OIF with external IdP (Shibboleth) - certificate issue

Similar Messages

• Enable Single Sign On in Share point 2013 with external IDP like CAS (Central Authentication Service)

  Hi,
  We need to configure our share point 2013 web application to work with third party site using Single Sign On (SSO) service.
  Currently we are using CAS (Central Authentication Service) as third party site. Trying to accomplish this from the last few days didn't found anything helpful.
  Please let us know is share point 2013 support authentication with any external site and if not is there any alternative to achieve this e.g. via ADFS or something else. Please help.
  Neetu Tanwar Software Developer

  You can do CAS and SharePoint auth using below
  Check below
  http://webcache.googleusercontent.com/search?q=cache:EhC3JLvqDWwJ:balendrant.blogspot.com/2013/05/external-authentication-providers-for.html+&cd=4&hl=en&ct=clnk&gl=in&client=firefox-beta
  http://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=9&ved=0CFEQFjAI&url=http%3A%2F%2Fdownload.microsoft.com%2Fdocuments%2FFrance%2FInterop%2F2010%2FFederated_Collaboration_With_Shibboleth_2_0_and_SharePoint_2010_technologies-1_0.docx&ei=i0u1U6bVB4KMuATP94II&usg=AFQjCNF09JusWUS97-em12JFpaH64Pxa3A&bvm=bv.70138588,d.c2E&cad=rja
  If this helped you resolve your issue, please mark it Answered

• When accessing Intranet sites that use SSL Certificates issued by our internal PKI, FF for Windows give an error of "improperly formatted DER-encoded message"

  When accessing Intranet sites with that have SSL Certificates issued by our internal PKI, FF for Windows gives an error messsage - An error occurred during a connection to myshaw. security library: improperly formatted DER-encoded message. (Error code: sec_error_bad_der)
  Chrome and IE work fine. This is a new PKI using the SHA-2 signature algorithm.

  Hi Guigs2,
  From the other post you link too, I can confirm that both the Root and Subordinate CA have been commissioned with the:
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CertSvc\Configuration\IssuingCA\CSP\AlternateSignatureAlgorithm = 1
  registry key set. As can be seen above, the Signature algorithm on an issued certificate is RSASSA-PSS. This is been Microsoft suggested deployment IF you do not wish to support either XP or Windows 2003 machine and lower. In fact, I believe the option has been around since Windows 2008, however, there were of course, a lot more XP machines back then.
  The obvious answer is that we would like to maintain the updated algorithm, AND see support for it added for Firefox. I think you will see a LOT more posts like this as people deploy more 2012 PKI infrastructure supporting only Windows 7 and up. Heavens, we may well be forced to Chrome or even back to IE!!! Whilst I do not what to necessary open up other potential vulnerabilities, for the sake of testing, what do you mean by disabling mozilla:pkix?

• SSTP VPN fails with Error 0x80092013 when certificate is issued by an Enterprise CA

  I have spent several days trying to configure an SSTP VPN in an environment with a 2008R2 Enterprise CA server without much luck. I have been using the example found at   http://technet.microsoft.com/en-us/library/cc731352(v=ws.10).aspx which
  works very well as long as you configure the CA Extensions tab with an http CRL Distribution point that is included in the CRLs and CDP extension of issued certificates and is available to the client prior to VPN connection.
  Basically my lab environment is as follows:
  Separate 2008R2 domain controller, Single 2008R2 Enterprise CA / RRAS server with one nic. I know the instructions that I mentioned above use an RRAS server with 2 nics but I don't want my RRAS server serving as a router. I have an external hardware firewall
  that port forwards port 443 to my single nic in my RRAS server and this entire configuration works fine as long as I am using a standard CA configuration. The RRAS was configured using the custom option and only VPN was chosen. Since my RRAS server is behind
  a NAT router, the dns name my external client uses to connect is different than the internal name of my RRAS server.
  In the example above, a Windows 2008R2 CA server is configured as a standalone non-enterprise root CA. As long as I stick with a standard CA, I have no problem and everything works.
  My problem is that if I configure my Windows Server 2008R2 Enterprise server as an Enterprise Root CA, My Windows 7 client always gets an "Error 0x80092013 The revocation function was unable to check revocation because the revocation server was offline."
  I'm not certain, but I think the problem is with the way that I request the certificate for my RRAS server. When I configure a standalone standard root CA and use the web enrollment page and use an Advanced Certificate Request, I get a page that I can use
  to fill out the external dns name that I use to connect to SSTP, choose a Server Authentication Certificate,  choose to mark keys as exportable and submit my request. Once I install this key in the Certificates (local computer) / Personal / Certificates
  store, everything works and my client can connect as long as I have installed the root CA certificate on my client.
  When I install my CA as an Enterprise Root CA server, everything changes. I no longer have the same options to install a custom certificate. Instead of getting the same page as I do with a standard CA, I get my choice of Certificate Templates. Prior to this,
  I have duplicated the Computer template in the CA authority and configured the subject name to "supply in request" and configured my CA to issue it. I have tried issuing my RRAS SSTP certificate using the web enrollment and I have also tried using the certificates
  plugins in mmc to request custom certificates and tried using an alternative subject name, filling out the DNS option with my external dns name.
  When it is all said and done, I end up with an RRAS SSTP certificate that has CRL Distribution Points defined as URL=http://www.mywebsite/CertEnroll/myCA.crl and it is available to my client or anyone. I have compared the certificate issued by an Enterprise
  CA vs the Standard CA and I find little difference in the two. I also know that I can reach this RRAS SSTP certificate from my client by going to  https://myexternaladdress.mydomain.com/sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/and
  I can view the padlock in IE and view my internal RRAS certificate. The CRL Distribution point looks no different when I have a standard vs an Enterprise CA but my client always fails with the Error 0x80092013 when I have issued the RRAS SSTP certificate
  with the Enterprise CA.
  I have probably re-setup this lab about 20 times and am getting very familiar with getting it set up quickly and working with the standard CA but I want to use an Enterprise CA environment.
  What am I missing? How can I make this work with an Enterprise CA? How can I troubleshoot this?
  Thanks,
  Rod
  Rod Miller

  Thanks for  your reply. I did read the article and addressed that issue in the first part of my previous post. I don't think that the website where I am hosting my CRL has directory browsing permissions or that I have the ability to set them but the
  point of my question was everything works using that same public website when I use a standard CA to create my certificate but does NOT work when I create the certificate using an Enterprise CA.
  Rod
  Rod Miller

• How do i deal with 'security certificate' issues on my iPad2? I'm unable to answer the security questions that pop up when Im trying to download an app because the pop up does not load properly...

