NTS Authentication and External Users

Hi,
I am looking for advice on the following issue:
Oracle:9.2.0.6
OS:Windows 2000
This is a data warehouse and the data is loaded by batch scripts. To ensure that the batch scripts haven't got usernames and passwords hard coded then we used externally identified users. However to get this to work the parameter Autentication_Services has to be set to NTS. Therefore anyone who is in the ORA_DBA group can log into the database without a password, also anyone who is an administrator of the machine could potentially add themselves to the ORA_DBA group and then log into the database without a password.
Is there any way to use external autentication but then also force sysdba connections to specify a password?
Is it possible to just remove the ORA_DBA group without any impact?
Any clarification then please let me know
Thanks for your time and help
Regards
Seb

More details (architecture etc) would be needed to suggest any kind of solution.
Also content served is static or dynamic ? If content is dynamic then backend component (app) would expect identity to be propagated to it. This could be potential issue if internal user wont authenticate.
If it is static content then you can make use of rewrite rules / rewrite conditions to filter ip address (internal users should have some ip address range). Although you may have to do multiple url rewrite at apache level to by pass authentication.
One another solution is to implement zero sign on experience via WNA for internal users. WNA would take advantage of user's login to desktop. Hope this helps.

Similar Messages

  • INTERNAL and EXTERNAL users authentication via OAM

    Hi ,
    We have a scenario where in a resource is protected by OAM and we want the internal users in the system to access the resource w/o and authentication , However at the same time we want the external users should be challenged by OAM for credentials .
    How to implement such a scenario ?
    Any ideas would be helpful ..
    Thanks
    Sid

    More details (architecture etc) would be needed to suggest any kind of solution.
    Also content served is static or dynamic ? If content is dynamic then backend component (app) would expect identity to be propagated to it. This could be potential issue if internal user wont authenticate.
    If it is static content then you can make use of rewrite rules / rewrite conditions to filter ip address (internal users should have some ip address range). Although you may have to do multiple url rewrite at apache level to by pass authentication.
    One another solution is to implement zero sign on experience via WNA for internal users. WNA would take advantage of user's login to desktop. Hope this helps.

  • SharePoint 2013 CAL and External users

    Hi,
    We are setting up an extranet site(SharePoint 2013 standard version) on Rackspace, Both employee and non-employee will use this site. Employee will use company existing SAML 2.0 based authentication and non-employee will use FBA to login to
    the portal.
    I would like to know if we need to buy CAL for external users(non-employee)? What is the definition of external users?
    Thanks,
    Pat

    Check out this post and this should answer all you questions. 
    http://social.technet.microsoft.com/forums/sharepoint/en-US/0756aaa7-b307-4793-b019-bc58d4ace8b2/sharepoint-foundation-fba-on-internet-licensing
    Thanks, Danny Hickman IT Support Specialist

  • OBIEE Download Error - Both Internal and External Users

    I have set up a new Group and Workspace today. External users are getting an error when trying to download OBIEE, and so am I. The browser throws a '500 Internal Server Error' and looks like the link no longer exists or is broken. Please help, thanks!

    Hi,
    I went to beehiveonline.oracle.com/bcentral and accessed the downloads page and was able to download OBEE without any problems.
    The direct link is
    https://beehiveonline.oracle.com/bcentral/action?page=downloadlanding&appId=Oracle+Beehive+Extensions+for+Explorer+Downl…
    What was the URL you were using and where did you find it? There may be an old link I need to correct.
    Phi

  • RDS - .local domain and external users. Best way to get rid of SSL warnings

    I am evaluating MS RDS as a possible solution for a VDI implementation at the college I work for.  When we setup our AD years ago we set it up as a .local domain.  I am running into issues with the .local machine name on the connection broker for
    external users.  I know for internal domain systems we can setup the self signed .local cert as a trusted root cert to bypass the self signed untrusted warning  but for the bulk of our users which will be using systems external to our domain they
    will get the SSL warning about the self signed certificate when they try to connect to a remote app or a desktop.
    Initially I thought if I setup a local AD CA that we could setup a trust relationship with the SSL cert.  After further reading I believe that this would only work for systems internal to our domain and we would still have the issue with external devices.
    The other option would be to tell our users to click the box to never display the warning message again and to go on or to add the self signed cert to their trusted list.  Of course when ever you ask the user to do something there will be issues.  We
    have also found that in our testing that we can not seem to connect via the web portal with a macbook.  We get an error that there is a problem with the trust relationship with the server after we login and click on an app or a desktop to connect.  We
    have been able to connect with iOS devices.  
    We could of course rename the .local domain to a .edu domain which would permit us to use our wildcard certificate but that is a major undertaking that we don't want to cross at the moment.  I think I might have some up with a solution and wanted to
    bounce the idea off of those on this forum.
    If we setup a second domain on campus that is not a .local.  Join the non internet facing RDS systems to this new domain that would have a SSL cert that was trusted and then setup a full trust relationship between the two domains such that users and
    systems in one domain could communicate with the systems in the other domain would that remove the certificate warnings for external users?

