OTP and Mobile Access Server

Similar Messages

• Can I use my iPad to connect to a Mobile Access Server on a Mac mini ?

  I run a small business and am considering setting up an internal network. The online "features" description for Mobile Access Server (a component of Snow Leopard Server) says I can connect remoetley from an iPod or a Mac. The iPad is not mentioned. can I use my iPad to connect to a Mobile Access Server?

  Yes. It's the same as connecting from an iPod touch or iPhone.
  Logmeinigniton or teamviewer are a few of the apps you can use.
  Teamvewer has free app and you can see if it does what you want.

• Mobile Access Server setup

  So, I'm setting up a 10.6.1 server in the DMZ to be a Mobile Access Server to reverse proxy mail, calendaring, and web. Couple issues I have:
  1. I want to manage this DMZ server from a different internal 10.6.1 Server inside my network. I have turned on Remote Management on the DMZ server, but cannot connect from Server Admin on the internal server to the DMZ server. I need to be able to manage both servers from one Server Admin console. I also need to be able to screen share the DMZ server for access ONLY from the internal server. How do I accomplish this?
  2. My internal 10.6.1 server is my Open Directory Master already, and working nicely. But to use Mobile Access Server and reverse proxy services back to the internal server, I need the DMZ server to be aware of my existing directory inside. Would I want to make the DMZ server an Open Directory Replica, or should I use the middle option for Open Directory types called "Connect to another directory"? Obviously, I know that it should NOT be another master.
  3. I have purchased and implemented a wildcard cert on my internal 10.6.1 server to use for TLS, HTTPS, etc. I have also told the Open Directory Master to use ssl for the LDAP piece of it (there's a GUI option for that). Figured I might as well secure everything I can a bit more since I purchased the cert. What effect will this have on Question 2 above? Will I need to open a different port for instance on the firewall for LDAP over SSL? Or any issues with creating a Replica or "connect to another OD server" on the OD server in the DMZ to get it to connect to the internal OD Master?
  Thanks for all the help here.

  To your #1: When you use a firewall to place a device in a DMZ, that device is not part of the internal network. It 'technically' sits on the outside of the firewall at nearly the same place as your external connection.
  Some discussions about a firewall use colors to designate the 'data protection' level or 'threat' vector.
  (Below was 'borrowed' from http://riskless.com/firewall_configuration.aspx)
  * RED Network Interface
  This network is the Internet or other untrusted network. IPCop’s primary purpose is to protect the GREEN, BLUE and ORANGE networks and their computers from traffic originating on the RED network. Your current connection method and hardware are used to connect to this network.
  * GREEN Network Interface
  This interface only connects to the computer(s) that IPCop is protecting. It is presumed to be local. Traffic to it is routed though an Ethernet NIC on the IPCop computer firewall.
  * BLUE Network Interface
  This optional network allows you to place wireless devices on a separate network. Computers on this network cannot get to the GREEN network except tightly controlled “pinholes”, or via a VPN. Traffic to this network is routed through an Ethernet NIC.
  * ORANGE Network Interface
  This optional network allows you to place publicly accessible servers on a separate network. Computers on this network cannot get to the GREEN or BLUE networks, except through tightly controlled “DMZ pinholes”. Traffic to this network is routed through an Ethernet NIC.
  * The GREEN and RED networks are required
  * The ORANGE and BLUE networks are optional
  The interface requirements for your RED network will vary depending on your connection to the Internet. The RED network may require an additional Ethernet card and cable.
  you can also read up all this from a more neutral article here: http://www.ocmodshop.com/ocmodshop.aspx?a=1526
  The point of all this is that, depending on 'where' the dat is comgin from , it either is denied access ,or must be 'punched through' to allow access. Her is a diagram of that process (from a linux firewall called ipcop)
  !http://www.ipcop.org/1.4.0/en/admin/images/traffic.png!
  Soaccess from inside (your network) to your DMZ device should work without any trouble but from DMZ to inside should require ports to be opened up. On most Firewalls, they call this port access 'Pin Holes' as the DMZ is itself protected by only allowing the ip address of that network into through the firewall. Possibly Your firewall is not doing any kind of Statefull Packet Inspection so all conversations must have a pinhole to come 'back' out of the dmz? Tell us your firewall brand and that might help.
  #2: I would use "Connect to another directory". YOu want to limit the amount of data that can be compromised in the DMZ. As I mentioned the DMZ is outside your network, technically naked to the world. I believe that any port that does NOT get routed (forwarded) into your green, will automatically be forwarded to your DMZ, so it will be hammered with all manner of hack and virus vectors.
  Peter