  Basically my Ipad2 stopped allowing me to go to sites such as Tumblr a little while ago. It wouldn't display the page properly because of 'security certificate' issues. This in itself would not have been such a problem, but when I went to the App store to try and download the Tumblr App, a pop up appeared asking me to answer some security questions before I could successfully install the App. However, the pop up would not display correctly because of 'security certificate' issues and as a result I can't download any apps from the App Store. Can anyone help with this??

  Well, I maged to delete some stuff, download the update...
  My Mac mail is still not ok. Still only displays today, yesterday and everything is the 16th of the month previous to this?
  All a bit strange to say the least any suggestons on how to resolve this.
  I now have a second issue in all my emails at the very top of each it describes in detail the full information of
            Delivered-To:  
            Received:  
            Received:  
            Received:  
            Received:  
            X-Received:  
            Return-Path:  
            Received-Spf:
            Authentication-Results:
            Content-Type:  
            Mime-Version:  
            X-Mailer:  
            X-Cloudmark-Analysis:  
  Surely this should not be displayed rather insecure I would think. Any suggestions on how to amend

• Issues with External Hard Drives

  I hope this is the right forum for this one - please give me a steer if not! I've also posted it in 'Dock and Finder', but this forum seems equally appropriate, if not more so.
  I'm getting repeated issues with External Hard Drives, including ones that I have been using successfully for months/years, suddenly failing to mount and then becoming 'unknown device' through the firewire branch of 'About This Mac'.
  I've just bought a new hard drive on the grounds that the others had somehow failed, and the same problems are emerging. I decided to Repair Permissions on my iMac's internal drive, and am copying the results below, from repair runs conducted yesterday and today:
  YESTERDAY'S REPAIR PERMISSIONS RESULTS
  Verifying volume “Macintosh HD”
  Performing live verification.
  Checking Journaled HFS Plus volume.
  Checking Extents Overflow file.
  Checking Catalog file.
  Checking multi-linked files.
  Checking Catalog hierarchy.
  Checking Extended Attributes file.
  Checking volume bitmap.
  Checking volume information.
  The volume Macintosh HD appears to be OK.
  Repairing permissions for “Macintosh HD”
  Reading permissions database.
  Reading the permissions database can take several minutes.
  Permissions differ on "private/var/log/secure.log", should be -rw------- , they are -rw-r----- .
  Permissions differ on "Library/Preferences", should be drwxrwxr-x , they are drwxrwxrwx .
  Permissions differ on "Applications/Utilities/AirPort Utility.app/Contents/Resources/lanArrow.png", should be -rwxrwxr-x , they are -rw-rw-r-- .
  Permissions differ on "Applications/Utilities/AirPort Utility.app/Contents/Resources/lanCheck.png", should be -rwxrwxr-x , they are -rw-rw-r-- .
  Permissions differ on "Applications/Utilities/AirPort Utility.app/Contents/Resources/lanDisabled.png", should be -rwxrwxr-x , they are -rw-rw-r-- .
  Permissions differ on "Applications/Utilities/AirPort Utility.app/Contents/Resources/wanArrow.png", should be -rwxrwxr-x , they are -rw-rw-r-- .
  Permissions differ on "Applications/Utilities/AirPort Utility.app/Contents/Resources/wanCheck.png", should be -rwxrwxr-x , they are -rw-rw-r-- .
  Permissions differ on "Applications/Utilities/AirPort Utility.app/Contents/Resources/wanDisabled.png", should be -rwxrwxr-x , they are -rw-rw-r-- .
  Permissions differ on "Library/Application Support/Apple/ParentalControls/ALRHelperJobs", should be drwxrwxr-x , they are drwxr-xr-x .
  ACL found but not expected on "System/Library/User Template/English.lproj/Sites".
  Permissions differ on "System/Library/CoreServices/Front Row.app/Contents/CodeResources", should be -rw-r--r-- , they are lrwxr-xr-x .
  Permissions differ on "System/Library/CoreServices/Front Row.app/Contents/PlugIns/DVD.frappliance/Contents/CodeResources", should be -rw-r--r-- , they are lrwxr-xr-x .
  Permissions differ on "System/Library/CoreServices/Front Row.app/Contents/PlugIns/FRSettings.frappliance/Contents/CodeResources", should be -rw-r--r-- , they are lrwxr-xr-x .
  Permissions differ on "System/Library/CoreServices/Front Row.app/Contents/PlugIns/FRSources.frappliance/Contents/CodeResources", should be -rw-r--r-- , they are lrwxr-xr-x .
  Permissions differ on "System/Library/CoreServices/Front Row.app/Contents/PlugIns/Movies.frappliance/Contents/CodeResources", should be -rw-r--r-- , they are lrwxr-xr-x .
  Permissions differ on "System/Library/CoreServices/Front Row.app/Contents/PlugIns/Music.frappliance/Contents/CodeResources", should be -rw-r--r-- , they are lrwxr-xr-x .
  Permissions differ on "System/Library/CoreServices/Front Row.app/Contents/PlugIns/Photos.frappliance/Contents/CodeResources", should be -rw-r--r-- , they are lrwxr-xr-x .
  Permissions differ on "System/Library/CoreServices/Front Row.app/Contents/PlugIns/Podcasts.frappliance/Contents/CodeResources", should be -rw-r--r-- , they are lrwxr-xr-x .
  Permissions differ on "System/Library/CoreServices/Front Row.app/Contents/PlugIns/TV.frappliance/Contents/CodeResources", should be -rw-r--r-- , they are lrwxr-xr-x .
  Permissions differ on "System/Library/PrivateFrameworks/BackRow.framework/Versions/A/CodeResources", should be -rw-r--r-- , they are lrwxr-xr-x .
  ACL found but not expected on "System/Library/User Template/English.lproj/Desktop".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/Application Support".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/Assistants".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/Audio/MIDI Drivers".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/Audio/Plug-Ins/Components".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/Audio/Plug-Ins/Digidesign".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/Audio/Plug-Ins/VST".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/Audio/Plug-Ins".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/Audio/Sounds/Alerts".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/Audio/Sounds/Banks".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/Audio/Sounds".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/Audio".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/ColorPickers".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/Compositions".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/Favorites".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/FontCollections".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/Fonts".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/iMovie/Plug-ins".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/iMovie/Sound Effects".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/iMovie".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/Input Methods".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/Internet Plug-Ins".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/Keyboard Layouts".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/Preferences".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/Printers".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/Screen Savers".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/Sounds".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/Voices".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library".
