Protecting remote CFCs from unauthorized access

Similar Messages

• Protecting iPad data from unauthorized access

  When somebody connects my iPad to his computer with installed iTunes (not my computer, not my iTunes), he is able to view my videos and hear my music as well as delete my data by syncing his own data to my iPad.
  My iPad is protected by the 4 digit code and locked, but this does not prevent iTunes from syncing data from an unauthorized computer.
  Is there any way to protect the iPad data against unauthorized access?

  Ok, I was able to test this on a new computer, iTunes asks you to unlock the iPad by typing the PIN code on the iPad before it starts syncing.
  The previous computer where I encountered the problem was originally used to register the iPad as it had no PIN code, so it remembered the iPad as a "known" one, even if I uninstalled and reinstalled iTunes on that computer.
  So I must be careful not to connect my iPad to computers others than mine in unlocked status, otherwise the person which owns the computer will be able to get data from my iPad at a later point even when my iPad is locked. In my opinion this is a security problem.

• Application Security - Protecting the files from direct access

  I am working on my application. I have a Flex app that
  everyone will access but to do the work, I have it calling on
  several PHP files. The Flex app has a login system and only allows
  advanced functionality after login. This protects the Flex portion,
  but does not really account for the PHP side of things.... The PHP
  files do a variety of things, mostly SQL calls, but also run a few
  system commands.
  How do you set up the PHP files or use an htaccess file to
  only allow the Flex app to call the PHP files? I'd like to set it
  up so that the users can't directly access the PHP files. However,
  I'm sure the client workstation is still making the request when
  called by the Flex app, right?
  Has anyone done this? Does anyone have any thoughts or
  suggestions on this?
  Thanks,
  Chris

  Hi csawall,
  These are just some off the top ideas, you can extrapolate
  and create a solution that might work:
  Since the client has access to the data stream to/from the
  server, there is no way to guarantee that someone won't use some
  kind of sniffer program to find what file the flex app is talking
  to, but that doesn't mean that you can't obfuscate it as much as
  possible to make it not worth trying.
  One idea was to use a single index and use _GET to control
  what content is being served, using includes on the php side to
  serve the proper file/content.
  Since the content you are delivering I would assume requires
  authentication, you'll have a unique session ID to work in. While
  the actual php file could be accessed in real time if you watched
  the data stream, if the user is already authenticated, what diff
  does it make? Set up specific rules inside your php file, so that
  it must receive data using a specific protocol, one that you can
  obfuscate using crypt and base it on variables that are unique,
  such as SSID + date + time, etc. When you first authenticate with
  the server from the flex app, have the php login script return the
  required protocol rules back to the flex app that would be unique
  to the session. The _SESSION variables on the server would contain
  the unique protocol rules as well. This gives you server side
  control over talking to the flex app... then all you would need to
  do, if you wanted to keep a tighter lid on the access to your
  script, is just rotate the protocol from time to time.
  Add on top of this, script name obfuscation that you store
  server side and transfer only withing the validated session, such
  as e.g. fstrs4adadst4_somefile.php etc etc, where your randomized
  key is the prefix (or suffix whichever you prefer) of your index.
  Your code of course would use the current protocol keys to match
  the current index, and all you need do is control the .htaccess
  file so that it relays any $_somefile.php to the proper
  file/directory etc which would be a name that would never be
  revealed to the public, and only used inside your .htaccess file or
  on the server side itself.
  Taking it a step further, if you create some kind of pulsing
  authentication system using the above methods, you can rotate the
  keys fast enough, so that someone would have to work really hard to
  figure out the protocol to talk to your server
  Just my 2 cents...
  RFX

• Calling remote CFC method from CFFORM

  From what I understand by the remote methods in CFCs you can
  access them by passing the argument names and values through the
  URL with the method defined as well. I am trying to do the
  following:
  http://www.cfcoding.com/osu/components/Employees.cfc?method=addEmployee&firstname=Tristan& lastname=Lee&email=tristanlee%40gmail.com&address=1234+Some+Dr.&city=My+City&state=My+Stat e&zip=12345&comments=Test2&onNext=%2Fadmin%2F
  I have attached the code for that function, but it seems as
  though when I call that method with the arguments, the page is just
  blank. Even with output being on, I still can't get anything to
  display. In the end, the new employee isn't inserted into the
  database which is my biggest concern. Any dieas?