• How to setup Mobile Access Server

  Hi,
  I am trying to setup Mobile Access Server on my Mac Mini Server. The setup I have is a small network behind a Airport Extreme. I would like to give all users access to services using Mobile Access Server and was hoping initial setup was going to take care of that....no such luck.
  What do I fill in for the local servers? How do I access this service from the outside the lan? How do I need to configure my Airport (with the other services, it happened almost automatically from the security pane).
  Thanks,
  Ian

  Hi,
  In the field for local server you just type in the local dns name for your calendar server, mail server etc... Also select which port you want publish externally and the the correct port your service is actually using on your lan (Selected under advanced tab). Make sure your mobile access server can resolv your hostnames correctly. It should point to an local ip. If an nslookup shows your public ip, you have to correct your local dns server (This is often called split dns configuration.)
  To access this from outside your LAN you have setup NAT and permit the port you have configure your mobile access server to be the incomming port. How exactly you do that on the airport I am not sure, but I am sure it is explained in the user manual for the airport.
  I found this video about the mobile access server on youtube: http://www.youtube.com/watch?v=_VRgl2bncZU
  Hope this helps.
  Bernt

• Mobile repository server and mobile development server

  Hi,
  We are implementing Mobile applications,. Can we install Mobile repository server and mobile development server in same server?
  Or do we have two sepearate servers for both?
  What are thye prerequisites for to install this two ?
  Any idea.
  Thanks
  Lisa

  Firstly ensure you have correct authorisation. Refer to SAP Note 1037574.
  It should be found here...
  http://service.sap.com
    > SAP Support Portal
    > Click on the tab "Downloads"
    > Select the drop down arrow called "Download"
    > From the list select the dropdown arrow "Installations and
      Upgrades"
    > Click on "Entry by Application Group"
    > Now in the main screen click on "SAP Application Components"
    > Select "SAP CRM" from the drop down list.
    > Now click on "SAP CRM 2007"
    > Click on "Installation and Upgrade"
  Rgds, Gervase

• Win 7 Pro 64 occasionally fails to connect using IKEV2 to Win2008R2 Routing and Remote Access server

  I'm a networking guy and having this troubling VPM issue that I can't find.
  I have a number of VPN connections from my Win7Pro 64 PC to various customers.  Their end points are all Windows Routing and Remote Access on Windows 2008R2 STD servers.
  Every once and a while I will hang at Verifying User ID and Password and eventually get  ERROR 809. Change the security type on my VPN connection from IKEV2 to PPTP - never an issue, connects in right away.
  I can also try from another PC (at the same or alternate location) to get into that same server using the same credentials and access - no issue using either IKEV2 or PPTP.
  This has happened at various times to various customers. Here is what I know it is not:
  - Not the local or remote routers or Firewalls since I can always get in from other PC's going through the same network. Even so, tried rebooting all several times
  - Not an ISP issue at either end since I can always get into other IKEV2 servers from the same PC and from other PC's to the server I can't from my PC.
  This leads to the only logical conclusion.  It is something to do with my Win7Pro 64 PC but for the life of my I can not find it.
  I have obviously tried rebooting the Win7Pro PC. I have also tried recreating the VPN connection several times. Nothing.
  Help!

  Hi,
  I know that you've mentioned that it is not a issue about firewall or router settings, but this error usually comes when some firewall between client and server is blocking the ports used by VPN tunnel.
  so to allow IKEv2 traffic, please make sure to configure the network firewall to open UDP ports 500 and 4500, and to allow IP protocol 50.
  If that is not possible, deploy SSTP based VPN tunnel on both VPN server and VPN client – that allows VPN connection across firewalls, web proxies and NAT
  You can refer to this blog
  http://blogs.technet.com/b/rrasblog/archive/2006/06/14/which-ports-to-unblock-for-vpn-traffic-to-pass-through.aspx
  Regards
  Yolanda
  TechNet Community Support

• Routing and Remote Access Server 2012 r2 Help

  Hi all, I just setup a new 2012 R2 server with DHCP, DNS and Routing and Remote Access. When a user logs in to the VPN the DHCP is assigning the wrong IP address. My DHCP Scope is 10.0.10.100 to 10.0.10.199 but it's setting it to 169.254.X.X.
  How do I fix this.