  ACL found but not expected on "System/Library/User Template/English.lproj/Movies".
  ACL found but not expected on "System/Library/User Template/English.lproj/Music".
  ACL found but not expected on "System/Library/User Template/English.lproj/Pictures".
  ACL found but not expected on "System/Library/User Template/English.lproj/Public".
  Permissions differ on "Applications/iTunes.app/Contents/CodeResources", should be -rw-rw-r-- , they are lrwxr-xr-x .
  Permissions differ on "Applications/iTunes.app/Contents/Frameworks/InternetUtilities.bundle/Contents/ CodeResources", should be -rw-rw-r-- , they are lrwxr-xr-x .
  Permissions differ on "Applications/iTunes.app/Contents/Resources/iTunesHelper.app/Contents/CodeResou rces", should be -rw-rw-r-- , they are lrwxr-xr-x .
  Permissions differ on "System/Library/LaunchDaemons/com.apple.usbmuxd.plist", should be -rw-r--r-- , they are -rwxr-xr-x .
  Warning: SUID file "System/Library/Filesystems/AppleShare/afpLoad" has been modified and will not be repaired.
  Warning: SUID file "System/Library/PrivateFrameworks/DiskManagement.framework/Versions/A/Resources /DiskManagementTool" has been modified and will not be repaired.
  Warning: SUID file "sbin/umount" has been modified and will not be repaired.
  Warning: SUID file "bin/rcp" has been modified and will not be repaired.
  Permissions differ on "Library/Application Support/Apple/ParentalControls/ContentFiltering", should be drwxrwxr-x , they are drwxr-xr-x .
  Permissions differ on "Library/Application Support/Apple/ParentalControls", should be drwxrwxr-x , they are drwxr-xr-x .
  Permissions differ on "System/Library/PrivateFrameworks/iLifeMediaBrowser.framework/Versions/A/CodeRe sources", should be -rw-r--r-- , they are lrwxr-xr-x .
  Permissions differ on "System/Library/PrivateFrameworks/iPhotoAccess.framework/Versions/A/CodeResourc es", should be -rw-r--r-- , they are lrwxr-xr-x .
  Permissions differ on "System/Library/PrivateFrameworks/iPhotoAccess.framework/Versions/A/Resources/P lugins/BlackAndWhiteEffect.IAPlugin/Contents/CodeResources", should be -rw-r--r-- , they are lrwxr-xr-x .
  Permissions differ on "System/Library/PrivateFrameworks/iPhotoAccess.framework/Versions/A/Resources/P lugins/CubeTransition.IAPlugin/Contents/CodeResources", should be -rw-r--r-- , they are lrwxr-xr-x .
  Permissions differ on "System/Library/PrivateFrameworks/iPhotoAccess.framework/Versions/A/Resources/P lugins/DissolveTransition.IAPlugin/Contents/CodeResources", should be -rw-r--r-- , they are lrwxr-xr-x .
  Permissions differ on "System/Library/PrivateFrameworks/iPhotoAccess.framework/Versions/A/Resources/P lugins/DropletTransition.IAPlugin/Contents/CodeResources", should be -rw-r--r-- , they are lrwxr-xr-x .
  Permissions differ on "System/Library/PrivateFrameworks/iPhotoAccess.framework/Versions/A/Resources/P lugins/FadeThroughBlackTransition.IAPlugin/Contents/CodeResources", should be -rw-r--r-- , they are lrwxr-xr-x .
  Permissions differ on "System/Library/PrivateFrameworks/iPhotoAccess.framework/Versions/A/Resources/P lugins/FlipTransition.IAPlugin/Contents/CodeResources", should be -rw-r--r-- , they are lrwxr-xr-x .
  Permissions differ on "System/Library/PrivateFrameworks/iPhotoAccess.framework/Versions/A/Resources/P lugins/MosaicFlipTransition.IAPlugin/Contents/CodeResources", should be -rw-r--r-- , they are lrwxr-xr-x .
  Permissions differ on "System/Library/PrivateFrameworks/iPhotoAccess.framework/Versions/A/Resources/P lugins/MosaicFlipTransitionSmall.IAPlugin/Contents/CodeResources", should be -rw-r--r-- , they are lrwxr-xr-x .
  Permissions differ on "System/Library/PrivateFrameworks/iPhotoAccess.framework/Versions/A/Resources/P lugins/PageFlipTransition.IAPlugin/Contents/CodeResources", should be -rw-r--r-- , they are lrwxr-xr-x .
  Permissions differ on "System/Library/PrivateFrameworks/iPhotoAccess.framework/Versions/A/Resources/P lugins/PushTransition.IAPlugin/Contents/CodeResources", should be -rw-r--r-- , they are lrwxr-xr-x .
  Permissions differ on "System/Library/PrivateFrameworks/iPhotoAccess.framework/Versions/A/Resources/P lugins/RevealTransition.IAPlugin/Contents/CodeResources", should be -rw-r--r-- , they are lrwxr-xr-x .
  Permissions differ on "System/Library/PrivateFrameworks/iPhotoAccess.framework/Versions/A/Resources/P lugins/SepiaEffect.IAPlugin/Contents/CodeResources", should be -rw-r--r-- , they are lrwxr-xr-x .
  Permissions differ on "System/Library/PrivateFrameworks/iPhotoAccess.framework/Versions/A/Resources/P lugins/TwirlTransition.IAPlugin/Contents/CodeResources", should be -rw-r--r-- , they are lrwxr-xr-x .
  Permissions differ on "System/Library/PrivateFrameworks/iPhotoAccess.framework/Versions/A/Resources/P lugins/WipeTransition.IAPlugin/Contents/CodeResources", should be -rw-r--r-- , they are lrwxr-xr-x .
  Warning: SUID file "usr/bin/quota" has been modified and will not be repaired.
  Warning: SUID file "usr/bin/rlogin" has been modified and will not be repaired.
  Warning: SUID file "usr/bin/rsh" has been modified and will not be repaired.
  Permissions repair complete
  TODAY'S PERMISSIONS REPAIR RESULTS
  Repairing permissions for “Macintosh HD”
  Reading permissions database.
  Reading the permissions database can take several minutes.
  Permissions differ on "Library/Application Support/Apple/ParentalControls/ALRHelperJobs", should be drwxrwxr-x , they are drwxr-xr-x .
  ACL found but not expected on "System/Library/User Template/English.lproj/Sites".
  Permissions differ on "System/Library/CoreServices/Front Row.app/Contents/CodeResources", should be -rw-r--r-- , they are lrw-r--r-- .
  Permissions differ on "System/Library/CoreServices/Front Row.app/Contents/PlugIns/DVD.frappliance/Contents/CodeResources", should be -rw-r--r-- , they are lrw-r--r-- .
  Permissions differ on "System/Library/CoreServices/Front Row.app/Contents/PlugIns/FRSettings.frappliance/Contents/CodeResources", should be -rw-r--r-- , they are lrw-r--r-- .
  Permissions differ on "System/Library/CoreServices/Front Row.app/Contents/PlugIns/FRSources.frappliance/Contents/CodeResources", should be -rw-r--r-- , they are lrw-r--r-- .
  Permissions differ on "System/Library/CoreServices/Front Row.app/Contents/PlugIns/Movies.frappliance/Contents/CodeResources", should be -rw-r--r-- , they are lrw-r--r-- .
  Permissions differ on "System/Library/CoreServices/Front Row.app/Contents/PlugIns/Music.frappliance/Contents/CodeResources", should be -rw-r--r-- , they are lrw-r--r-- .
  Permissions differ on "System/Library/CoreServices/Front Row.app/Contents/PlugIns/Photos.frappliance/Contents/CodeResources", should be -rw-r--r-- , they are lrw-r--r-- .
  Permissions differ on "System/Library/CoreServices/Front Row.app/Contents/PlugIns/Podcasts.frappliance/Contents/CodeResources", should be -rw-r--r-- , they are lrw-r--r-- .
  Permissions differ on "System/Library/CoreServices/Front Row.app/Contents/PlugIns/TV.frappliance/Contents/CodeResources", should be -rw-r--r-- , they are lrw-r--r-- .
  Permissions differ on "System/Library/PrivateFrameworks/BackRow.framework/Versions/A/CodeResources", should be -rw-r--r-- , they are lrw-r--r-- .