    Hi AKlein,
    Initially I thought if I setup a local AD CA that we could setup a trust relationship with the SSL cert.  After further reading I believe that this would only work for systems internal to our domain and we would
    still have the issue with external devices.
    Just add the root CA certificate of the internal CA into Trusted Root Certification Authorities store on external clients manually (or through group policy if there is an external domain), then SSL certificate warning would be gone.
    We could of course rename the .local domain to a .edu domain which would permit us to use our wildcard certificate but that is a major undertaking that we don't want to cross at the moment.
    Yes, renaming domain is not recommended due to its complexity.
    If we setup a second domain on campus that is not a .local.  Join the non internet facing RDS systems to this new domain that would have a SSL cert that was trusted and then setup a full trust relationship between
    the two domains such that users and systems in one domain could communicate with the systems in the other domain would that remove the certificate warnings for external users?
    If you are setting up a new domain with two way trust, then root CA certificate of the internal CA still needs to be distributed manually (or through group policy). If you are setting up a child domain, then enterprise CA would be trusted within the same
    forest.
    As long as there are enough external users and devices to manage, an external private network exists and extra domain management tasks are acceptable, then setting up a new domain is a good choice since domain provides secure boundary.
    Or, you could just create a new site from the other network location, which saves you from creating a new domain, new users and trust.
    Best Regards,
    Amy
    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
    [email protected]

  • Internal and external user logins

    i have an asp.net web application which should work as intranet application if windows user logs in and it should ask separate logins if an external user logs in. Is it possible? it can be accessed over internet and internal users uses VPN or the network
    where site resides

    This forum is for questions about the TechNet Wiki. It might be best to ask your question in the asp.net forums, linked here:
     http://forums.asp.net
    Richard Mueller - MVP Directory Services

  • ACS 5.2 Machine Authentication and AD user

    I am trying to setup up a rule to allow wireless access only to users in my AD when they use computers from my AD.
    I have Machine authentication working on it's own (computer boots up and connects to wireless - confrimed by ACS logs)
    I have User authentication working
    But when I try to creat the floowing rule:

    I solved it. I seem that you have to have "Machine Access Restrictions" (External Identity Stores > Active Directory) checked. then it works.

