Mobility - Roaming User

Similar Messages

• SMTP Security for Roaming Users

  Hi all,
  We used to arrange our mobile users to use VPN to access our MS (2005Q4) server so that they can use it as a relay to send mail to external email addresses when they are roaming. The server is configured so it allows mail relay from internal (VPN) IP addresses so that it still protects us from external spammers from using it as an open relay.
  That works well for some time. However, it has 2 disadvanges:
  1. Users must first setup setup a VPN before getting mail, and that's a support nightmare
  2. Sending email this way allows any internal and VPN users to forge sender envelop address
  So I'm thinking the following:
  1. Enable SMTPS (to avoid the VPN stuff)
  2. Configure MS to require authentication for both SMTP and SMTPS for senders who uses @ourdomain.com email address in the envelop. And at the same time, match that envelop sender address with the authenticated user to see if they match.
  I have already done point #1. But #2 seems so complicated. Please advice if I am thinking in the correct direction. Is there a simpler way to archieve that?
  Any ideas are welcome.
  Thanks.
  BR,
  Py

  Hi,
  SMTPS is definitely a good idea for roaming users. If you are going to be requiring authentication then you want the authentication details to be encrypted.
  2. Configure MS to require authentication for both SMTP and SMTPS for senders who uses @ourdomain.com email address in the envelop. And at the same time, match that envelop sender address with the authenticated user to see if they match.This seems complex to me and is going to cause issues for users who send emails via their ISP's server to your work-place when working from home. Requiring authentication for the SMTPS connection is a good idea and that can be accomplished just by associating the TLS port with the SMTP_SUBMIT service (instead of just SMTP):
  [SERVICE=SMTP_SUBMIT]
  PORT=587
  ! Uncomment the following line if you want to support SSL on the alternate
  ! port 465
  TLS_PORT=465
  You should also enable the logging of the username used when authenticating by adding the following line to the option.dat file:
  LOG_USERNAME=1
  That way if there is a user who 'spoofs' their email address, you know who they are (by the username), the IP address they came from and who they were pretending to be. This should act as sufficient deterrent.
  Shane.

• How to hide remote IP address in header for roaming users

  Sun Java(tm) System Messaging Server 7.3-11.01 64bit (built Sep 1 2009)
  libimta.so 7.3-11.01 64bit (built 19:54:45, Sep 1 2009)
  Using /opt/sun/comms/messaging64/config/imta.cnf (compiled)
  Hello everyone,
  We have a new messaging server and have been struggling in our effort to figure out how to hide the remote IP address of users who send email from a remote location. When a roaming user sends out an email from a remote location using SMTP AUTH to authenticate, the messaging server includes the remote ISP's dynamic IP address in the header of the email, which in turn results in some recipient mail servers blocking the mail message as spam. What we want to do is have messaging server rewrite or remove the roaming user's dynamic email address so the header does not reflect a user working remotely. The net effect would be the header not reflecting any external address and the messaging appearing to have originated internally.
  Any assistance on this would be greatly appreciated. Thanks in advance.

  MarketData.com wrote:
  We have a new messaging server and have been struggling in our effort to figure out how to hide the remote IP address of users who send email from a remote location. When a roaming user sends out an email from a remote location using SMTP AUTH to authenticate, the messaging server includes the remote ISP's dynamic IP address in the header of the email, which in turn results in some recipient mail servers blocking the mail message as spam.How often is this occurring (messages being blocked as "spam" due to the content of an existing Received header)?
  What spam software is being used that blocks these messages?
  Very large organisations/ISP's use Sun Messaging Server and this is the first time I have heard of this occurring.
  What we want to do is have messaging server rewrite or remove the roaming user's dynamic email address so the header does not reflect a user working remotely. The net effect would be the header not reflecting any external address and the messaging appearing to have originated internally.Removing the IP address information is going to be extremely difficult. The standards are quite clear that the Received: header should include the IP address information.
  RFC 2821 (SMTP), Section 4.4 Trace Information:
     When an SMTP server receives a message for delivery or further
     processing, it MUST insert trace ("time stamp" or "Received")
     information at the beginning of the message content, as discussed in
     section 4.1.1.4.
     This line MUST be structured as follows:
     -  The FROM field, which MUST be supplied in an SMTP environment,
        SHOULD contain both (1) the name of the source host as presented
        in the EHLO command and (2) an address literal containing the IP
        address of the source, determined from the TCP connection.Regards,
  Shane.

• As a mobile me user I uploaded my photographs for clients to view and download. How do I do this in ICloud?

  As a mobile me user I uploaded my photographs for clients to view and download. Can and how do I do this in ICloud?

  You can't.  The Gallery service in MobileMe does not exist in iCloud.  You will need to switch to another photo hosting web site.