  ACL found but not expected on "System/Library/User Template/English.lproj/Desktop".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/Application Support".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/Assistants".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/Audio/MIDI Drivers".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/Audio/Plug-Ins/Components".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/Audio/Plug-Ins/Digidesign".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/Audio/Plug-Ins/VST".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/Audio/Plug-Ins".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/Audio/Sounds/Alerts".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/Audio/Sounds/Banks".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/Audio/Sounds".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/Audio".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/ColorPickers".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/Compositions".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/Favorites".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/FontCollections".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/Fonts".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/iMovie/Plug-ins".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/iMovie/Sound Effects".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/iMovie".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/Input Methods".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/Internet Plug-Ins".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/Keyboard Layouts".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/Preferences".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/Printers".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/Screen Savers".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/Sounds".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library/Voices".
  ACL found but not expected on "System/Library/User Template/English.lproj/Library".
  ACL found but not expected on "System/Library/User Template/English.lproj/Movies".
  ACL found but not expected on "System/Library/User Template/English.lproj/Music".
  ACL found but not expected on "System/Library/User Template/English.lproj/Pictures".
  ACL found but not expected on "System/Library/User Template/English.lproj/Public".
  Permissions differ on "Applications/iTunes.app/Contents/CodeResources", should be -rw-rw-r-- , they are lrw-rw-r-- .
  Permissions differ on "Applications/iTunes.app/Contents/Frameworks/InternetUtilities.bundle/Contents/ CodeResources", should be -rw-rw-r-- , they are lrw-rw-r-- .
  Permissions differ on "Applications/iTunes.app/Contents/Resources/iTunesHelper.app/Contents/CodeResou rces", should be -rw-rw-r-- , they are lrw-rw-r-- .
  Warning: SUID file "System/Library/Filesystems/AppleShare/afpLoad" has been modified and will not be repaired.
  Warning: SUID file "System/Library/PrivateFrameworks/DiskManagement.framework/Versions/A/Resources /DiskManagementTool" has been modified and will not be repaired.
  Warning: SUID file "sbin/umount" has been modified and will not be repaired.
  Warning: SUID file "bin/rcp" has been modified and will not be repaired.
  Permissions differ on "Library/Application Support/Apple/ParentalControls/ContentFiltering", should be drwxrwxr-x , they are drwxr-xr-x .
  Permissions differ on "Library/Application Support/Apple/ParentalControls", should be drwxrwxr-x , they are drwxr-xr-x .
  Permissions differ on "System/Library/PrivateFrameworks/iLifeMediaBrowser.framework/Versions/A/CodeRe sources", should be -rw-r--r-- , they are lrw-r--r-- .
  Permissions differ on "System/Library/PrivateFrameworks/iPhotoAccess.framework/Versions/A/CodeResourc es", should be -rw-r--r-- , they are lrw-r--r-- .
  Permissions differ on "System/Library/PrivateFrameworks/iPhotoAccess.framework/Versions/A/Resources/P lugins/BlackAndWhiteEffect.IAPlugin/Contents/CodeResources", should be -rw-r--r-- , they are lrw-r--r-- .
  Permissions differ on "System/Library/PrivateFrameworks/iPhotoAccess.framework/Versions/A/Resources/P lugins/CubeTransition.IAPlugin/Contents/CodeResources", should be -rw-r--r-- , they are lrw-r--r-- .
  Permissions differ on "System/Library/PrivateFrameworks/iPhotoAccess.framework/Versions/A/Resources/P lugins/DissolveTransition.IAPlugin/Contents/CodeResources", should be -rw-r--r-- , they are lrw-r--r-- .
  Permissions differ on "System/Library/PrivateFrameworks/iPhotoAccess.framework/Versions/A/Resources/P lugins/DropletTransition.IAPlugin/Contents/CodeResources", should be -rw-r--r-- , they are lrw-r--r-- .
  Permissions differ on "System/Library/PrivateFrameworks/iPhotoAccess.framework/Versions/A/Resources/P lugins/FadeThroughBlackTransition.IAPlugin/Contents/CodeResources", should be -rw-r--r-- , they are lrw-r--r-- .
  Permissions differ on "System/Library/PrivateFrameworks/iPhotoAccess.framework/Versions/A/Resources/P lugins/FlipTransition.IAPlugin/Contents/CodeResources", should be -rw-r--r-- , they are lrw-r--r-- .
  Permissions differ on "System/Library/PrivateFrameworks/iPhotoAccess.framework/Versions/A/Resources/P lugins/MosaicFlipTransition.IAPlugin/Contents/CodeResources", should be -rw-r--r-- , they are lrw-r--r-- .
  Permissions differ on "System/Library/PrivateFrameworks/iPhotoAccess.framework/Versions/A/Resources/P lugins/MosaicFlipTransitionSmall.IAPlugin/Contents/CodeResources", should be -rw-r--r-- , they are lrw-r--r-- .
  Permissions differ on "System/Library/PrivateFrameworks/iPhotoAccess.framework/Versions/A/Resources/P lugins/PageFlipTransition.IAPlugin/Contents/CodeResources", should be -rw-r--r-- , they are lrw-r--r-- .
  Permissions differ on "System/Library/PrivateFrameworks/iPhotoAccess.framework/Versions/A/Resources/P lugins/PushTransition.IAPlugin/Contents/CodeResources", should be -rw-r--r-- , they are lrw-r--r-- .
  Permissions differ on "System/Library/PrivateFrameworks/iPhotoAccess.framework/Versions/A/Resources/P lugins/RevealTransition.IAPlugin/Contents/CodeResources", should be -rw-r--r-- , they are lrw-r--r-- .
  Permissions differ on "System/Library/PrivateFrameworks/iPhotoAccess.framework/Versions/A/Resources/P lugins/SepiaEffect.IAPlugin/Contents/CodeResources", should be -rw-r--r-- , they are lrw-r--r-- .
  Permissions differ on "System/Library/PrivateFrameworks/iPhotoAccess.framework/Versions/A/Resources/P lugins/TwirlTransition.IAPlugin/Contents/CodeResources", should be -rw-r--r-- , they are lrw-r--r-- .
  Permissions differ on "System/Library/PrivateFrameworks/iPhotoAccess.framework/Versions/A/Resources/P lugins/WipeTransition.IAPlugin/Contents/CodeResources", should be -rw-r--r-- , they are lrw-r--r-- .
  Warning: SUID file "usr/bin/quota" has been modified and will not be repaired.
  Warning: SUID file "usr/bin/rlogin" has been modified and will not be repaired.
  Warning: SUID file "usr/bin/rsh" has been modified and will not be repaired.
  Permissions repair complete
  My concerns are:
  * Some of the permissions repaired yesterday appear to have needed to be repaired again today
  * There are several files which carry a warning that they won't be repaired as they have been 'modified', and some of these clearly relate to disk management.
  Does anyone have any ideas what is going on???
  Thanks!!