  169.254.x.x are APIPA addresses which are allocated when the guest cannot see the DHCP server/allocator. Basically there is something wrong with your RRAS setup.
    You should never run a remote access server on a DC. It will give you all sorts of name resolution problems. As soon as a client connects, the server acquires an additional IP for the VPN connection and the DC is multihomed. That has been a problem
  since NT days and still is.
  Bill

• Exchange 2010 and Client Access Server Roll

  Hi,
  We have one CAS/HUB server, two mailbox roll servers in a DAG. Both mailbox roll servers have public folder database and both are replicate each other. Now we are going to office365. Now we
  need to install client access roll on public folder database server(mailbox roll server) for office365 users to access the public folder from on premises according to
  http://technet.microsoft.com/en-us/library/dn249373(v=exchg.150).aspx
  We don't want get any problem after installing another CAS server roll. Our users' outlook should not interrupt with new installation. We are not setup client access array here. We are installing
  this for public folders access to office365 mailboxes. How to install and configure?
  Please help us to achieve this.
  Thanks & Regards.

  http://public.wsu.edu/~brians/errors/role.html
  Exchange 2013 doesn't have a public folder database.  If you're asking about an older version of Exchange, the Exchange previous versions forums are here: 
  http://social.technet.microsoft.com/Forums/en-US/category/exchangeserverlegacy
  You shouldn't have any problem installing the CAS role.  To be sure, after installing the server change all the URLs in the virtual directories to point to one of the real CAS servers, and run Set-ClientAccessServer -AutodiscoverServiceInternalUri to
  to a valid Autodiscover URL.
  Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

• Palm Pre cannot access Mobile Access Server

  Have a SL Server that iphones access fine for mail, but the Pre will not connect. We are using SSL (GoDaddy cert) and I have tried many configs on the Pre with no results. When I try to sign in it says "unable to validate incoming mail server settings...." Anyone have this same issue?
  Thanks,
  Paul

  Just thought id ask:
  I'm trying to use SSL from a certificate I bought from Godaddy. Issue is I can't for the life of me get the intermediates to chain and create a secure connection. Did you run into anything like this when installing your new certificate?
  Im running OSX10.6

• Set value when a virtual, analog modem should answers in Server 2012 Routing and Remote Access

  Hi there,
  I googled for hours on the following problem:
  We have a Routing and Remote Access Server with an Dialogic Diva PRI card (30 lines). The card provides an analog, virtual modem pool. All this runs on Windows Server 2012 (without R2).
  My problem is that the client will be connected after 3 or 4 rings on the line (I can not hear properly with our client device), but it should be connected after the first ring.
  Under Server 2000 there was the possibility to set the value "NumberOfRings" in the registry and / or  set the modem to ATS0 = 1. Both ways do not work in Server 2012.
  Can anyone tell me how it works under 2012?
  Thanks and regards
  Andre

  I assume you followed Dialogic's instructions for configuring the device on Windows Server 2012.  It would most likely make more sense to contact Dialogic if you are having issues.  They support the product.  If it is not working according
  to their configuration instructions, they are in the best position to be able to answer your questions.
  . : | : . : | : . tim

• Mobile Access + Wiki Server via SSL Question

  If MAS is running with SSL, does that SSL continue for the entire session? Or just the initial passing of credentials?
  I'd like to not have the wiki server running SSL for internal use if MAS encrypts all the traffic. The reason for the question is when connecting to the wiki server via MAS, there is no SSL lock on the browser, telling me it's in the clear.

  Mobile Access Server does not provide proxy access to 10.6 server Wiki.
  hth,
  b.

• SLS and Final Cut Server

  Hi.
  I'm running FCServer on an iMac, and I'm currently looking for the best solution for giving co-workers outside of our office network remote access to our FCS database. The main purpose for this is for remote users to screen and download episode segments and movies from our database.
  I was initially thinking VPN would be the only solution, but then I saw Snow Leopard Server has 'Mobile Access Server' built right into the OS, which appears designed to help users avoid having to use a VPN.
  Before I go out and buy SLS for the company, I want to be sure it will work. Am I correct that Snow Leopard Server, and the built-in Mobile Access Server, will allow users outside of our network remote access to our FCSrvr database?
  Any help would be greatly appreciated.
  Thank you!

  Thank you for your response.
  I posted this in the Final Cut Server forum as well and got this response:
  +"Mobile Access Server will give outside access as VPN would, which will be handy if you want to access Final Cut Server using the Java client app. It will also give you VPN access for non-FCSvr uses, like email and Web.+
  +If all you want is a subset of your FCSvr database, then you could also publish selected content to a Web/FTP/WebDAV server in your DMZ."+
  If anyone else could offer some insight it would be greatly appreciated. I'm just an audio/video post-production guy, so this is all a little outside of my training.
  Thanks.