  There are several issues:
  1. You need to obtain file handle before calling GetFileType(). How are you going to get it?
  2. The simplest way to call a method from kernel32 would be using jni wrapper library, like xFunction:
  import com.excelsior.xFunction.*;
      /* Call Beep() from KERNEL32.DLL */
      xFunction f =  new xFunction( "kernel32",  "int Beep(int,int)" );
      f.invoke( new Argument(1770),  new Argument(100) );regards, Denis

• Setting up Remote Desktop Apps for access from a Mac with 2FA

  Hi
  Setting up Remote Desktop Apps for access from a Mac with 2FA.
  I have a server 2012 remote access gateway, with remote apps published(which uses single signon), behind a 2FA connection (web based) and want to know if its possible to allow macs to connect to the remote Apps behind it. i cannot permanently remove any
  of the above setup as it is a requirement.
  When i connect from a mac i can login to both the 2FA and remote access web pages and see all the apps but when i click on any app it downloads it to the mac and when i try to run it using Remote Desktop App for MAC i get an error :
  "httpendpointexception: 4, The non-proxy http connection failed to connect with the message: 500 internal Server Error."
  I have tried with 2fa turned off for testing and get the same result.Does it support 2012 TSGW server? does it support Remote desktop apps? as i cant find a definitive answer on either.
  Thanks in advance for any advice.

  Hi,
  Thank you for posting in Windows Server Forum.
  From Error description it seems to be a communication issue between your Mac and your RD gateway server. If you connect from extranet, you may need Remote Desktop Gateway or a VPN/Direct Access connection to your intranet, or forward port 3389 on your router.
  500 Internal Server Error seems to be a HTTP related error. 
  The HTTP status code in IIS 7.0, IIS 7.5, and IIS 8.0
  Also, please double check the settings if you have a RD gateway implemented in you intranet.
  http://redmondmag.com/articles/2013/12/24/rd-gateway-in-windows-server.aspx
  In Windows Server 2012 R2 RD Gateway pluggable authentication is also introduced. This allows custom authentication routines to be used with RD Gateway. For example building a two-factor solution on top of RD Gateway is now possible which allows doing token-authentication
  to the RD Gateway which works seamlessly with RD Web Access or RDP file launching.
  Please check below article for more information.
  Windows Server 2012 R2 is coming what does this add to RDS – VDI
  In addition, please provide the log file from the client for further research.
  Microsoft Remote Desktop -> About Microsoft Remote Desktop -> Send log via email
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  TechNet Community Support

• Is there a way to password protect certain apps from being used? Example I don't want my child to access my apps while he's using his on the iPad

  Is there a way to password protect certain apps from being used? Example I don't want my child to access my apps while he's using his on the iPad. I don't want to lock him out of the iPad. Let him use Angry birds, but not Sims or Games not appropriate for him that I play.

  Sorry, but it is not possible to restrict use of specific apps other that the few restrictions provided in the Restrictions settings, not unless the app itself provides some sort of lock. If you don't want your child playing certain games, the only answer is to not load them on the iPad he uses.
  Regards.

• Spring / OC4J / JMX - Unauthorized access from application publishing mbean

  I get the following when my Spring app tries to publish mbeans to the OC4J MBeanServer.
  My app works fine in JBoss, i.e. JBoss doesn't throw a security exception.
  What file do I have to configure in OC4J for this to be allowed?
  java.lang.SecurityException: Unauthorized access from application: ice-crem to MBean: bean:name=portalConfig
       at oracle.oc4j.admin.jmx.shared.UserMBeanServer.checkRegisterAccess(UserMBeanServer.java:873)
       at oracle.oc4j.admin.jmx.shared.UserMBeanServer.registerMBean(UserMBeanServer.java:400)
       at oracle.oc4j.admin.jmx.server.state.LocalizationFilterMBeanServer.registerMBean(LocalizationFilterMBeanServer.java:341)