  Many problems with the 10.5.7 update have been fixed by a Restart.
  If that doesn't help, something may have gone wrong with the update. Download and install the "combo" update, from: http://support.apple.com/downloads/MacOS_X_10_5_7_ComboUpdate
  If that doesn't help, try running the Apple Hardware Test, on the disc that came with your computer.
  1. Disconnect all external devices (including the Ethernet cable) except the keyboard and mouse.
  2. Insert the "Additional Software & Apple Hardware Test" disc that came with your computer.
  3. Restart while holding down the "C" key. When the list of available startup volumes appears, click Apple Hardware Test and the right arrow.
  4. When the Apple Hardware Test main screen comes up (after a moment), follow the on screen instructions.
  5. If it detects a problem, an error code will be displayed. Make a note of it.

• Macbook won't recognize external Hard Drive and issues with Time Machine

  Hello everyone,
  I have just bought a new Macbook Pro with Mountain Lion and I am currently having problems with Time Machine.
  The issue begun in Snow Leopard: Time Machine was taking too long to backup, and would often not finish the backup because the external hard drive would be unwillingly ejected.
  Now with Mountain Lion I have reformated the drive (Mac OS Journaled) and about a third of the way through had the same issue: the drive was ejected before the backup could be finished. I restarted the machine and it happened again. However, now the computer won't even recognize the external drive when I plug it in. I have also tried to power off/on the drive itself to no progress.
  I have tested the USB port with another drive and the port is fine. I have also tested the usb cable and it is fine. And Disk Utility does not recognize the drive (even when I try the >diskutil list command in terminal).
  Now, I can hear the drive humming normally when I turn it on, and it is not usb-powered (my electricity current does fluctuate).
  Could the interrupted backup procedures have damaged the drive? And if so, wouldn't the computer recognize it anyway?
  It is a 4 year old WD 1 TB that is used exclusively for TM and has never left the house.
  Thank you for your time reading this and let me know if you need any more information that could help out.
  Cheers!

  From your description, I'd suspect a failing drive. Maybe time for a new external, especially as you've already re-formatted and it's still playing up.
  I had a similar problem with one of my clone backups a few weeks ago - it failed, I erased it, re-cloned, worked a couple of times and then it failed again. Disk Utility didn't throw up any errors after re-formatting. I guess all disks die at some point.

• Issue with external WSDL in own Outbound interface using SOAP UI

  Hello,
  this is the issue:
  a) Imported an external WSDL to PI as external definition
  b) Added external definition to a sync. Service interface
  c) Completed configuration and created a WSDL from the sender agreement in Directory (this is PI 7.1)
  d) imported the WSDL from c) to soap UI which we are using for testing interfaces
      (already successful with other sync interface where the WSDL from c) contains a message type created in PI
  e) testing this interface results in an error:
  Error message in MONI:
  SAP:Error SOAP:mustUnderstand="1" xmlns:SAP="http://sap.com/xi/XI/Message/30" xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/">
    <SAP:Category>Application</SAP:Category>
    <SAP:Code area="MAPPING">EXCEPTION_DURING_EXECUTE</SAP:Code>
    <SAP:P1>com/sap/xi/tf/_MM_TestTrigger_Testm~</SAP:P1>
    <SAP:P2>com.sap.aii.mappingtool.tf7.IllegalInstanceExcepti</SAP:P2>
    <SAP:P3>on: Cannot create target element /ns0:props. Value</SAP:P3>
    <SAP:P4>s missing in queue context. Target XSD requires a~</SAP:P4>
    <SAP:AdditionalText />
    <SAP:Stack>Runtime exception occurred during application mapping com/sap/xi/tf/_MM_Test_Testm; com.sap.aii.mappingtool.tf7.IllegalInstanceException: Cannot create target element /ns0:props. Values missing in queue context. Target XSD requires a</SAP:Stack>
    <SAP:Retry>M</SAP:Retry>
    </SAP:Error>
  This is the message as it looks like in soapUI:
  <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:com="http://jusit.hp.com/sys/common/">
     <soapenv:Header/>
     <soapenv:Body>
        <props>
           <com:Property>
              <com:PropertyName>A</com:PropertyName>
              <com:PropertyValue>1</com:PropertyValue>
           </com:Property>
        </props>
     </soapenv:Body>
  </soapenv:Envelope>
  This is the payload in MONI as it comes from SOAP UI (using http connection):
  <?xml version="1.0" encoding="UTF-8" standalone="yes" ?><!-- Mapping der Request-Message -->
  <props xmlns:com='http://jusit.hp.com/sys/common/' xmlns:soapenv='http://schemas.xmlsoap.org/soap/envelope/'>
           <com:Property>
              <com:PropertyName>A</com:PropertyName>
              <com:PropertyValue>1</com:PropertyValue>
           </com:Property>
        </props>
  This is the payload as it looks like in Mapping Test in Enterprise Repos. from implemented ext.def.:
  <?xml version="1.0" encoding="UTF-8"?>
  <ns0:props xmlns:ns0="http://jusit.hp.com/sys/common/">
     <ns0:Property>
        <ns0:PropertyName>A</ns0:PropertyName>
        <ns0:PropertyValue>1</ns0:PropertyValue>
     </ns0:Property>
  </ns0:props>
  Is there any restriction with external definitions to be used in PI which could be the reason for this strange behaviour?
  The implementation contained a message type created in PI earlier which was running successful!
  The problem came up with the external definition!
  Thank you for your help!
  Best regards
  Dirk