• Mobile Access Services displaying as XML

  O.K.
  I also have a single machine set up (the new MacMini Server). I am trying to access Address Book Server. I have the service up and the checkbox checked and pointed the internal server to same address as the external
  forexample.myserver.org
  for testing purposes I have been using a self generated certificate (that also matches the name of the server)
  In a web browser (like Safari on the iPhone) I type in https://forexample.myserver.org:8843
  I have finally connected to and gotten the secure sign in page...but after logging in the browser gives me this (the code instead of usable interface) and Im STILL locked out of the directories that hold the actual Address Book data (though I can see the directory listing now)...what is up?
  Name Size Last Modified MIME Type
  .server-uuid 36 2009-Nov-16 22:26 (collection)
  addressbooks/ ? 2009-Nov-16 22:36 (collection)
  principals/ ? 2009-Nov-16 22:26 (collection)
  Properties
  Name Value
  {DAV:}acl
  (access forbidden)
  {DAV:}acl-restrictions
  <?xml version='1.0' encoding='UTF-8'?>
  <acl-restrictions xmlns='DAV:'/>
  {DAV:}creationdate
  <?xml version='1.0' encoding='UTF-8'?>
  <creationdate xmlns='DAV:'>2009-11-16T22:36:24Z</creationdate>
  {DAV:}current-user-principal
  <?xml version='1.0' encoding='UTF-8'?>
  blah blah blah

  By single machine I mean I am running the Mobile Access Service on the same physical server that Address Book server is running on (the documentation highly recommends running Mobile Access Server on one machine as a proxy and running your other services with the data (like Address Book) on another)
  Mobile Access Service is the service that allows iPhone users to connect to services without needing to go through a vpn.
  I don't know what the mechanism is to actually access the data (while there is a section on setting up Mobile Access in the Network Services documentation there is absolutely no explanation for how to get to the data with your iPhone.

• How to close Mobile Mouse Server?

  I was doing an update on the App Mobile Mouse Server and when it weas ready to install it indicated I needed to close the App before it could install the update.  The app is not in the dock and I don't know how to close it.  Help Please!!!

  Hi,
  In the field for local server you just type in the local dns name for your calendar server, mail server etc... Also select which port you want publish externally and the the correct port your service is actually using on your lan (Selected under advanced tab). Make sure your mobile access server can resolv your hostnames correctly. It should point to an local ip. If an nslookup shows your public ip, you have to correct your local dns server (This is often called split dns configuration.)
  To access this from outside your LAN you have setup NAT and permit the port you have configure your mobile access server to be the incomming port. How exactly you do that on the airport I am not sure, but I am sure it is explained in the user manual for the airport.
  I found this video about the mobile access server on youtube: http://www.youtube.com/watch?v=_VRgl2bncZU
  Hope this helps.
  Bernt

• How do I quickly search a specific Instant AP or Mobility Access Switch on Aruba Central?

  Q: How do I quickly search a specific Instant AP or Mobility Access Switch on Aruba Central?
  A: Central provides a standard web-based interface that allows you to configure and monitor Instant Access Points (IAPs) and Mobility Access Switches.  Integrated in this web interface is a Search tex box, which can be used by an administrator to search for an IAP, Mobility Access Switch, client, notification event, network or labels.
  When you type a search string, the search function suggests matching keywords and allows you to automatically complete the search string entry. This option proves very handy when a user is not aware in which ap group, a client or IAP is part of.

  Ben,
  Unfortunately I can't post any VIs that would demonstrate the problem
  because the ActiveX components are confidential.  I'll try to develop
  my own ActiveX dll that will demonstrate it, but in the meantime, in
  hopes that another picture will help, I've attached an image of a block
  diagram (with some names changed to protect confidential information)
  of one of the lower level VIs from the hierarchy I posted.  In this
  example, the "Automation Refnum IN" is an input with a type definition
  linked to the strict typedef based on the ActiveX automation dll that
  has changed.  I updated that typedef, but as you can see the output to
  the "Class1" indicator is broken.  If I delete the "Class1" indicator
  and select Create->Indicator from the Class1 property node, and then
  wire the new "Class1" indicator to the connector pane, the VI is fixed
  -- at least at compile time.  In most cases there is also a runtime
  problem where the reference obtained by one of the intermediate
  property nodes is null, so the property or method node that uses it
  fails (e.g. "_VNManager.Networks" property returned is 0, so the
  "_Networks.Network1" property node fails).  To fix this problem, I have
  to delete the wires between the property nodes, and one by one select a
  different property/method, then select the correct property/method and
  re-wire.  There seems to be a bit of "jiggling the handle" to get it to
  work though.
  I don't know if the ActiveX developer changed anything in this class,
  but if he did, he didn't change the name of this class.  I would like
  to have to modify the VI only if a class, property or method has
  changed name or been removed.
  Does that all make sense?  Thanks for any pointers or help!
  Tom
  Attachments:
  Class1_Path.GIF ‏7 KB