  It looks like you are trying to access MBeans in the bean: domain from an application called ice-crem.
  OC4J enforces a security proxy for MBeans. By default an application specific MBean
  can only access MBeans within the same application -- so the ice-crem application can only see MBeans in the ice-crem domain.
  If an application creates its own Custom MBeanServer, then the security proxy intercepto does not come into play since there are no OC4J System MBeans in it. Any application can access an applications Custom MBeanServer.
  What I found when using Spring with JMX was to configure it to use a Custom MBeanServer.
  <bean id="customMBeanServer"
  class="org.springframework.jmx.support.MBeanServerFactoryBean">
  <property name="defaultDomain" value="customMBeanServer"/>
  <property name="locateExistingServerIfPossible" value="false"/>
  <property name="registerWithFactory" value="true"/>
  </bean>
  and then put all the Spring exported MBeans in that.
  <bean id="exporter"
  class="org.springframework.jmx.export.MBeanExporter">
  <property name="beans">
  <map>
  <entry key="bean:name=bean1"
  value-ref="bean1"/>
  <entry key="bean:name=bean2"
  value-ref="bean2"/>
  </map>
  </property>
  <property name="server" ref="customMBeanServer"/>
  </bean>
  If you want to disable the JMX security proxy, so you can do what you are currently trying to do and what works in JBoss, then you nee dto start OC4J with this System property:
  java -Doc4j.jmx.security.proxy.off=true -jar oc4j.jarDoing that exposes the OC4J System MBeans to all deployed applications, so its not something you really want to run in production unless you then go and apply a Java2 policy style restriction on the oc4j:* mbeans.
  cheers
  -steve-

• HT201270 My iPhone was stolen. I have asked the phone company to block it. Do I need to do something to protect my data in my iPad and Macbook from being accessed by the thieves?

  Do I need to do anything to stop the thieves from having access to data in my iPad and Macbook?

  Hi James
  Thanks for your response. I didn't even know I should do this. I stopped using a pin number to use the phone cos it was a nuisance to answer calls.
  The phone has been locked by EE/T-Mobile and I have checked with Find my iPhone and the phone is not connected/not even on.
  You're right about changing passwords. Will get cracking.
  Nooraini

• Accessing a remote server from withing pl/sql

  Can anybody throw light on how to send a request to a remote server from within pl/sql. Based on a request from the client i need to reach the remote server (with a different web server capable of sending data ), get the details from it proccess the data sent by it and send the response back to the client.
  can anybody let me know if this is possible or is there someway of doing this..

  I think you may have the answer to my question (funny, but the one supposed to answer is asking).
  How can i make an application that can lookup EJBs in a remote server?
  I tried doing like i did from a servlet but every kind of exceptions arrise when i run it with the java command.
  From what i could understand from your question this is not the way i should do it. So, which one is the way?
  Greetings,
  Nicol�s

