will come from [email protected] and not [email protected] which is a huge problem. So be cautious here. I was instructed by Apple after scratching their head to leave the host-name blank and only fill in the domain name here if your on let's say a T1 or other medium with a static IP pointed at your machine or router. So this is my first pet peve, there is a sloppy work around to this by telling the server to receive e-mail for domain.com as well but still whenever you send it comes from the original domain.
2. Application Setup - Single Sign-on - When I attended Leopard training this week in Chicago I was amazed at how whenever a user (demo -lab environment) logged into ichat, ical, wiki or e-mail there was simple single sign-on kerberos auth. What I mean by this is once the server is up and running and your Mac connects to the network for the first time either by manual add thru the directory application or a new Mac that finds the Leopard server automatically at first boot and you auth a user on the server to that Mac then there is just a single signon from that point on, NOT! For us our users log into their machines, (mind u they are already users on the Leopard server and can log in just fine) and they try to go to their e-mail for the first time it always fails. We then have to disable SSL over SMTP and IMAP and manually type in their passwords because the MacMail clients cannot trust the SSL cert or we simply just delete their accounts and recreate them from scratch. Same happens with iChat. By design when you auth your Mac against the server, the server auto configs the security and client apps, i.e. mail, ichat, directory, VPN, ical. But iCal has consistently failed setup across 5 server builds and 10 clients. What will happen is when you go to prefs in ichat you see your account but it can't auth you and doesn't show up in ical for your personal server calendar. If you manually remove your user account and re-add it works great. But next time you go to ichat, once again you have to recreate. And I can recreate this all day long. But at the demo it worked like magic. So that is problem number two, SSL and single sign-on does not really work and app auto-config does not work at all.
3. Apple Airport Extreme 802.11N. - As a test and per Apple's recommendation for SMB clients we picked up a new Airport. We patched it and setup user/pass info and setup DHCP on the device for so if server fails we have internet. And during server setup it logged into Airport and tried to configure settings. We were on the net and all was good after server setup. However with VPN enabled per user in Standard mode on server we have only been able to gain VPN access for clients if they are actually inside the network. I have spent about 10 hours back and forth with Apple Support trying to get VPN to work outside. The Manual setup of new Airport Port-Mapping is simple but crude. It does not seem to work. And there is a default hosts setting which should translate to an open DMZ but does not. So that is third on my list, running a MacMini with 2gig's of RAM which is within SPEC for Leopard Server and using the Apple Recommended solution of an Airport Extreme N does not work for s&*% and I would be very surprised if anyone here has gotten that to work.
4. E-Mail Services - As stated prior Leopards auto app setup utility does not work for crap unless by some magic there are other steps besides the ones outlined and printed with the purchase of server. But the main thing about mail is that we are missing the basics. I mean your going to be hard pressed to find ANY e-mail application on the market today, Notes, Exchange, Gmail, Hotmail, Yahoo, iMail or other that does not include basic vacation/out of the office message replies. This is a huge issue for any small business or for that matter any size business that wants to automate things when they are out and I think this is one of my small peeves but certainly worth a listing here.
5. VPN - We have tried like **** to get the VPN to work thru the Airport as previously noted but we have also connected MacPro with 2 nics, one for net and one for LAN and not been able to connect to the server from outside our network. Here is my largest frustration, we currently run SBS2003 from MSFT and they run flawlessly. I have literally sat with clients in their office during a new setup for SBS and in 3-4 hours we were up and running with minimal system level changes from the guided path. And for Apple to advertise this in the manual and all online materials as being SMB friendly is a complete slap in the face. Now don't confuse my above descriptions of problems we have seen across 5 Leopard builds as being a rant because it's not but seriously I am a network engineer with 10 years in the field working with 20+ product ranges and in our office we only use Mac because of stability and uptime. But OS X 10.5 is not Small Business Friendly at all even with the half hearted attempt at the new System Admin console for SMB users. However that being said I will still push on and try to get all these little bugs worked out and what I would really like to see is some feedback on my issues and I would love to know if anyone else has had similar issues. I really had hoped that 10.5 could help my firm finally push the proper solution (Mac OS X) for our SMB clients but it just isn't there yet.
Cheers,
DM

Thanks for the quick read and response. Do you feel the issue might lie with the fact that it is a Mac Mini? And possibly just not powerful enough to run Leopard Server? I have to say in our trials with MacPro it was like night and day as to how they performed. And if you could elaborate on this "Many VPNs don't play well with NAT so your VPN server should have a direct connection to the public network (preferably firewalled, of course, but not NATted)." Most every SoHo and for that matter uses simple NAT translation for security even our multi thousand dollar Cisco PIX and ASA's are basic NAT devices to start with. How would you put the VPN on public net while keeping the attack surface low for the rest of the services like file, web, mail and print?
Don't get me wrong I want this to work more than you can imagine. We are so tired of supporting MSFT technologies that cost thousands a year in antivirus, antispyware, antispam and other malware protection for the enterprise. We know that Leopard has great potential but for an integrator, getting this system up and functional is not an easy task. And the worst part of it is every time we have called for support the tech always lets out a sigh when they hear we have run standard setup because they are not allowed to walk us thru the server console to make repairs. And have been told by 3 techs so far that this is a new product and the support avenues are not there for standard since it just supposed to work out of the box. But when it doesn't then ohh well. Which is sorta sad...
DM

Sane virtual mail server setup?