  • Claims Based Authentication and Editing User Profiles

    Hi All,
    I have an interesting issue where I have a SharePoint Farm setup with both the intranet and mysites web applications setup using Claims Based Authentication. While everything seems to work fine, you are able to search for users, view properties and users
    can change their own profile properties. However when you configure a profile administration account (an account with the "manage user profiles" permission on the User Profile Service Application) and you attempt to use that account to edit
    another users profile you get hit with a generic error page. 
    Delving deeper you get the following errors:
    ULS:
    Date    Process    Thread Id    Area    Category    Event Id    Level    Correlation    Message
    5/7/2013 00:31:44:64    App Pool: MySites    0x1DC8    SharePoint Foundation    Logging Correlation Data    xmnv    Medium    4001199c-6bd8-c03d-920f-55177fbff00c  
     Name=Request (GET:http://mysite.DOMAIN.loc:80/_layouts/15/EditProfile.aspx?UserSettingsProvider=234bf0ed%2D70db%2D4158%2Da332%2D4dfd683b4148&ReturnUrl=http%3A%2F%2Fmysite%2EDOMAIN%2Eloc%2Fperson%2Easpx%3Faccountname%3DDOMAIN%255CAUSER&accountname=DOMAIN%5CAUSER)
    5/7/2013 00:31:44:66    App Pool: MySites    0x1DC8    SharePoint Foundation    Authentication Authorization    agb9s    Medium    4001199c-6bd8-c03d-920f-55177fbff00c  
     Non-OAuth request. IsAuthenticated=True, UserIdentityName=0#.w|DOMAIN\sp_config, ClaimsCount=24
    5/7/2013 00:31:44:66    App Pool: MySites    0x1DC8    SharePoint Foundation    Logging Correlation Data    xmnv    Medium    4001199c-6bd8-c03d-920f-55177fbff00c  
     Site=/
    5/7/2013 00:31:44:69    App Pool: MySites    0x1DC8    SharePoint Foundation    Files    00000    High    4001199c-6bd8-c03d-920f-55177fbff00c  
     UserAgent not available, file operations may not be optimized.
    at Microsoft.SharePoint.SPFileStreamManager.CreateCobaltStreamContainer(SPFileStreamStore spfs, ILockBytes ilb, Boolean copyOnFirstWrite, Boolean disposeIlb)  
    at Microsoft.SharePoint.SPFileStreamManager.SetInputLockBytes(SPFileInfo& fileInfo, SqlSession session, PrefetchResult prefetchResult)  
    at Microsoft.SharePoint.CoordinatedStreamBuffer.SPCoordinatedStreamBufferFactory.CreateFromDocumentRowset(Guid databaseId, SqlSession session, SPFileStreamManager spfstm, Object[] metadataRow, SPRowset contentRowset, SPDocumentBindRequest& dbreq, SPDocumentBindResults&
    dbres)  
    at Microsoft.SharePoint.SPSqlClient.GetDocumentContentRow(Int32 rowOrd, Object ospFileStmMgr, SPDocumentBindRequest& dbreq, SPDocumentBindResults& dbres)  
    at Microsoft.SharePoint.Library.SPRequestInternalClass.GetFileAndMetaInfo(String bstrUrl, Byte bPageView, Byte bPageMode, Byte bGetBuildDependencySet, String bstrCurrentFolderUrl, Int32 iRequestVersion, Byte bMainFileRequest, Boolean& pbCanCustomizePages,
    Boolean& pbCanPersonalizeWebParts, Boolean& pbCanAddDeleteWebParts, Boolean& pbGhostedDocument, Boolean& pbDefaultToPersonal, Boolean& pbIsWebWelcomePage, String& pbstrSiteRoot, Guid& pgSiteId, UInt32& pdwVersion, String&
    pbstrTimeLastModified, String& pbstrContent, UInt32& pdwPartCount, Object& pvarMetaData, Object& pvarMultipleMeetingDoclibRootFolders, String& pbstrRedirectUrl, Boolean& pbObjectIsList, Guid& pgListId, UInt32& pdwItemId, Int64&
    pllListFlags, Boolean& pbAccessDenied, Guid& pgDocid, Byte& piLevel, UInt64& ppermMask, Object& pvarBuildDependencySet, UInt32& pdwNumBuildDependencies, Object& pvarBuildDependencies, String& pbstrFolderUrl, String& pbstrContentTypeOrder,
    Guid& pgDocScopeId)  
    at Microsoft.SharePoint.Library.SPRequestInternalClass.GetFileAndMetaInfo(String bstrUrl, Byte bPageView, Byte bPageMode, Byte bGetBuildDependencySet, String bstrCurrentFolderUrl, Int32 iRequestVersion, Byte bMainFileRequest, Boolean& pbCanCustomizePages,
    Boolean& pbCanPersonalizeWebParts, Boolean& pbCanAddDeleteWebParts, Boolean& pbGhostedDocument, Boolean& pbDefaultToPersonal, Boolean& pbIsWebWelcomePage, String& pbstrSiteRoot, Guid& pgSiteId, UInt32& pdwVersion, String&
    pbstrTimeLastModified, String& pbstrContent, UInt32& pdwPartCount, Object& pvarMetaData, Object& pvarMultipleMeetingDoclibRootFolders, String& pbstrRedirectUrl, Boolean& pbObjectIsList, Guid& pgListId, UInt32& pdwItemId, Int64&
    pllListFlags, Boolean& pbAccessDenied, Guid& pgDocid, Byte& piLevel, UInt64& ppermMask, Object& pvarBuildDependencySet, UInt32& pdwNumBuildDependencies, Object& pvarBuildDependencies, String& pbstrFolderUrl, String& pbstrContentTypeOrder,
    Guid& pgDocScopeId)  
    at Microsoft.SharePoint.Library.SPRequest.GetFileAndMetaInfo(String bstrUrl, Byte bPageView, Byte bPageMode, Byte bGetBuildDependencySet, String bstrCurrentFolderUrl, Int32 iRequestVersion, Byte bMainFileRequest, Boolean& pbCanCustomizePages, Boolean&
    pbCanPersonalizeWebParts, Boolean& pbCanAddDeleteWebParts, Boolean& pbGhostedDocument, Boolean& pbDefaultToPersonal, Boolean& pbIsWebWelcomePage, String& pbstrSiteRoot, Guid& pgSiteId, UInt32& pdwVersion, String& pbstrTimeLastModified,
    String& pbstrContent, UInt32& pdwPartCount, Object& pvarMetaData, Object& pvarMultipleMeetingDoclibRootFolders, String& pbstrRedirectUrl, Boolean& pbObjectIsList, Guid& pgListId, UInt32& pdwItemId, Int64& pllListFlags, Boolean&
    pbAccessDenied, Guid& pgDocid, Byte& piLevel, UInt64& ppermMask, Object& pvarBuildDependencySet, UInt32& pdwNumBuildDependencies, Object& pvarBuildDependencies, String& pbstrFolderUrl, String& pbstrContentTypeOrder, Guid&
    pgDocScopeId)  
    at Microsoft.SharePoint.SPWeb.GetWebPartPageContent(Uri pageUrl, Int32 pageVersion, PageView requestedView, HttpContext context, Boolean forRender, Boolean includeHidden, Boolean mainFileRequest, Boolean fetchDependencyInformation, Boolean& ghostedPage,
    String& siteRoot, Guid& siteId, Int64& bytes, Guid& docId, UInt32& docVersion, String& timeLastModified, Byte& level, Object& buildDependencySetData, UInt32& dependencyCount, Object& buildDependencies, SPWebPartCollectionInitialState&
    initialState, Object& oMultipleMeetingDoclibRootFolders, String& redirectUrl, Boolean& ObjectIsList, Guid& listId)  
    at Microsoft.SharePoint.ApplicationRuntime.SPRequestModuleData.FetchWebPartPageInformationForInit(HttpContext context, SPWeb spweb, Boolean mainFileRequest, String path, Boolean impersonate, Boolean& isAppWeb, Boolean& fGhostedPage, Guid& docId,
    UInt32& docVersion, String& timeLastModified, SPFileLevel& spLevel, String& masterPageUrl, String& customMasterPageUrl, String& webUrl, String& siteUrl, Guid& siteId, Object& buildDependencySetData, SPWebPartCollectionInitialState&
    initialState, String& siteRoot, String& redirectUrl, Object& oMultipleMeetingDoclibRootFolders, Boolean& objectIsList, Guid& listId, Int64& bytes)  
    at Microsoft.SharePoint.ApplicationRuntime.SPRequestModuleData.GetWebPartPageData(HttpContext context, String path, Boolean throwIfFileNotFound)  
    at Microsoft.SharePoint.ApplicationRuntime.SPVirtualPathProvider.GetCacheKey(String virtualPath)  
    at System.Web.Compilation.BuildManager.GetVPathBuildResultFromCacheInternal(VirtualPath virtualPath, Boolean ensureIsUpToDate)  
    at System.Web.Compilation.BuildManager.GetVPathBuildResultInternal(VirtualPath virtualPath, Boolean noBuild, Boolean allowCrossApp, Boolean allowBuildInPrecompile, Boolean throwIfNotFound, Boolean ensureIsUpToDate)  