• Remote deploys from Windows to Linux fail with deployment plans on WLS 10.0

  Hi there,
  We're using WLS 10.0.1 running in a RHEL environment (actually CentOS release 4.7 for development), and attempting to perform remote deploys from Windows work stations using the weblogic.Deployer ant task.
  It works fine when not using deployment plans, or when performing a remote deploy from a unix based work station such as a Mac. However, introducing a deployment plan causes a failure only when run from Windows.
  The log trace follows:
  weblogic.Deployer -debug -remote -verbose -upload -noexit -name obpservices -source C:\work\obf\ver4.0\services\target\obpservices.war -targets obEnterpriseServer -adminurl t3://wlsdev:7001 -user weblogic -password ******** -redeploy -plan C:\work\obf\ver4.0\services/src/runtime/deployment-plans/steves-deployment-plan.xml
  weblogic.Deployer invoked with options: -debug -remote -verbose -upload -noexit -name obpservices -source C:\work\obf\ver4.0\services\target\obpservices.war -targets obEnterpriseServer -adminurl t3://wlsdev:7001 -user weblogic -redeploy -plan C:\work\obf\ver4.0\services/src/runtime/deployment-plans/steves-deployment-plan.xml
  [WebLogicDeploymentManagerImpl.<init>():103] : Constructing DeploymentManager for J2EE version V1_4 deployments
  [WebLogicDeploymentManagerImpl.getNewConnection():146] : Connecting to admin server at wlsdev:7001, as user weblogic
  [ServerConnectionImpl.getEnvironment():288] : setting environment
  [ServerConnectionImpl.getEnvironment():291] : getting context using t3://wlsdev:7001
  [ServerConnectionImpl.getMBeanServer():239] : Connecting to MBeanServer at service:jmx:t3://wlsdev:7001/jndi/weblogic.management.mbeanservers.domainruntime
  [ServerConnectionImpl.getMBeanServer():239] : Connecting to MBeanServer at service:jmx:t3://wlsdev:7001/jndi/weblogic.management.mbeanservers.runtime
  [DomainManager.resetDomain():36] : Getting new domain
  [DomainManager.resetDomain():39] : Using pending domain: false
  [MBeanCache.addNotificationListener():96] : Adding notification listener for weblogic.deploy.api.spi.deploy.mbeans.TargetCache@359df4
  [MBeanCache.addNotificationListener():103] : Added notification listener for weblogic.deploy.api.spi.deploy.mbeans.TargetCache@359df4
  [MBeanCache.addNotificationListener():96] : Adding notification listener for weblogic.deploy.api.spi.deploy.mbeans.ModuleCache@375edb
  [MBeanCache.addNotificationListener():103] : Added notification listener for weblogic.deploy.api.spi.deploy.mbeans.ModuleCache@375edb
  [ServerConnectionImpl.initialize():171] : Connected to WLS domain: obportal_domain
  [ServerConnectionImpl.setRemote():482] : Running in remote mode
  [ServerConnectionImpl.init():161] : Initializing ServerConnection : [email protected]9a
  [BasicOperation.dumpTmids():691] : Incoming tmids:
  [BasicOperation.dumpTmids():693] : {Target=obEnterpriseServer, WebLogicTargetType=server, Name=obpservices}, targeted=true
  [RedeployOperation.setupPaths():86] : in place redeploy: false from moduleArchive: C:\work\obf\ver4.0\services\target\obpservices.war
  [RedeployOperation.setupPaths():95] : redeploy src path: C:\work\obf\ver4.0\services\target\obpservices.war
  [BasicOperation.deriveAppName():140] : appname established as: obpservices
  <20/10/2009 10:47:57 AM EST> <Info> <J2EE Deployment SPI> <BEA-260121> <Initiating redeploy operation for application, obpservices [archive: C:\work\obf\ver4.0\services\target\obpservices.war], to obEnterpriseServer .>
  [ServerConnectionImpl.upload():658] : Uploaded app to /opt/bea/user_projects/domains/obportal_domain/servers/AdminServer/upload/obpservices
  [BasicOperation.dumpTmids():691] : Incoming tmids:
  [BasicOperation.dumpTmids():693] : {Target=obEnterpriseServer, WebLogicTargetType=server, Name=obpservices}, targeted=true
  [BasicOperation.loadGeneralOptions():608] : Delete Files:false
  Timeout :3600000
  Targets:
  obEnterpriseServer
  ModuleTargets={}
  SubModuleTargets={}
  Files:
  null
  Deployment Plan: \opt\bea\user_projects\domains\obportal_domain\servers\AdminServer\upload\obpservices\plan\steves-deplo
  yment-plan.xml
  App root: \opt\bea\user_projects\domains\obportal_domain\servers\AdminServer\upload\obpservices
  App config: \opt\bea\user_projects\domains\obportal_domain\servers\AdminServer\upload\obpservices\plan
  Deployment Options: {isRetireGracefully=true,isGracefulProductionToAdmin=false,isGracefulIgnoreSessions=false,rmiGracePeriod=-1,retireTimeoutSecs=-1,undeployAllVersions=false,archiveVersion=null,planVersion=null,isLibrary=false,libSpecVersion=null,libImplVersion=null,stageMode=null,clusterTimeout=3600000,altDD=null,altWlsDD=null,name=obpservices,securityModel=null,securityValidationEnabled=false,versionIdentifier=null,isTestMode=false,forceUndeployTimeout=0,defaultSubmoduleTargets=true,timeout=0}
  [BasicOperation.execute():425] : Initiating redeploy operation for app, obpservices, on targets:
  [BasicOperation.execute():427] : obEnterpriseServer
  [RedeployOperation.initializeTask():55] : Starting task with path: \opt\bea\user_projects\domains\obportal_domain\servers\AdminServer\upload\obpservices\app\obpservices.war