• Need help with roaming user profiles, home folder on server - symptoms after Windows reinstall on workstation

  Hello. I have deployed roaming user profiles in our home office. We are using Windows Server 2012 on our datacenter computer, which has a partition with all our home directories. All was working beautifully for quite some time.
  I re-installed Windows 8.1 Pro on my laptop. I am able to log in to my profile from the new installation.
  The problem that has started happening seems to be some sort of permission problem with my home directory, but I am not sure how to go about diagnosing it. I haven't changed anything in the policies or remote profiles.
  The symptoms:
  When I try to run an installation program from my documents/downloads/desktop (remote) folders, UAC asks for the administrative credentials as expected, and then I am asked to enter my user credentials. If I do so, I sometimes get a message about duplicate
  connections to a share, and the installation program does not execute. "Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed. Disconnect all previous connections to the server or
  shared resource and try again." I am confused, because I am entering credentials for the same user name as the one I am logged in with.
  To work around, I have to copy the executable to a folder on my workstation hard drive and run it from there.
  Another symptom is when I download anything from the internet, chrome will reflect a "Failed - Download error" message with the download. If I re-attempt the same download several times, eventually it will succeed. This appears to be due to my
  downloads folder being on the remote computer.
  I am looking for any guidance on how to remedy these symptoms. I suspect there must be a setting I have forgotten to change in the local computer, because nothing has changed on the server since it was operating properly.
  Thank you for your time.

  Hi Exintrovert,
  Thanks for posting here.
  According to your discription above, you can check the microsoft artical as below:
  https://support.microsoft.com/en-us/kb/938120/
  Would you please have a try the work around in the artical and then let us know the update?
  Looking forward to your feedback.
  Best Regards,
  Elaine 
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Roaming users and Printing

  In our Hospital users roam through the hospital, let there windows terminal session running at the central server, and pick the session up were the want.
  We also use Sunray systems in combination with terminal service. In this case the parameter "display" is not usable.
  When users want to print they will have to search the nearest printer and then select it. Beeing doctors they refuse to do this, waving there scalpels arround.
  Is there a solution for roaming users and printing.
  So I don't know were the user is but the user alway's gets the nearest printer.
  henk

  Simple answer... NO.
  User need to choose the printing device as theres no way the SAP can "guess" where are they standing... so far SAP is not that "dynamic".
  Regards
  Juan

• Using Dreamweaver without roaming user profiles.

  In the college I work at, we have a single Windows R2 2008 domain of consisting of hundreds of Windows 7 workstations that students use to do their work.
  Due to various network performance issues, last year we stopped using roaming user profiles for both staff and students, and instead use home directory redirection for things like desktop content and favorites. But we have hit a problem with the Dreamweaver CS5.5 application. Students using it are said to be having to repeatedly set up Dreamweaver connections to the same FTP server, in effect re-configuring Dreamweaver after login before they can use it.
  I've not had any confirmation from Adobe, but it appears that because roaming profiles are not being used, the local profiles that Dreamweaver saves settings to is resulting in students having to re-configure settings whenever they log into a computer.
  Is there a way that Dreamweaver can be forced, via a group policy or other means, to save/load its settings to/from the home directory of a user so that the user can then log into any computer on the domain and the Dreamweaver application will automatically load its saved settings for that user?

  Setting the Roaming profile is a Computer configuration
  Setting the Exclusions is a User Configuration.
  Hopefully you are applying the Computer configuration to an OU with Computer objects and the User Configuration to an OU that contains the User objects?
  Is loopback processing affecting an of the OU's that are parents of the Computer objects OU (or the child OU itself?)
  If you are not restarting the computer, then your profile will remain locked and user settings will not be able to write to the registry to change the location.
  Have you:
  enabled the user exclusions
  gpupdate /force
  reboot the computer
  login
  I know under some circumstances profile redirection/roaming can take two reboot cycles to apply correctly.
  Can you run the Group Policy Result Wizard from GPMC for the correct user and computer to ensure your policies are applying as you think they are?
  MCSA Server 2008 MCITP Server 2008 Administrator MCITP Enterprise Desktop Support on Windows Vista CompTIA A+

• Reset password of mobile managed user, cannot acces login keychain

  I reset the lost password of a mobile managed user (very managed, this is a 6-year old). On login and starting Safari, he now gets a panel asking for the keychain password (which is the old password, which is lost). I tried removing the mobile account and recreating, but the same thing happens (login.keychain synced from server?).
  Anyway, how can I fix this?

  If Keychain First Aid doesn't help, try [HT1274|http://support.apple.com/kb/HT1274]?
  Keychain encryption is solid; depending on the sequence which has transpired here, you may end up [resetting the keychain (TS1544)|http://support.apple.com/kb/TS1544] and starting over again.
  Going forward, it might be best to lock this user's password; prevent password changes.

