Novell eDirectory load balancing

Similar Messages

• BM clustering with load balancing

  I want to implement BM clustering with load balancing according to AppNote written by Steve Aitken from March 25, 2005.
  It's clear that I need to use two private addresses (from the example, these are 10.10.10.10 and 10.10.10.11). However, I'm not sure what are IP addresses 10.10.10.1 and 10.10.10.2 used for?
  Existing BM servers have two NICs: first defined as private and the second as public addresses connected directly to Internet (they are from different subnets).
  Sinisa

  Originally Posted by phxazcraig
  In article <[email protected]>, Tnelson 2000
  wrote:
  > I've set this up per the appnote and aren't able to get out through any
  > of the ip addresses. I get a 504 Gateway Time out error. I also noticed
  > that the cluster master ip address is different, 10.10.10.12, for
  > example. Do you know what I need to look at to verify I have this
  > configured correctly?
  >
  What do you mean "aren't able to get out through any of the ip
  addresses"?
  Do the addresses show up in any of the proxy nodes with display secondary
  ipaddress? Does the proxy console option 17 show the server listening on
  those addresses?
  Is the gateway timeout error a BorderManager (or Windows) error? If
  BMgr, then check that BMgr has a correct default gateway, DNS is working
  (option 4 on proxy console screen) and try dropping filters for a test.
  Craig Johnson
  Novell Knowledge Partner
  *** For a current patch list, tips, handy files and books on
  BorderManager, go to Craig Johnson Consulting - BorderManager, NetWare, and More ***
  Got it working. I noticed that my dns setting in BM2 didn't coincide with settings in BM1. So, I made them the same and reinitialized the system on both servers. Of course, when I did that, it added the secondary IP addresses. So, I'm really not sure what was stopping it from working before, unless I have something misconfigured that's preventing the secondary addresses from loading. Go figure.

• Middle Tier Load Balancing

  We're using Cisco IOS SLB for MTS connections. The problem is that if a server goes offline, users have to reboot to connect to the other. Were pursuing a feature in IOS SLB which provides stateful failover.
  The question is, once the client attaches to MTS, does the workstation agent use the original address/hostname, or does it detect the host name and address and replace the load balanced server ID?
  Is there client side configuration to support load balancing MTS?

  Normally I've seen this done via a DNS Address that represents the L4
  Switch, so the DNS Address of MT Server would not actually change.
  One issue you may be seeing is that if the IP Address the DNS name resolves
  does change, the workstation will not see the change because XP caches DNS
  results for up to 24hrs.
  A Reboot or "ipconfig /dnsflush" would be required. This is generally an
  issue more with DNS Round-Robin than L4 Switches.
  "9555269" <[email protected]> wrote in message
  news:[email protected]..
  >
  > We're using Cisco IOS SLB for MTS connections. The problem is that if a
  > server goes offline, users have to reboot to connect to the other.
  > We're pursuing a feature in IOS SLB which provides stateful failover.
  >
  > The question is, once the client attaches to MTS, does the workstation
  > agent use the original address/hostname, or does it detect the host name
  > and address and replace the load balanced server ID?
  >
  > Is there client side configuration to support load balancing MTS?
  >
  >
  > --
  > 9555269
  > ------------------------------------------------------------------------
  > 9555269's Profile: http://forums.novell.com/member.php?userid=12935
  > View this thread: http://forums.novell.com/showthread.php?t=379599
  >

• Error while selecting Load Balancing in JCO creation

  While creating JCO i am facing this error.It is working fine with Single server connection,but when i chose Load balancing i error comes out.Please tell me the solution.
  I have read couples of forum mentioned you need to start both Portal and ECC.
  For you information my Portal and Java are both on diffrrent Box.
  com.sap.mw.jco.JCO$Exception: (102) RFC_ERROR_COMMUNICATION: Connect to message server host failed Connect_PM  TYPE=B MSHOST=olameccpdvr GROUP=PUBLIC R3NAME=DVR MSSERV=sapmsDVR PCS=1 LOCATION    CPIC (TCP/IP) on local host with Unicode ERROR       service 'sapmsDVR' unknown TIME        Thu Feb 24 12:19:54 201 RELEASE     701 COMPONENT   NI (network interface) VERSION     38 RC          -3 MODULE      nixxhsl.cpp LINE        776 DETAIL      NiHsLGetServNo: service name cached as unknown COUNTER     5