  Hi,
  the problem is not the mapping as it is 1:1 with the same message on both sides.
  But when I replace the "com"s with "ns0" and "props" with "ns0:props" in the request in soap UI
  the payload will be accepted and mapping is successful!
  So the issue is about the modification soap UI is doing on the imported WSDL.
  a) Generated request in soap UI from imported WSDL:  FAILS in PI!!!!
  <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:com="http://test.ap.com/sys/common/">
     <soapenv:Header/>
     <soapenv:Body>
        <props>
           <com:Property>
              <!You may enter the following 2 items in any order>
              <com:PropertyName>?</com:PropertyName>
              <com:PropertyValue>?</com:PropertyValue>
           </com:Property>
        </props>
     </soapenv:Body>
  </soapenv:Envelope>
  b) Modified request in soap UI from imported WSDL: WILL BE PROCESSED IN PI
  <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns0="http://test.ap.com/sys/common/">
     <soapenv:Header/>
     <soapenv:Body>
        <ns0:props>
           <ns0:Property>
              <!You may enter the following 2 items in any order>
              <ns0:PropertyName>B</ns0:PropertyName>
              <ns0:PropertyValue>5</ns0:PropertyValue>
           </ns0:Property>
        </ns0:props>
     </soapenv:Body>
  </soapenv:Envelope>
  But is there any possibility to avoid this effect in soap UI?
  Regards
  Dirk

• Lync internal clients have issues with external meetings

  We have a pretty easy Lync setup in our company, 2 FE servers in a Enterprise pool, one Edge server (in a pool. we will add edge servers later) and a Reverse proxy (Databases on a SQL server of course). Everything seems to be working well internally. We
  have not deployed Enterprise voice yet but that is coming later. Our issue is when our internal clients try to join a meeting from another company. They can join the meeting and IM but as soon as they try to start Voice, they get kicked out of the call. Internal
  meetings work fine with voice and video. They can join the meeting using Lync Web App but that is not a satisfactory solution for this. The company that hosted the meeting said users from other companies can join with the lync client without issue. I am a
  remote employee and I can join using audio and video from my home. I have tried tracing the issue with the lync client logs but they make little sense to me. My question is, how does the information flow from internal clients to an external meeting> Is
  it through the AV service in the Edge? 
    We have opened the firewalls wide open as a test (closed again of course) and it does not seem to be a firewall issue. Can anyone point me in the right direction?

  To both of you, thanks but the articles do not help me. We can host meetings in our Lync 2013 organization without issue and it seems that others from outside can join with either Lync client or LWA. Our remote users connect via Lync client without a VPN
  and have no issues with IM, Audio, video or sharing. The issue is connecting to another companies Lync meeting from inside our network. You can connect but as soon as you try to enable audio, you get kicked out. I have seen another post that describes the
  issue but there is no solution there either. As I said in the original post, we ran a test where we temporarily opened both the internal and external firewalls wide open for the Edge and Reverse Proxy servers and it had no effect whatsoever so I conclude it
  probably is not a firewall issue. Since Edwin verified what I believed in that the communication from the internal clients does go through our companies Edge server when joining a meeting with another company, it leads me to believe that this is
  a setup issue with the Edge server but I have followed the setup documents and nothing seems out of place. Our edge server is a virtual server. I  am wondering if this could be related to it or maybe this is just the way things are. Can anyone
  tell me that their internal users can join a meeting hosted by another company? We have open federation setup at this time and since the company that hosted the meeting claims to have had users from other companies in meetings without issue, I assume their
  SRV records work.

• Firewire to Thunderbolt Issues with External HD

  I purchased the Iomega eGo BlackBelt portable HD (http://www.amazon.com/Iomega-BlackBelt-FireWire-Portable-35115/dp/B0041EM9XM/ref =pd_sxp_f_pt) a few years ago and have backed up my MacBook Pro using time machine. The cable is a firewire 800 with theses connections (http://www.newegg.com/Product/Product.aspx?Item=12-200-730&Tpk=N82E16812200730). The rounded side goes into the MacBook Pro. I am trying to get it to connect to my new MacBook Air with Thunderbolt. The Apple Firewire to Thunderbolt addapter does not fit the one end of the cable. So I purchased the Belkin Firewire 9-9 Pin Cable (http://www.belkin.com/us/F3N418-APL-Belkin/p/P-F3N418-APL;jsessionid=89030857685 109325329E6412E872E81) to use instead of the one that came with the HD. However, there is no power going to the HD. I've tried the split USB also with no luck. It powers with the original cable on the Pro, but not the Belkin cable and Apple adapter on the Air. Any suggestions?