• Mobile Account users can't log in with Wifi on

  All of my mobile account users do not seem to be able to login to their machines unless the wifi is turned off. This has only occured since Monday, which is strange. I seem to have the following entries in the LDAP log:
  Sep 19 09:22:22 xserve slapd[58]: <= bdbsubstringcandidates: (mail) index_param failed (18)\n
  Sep 19 09:39:46 xserve slapd[58]: <= bdbsubstringcandidates: (givenName) index_param failed (18)\n
  Sep 19 09:39:46 xserve slapd[58]: <= bdbsubstringcandidates: (mail) index_param failed (18)\n
  Sep 19 09:39:46 xserve slapd[58]: <= bdbsubstringcandidates: (givenName) index_param failed (18)\n
  Sep 19 09:39:46 xserve slapd[58]: <= bdbsubstringcandidates: (mail) index_param failed (18)\n
  Help!

  If they are still plugged into ethernet, the network settings may have Airport set as the primary network connection. If so, then Wifi will handle the LAN connection and its settings may be different that the wired one. Turning off wifi automatically would make the ethernet the primary connection.
  If that's the case, Configure the wifi network (and perhaps the wifi router) or change the network port order. Go to system preferences: network and see if Airport is on top. Just click on the little settings wheel below and select "Set Service Order". Under Tiger, just go to Show: Net Port Configurations and drag the port up/down to change the order.
  Hope that helps...
  Wolfman

• Take the NetBeans Mobility Pack User Survey

  Please help the NetBeans Mobility team improve our product and fill out the NetBeans Mobility Pack User Survey. Your input is invaluable as we plan our future releases and activities. The survey is available at: http://www.netbeans.org/kb/articles/NB_Mobility_Survey_Apr05.html
  Thank you in advance for your participation.
  - Matt
  NetBeans Mobility Team

  Shabbir
  Further to you help last week, I have another question.
  How do I get round the same problem if I want to pass a variable/object to the auto-generated NetBeans code?
  For example:
  private javax.microedition.lcdui.Form get_QuestionForm(String I WANT TO PASS VARIABLEX IN HERE BUT I CAN'T EDIT THIS PART) {
          if (QuestionForm == null) {
              if(variableX = "Yes"){
                  System.out.println("The answer is yes")
              }else{
                  System.out.println("Oh no")
              QuestionForm = new javax.microedition.lcdui.Form(null, new javax.microedition.lcdui.Item[] {
                  get_wordToTranslate(),
                          get_spacer6(),
                          get_questionWord(),
                          get_spacer3(),
                          get_yourAnswerIs(),
                          get_spacer1(),
                          get_UserInputBox(),
                          get_spacer2(),
                          get_correctAnswer()
              QuestionForm.addCommand(get_okCommand6());
              QuestionForm.setCommandListener(this);
          return QuestionForm;
      }I assume there is a nifty easy way round this, but I don't know it.
  Do you have any idea?
  Thanks in advance.
  Dan

• Cisco ISE 1.2 Patch 8 with Roaming User Profiles

  ISE 1.2 with patch 8 has been installed and Works fine.
  Using AnyConnect Secure Mobility Client (NAM) 3.1.04072 and Cisco NAC Agent version 4.9.1013
  Scenario is EAP Chaining which does machine authentication + User Authentication
  After NAC Agent Pops up and Posture Assessment is successful, Users cannot see their Home drives and few other Network Drives.
  Sometimes during login we get the Error Message "User Profile cannot be loaded" and "User cannot Logon"
  Also while logging off We get the screen "Your Roaming Profile was not synchronized"
  All the Home Drives and Network Shared drives IP addresses are already added in the Downloadable ACL's.
  Any other Workaround to overcome these errors.
  Regards,
  Ramkumar.B