  Is your backend system configured correctly in your SLD ?
  Go to transaction SMMS on your backend system that your are connecting to. Click on Goto=>Parameters=>Display. Look for "server port" value.
  This should give you the TCP/IP port for your message server. It could be 3600 or 3601 (36NN - where NN is the instance number).
  In your services file, if you made the entry at the end of the file, press Enter (Return) after your entry.
  Try restarting your server after making the above changes.
  - Shanti

• Error in creation of JCO with Load balancing server

  Hi,
  We are using a ABAP user base for our WEBAS server 6.40 (with ABAP+JAVA). i have created a Public group in concerned ECC 5.0 system. I have already configured SLD, and then i maintain data supplier bridge in SLD and run RZ70 in ECC 5.0 system to load system information.. i can see details in SLD ..
  now i am trying to create JCO connections .. here i am unable to create JCO with load balancing option..  i get
  com.sap.mw.jco.JCO$Exception: (102) RFC_ERROR_COMMUNICATION: Connect to message server host failed Connect_PM  TYPE=B MSHOST=<servername> GROUP=PUBLIC R3NAME=SID MSSERV=sapms<SID> PCS=1 ERROR       service 'sapms<SID>' unknown TIME        Fri Jun 16 12:41:20 2006 RELEASE     640 COMPONENT   NI (network interface) VERSION     37 RC          -3 MODULE      ninti.c LINE        505 DETAIL      NiPGetServByName2: service 'sapms<SID>' not found SYSTEM CALL getservbyname_r COUNTER     1
  i am able to create single server JCO, but it fails in load balancing.. is there anything i have  missed out in settings...
  Thanks and regards,
  Sudhir

  Thanks, Bogdan Rokosa
  I have the same problem,and solved it following the steps provided by Bogdan Rokosa  :
  you must insert an entry for your R3 system
  (like: sapms<SID> 3600/tcp)
  in services file
  (C:\WINDOWS\system32\drivers\etc\services) on Java WAS.
  I test the Jco successful without restart J2EE Engine.

• ISE 1.2 - Multiple NICs/Load Balancing for DHCP Probe

  Hello guys
  Just prepping an ISE 1.2 patch 8 setup in our organization. I am going for the virtual appliances with multiple NICs. It will be a distributed deployment with 4 x PSNs behind a load balancer and there is no requirement for wireless or guest user at the moment. I've got 2 points I will like to get some guidance on:
  Our DC has a dedicated mgmt network and I plan to IP the gig0 interface of the PANs, MNTs and PSNs from this subnet. All device admin, clustering, config replication, etc will be over this interface. However, RADIUS/probe/other user traffic to the ISE PSNs will be over the gig1 interface which will be addressed from another L3 network. Is this a supported configuration in ISE?
  I intend to use the DHCP probe as part of device profiling and will ideally like to have just an additional ip helper to add to our switch SVI config. Also, it will appear that WLCs can only be configured for 2 DHCP servers for a given network so another consideration for when we bringing our WLAN in scope. We however use ACE load balancers within our DC and from what I have read, they do not support DHCP load balancing. Are there any workarounds to using the DHCP probe with multiple PSNs without having to add each node as an ip helper/DHCP server on the NADs?
  Thanks in advance
  Sayre

  Hello Sayre-
  For Question #1:
  Management is restricted to GigabitEthernet 0 and that cannot be changed so you should be good there
  You can configure Radius and Profiling to be enabled on other interfaces
  Even though you are not using guest services yet, you can dedicate an interface just for that. As a result, you can separate guest traffic completely from your production network
  Take a look at this link for more info:
  http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/installation_guide/ise_ig/ise_app_c-ports.html
  For Question #2
  If you are using a Cisco WLC and running code 7.4 and newer you don't need to mess with the IP helper configurations. 
  The controller can be configured to act as a collector for client profiling and interact with the DHCP thread along with the RADIUS accounting task that is running on the controller. The controller receives a copy of the DHCP request packet sent from the DHCP thread and parses the DHCP packet for two options:
  –Option 12—HostName of the client
  –Option 60—The Vendor Class Identifier
  After this information is gathered from the DHCP_REQUEST packet, a message is formed by the controller with these option fields and is sent to the RADIUS accounting thread, which is in turn transmitted to the ISE in the form of an interim accounting message.
  Both DHCP and HTTP profiling settings are located under the "Advanced" configuration tab in the WLC
  On the other hand, you can also use Anycast for profiling. You can check out some of Cisco Live's sessions for more info on that. Here is one that is from a couple of years (There are more recent ones that are available as well):
  http://www.alcatron.net/Cisco%20Live%202013%20Melbourne/Cisco%20Live%20Content/Security/BRKSEC-3040%20%20Advanced%20ISE%20and%20Secure%20Access%20Deployment.pdf
  I hope this helps!
  Thank you for rating helpful posts!