    at System.Web.Compilation.BuildManager.GetVPathBuildResultWithNoAssert(HttpContext context, VirtualPath virtualPath, Boolean noBuild, Boolean allowCrossApp, Boolean allowBuildInPrecompile, Boolean throwIfNotFound, Boolean ensureIsUpToDate)  
    at System.Web.Compilation.BuildManager.GetVPathBuildResult(HttpContext context, VirtualPath virtualPath, Boolean noBuild, Boolean allowCrossApp, Boolean allowBuildInPrecompile, Boolean ensureIsUpToDate)  
    at System.Web.UI.MasterPage.CreateMaster(TemplateControl owner, HttpContext context, VirtualPath masterPageFile, IDictionary contentTemplateCollection)  
    at System.Web.UI.Page.ApplyMasterPage()  
    at System.Web.UI.Page.PerformPreInit()  
    at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)  
    at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)  
    at System.Web.UI.Page.ProcessRequest()  
    at System.Web.UI.Page.ProcessRequest(HttpContext context)  
    at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()  
    at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)  
    at System.Web.HttpApplication.PipelineStepManager.ResumeSteps(Exception error)  
    at System.Web.HttpApplication.BeginProcessRequestNotification(HttpContext context, AsyncCallback cb)  
    at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context)  
    at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)  
    at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)  
    at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus)  
    at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus)  
    at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)  
    at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
    5/7/2013 00:31:44:69    App Pool: MySites    0x1DC8    SharePoint Foundation    Files    aiv4w    Medium    4001199c-6bd8-c03d-920f-55177fbff00c  
     Spent 0 ms to bind 33542 byte file stream
    5/7/2013 00:31:44:72    App Pool: MySites    0x1DC8    SharePoint Portal Server    User Profiles    ai7z6    High    4001199c-6bd8-c03d-920f-55177fbff00c  
     User was not successfully retrieved: i:0#.w|DOMAIN\AUSER in ProfileUI.OnInit. Seeing if this is a system account
    5/7/2013 00:31:44:72    App Pool: MySites    0x1DC8    SharePoint Portal Server    User Profiles    ai7z7    High    4001199c-6bd8-c03d-920f-55177fbff00c  
     User i:0#.w|DOMAIN\AUSER not found and not a system account.
    5/7/2013 00:31:44:72    App Pool: MySites    0x1DC8    SharePoint Portal Server    User Profiles    ahn7m    Unexpected    4001199c-6bd8-c03d-920f-55177fbff00c  
     ProfileUI: Unhandled exception inside OnInit: Microsoft.Office.Server.UserProfiles.UserNotFoundException: DOMAIN\AUSER  
    at Microsoft.SharePoint.Portal.WebControls.ProfileUI.OnInit(EventArgs e)
    5/7/2013 00:31:44:72    App Pool: MySites    0x1DC8    SharePoint Portal Server    User Profiles    ahn7h    Unexpected    4001199c-6bd8-c03d-920f-55177fbff00c  
     ProfileEditor: Unhandled exception inside OnInit: Microsoft.Office.Server.UserProfiles.UserNotFoundException: DOMAIN\AUSER  
    at Microsoft.SharePoint.Portal.WebControls.ProfileUI.OnInit(EventArgs e)  
    at Microsoft.SharePoint.Portal.WebControls.ProfileEditor.OnInit(EventArgs e)
    5/7/2013 00:31:44:72    App Pool: MySites    0x1DC8    SharePoint Foundation    General    8nca    Medium    4001199c-6bd8-c03d-920f-55177fbff00c  
     Application error when access /_layouts/15/EditProfile.aspx, Error=DOMAIN\AUSER
    at Microsoft.SharePoint.Portal.WebControls.ProfileUI.OnInit(EventArgs e)  
    at Microsoft.SharePoint.Portal.WebControls.ProfileEditor.OnInit(EventArgs e)  
    at System.Web.UI.Control.InitRecursive(Control namingContainer)  
    at System.Web.UI.Control.InitRecursive(Control namingContainer)  
    at System.Web.UI.Control.InitRecursive(Control namingContainer)  
    at System.Web.UI.Control.InitRecursive(Control namingContainer)  
    at System.Web.UI.Control.InitRecursive(Control namingContainer)  
    at System.Web.UI.Control.InitRecursive(Control namingContainer)  
    at System.Web.UI.Control.InitRecursive(Control namingContainer)  
    at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
    5/7/2013 00:31:44:72    App Pool: MySites    0x1DC8    SharePoint Foundation    Runtime    tkau    Unexpected    4001199c-6bd8-c03d-920f-55177fbff00c  
     Microsoft.Office.Server.UserProfiles.UserNotFoundException: DOMAIN\AUSER
    at Microsoft.SharePoint.Portal.WebControls.ProfileUI.OnInit(EventArgs e)  
    at Microsoft.SharePoint.Portal.WebControls.ProfileEditor.OnInit(EventArgs e)  
    at System.Web.UI.Control.InitRecursive(Control namingContainer)  
    at System.Web.UI.Control.InitRecursive(Control namingContainer)  
    at System.Web.UI.Control.InitRecursive(Control namingContainer)  
    at System.Web.UI.Control.InitRecursive(Control namingContainer)  
    at System.Web.UI.Control.InitRecursive(Control namingContainer)  
    at System.Web.UI.Control.InitRecursive(Control namingContainer)  
    at System.Web.UI.Control.InitRecursive(Control namingContainer)  
    at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
    5/7/2013 00:31:44:72    App Pool: MySites    0x1DC8    SharePoint Foundation    General    ajlz0    High    4001199c-6bd8-c03d-920f-55177fbff00c  
     Getting Error Message for Exception System.Web.HttpUnhandledException (0x80004005): Exception of type 'System.Web.HttpUnhandledException' was thrown. ---> Microsoft.Office.Server.UserProfiles.UserNotFoundException: DOMAIN\AUSER  
    at Microsoft.SharePoint.Portal.WebControls.ProfileUI.OnInit(EventArgs e)  
    at Microsoft.SharePoint.Portal.WebControls.ProfileEditor.OnInit(EventArgs e)  
    at System.Web.UI.Control.InitRecursive(Control namingContainer)  
    at System.Web.UI.Control.InitRecursive(Control namingContainer)  
    at System.Web.UI.Control.InitRecursive(Control namingContainer)  
    at System.Web.UI.Control.InitRecursive(Control namingContainer)  
    at System.Web.UI.Control.InitRecursive(Control namingContainer)  
    at System.Web.UI.Control.InitRecursive(Control namingContainer)  
    at System.Web.UI.Control.InitRecursive(Control namingContainer)  
    at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)  
    at System.Web.UI.Page.HandleError(Exception e)  
    at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)  
    at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)  
    at System.Web.UI.Page.ProcessRequest()  
    at System.Web.UI.Page.ProcessRequest(HttpContext context)  
    at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()  
    at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
    5/7/2013 00:31:44:72    App Pool: MySites    0x1DC8    SharePoint Foundation    General    aat87    Monitorable    4001199c-6bd8-c03d-920f-55177fbff00c  
    5/7/2013 00:31:44:73    App Pool: MySites    0x1DC8    SharePoint Foundation    Monitoring    b4ly    Medium    4001199c-6bd8-c03d-920f-55177fbff00c  
     Leaving Monitored Scope (Request (GET:http://mysite.DOMAIN.loc:80/_layouts/15/EditProfile.aspx?UserSettingsProvider=234bf0ed%2D70db%2D4158%2Da332%2D4dfd683b4148&ReturnUrl=http%3A%2F%2Fmysite%2EDOMAIN%2Eloc%2Fperson%2Easpx%3Faccountname%3DDOMAIN%255CAUSER&accountname=DOMAIN%5CAUSER)).
    Execution Time=87.1739285300227
    It seems similar to an issue in the blog post here: http://kb4sp.wordpress.com/2012/12/05/user-cannot-be-found-shenanigans-one-way-active-directory-trusts-and-sharepoint-2013/ however I tried what was suggested and it didn't work.
    Any help with this is appriciated.