I'm giving up. I want a simple mail server setup (imaps, pop3s, smtps) with virtual user support that I can comfortably configure from the web (PostfixAdmin, web-cyradm, courier-web). I want to manage multiple users on multiple domains. It appears that the task I want to accomplish is insanely complex for some reason. I'd like to use as few different software packages as possible.
I can't find a simple and sane tutorial on the topic and I don't even care what software is going to be used. Of course, I did search and play around with the config for hours but to no avail. The tutorials in the Arch wiki are no good either, they are either outdated or do not allow me to do web configuration.
Help me out here, please.

It's always good to have alternatives, but out of curiousity, did you not try the courier-mta wiki? I used that wiki guide recently and it had me running with a system like what you describe without too much fuss. The only stuff I haven't tried/used is web-based administration or mail access; perhaps this was the problem for you?

Clean Access Server could not establish a secure connection

I have a OOB Real IP GW setup on v4.1.2
I seem to have a problem with the CAS connecting to the CAM although I have added the CAS to the CAM and can manage the CAS from the CAM.
I noticed while troubleshooting client authentication that the client was not being redirected to the logon web page and it had full access to the trusted network from the untrusted authentication vlan. I eventually figured out that if I change the CAS Filter Fallback method from Allow to ignore then it tries to authenticate the client. However the fact that the fallback is activated tells you that something is not right.
I have 2 problems:
A) The clients web page is redirected for authentication but it only lists the domain name in the URL and not the hostname or host IP. In the lab I do not have a DNS server and it would not help as it does not include the hostname in the URL anyway. How do I fix this or perhaps it's related to the 2nd problem.
B) When I manually change the URL by replacing the domain name with the IP of the CAS (untrusted OOB Real IP GW) then I get the following error message when logging on:
Network Error:
Clean Access Server could not establish a secure connection to Clean Access Manager at mydomain.com.
This could be due to one or more of the following reasons: 1) Clean Access Manager certificate has expired 2) Clean Access Manager certificate cannot be trusted or 3) Clean Access Manager cannot be reached.
Please report this to your network administrator.
I would guess the culprit is No 2 but surely the system can run on self signed certificates? I have an NTP server so time is in sync. I have even tried regenerating the cetificates on the CAM
& CAS.
Any ideas?

To overcome problem B, I regenerated the SSL Certificates using the host IP address instead of the name for all the CAM & CAS appliances. This seems to have resolved this problem.
I also SSH'd from each of the CAS's to each of the CAM's from the CLI and it then prompts to permanently store the certificates. I'm not sure it this was necessary though.

Server Setup advice for a video production house

Hello Forum,
I recently started working for a small video production company, I need advice on the type of server and other hardware and services that will allow my co-workers to work efficiently. Here are some details:
Currently we are going to buy a new server, I am not sure what we should look at getting,
currently we use a mini mac running OSX server and have 6 iMacs that the editors and other staff use.
We also have a 15 TB Drobo network storage device which is attached to the mini-mac server we are going to replace.
The production team uses Final Cut and Motion to build documentaries.
The other issue is that need a way to connect the office in Baltimore to the office in Washington DC and ideally share files between each location, currently they cannot access the network from Baltimore and have to have a copy of the unedited footage on their own Drobo.
What type of server setup do you recommend? Quad core? speed?
Should we set up a VPN to connect offices or does someone have a better idea, if so what applications do we need?
I know windows networking pretty well, but Mac is totally new to me.Currently editing files from the server is really slow and files are usually pulled to the iMacs to do editing, burning DVDs from files on the server hardly ever works- they pull them local then burn the DVD and it works.
I would love to hear suggestions to help us get up and running.
Anyone know of a good website for server setup- Since there is no Domains in OSX that i know of, how can we secure the network? Links would be great.
Thanks in advance for any help and suggestions.

Well if your looking for performance. You could get a Promise VTrak E-Class RAID with 32TB of storage, later on you can add more chassis to the raid for more storage space. The raid can be expanded up to 160TB. (80 drive bays, each drive 2 TB)
Using fiber you could attach the raid to an xServer or Mac Pro (running mac os x server). You'll probable want at least 8 or 16 GB of ram on the server.
The server can run a copy of final cut server. Witch makes it easer to work as a group. Mac OS X server, when properly configured, can also be used to create a VPN between both locations.
Final Cut Server will let editors check in/out specific parts of the documentaries. So the project lives on the server; instead of scattered over every ones computers. Part of this is you can pull down thumb nails versions of the video to work off of. Only when you do the final render do you download the HD version of the video.
If you want even better performance on the editing stations. you could also upgrade to Mac Pros. Mac Pros have upgrade slots witch you can use to add fiber networking. You could also use the upgrade slots to add a black magic real time HD capture card.
Or if you want to keep the imacs. you might want to hook the server to a switch by fiber, and have the imacs connected to the same switch by 1000-T
If you call apple i'm sure they'd be happy to help you figure this all out.
for info on Promise: http://www.promise.com/apple/
for mor info on final cut server: http://www.apple.com/finalcutserver/

Mobile Access Server setup

Similar Messages

Maybe you are looking for