• SAP GLM Print Request - Load Balancing of WWI server

  Hi GLM Experts,
  I am using new GLM + module that generates labels based on Print Requests. I am unable to understand how I can load balance the WWI services when there are multiple label printing requests.
  In GLM + we associate a WWI to a Print Station and which can then be associated with a printer. So in the configuration we are tying up a printer a WWI.
  Also during label printing, if the scenario uses print request module, then the use need to select a print station and printer. What happens if the WWI related to the print station is down?
  For example I have two services in WWI server GENPC1 and GENPC2. I created WWII and WWI2 as two print stations. I will associate my printer PRNWWI to both the print stations WWI1 and WWI2.
  During label printing if the user picks and WWI1 and Printer PDNWWI and if the GENPC1 WWI server assocaited with print status WWI1 is busy and down I want WWI GENPC2 to generate the label?
  How to setup the above load balancing or fall back? Please let me know.
  Thanks
  Pugal

  Dear Pugal
  we are not using GLM + and I am not sure about the technqiue used there to handle load balancing. Regarding general WWI setup I assume you know this Note: EH&amp;amp;S: Availability and performance of WWI and Expert servers
  On the top there is a further SAP Note abvailable which might be of interest. This is referenced here:
  http://de.scribd.com/doc/191576739/011000358700000861002013-e
  May be check OSS note: 1958655; OSS Note 1155294 is more related to normal WWI stuff; but may be check it as well. May be 1934253 might help better
  May be this might help.
  C.B.
  PS: may be check as well: consolut - EHS_MD_140_01 - EH&amp;amp;S-Management-Server einrichten
  The load balancing of synchron WWi servers is donein the "RFC" layer, therefore you have no inffluence here, for asynchron WWI servers you can do a lot to manage the WWI load balancing by using "exits" etc.

• APEX SSO and Load balancing: Could not determine workspace for application

  We had a single HTTP Server serving APEX in a 10.2.0.2 database configured with SSO to be used by the developers. APEX has been registered as a partner application and the login url has been CA Siteminder protected so that the SM_USER details are forwarded in the header for the application to use for authorization. Everything is fine so far.
  Now we have added a HTTP Server on another host and have it all set up for APEX and its pointing to the same database. APEX_ADMIN access works as normal, but applications previously using SSO now get the following error after entering the URL.
  Expecting p_company or wwv_flow_company cookie to contain security group id of application owner.
  Error ERR-7620 Could not determine workspace for application ().
  Using HTTP Watch I find that the application is not even trying to redirect to the login page.
  What is wrong here?

  APEX has been registered as a partner application as described in
  http://www.oracle.com/technology/products/database/application_express/howtos/sso_partner_app.html
  In the meantime I found metalink document 368746.1 which describes the cause of this problem. Please read carefully what I wrote, it all works when the the new APEX web server is turned off in the server farm on the load balancer and directed through the original web server. When running regapp.sql the hostname in the listener token was using the virtual hostname. This works fine if the request comes from the original APEX server which proofs that there is nothing wrong with the installation and set up of SSO. When directing the request to the new APEX web server the APEX_ADMIN page still works only existing work spaces using SSO don't seems to work anymore resulting in a error as described in the subject.
  As for metalink document 368746.1 naming the causes of this error:
  - there are no duplicate entries in WWSEC_ENABLER_CONFIG_INFO$
  -LISTENER_TOKEN clearly works for requests coming from the first web server
  -theoretically the web server listener port could be changed from 7777, but port 80 needs to be maintained here as production is mimiced as far down as possible.
  Is there some cache table which can be cleared? How is it that the flows schema (apex engine) can not find the work space when the request comes from a new web server which can however access the APEX_ADMIN pages.
  anyone?