  This is that i did abviously... but the two PSN stay in status "Node down", the application service won't start correctly with these ADE-OS logs entries :
  2014-05-28T10:26:30.023223+00:00 XXXXXXX  logger: info:[application:operation:appservercontrol.sh] Starting ISE Application Server...
  2014-05-28T10:26:30.311676+00:00 XXXXXXX  logger: Loading PKCS11 ...
  2014-05-28T10:26:30.978432+00:00 XXXXXXX  logger: SLF4J: Class path contains multiple SLF4J bindings.
  2014-05-28T10:26:30.978454+00:00 XXXXXXX  logger: SLF4J: Found binding in [jar:file:/opt/CSCOcpm/appsrv/apache-tomcat-6.0.36/lib/slf4j-log4j12-1.5.8.jar!/org/slf4j/im
  pl/StaticLoggerBinder.class]
  2014-05-28T10:26:30.978502+00:00 XXXXXXX  logger: SLF4J: Found binding in [jar:file:/opt/CSCOcpm/appsrv/apache-tomcat-6.0.36/lib/com.cisco.xmp.osgi.slf4j-log4j12-1.5.
  8.PATCHED.jar!/org/slf4j/impl/StaticLoggerBinder.class]
  2014-05-28T10:26:30.978509+00:00 XXXXXXX  logger: SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation.
  2014-05-28T10:26:31.638970+00:00 XXXXXXX  logger: log4j:WARN No appenders could be found for logger (com.cisco.epm.config.cache.impl.ConfigCacheImpl).
  2014-05-28T10:26:31.638992+00:00 XXXXXXX logger: log4j:WARN Please initialize the log4j system properly.

• Mobile account users can not log on to the snow leopard server machine?

  Hi all,
  I've setup a network user and designated it as a mobile account. ** OS X 10.6.2 **
  When the user logs out of the snow leopard server machine, home sync tries to sync the local and network home directories. It is never able to connect. The network home directory is automounted and is not the default path /Users. I can see the two home directories on disk.
  Anyone else able to have their mobile users log in to the snow leopard server machine without issues?
  OS X 10.6.2 **

  It was the Sync server was down and did not know it

• Windows 7 Themes will not Roam with Roaming User Profiles

  Hi,
  If I install a theme pack from the Microsoft Personalization website, it will install on the PC I am currently using. However, if I log onto another PC, the theme will not roam. I mean the wallpaper collection, the sounds, the screensaver, and the window
  color. I am using a GPO to delete user profile on logoff, and I am using folder redirection.
  Any help would be greatly appreciated.

  Hi,
  Could you please tell more details about the GPO which was set to delete user profile on logoff? Are we in a domain environment?
  Before going further, please run gpresult /v on a command line with the admin rights and then post back the result.
  If I understand rightly, the user logged on with a newly created profile every time as there is no user profile settings(deleted every time on logoff) for the user to load.
  As the user profile settings is deleted, any changes made are no more available.
  Best regards
  Michael Shao
  TechNet Community Support

• Mobile Home Users old managed client info after server reinstall

  Hello,
  I have a 10.6.2 server with some 10.5 clients.
  I reinstalled the server and rebuilt the OD from scratch.
  I rebound the computers, most of the already had a mobile account. Everything works apart from the Mobile accounts have the old group for managed preferences, when I hold down alt on login you see the old group name, even though that group no longer exists.
  I have now recreated the group to see if I can use that but it will not.
  The only thing I have found to do is to delete the user account and then restore it.
  Anyone know I can get my mobile users to use the new group?
  Many thanks,
  David Lee

  I sort of hesitate to jump in with all of my ignorance, particularly with no Mountain Lion experience, but I have seen in other threads that apple's recommendation was for Mobility settings to NOT use profile manager but to use good old Workgroup Manager.  Now this rec was for Lion Server.  I had heard that WGM was a goner in Mountain Lion, but I have seen some posts that it still lives for 10.8.  If that is true, you might try getting and using that and see if it makes any difference for mobility.  For those other issues in this thread, well . . . .
  In any case, good luck, sounds very exasperating.

• GW7 and Nokia Intellisync Mobile Suite User issue.

  I have on user when she logs in to Nokia Intellisync Mobile Suite we do not see any of her emails, contacts, etc. Her account was moved and hung in a move. Since then I have deleted and restored the account from archive. I have deleted the user from Intellisync Manager. Ran DSRepair on GW and NDS server. Synconized her account in Intellisync Manager. Ran Anolize and Fix on her account. I have searched the tree for any other account with the same name and only have one now. I see emails logged in as GroupWise and through Webaccess. All other accounts seem to be working on the mobile suite. Any ideas on how to fix this?

  The only thing that helped when I was having the problem was to login into the MMC and right click on the user and go down to Use Website As User. This will open the web interface for the user, but will have another feature on the bottom under Account Settings. You will see a button called RESET ACCOUNT. Click this it should fix the problem.
  Originally Posted by bbowers
  I have on user when she logs in to Nokia Intellisync Mobile Suite we do not see any of her emails, contacts, etc. Her account was moved and hung in a move. Since then I have deleted and restored the account from archive. I have deleted the user from Intellisync Manager. Ran DSRepair on GW and NDS server. Synconized her account in Intellisync Manager. Ran Anolize and Fix on her account. I have searched the tree for any other account with the same name and only have one now. I see emails logged in as GroupWise and through Webaccess. All other accounts seem to be working on the mobile suite. Any ideas on how to fix this?