    This line offers clues about the actual problem:
    Microsoft.Office.Server.UserProfiles.UserNotFoundException: DOMAIN\AUSER 
    According to the MSDN link (http://msdn.microsoft.com/en-us/library/microsoft.office.server.userprofiles.usernotfoundexception.aspx)
    it is not able to find the user in the profile store. Additionally the link you mentioned (http://kb4sp.wordpress.com/2012/12/05/user-cannot-be-found-shenanigans-one-way-active-directory-trusts-and-sharepoint-2013)
    suggests that the account being used to validate accounts on the production domain may have a problem.
    If there a way you can test that account in isolation against the DC?
    With Regards Shailen Sukul Entrepreneur/Software Architect/Developer/Consultant/Trainer (BSc | Mct | Mcpd (.Net 2/3.5/SharePoint2010) | Mcts (Sharepoint 2010/MOSS/WSS), Biztalk, Web, Win, Dist Apps) | Mcitp(SharePoint) | Mcsd.NET | Mcsd | Mcad) MSN | Skype
    | GTalk Id: shailensukul Twitter: http://twitter.com/shailensukul Website: http://sukul.org Blog: http://shailen.sukul.org/ http://www.linkedin.com/in/shailensukul

  • CWMS 2.0MR7 intermittent dead air on call-in and call-back for internal and external users

    Hello,
    I have got a new install of CWMS 2.0MR7 800 users non HA system. During initial testing we noticed that when we call-in or call-back there was a dead air even though the call is connected we don't hear welcome to WebEx....when we hang up and call again it works fine and we hear welcome to WebEx so the issue is intermittent. CUCM version is 8.6
    Can someone please advise how do we go about troubleshooting something like this when the issue is so intermittent?
    Thanks