• SSO with SAP R/3 with load balancing as backend over the Web AS

  Hi,
  we have Netweaver 2004 at this time and we have to connect the portal to a BSP application in a load balancing environment.
  We set user mapping for the user and set the connection type from SAPLOGONTICKET to UIDPW. This is running for a test environment with only one R/3 system without load balancing.
  Does anyone know the setting parameters for a load balancing environment (ok, the message server and...?).
  Thank you.
  Best regards
  Patrizia

  Hi all,
  run into the same problem. Setting up a mapping with UIDPW in a non load balanced WEB-AS enviroment for BSP or Webdynpro for ABAP works fine. But if I go to set it up in a balanced system I can see the following behavior. The http request is send to the messageserver. This request enclosed my mapped user and password. The messageserver responds with an HTTP 301 wich contains one of my applicationservers, so far so good. The client sends a new request to the mentioned applicationserver but this time without the UIDPW. So the user will not be logged in.
  I was wondering if my backend have to issue logonticket too, cause today it only accept tickets from the portal.
  Is this is a bug or a feature?
  Regards,
  Bernd

• How to change the OraSSO login link in webcache/load balance

  Hi
  we have 10gAsR1 installed as a Portal instance. We have 6-server
  load balancer => webcache as loadbalancer (listening port 80)
  Wb ch1 and wb ch2 => webcache (listening port 7777)
  portal1 and portal2 => Portal listening 7778
  infra =>Infrastruture with repository Portal/Oracle SSO (listening 7777)
  This set up is working fine for our intranet setup, now we need to open this for couple of external clients. Well initially we need to open on the load balancer server on port 80 for external team to access, it works fine when we make it publc access.
  Now when we need to make it SSO (siteminder) enables, when users click on login link it first goes oracle sso then it internally redirects the page to site minder sso.
  Well, I have noted that the sso server details are mentioned in global setting sso/oid details. Since we need to open this for external client we have to add a DNS entry for this so that we can allow its access over firewall..
  Now I have made DNS name change at my infrserver level, now I need to update the change at the load balancer server (where wheb chache is running).
  Any one know how to chang the URL at load balancer.
  I am struck at this point please suggest how should i proceed..
  Thanks,

  Extract from Personalization Guide - Page Footer - Personalization Considerations
  * If you wish to personalize the URL that points to the Privacy Statement for a page that displays a standard Copyright and Privacy (that is, its Auto Footer property is set to true), set the Scope to OA Footer, in the Choose Personalization Context page of the Personalization UI.
  * If you wish to personalize the URL that points to the Privacy Statement for a page that displays a custom Copyright and Privacy (that is, its Auto Footer property is set to false), set the Scope to Page in the Choose Personalization Context page of the Personalization UI. In the following Page Hierarchy Personalization page , identify and personalize the Privacy page element.

• DS to BW load balancing

  Dear all,
  I have a doubt regarding load balancing in PRD. Our team is loading data through DS 12.2.2.3 to SAP BW Master / transaction Infosources.
  SAP BW system has five Application Servers / instances to balance the load. BW target data store is configured to connect to the Central Instance of SAP BW.
  Since we are connected to the Central instance / application server of BW system from DS, will BW system be able to balance the load across multiple instances?
  Since BW Server has multiple instances to balance the load, is there any way we can utilise these BW multiple instances from Data Services?
  Can you share your thoughts on this? Appreciate your responses.
  Regards,
  Suneer.