  SeattleLonginTheTooth 
  You can go on about your mistrust of eSata to Firewire bridges, etc., but my experience
  .......internal configuration of the Iomega drive
  What changed?
  Erratic performance
  1. Iomega doesnt make HD, there are only 4 HD (conventional) mfg. on earth current, Hitachi, Toshiba, WD, and Seagate.    The HD in the older Iomega is a Samsung not made anymore.
  2. Youre presuming its "my mistrust of SATA bridge hardware" or a subjective limited conclusion......its not.
  Its an empirical fact that SATA bridge hardware in USB to SATA HD or (little used, little owned) Firewire to SATA HD is "the most UNTRUSTWORTHY storage failure point that exists"
  3. Erratic performance........thats why some of us call it "haunted hard drive" syndrome.  The HD acts illogical, power and issues with appearing in disk utility.......logical diagnosis becomes 'hard' because the SATA interface has often no straightforward ABC.... failing profile.....
  I answer no less than about 40 questions a month here that are related to failing or failed SATA bridge cards.
  Ive got no less than a dozen dead ones laying around the house. 
  In fact in one day (no joke) I had 2 SATA bridge cards die on me. Confirmed that it was the bridge cards.
  This hardware USED to be permanently attached to USB hard drives, but the mfg. realized this part failed SO much SO often they made it a detachable part.
  SeattleLonginTheTooth 
  What might we infer from this?
  Possibly the Thunderbolt adapter alone isn't supplying adequate or stable power,
  "my experience" is a lot more extensive with external HD media.
  Yes, and that also indicates SATA card issue.......which manifests in 2 ways most often, recognition issues and power drop "lost HD" issues.
  the SATA bridge card as found inside USB HD devices which has an extremely high failure rate.
  Inside a USB hard drive, containing the HD and SATA card
  Countless 1000s of good external hard drives are thrown away each year because the owner thought the HD was bad when it fact it was the SATA bridge card which had failed. This card is removed in a matter of mere second once an external USB HD is cracked open from its plastic casing to reveal the bare HD and the attached SATA card which attaches between the HD and the USB cable.

• No Wireless Internet with External Display, Other Issues

  Hello,
  When I connect an external monitor to my MBA, I lose my connection to the Internet. The wi-fi signal remains strong, but pages will not load (I tried many) and I cannot retrieve email. The connection times out when I try to ping as well. This occurs whether I have the MBA open or closed. The loss of Internet happens immediately when I connect an external display using the supplied dongle, and returns the moment I disconnect it. It is clearly an issue with external displays.
  On the advice of an Apple Genius, I also tried disabling bluetooth. I did so, and turned off all my bluetooth devices (Apple keyboard and mouse, iPhone), but the problems persist.
  The other trouble I am having is difficulty connecting to a network for the first time in a session. In other words, I was connected all day yesterday, take the MBA home, and return to the office the next day. MBA takes a long time to see the network, then fails to accept the password. If I carry the MBA closer to the wireless router, it finds and connects automatically as I'd saved my password. When I return to my desk, I remain connected with full signal strength. This has happened in two locations, one with an Airport Extreme, the other with a Netopia 802.11g router. When my Macbook Pro is sitting right next to the MBA, it recognizes and connects to the same networks almost instantaneously.
  Anyone have any suggestions? Much appreciated.

  Just a quick update... I was on the phone with Apple Support on Saturday morning and I thought we were making progress. The basic idea behind the proposed solution was that there was some "Preferences" that were causing the problem. We started over with a clean Preferences folder and tried connecting up the external monitor. At first, this approach was showing progress. The suggestion was to copy over my original Preferences (I had made a backup copy) just a few at a time until we figured out which ones caused the problem. The problem with this approach is that immediately after I got off the phone, the internet started not to work again. So, even with a clean Preferences folder, the internet would quit working after connecting up the external monitor.
  So, I'm back to the drawing board. I have since restored my Preferences folder and I don't have my external monitor and internet working at the same time. BTW, I also upgraded to 10.5.3 and it didn't help.
  Still bummed,
  Kevin

• Diagnosing an ASM space issue for a primary and a standby database instance with external redundancy.

  I've received an alert from Enterprise manager saying "Disk Group DATA_SID requires rebalance because at least one disk
  is low on space". My colleague who I would go to with this question is unavailable, so this is a learning opportunity
  for me. So far google and Oracle documentation have provided lots of information, but nothing that answers my questions.
  I've run the following query on both the primary and standby databases ASM instances:
  select name, disk_number, sector_size,os_mb, total_mb, free_mb, redundancy from v$asm_disk;
  On the primary I get 4810M Free space and 18431M Total Space
  on the standby I get 1248M Free space and 18431M Total Space -- this is the one that complained via OEM
  When I run the following query in the database instance:
  select sum(bytes)/1024/1024 MB from dba_segments;
  I get 3736.75M as a result.
  My questions are:
  1. Will OEM's suggestion to rebalance the disk actually help in this situation since the instance is set up with external redundancy?
  2. If I've got 18G of space and only 3.7G of data, why is OEM complaining?
  3. How can I reclaim what I presume is allocated but unused space in my problem disk group?
  4. How can I determine what extra data the standby has that the primary doesn't since both have the same total space allocation, but different amounts of free space?

  Thank you for the reply. That link is very good.
  We are an 11.1 version of our database. Linus is OEL 5.6.
  So, looking at the portion of the link that refers to 'Add Standby database and Instances to the OCR' - If we use SRVCTL to give the STANDBY the role of ‘physical_standby’ and the start option of ‘mount’, what effect will that have if the STANDBY becomes our PRIMARY?
  Would these database settings need to be modified manually with SRVCTL each time?
  We understand why the instance is not starting when the node is rebooted, we are looking for a best practice of how this is implemented.
  Thank you.

• Importing WSDL with external references issue

  Hi guys,
  pls help me on this:
  I have a WSDL file which referes to external data types. Obviously, if I want to create a message mapping I can't see the WSDL data type. How are such situations resolved? How to import external types into PI?
  Thx, A.