    Hi,
    Please check the following:
    1. Please check if you are on supported hardware and that no co-resident VMs exist:
    http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_0/Planning_Guide/Planning_Guide_chapter_01011.html#reference_249B138B71324D19B09141D3849EC058
    2. Check if you have any snapshots on any of the virtual machines for the system. If you have captured any snapshots before an upgrade, make sure that you delete them within 24 hours as they cause degradation of system performance and are known to cause audio quality issues.
    3. Please check your network bandwidth for these requirements:
    http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/1_5/Planning_Guide/Planning_Guide_chapter_01.html#reference_267DB686BB224EB7A49DE4C783C912E6
    If you still face the problem, please open a TAC case to troubleshoot the issue further. We will be able to get detailed logs and sniffers to find the cause of the issue.
    Thanks,
    Jyothi

  • Can't Login to SharePoint as an invited External User / Can't Remove All Traces of External User with Microsoft Account

    Hi TechNet,
    I have an MS SharePoint Online (SharePoint Plan 2) team site, quite simple, one document library etc.
    I have successfully added all users (E3) within the organisation to groups, and permissioned correctly.
    I have added myself (separate organisation, also Office 365 E3) as an External User, and have access to the website without any problems by authenticating with my Organization account e-mail address.
    I have a single user (separate organisation, also Office 365 E3), who's setup is identical to mine (Also Office 365 E3).
    However, when this user is added as an External User, they are unable to login, and get "Sign In is not complete":
    That didn't work
    We're sorry, but [email protected] can't be found in the CLIENT1.sharepoint.com directory. Please try again later, while we try to automatically fix this for you. 
    Correlation ID: dc1f7f9c-092b-20b8-7b35-89348ba22f71
    Date and Time: 3/20/2014 7:06:55 AM
    URL: https://CLIENT1.sharepoint.com/
    User: [email protected]
    Issue Type: Partner User Invalid.    
    I then remove the user using the Site Collection, and using the PRofile Manager, and using Remove-SPOUser, and using Remove-SPOExternalUser. Which is great, he's gone. However when I go to add him back to a group, as soon as I type his e-mail address, it
    'Resolves' into his full name! If I have completely(?) removed him form the site, how is he being resolved? And therefore me trying to remove him to re-add him to try and solve the user/directory/auth issue is not working.
    Furthermore, upon clicking on said client's username inside SharePoint (after I've 'added him back' of course), his ID, in format: i:0#.f|membership|live.com#[email protected] has an entirely different e-mail address, his Microsoft Account! 
    I'm assuming he must have been already signed into his Microsoft Account when he clicked on the External User e-mail invite? If so, I clearly do not want this, how can I remove lal traces of his Microsoft Account, given that I have gone to the lengths as
    detailed above?
    I have already completed these steps: http://community.office365.com/en-us/forums/148/p/228263/709905.aspx
    Some possible further reading regarding Microsoft ID's and Organization ID's:
    http://sergeluca.wordpress.com/2013/09/23/sharepoint-online-and-external-users-this-invitation-has-already-been-accepted-with-another-account-bug-or-feature/
    Please let me know if you need any more information regarding this issue, and thanks in advance to anyone who can shed some light on this situation for me and anyone whom encounters it in the future.
    Regards,
    Evanly.

    Hi Scott,
    Thank you so much for taking the time to read and respond to my issue.
    Certainly, it makes sense that regardless of where the invitation it sent, the user would authenticate with their Microsoft ID.
    In my case, I want the user to authenticate using their Microsoft Organisation ID, that they use for their seperate Office 365 account.
    This is the way I was able to log in, and worked great. With my client, they are unable to access Sharepoint because once they sign in with their Microsoft Organisation / Office 365 ID, they are told they are not in the directory, because their Microsoft
    ID is in the directory and it doesn't match up.
    I am simultaneously trying to 1) Remove all traces of this users Microsoft ID, which so far using the above steps, has been unsuccessful; and 2) Invite the user using his Microsoft Organisation ID, and have him authenticate with that (which is proved to
    work, as my account uses this).
    Looking forward to any more suggestions. Thanks in advance!

  • Advice needed for provider hosted web application - authentication and access to SharePoint document library

    I haven't done SharePoint 2013 development with claims so I apologize in advance if my assumptions and questions are way out in left field.
    I'm trying to understand SharePoint 2013 claims authentication for a scenario that involves:
    A SharePoint provided hosted (web forms) app that will pull information and assets (e.g. PDFs) from SharePoint into the web page.
    It will be a VS 2012 solution with asp.net.identity feature.
    Security will be set for internal users, federated external users and forms-based external users.  Based on their security and (claim type) role it will define what information and assets that can be retrieved from SharePoint
    I have looked through MSDN and other sources to understand.
    This one helped with my understanding 
    Federated Identity for Web Applications and assumed that the general concept could be applied to forms-based identity for non-Federated external users .
    What I have now:
    VS 2012 solution web forms application set to Provider Host with asp.net.identity feature and its required membership tables.
    I can create new users and associate claims to the new user.
    I can log in with a user from the membership tables and it will take me to a default.aspx page.  I have added code to it that displays the claims associated to a user.
    For POC purposes I'd like to retrieve documents that are associated to this user from the default.aspx page.
    This is where I am having trouble understanding:  Is my understand correct?
    Internal users
    since they are internal on the network i am assuming that they would already have access to SharePoint and they would already be configured to what documents that they have available to them.
    Federated external users & Forms authentication external users
    it seems to me that the authentication for external users are separate from SharePoint authentication process.
    changes to the configuration settings are necessary in SharePoint, IIS, web application.
    I believe this is what i read.
    claims processes (e.g. mappings) need to be set up in SharePoint
    as long as external users are authenticated then things are ok b/c they would have claims associated to the user and the configuration in SharePoint takes are of the rest.
    This statement bothers me because I think it's wrong.
    So basically i'm stuck with if my understanding is correct: once a user is authenticated either by federated identity or asp.net.identity authentication that it should go to the provider hosted default.aspx page because the claim is authenticated and means
    that it should have access to it and the SharePoint document library based on some claim property.  I could then write the calls to retrieve from a document library and SharePoint will know based on some claim property that the logged in user can only
    access certain documents.
    It just sounds too good to be true and that i'm missing something in the thought process.
    Thanks in advance for taking the time to read.
    greenwasabi