  Hi Suneer,
  There are several ways how DS and BW can interact, so it might depend on what scenario you are using.
  I can think of the following scenario's:
  1. A DS job is executed from admin console and loads into a BW target datasource.
  This should use any available server, according to load balancing settings. It is not possible to force the process to use a specific server.
  2. A process chain starts an infopackage, which in turn starts a DS job
  BW will use the server chosen at the time of scheduling, if everything is configured correctly and scheduled correctly it will use any avaialble server conform load balancing settings. You can set this to run on a specific server (but I would only recommend this in very special circumstances).
  3. DS triggers a process chain
  Again, BW will use the settings on the process chain.
  4. BW runs an execution command, which starts a DS job
  Well, this is not a relevant scenario as it does not update anything on BW - unless the execution command then runs a job which loads data into BW, which is described in scenario 1.
  I hope this makes sense. Let me know if you have any other scenario's or concerns.
  Can I just ask why you are concerned about this load balancing? I have not have load balancing problems with DS/BW but I have had plenty of problems around concurrent use of the RFC connection between DS/BW. 'Multithreading' was not supported until 12.2.3.2 and you mentioned you run on 12.2.2.3, so potentially this is a problem for you.
  Jan.

• SharePoint 2010 with LDAP authentication, using NOVELL eDirectory

  One of my customers needs a SharePoint application that allows people to authenticate with either an Active Directory account (internal staff) or a Novell eDirectory account (external customers).
  Using the following article as a base guide (http://blogs.technet.com/b/speschka/archive/2009/11/05/configuring-forms-based-authentication-in-sharepoint-2010.aspx)
  I configured a claims-based test application that had Windows authentication enabled and Forms based authentication (FBA) enabled (this is on a Windows 2008 server and not a domain controller)
  In the Membership provider name text box I entered "LdapMember"
  In the Role provider name  text box I entered "LdapRole"
  In the web.config for the SharePoint Central Admin, I modified/added the following details right before </system.web>
  <membership>
  <providers>
  <add name="LdapMember"
  type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
  server="ldap.server.address"
  port="389"
  useSSL="false"
  connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
  connectionPassword= "validpassword"
  userDNAttribute="dn"
  userNameAttribute="cn"
  userContainer="OU=people,O=validobject"
  userObjectClass="person"
  userFilter="(ObjectClass=person)"
  scope="Subtree"
  otherRequiredUserAttributes="sn,givenname,cn" />
  </providers>
  </membership>
  <roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider" >
  <providers>
  <add name="LdapRole"
  type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
  server="ldap.server.address"
  port="389"
  useSSL="false"
  connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
  connectionPassword= "validpassword"
  groupContainer="OU=people,O=validobject"
  groupNameAttribute="cn"
  groupNameAlternateSearchAttribute="samAccountName"
  groupMemberAttribute="member"
  userNameAttribute="sAMAccountName"
  dnAttribute="distinguishedName"
  groupFilter="((ObjectClass=group)"
  userFilter="((ObjectClass=person)"
  scope="Subtree" />
  </providers>
  </roleManager>
  I modified the SecurityTokenServiceApplication web.config with these details
  <system.web>
  <membership>
  <providers>
  <add name="LdapMemebr"
  type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
  server="ldap.server.address"
  port="389"
  useSSL="false"
  connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
  connectionPassword= "validpassword"
  userDNAttribute="dn"
  userNameAttribute="cn"
  userContainer="OU=people,O=validobject"
  userObjectClass="person"
  userFilter="(ObjectClass=person)"
  scope="Subtree"
  otherRequiredUserAttributes="sn,givenname,cn" />
  </providers>
  </membership>
  <roleManager enabled="true">
  <providers>
  <add name="LdapRole"
  type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
  server="ldap.server.address"
  port="389"
  useSSL="false"
  connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
  connectionPassword= "validpassword"
  groupContainer="OU=people,O=validobject"
  groupNameAttribute="cn"
  groupNameAlternateSearchAttribute="samAccountName"
  groupMemberAttribute="member"
  userNameAttribute="sAMAccountName"
  dnAttribute="distinguishedName"
  groupFilter="(&amp;(ObjectClass=group))"
  userFilter="(&amp;(ObjectClass=person))"
  scope="Subtree" />
  </providers>
  </roleManager>
  </system.web>
  I modified the web.config of the test application I created with these details
  <roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false">
  <providers>
  <add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
  <add name="LdapRole" type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
  server="ldap.server.address"
  port="389"
  useSSL="false"
  connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
  connectionPassword= "validpassword"
  groupContainer="OU=people,O=validobject"
  groupNameAttribute="cn"
  groupNameAlternateSearchAttribute="samAccountName"
  groupMemberAttribute="member"
  userNameAttribute="cn"
  dnAttribute="dn"
  groupFilter="(&amp;(ObjectClass=group))"
  userFilter="(&amp;(ObjectClass=person))"
  scope="Subtree" />
  </providers>
  </roleManager>
  <membership defaultProvider="i">
  <providers>
  <add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
  <add name="LdapMember" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
  server="ldap.server.address"
  port="389"
  useSSL="false"
  connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
  connectionPassword= "validpassword"
  useDNAttribute="true"
  userDNAttribute="dn"
  userNameAttribute="cn"
  userContainer="OU=people,O=validobject"
  userObjectClass="person"
  userFilter="(ObjectClass=person)"
  scope="Subtree"
  otherRequiredUserAttributes="sn,givenname,cn" />
  </providers>
  </membership>
  With all of this configured, I can go to the new test site, I do see the form where I can choose either Windows authentication or Forms authentication. I can successfully login with Windows authentication, but forms authentication gives me me an error.
  The server could not sign you in. Make sure your user name and password are correct, and then try again.
  I can successfully login to a LDAP management tool, using the same credentials I entered on the form, so I know the username and password being submitted are correct. I get the following items in the event viewer
  8306 - SharePoint Foundation - The security token username and password could not be validated.
  in the SharePoint trace logs - Password check on 'testuser' generated exception: 'System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security token username and password could not be validated. and
  then this:
  Request for security token failed with exception: System.ServiceModel.FaultException: The security token username and password could not be validated.
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message response)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst)
  at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo)
  I monitored the LDAP server and did a packet-trace on the communication happening between the SharePoint server and the LDAP server and it is a bit odd. It goes like this:
  The SharePoint server successfully connects to the LDAP server, binding the ldapserviceid+password
  The LDAP server tells the SharePoint server it is ready to communicate
  the SharePoint server sends an LDAP query to the LDAP server, asking if the name entered in the form authentication page can be found.
  The LDAP server does the query, successfully finds the entered name and sends a success message back to SharePoint
  The LDAP server sends notification that it is done and is closing the connection that was bound to theldapserviceid+password
  The SharePoint server acknowledges the connection is closing
  ... and then nothing happens, except the error on SharePoint
  What I understand is that the SharePoint server, once it gets confirmation that the submitted username exists in LDAP, should attempt to make a new LDAP connection, bound to the username and password submitted in the form (rather than the LDAP service account
  specified in the web.config). That part does not seem to be happening.
  I am at a standstill on this and any help would be greatly appreciated.