  HI,
  You have to inport the WSDL  alongwith all its external references.
  You can refer the following threads:
  Import WSDL with external reference
  Re: PI 7.1: Importing a wsdl file with references to other xsd files
  http://help.sap.com/saphelp_nwesrce/helpdata/en/26/9e97b0f525d743882936c2d6f375c7/content.htm

• JavaFX with external libraries

  Hi,
  I would like to get some help about compiling a JavaFX code with external libraries. I've searched around a lot, but cant find the solution.
  Basically I have a JavaFX application, that uses images (they are under the src/ folder as they suggest it) and uses external .jar files, AND these jar files uses other external files (not jars). I want to run the application in desktop mode first, so now I am interested in a solution that makes it work on PC.
  I am using Netbeans to develop and run (works everything fine when running from IDE), and using javafxpackager to compile, when I want to run without the IDE.
  When I compile with Netbeans, the generated jar and jnlp files can run ONLY from the dist/ folder, if I copy it somewhere else in my winchester, it does not start.
  I have find something about "signing jars", so I have to make the jars signed to be able to run them AND to be able to link to the image files that the application uses.
  So I have 2 problems/questions with this situation:
  - I have to use external jars and those jars uses external files, but when I start the app, it seems its __DIR__ variable is not set correctly, but I've read that I have to make the application "signed" to solve this problem, but
  - if I make the JavaFX signed, it requires that all other jars have to be signed? (it sounds logical of course)
  So, my final question is, do I have to make the application (and all other jars) signed, to be able to use external jars and files or not (if I want to run as a desktop application)?
  And if I have to make them signed, then will the relative linking work correctly?
  So whats the best way to make it work (using external files and jars)?
  Thanks for any help, and sorry for the long post (and for my bad english) :)
  Cheers
  kojak

  kojak wrote:
  When I compile with Netbeans, the generated jar and jnlp files can run ONLY from the dist/ folder, if I copy it somewhere else in my winchester, it does not start.Unfortunately JNLP requires the base location to be stored in the JNLP file. While that supposedly makes JNLP distributed stuff more secured, it also make them cumbersome and time-consuming to use.
  Futhermore, JNLP files generated by NetBeans reference a local web server that only runs when NetBeans is on.
  That explains why you just simply cannot move the app to the location you want. I you move them, you have to open them (any text editor) and modify the codebase field (possibly the homepage's href too).
  If you want to use only 1 single JNLP, all your JARs references in that JNLP need to be signed with the very same certificate (certificate A).
  Unfortunately, this is not good most of the time as some external lib (generally the ones coming from Sun/Oracle) are already signed and you cannot resign them.
  The other option is that you can make your main JNLP reference other sub-JNLP that are placed at the same location. Each of these sub-JNLP can reference 1 or more JARs that are signed with a different certificate (1st JNLP used certificate B, 2nd JNLP used certificate C, etc.).
  An example adapted from my own main JNLP:
  <resources>
      <java version="1.6+"/>
      <jar href="http://<intranet web server>/<my main JAR file>" download="eager" main="true"/>
      <extension href="http://dl.javafx.com/1.3/javafx-rt.jnlp" name="JavaFX 1.3.x Runtime"/>
      <extension href="http://<intranet web server>/l2fprod-7.3.jnlp" name="l2fprod-7.3"/>
      <extension href="http://<intranet web server>/JFXtras-0.7.jnlp" name="JFXtras-0.7"/>
      ...and JFXtras-0.7.jnlp:
  <?xml version="1.0" encoding="UTF-8"?>
  <jnlp spec="1.0+" codebase="http://<intranet web server>" href="JFXtras-0.7.jnlp">
      <information>
          <title>JFXtras-0.7</title>
          <vendor>JFXtras</vendor>
          <homepage href="http://code.google.com/p/jfxtras/"/>
          <description>Additionnal controls for JavaFX</description>
          <offline-allowed/>
      </information>
      <security>
         <all-permissions/>
      </security>
      <resources>
         <jar href="lib/JFXtras-Common-0.7rc2.1.jar" main="false" download="eager" size="1309380"/>
         <jar href="lib/JFXtras-Controls-0.7rc2.jar" main="false" download="eager" size="1453233"/>
         <extension name="MigLayout-3.7" href="MigLayout-3.7.jnlp"/>
         <extension name="SwingWorker-1.2" href="SwingWorker-1.2.jnlp"/>
      </resources>
      <component-desc/>
  </jnlp>Both JARs files in that particular JNLP can be signed with a different certificate from the one of the main jar, same wit the JARs listed in the 2 sub-JNLPs that are referenced here.
  Note: of course, currently, JARs provided by JFXtras are note signed, so I end having to sign them myself anyway, but you get the idea.
  Unfortunately NetBeans does not generate such setup so you'll have to find a tool or develop something that does that for you.
  Perhaps you should try to post your question in the web start forum Java Web Start & JNLP as well but be prepared to face the all knowledgeable and always helpful but not very user-friendly and definitely not patient with new comers Andrew Thompson.
  Note that I've never used external files so I do not know if signing the JAR would fix that particular issue (I do not think so).
  Overall I do not like Java Web Start, as said before, it's cumbersome, time-consuming to use, poorly documented, with basically very little to no packaging/helper tool, prone to failure if you make the slightest mistake in the JNLP(s) definition (having a nebulous documentation of its feature does not help) and they've introduced a stream of bugs and errors with each sub-release of Java 6 for the past year and the half that makes programmer's life a hell and JWS a joke compared to other deployment technologies used by competitors.

• Lync Edge Server 2013 Certificate Issue seems unresolvable

  I've implemented a single internal Standard Edition Front End server with a single consolidated Edge server and Reverse Proxy server/appliance located in a perimeter network.
  On the internal IP of the Edge server I use a certificate form a internal CA ( which is trusted by the edge server), the "internal" certificate issued by the internal Ca is used only between the edge server and the frontend server. An external certificate
  with cn sip.ipabo.nl and alt.subj sip.ipabo.nl and webconf.ipabo.nl. from Globalsign is used on the external IP’s . Services have their own ip adresses and are natted by a router. Ive tested that all ports can be reached from the internet. But still no connection
  possible from external clients. The ms. connectivity analyser says: "The The certificate couldn't be validated because SSL negotiation wasn't successful". Connections from mobile clients through reverse proxy are no problem also internal clients
  have no issue ( they both don’t use the edge but proxy ). So i assume there's someting wrong with the certificate implementation on the Edge server, however ive tested it with the RUCT from Curtis Johnstone, and the certificate seems to be OK. Also in the
  Lync Server Deployment Wizard the certificates seem to be OK. In the computers personal certificate store the are only the two necessary certificates ( internal and external) also intermediate certificates are installed. Routing ( default gateway on external
  interface ) is working fine. So I think I'm out of options, any ideas? 
  Tnx, 
  Guido

  Please check the DNS records for sip.ipabo.nl and webconf.ipabo.nl are created on external DNS server.
  Please check you can telnet Lync Edge Access service FQDN on 443 port.
  Check the automatic configuration for remote access is configured correctly or you can try to sign in manually.
  Follow the steps in blog blow to test your Edge Server:
  http://blogs.technet.com/b/nexthop/archive/2011/12/07/useful-tips-for-testing-your-lync-edge-server.aspx
  Lisa Zheng
  TechNet Community Support