    Hi GreenWasabi,
    i agree this is an interesting topic to discuss,
    as you can check from the article, you may check this example from the codeplex:http://claimsid.codeplex.com/
    when i thinking regarding this topic, its looks like an environment with multiple of realms,
    from what you understand, its correct that all the authentication is based from the provider, so for example i have a windows live ID and internal ID, then when i login windows live ID, it will be authenticated using windows live ID server.
    here is the example for the webservice:
    http://claimsid.codeplex.com/wikipage?title=Federated%20Identity%20for%20Web%20Services&referringTitle=Home
    as i know, if you using this federated, i am not quite sure that you will need to go to the provider page literally, perhaps you can check this example if we are using azure:
    http://social.technet.microsoft.com/wiki/contents/articles/22309.integrating-windows-live-id-google-and-facebook-accounts-with-sharepoint-2013-white-paper.aspx
    Regards,
    Aries
    Microsoft Online Community Support
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

  • ISE admin access, authentication against external radius

    Please don't ask me why,
    the customer insists and wants to be authenticated on ise (as admin) against an external (microsoft) radius server
    is it possible while retaining internal admin users database in a sequence Internal>external_radius or internal>AD ?
    thank you in advance for whatever may help

    According to Cisco:
    External Authentication AND external Authorisation for Admin acces son the ISE can only be done by using LDAP or AD.
    For Radius Servers there are a solution for external Authentication and internal Authorisation on the ise:
    External Authentication + Internal Authorization
    When configuring Cisco ISE to provide administrator authentication using an external RSA SecurID identity store, administrator credential authentication is performed by the RSA identity store. However, authorization (policy application) is still done according to the Cisco ISE internal database. In addition, there are two important factors to remember that are different from External Authentication + External Authorization:
    You do not need to specify any particular external administrator groups for the administrator.
    You must configure the same username in both the external identity store and the local Cisco ISE database.
    To create a new Cisco ISE administrator that authenticates via the external identity store, complete the following steps:
    Step 1 Choose Administration > System > Admin Access > Administrators > Local Administrators.
    The Administrators window appears, listing all existing locally defined administrators.
    Step 2 Follow the guidelines at Creating a New Cisco ISE Administrator to ensure that the administrator username on the external RSA identity store is also present in Cisco ISE. Be sure to click the External option under Password.
    Note Remember: you do not need to specify a password for this external administrator user ID, nor are you required to apply any specially configured external administrator group to the associated RBAC policy.
    Step 3 Click Save .

  • Delivery report shows status of Pending for external address. Email sent to both internal and external addresses.

    We have an Exchange 2013 on-premise server and seem to have an issue with emails sent to internal and external users at the same time.
    The issue came to light because someone sent an email to 44 recipients, of which one was internal. None of the external recipients received the email. I checked the delivery report in the EAC and found the internal email marked as 'Delivered' and all of
    the external ones marked as 'Pending'. I checked the queues and there were none. I did some testing and sent an email to just one of the external addresses on the list, it arrived. I tried sending the email again to all of the recipients, the external ones
    all showed 'Pending'. I tried it again, but this time excluded the internal email address and all of the 43 external emails were immediately delivered.
    So it seems that the issue only arises when we are sending to both internal and external addresses.
    I then tried a test email to one internal address and one external address. The Delivery report says that the internal address was delivered immediately, while the external address is 'Pending' and gives more information saying: 'Message delivery is taking
    longer than expected. There may be system delays. For more information, contact your helpdesk.'. To add further mystery to this, the email was actually delivered.
    So, I have two concerns:
    First is seems that some emails sent both internally and externally are only arriving internally. This is a huge problem because I don't know how many have been affected. There may be many lost emails we don't know about.
    Second, it looks like I can't trust the delivery report. It says pending for some emails which didn't arrive, but it also says pending for some which did arrive. That is no good at all.
    For info the server is running Windows Server 2012. I have run a Microsoft Update to check if there are any to apply and the only Exchange one is a spam filter update, which I doubt has any bearing but I will apply when I get chance.