  OK, our problem was resolved by removing any information about the ASP.NET role manager. Initially, we had information about a role manager defined in three different web.config files, as well as in the SharePoint Central Administration site, where there
  is the checkbox to Enable Forms Based Authentication (you see this when you first create the new SharePoint app, or afterwards by modifying the Authentication Provider for the app.) In either case, you will see two text boxes, underneath the checkbox item
  for enabling Forms Based Authentication:
  "ASP.NET Membership provider name"
  "ASP.NET Role manager name"
  We entered a name for Membership provider, and left Role manager blank.
  In the web.config for the SharePoint Central Administration site, the SecurityTokenServiceApplication app, and the web app we created with FBA enabled, we entered the following:
  <membership>
  <providers>
  <add name="LdapMember"
  type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
  server="ldap.server.address"
  port="389"
  useSSL="false"
  connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
  connectionPassword="validpassword"
  useDNAttribute="false"
  userDNAttribute="dn"
  userNameAttribute="cn"
  userContainer="OU=people,O=validobject"
  userObjectClass="person"
  userFilter="(ObjectClass=person)"
  scope="Subtree"
  otherRequiredUserAttributes="sn,givenname,cn" />
  </providers>
  </membership>
  <roleManager>
  <providers>
  </providers>
  </roleManager>
  useDNAttribute="false" turned out to be important as well.
  So, for us to get LDAP authentication working between SharePoint 2010 and Novel eDirectory, we had to:
  leave anything related to the role provider blank
  configure the web.config in three different applications, with the proper connection information to reach our Novel eDir
  Ensure that useDNAttribute="false" was used in all three on the modified web.config files.
  Since our eDir is flat and used pretty much exclusively for external users, we had never done any sort of advanced role management configuration in eDir. So, by having role manager details in the web.config files, SharePoint was waiting for information from
  a non-existent role manager.

• Does ADFS work with SharePoint 2013 with WFEs SSL-offloaded to a F5 load balancer?

  Currently we are implementing a SharePoint 2013 Production environment with 2 WFEs load-balanced by F5.  SSL is offloaded to F5 and is currently working fine with Integrated Windows Authentication with NTLM.  We would like to implement ADFS 3.0
  later for Single Sign-on, and we are wondering if ADFS supports SSL offload.  
  Do we need to bind the certificate to the WFEs as well to use ADFS?  
  Thank you!

  Just got it confirmed that ADFS supports SSL offload.  There is no direct communication between SharePoint and ADFS server during the authentication process.  It is always the browser that's talking to ADFS server. We just need to do the following:
  Configure SharePoint URLs in ADFS as replying parties with https.
  Configure AAM in SharePoint to make sure internal URL is http and public URL is https.

• Site not accessible from the Load balanced web front end server - sharepoint 2010

  I have a production environment with 2 WFE's(sp-wfe1 & sp-wfe2), 2 APP's and 2 SQL clustered VM's.
  2 WFE's are load balanced using hardware load balancer.
  An A-Record(PORTAL) is created in DNS for the virtual IP of the load balancer which points to the 2 WFE's.
  A web application is created on the WFE's on port 80.
  alternative access mapping is configured and the load balanced record "http://PORTAL" is used under the default zone.
  Under IIS I have edited the bindings for the sharepoint site at port 80 and added the HOSTNAME as PORTAL.
  Result: The site is accessible from outside the server and works fine.
  ISSUE: The site is not accessible within the WFE's(sp-wfe1 & sp-wfe2).
  When I browse the site from the WFE's server it ask for the credentials and when I enter the credentials and click OK it ask the credentials again and again and in the end displays a blank page.
  Kindly help me in this issue because I am clueless and couldn't find anything helpful on the internet. 
  Regards,
  Mudassar
  MADDY-DEV Forum answers from Microsoft Forum

  Loop back check.
  http://www.harbar.net/archive/2009/07/02/disableloopbackcheck-amp-sharepoint-what-every-admin-and-developer-should-know.aspx

• Lync Server Front End 2 Hardware Load Balancer IP

  I currently have the following Setup.
  I only have 1 Hardware Load Balanced IP for my Front End Pool. 
  After running the Lync Planning Tool it actually states that i need 2 Hardware Load Balanced IP, 1 for internal and 1 for external. 
  My question would be would i be able to configure for mobility and external access with just using 1 Hardware Load Balanced IP? 
  Because i seem to have problem with connecting to the front end server based on the following scenario.
  Without Reverse Proxy Mapping (port 80/443 internet to port 80/443 reverse proxy to port 80/443 lyncpool frontend) 
  Internal Access (No Issue)
  Lync Mobile 2013 App (Can Connect and chat but intermittent connection) *gets disconnected if i access video/audio
  Lync Client 2013 Externally (Cannot Connect to Server) 
  https://meet.domain.com (working)
  With Reverse Proxy Mapping (Port 80/443 internet to port 8080/4443 reverse proxy to port 8080/4443 lyncpool frontend)
  Internal Access (No Issue)
  Lync Mobile 2013 App (Cannot connect)
  Lync Client 2013 Externally (Cannot connect)
  https://meet.domain.com (Not working)
  Would i actually need to have a additional front end pool IP for external access? or can i maintain it as it is? 
  I do not understand why without the mapping it can work whereas if i do the mapping according to technet article it won't work.
  Everything is running windows server 2012 R2 and Lync 2013, Loadbalancer / Reverse Proxy is the same F5 Appliance
  Any assistance on this is greatly appreciated.

  Hi Greg,
  I have been making use of it (https://testconnectivity.microsoft.com/) to test my autodiscover and remote
  access.
  Like i mentioned it is weird that without doing port mapping from 80/443 to 8080/4443 i was able to pass
  the autodiscovery and all but once i changed to the proper steps to do port mapping it stopped working. 
  and im not using TMG but using a F5 Hardware Reverse Proxy which also happen to be my Load Balancing Appliance. 
  Is there anyone who can help give me more details if i need 2 VIP for the front end ?