    Hi Neil,
    According to the description, I find a related KB on Exchange 2010:
    https://support.microsoft.com/kb/2694474?wa=wsignin1.0
    It has the similar situation as yours.
    This issue occurs because a function in a message tracking component tries to obtain the information for the recipient instead of the external recipient.
    Please try to upgrade to the latest Exchange update to check whether this issue can be solved.
    Also please check whether Throttling has been set.
    Please run "Get-TransportService | fl" to check the MaxOutboundConnections parameter value.
    More details to see:
    Message throttling 
    http://technet.microsoft.com/en-us/library/bb232205(v=exchg.150).aspx
    Thanks
    If you have feedback for TechNet Subscriber Support, contact
    [email protected]
    Mavis Huang
    TechNet Community Support

  • SharePoint 2013 - Office Web Apps - Internal and External Use

    I have successfully installed SharePoint 2013 and Office Web Apps on Azure VMs inside an Azure Virtual Network (IaaS model). Everyting is working well. However, my testing has shown that external users and internal users can't use Office Web Apps at the
    same time.
    Office Web Apps, installed on its own vm, accomodates an external and internal URL quite well. However, SharePoint 2013 appears to only allow one setting for WOPI Zone, either internal or external but not both. I've set the WOPI zone to Internal-HTTPS (Set-SPWOPIZone
    –Zone “internal-https”). OWA works just fine if accessed from inside the Azure Virtual Network. However, if I try to access from outside the Virtual Network, from the Internet, Office Web Apps fails. The exact oppisite is also true. I can set WOPI Zone to
    External-HTTPS and accessing from the Internet works fine, but accessing inside the Virtual Network fails.
    Am I missing something? I, obviously, want Office Webs Apps to function properly for both internal and external users simultaneously.
    I appreciate any help anyone can provide here.
    Glenn

    Hi Glenn,
    To have both the use of Internet and Internal available to your end-users, you first need to configure AAM setting. Open Central Administration > Application Management > Configure alternate access mappings. Let's say there is an existing web application
    named http://sharepoint and my end-users from local network are able to access it using the URL http://sharepoint (root site collection). Here you need to add the Internet URL by select the web application and click Edit Public URLs. Add the Internet domain
    to the web application, e.g http://sharepoint.abc.com. You don't necessarily have to edit binding setting in IIS. Before continuing next steps, make sure you are able to access http://sharepoint.abc.com from the Internet while being able to access http://sharepoint
    from local network (aka Internal).
    On the machine where Office Web App (OWA) Server 2013 is installed, open PowerShell to add OWA module and use the following command to re-create a new OWA server farm if you've completed configuring it previously.
    New-OfficeWebAppsFarm -InternalUrl "http://owa" -ExternalUrl "http://owa.abc.com" -EditingEnabled.
    In this case, I'm not using SSL certificate to encrypt data over the Internet. You can use Internet-public IP of the OWA server like -ExternalUrl "http://198.xxx.xxx.xx". Add CertifcateName parameter if you want to use whether CA-issued certificate
    or self-signed certificate.
    On your SharePoint machine, you need to re-bind all WFE machines to WAC farm using the cmdlet New-SPWOPIBinding. Next, you need to set the WOPI zone for both internal and external.
    Set-SPWOPIZone -zone "external-http"
    Note: I'm not all using certificate in my guidance. But the steps to have it configured is just to add more parameter. 
    I've recently successfully deployed OWA multi-server farm for both internal and internet uses for two big clients. In real-world scenario, ideally OWA should be published through firewall (Forefront UAG, TMG, F5...etc). Please let me know if you still have
    issues after following my steps. My email: [email protected]
    Regards,
    -T.s
    Thuan Soldier
    A 23-year-old man loving Microsoft technologies and making crazy ideas on business journey.
    SharePoint Vietnam |
    Blog | Twitter

  • Hiding costing related information to external users

    Hi
    We have several transcations where we have internal and external users using the transcation where we have financial information and would not like to make it visible to external users.
    Can you please let me know the various options available to avoid external users with the financial data.
    Few of the transcations are MIGO,CORT,CORS.MI03
    Thanks in advance.
    Regards
    Praveen

    Hi Praveen,
    The best answer to this would be to restrict this at the transaction level itself. The business should decide not give access to any of the tcodes to the users which can expose data related to costing etc.
    But, then if the tcode needs to be given but restricted then you may have to use your security expertise to find out which are the objects that could be restricted in the user's role. for eg in MIGO it would be :
    F_BKPF_BUK Accounting Document: Authorization for Company Codes
    Regards,
    Subbu

Maybe you are looking for

  • Can't seem to export in iPhoto 9.5

    i tried to export photos to the desktop tonight and it does not work.  I can drag and drop but dont know why i cant export. Tried to quit and reopen and it did not work. i am on my new mbpro with mavericks Thanks Ross

  • How do I edit a converted PDF in a Word document?

    How do I edit a converted PDF document in a Word document

  • Can I more iweb pages to wordpress

    Can I move iweb pages to wordpress

  • ABAP program Scan

    Hi , Is there any standard ABAP program available in the system to find the obsolete statements in the given custom program?. Is there any table available in ths sytem to store the list of obsolete statements? Is there any table available in the syst

  • Permanently blocking a caller regardless of the "area code"

    Hello.  I can't seem to find anything similar to this in the archives.  There is a pest caller calling me that has a number very similar to my own, only the last 2 digits are different, the rest looks like my phone number.  Originally they started ca