  java.io.FileNotFoundException: \opt\bea\user_projects\domains\obportal_domain\servers\AdminServer\upload\obpservices\plan\steves-deployment-plan.xml (No such file or directory)
  at java.io.FileInputStream.open(Native Method)
  at java.io.FileInputStream.<init>(FileInputStream.java:106)
  at weblogic.deploy.internal.adminserver.operations.AbstractOperation.parsePlan(AbstractOperation.java:1027)
  at weblogic.deploy.internal.adminserver.operations.AbstractOperation.execute(AbstractOperation.java:133)
  at weblogic.management.deploy.internal.DeployerRuntimeImpl$2.run(DeployerRuntimeImpl.java:816)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
  at weblogic.security.service.SecurityManager.runAs(Unknown Source)
  at weblogic.management.deploy.internal.DeployerRuntimeImpl.performDeployerActions(DeployerRuntimeImpl.java:810)
  at weblogic.management.deploy.internal.DeployerRuntimeImpl.redeploy(DeployerRuntimeImpl.java:568)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:585)
  at weblogic.management.jmx.modelmbean.WLSModelMBean.invoke(WLSModelMBean.java:443)
  at com.sun.jmx.mbeanserver.DynamicMetaDataImpl.invoke(DynamicMetaDataImpl.java:213)
  at com.sun.jmx.mbeanserver.MetaDataImpl.invoke(MetaDataImpl.java:220)
  at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:815)
  at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:784)
  at weblogic.management.mbeanservers.domainruntime.internal.FederatedMBeanServerInterceptor.invoke(FederatedMBeanServerInterceptor.java:248)
  at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:153)
  at weblogic.management.mbeanservers.internal.SecurityMBeanMgmtOpsInterceptor.invoke(SecurityMBeanMgmtOpsInterceptor.java:63)
  at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:153)
  at weblogic.management.mbeanservers.internal.SecurityInterceptor.invoke(SecurityInterceptor.java:443)
  at weblogic.management.mbeanservers.internal.AuthenticatedSubjectInterceptor$10.run(AuthenticatedSubjectInterceptor.java:377)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
  at weblogic.management.mbeanservers.internal.AuthenticatedSubjectInterceptor.invoke(AuthenticatedSubjectInterceptor.java:375)
  at weblogic.management.jmx.mbeanserver.WLSMBeanServer.invoke(WLSMBeanServer.java:310)
  at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1408)
  at javax.management.remote.rmi.RMIConnectionImpl.access$100(RMIConnectionImpl.java:81)
  at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1245)
  at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1348)
  at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:782)
  at javax.management.remote.rmi.RMIConnectionImpl_WLSkel.invoke(Unknown Source)
  at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:589)
  at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:479)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
  at weblogic.security.service.SecurityManager.runAs(Unknown Source)
  at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:475)
  at weblogic.rmi.internal.BasicServerRef.access$300(BasicServerRef.java:59)
  at weblogic.rmi.internal.BasicServerRef$BasicExecuteRequest.run(BasicServerRef.java:1016)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:200)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:172)
  [ServerConnectionImpl.close():334] : Closing DM connection
  [ServerConnectionImpl.close():354] : Unregistered all listeners
  [ServerConnectionImpl.closeJMX():374] : Closed JMX connection
  [ServerConnectionImpl.closeJMX():386] : Closed Runtime JMX connection
  [ServerConnectionImpl.closeJMX():398] : Closed Edit JMX connection
  Note the file path that cannot be found: "\opt\bea\user_projects\domains\obportal_domain\servers\AdminServer\upload\obpservices\plan\steves-deployment-plan.xml ".
  Of course this file does actually exist when the correct path separators are used.
  Is this a bug? Is there anything we can do about it? The chances of us upgrading WLS are very remote unfortunately.
  Thanks in advance,
  Steve C

  This is something you should definitely file an Oracle support ticket for. It's entirely possible there's a patch for this.

• ORA-20001: Unauthorized access (wwv_flow_api.set_credentials not set).

  I was trying to create the new ADMIN2 account from the FLOWS_020200 schema using :
  begin
  wwv_flow_api.set_security_group_id(p_security_group_id=>10);
  wwv_flow_fnd_user_api.create_fnd_user(
  p_user_name => ‘admin2′,
  p_email_address => ‘[email protected]’,
  p_web_password => ‘admin2′) ;
  end;
  And I got:
  ORA-20001: Unauthorized access (wwv_flow_api.set_credentials not set).
  ORA-06512: at “FLOWS_020200.WWV_FLOW_FND_USER_API”, line 19
  ORA-06512: at “FLOWS_020200.WWV_FLOW_FND_USER_API”, line 429
  ORA-06512: at line 3
  What can I do to solve this issue?

  Okay - I see that's easy enough to fix through Enterprise Manager. But now that I can log on as FLOWS_020200, I get this error when I try to run a script with
  APEX_UTIL.IS_USERNAME_UNIQUE.
  ORA-20001: Unauthorized access (wwv_flow_api.set_credentials not set).
  ORA-06512: at "FLOWS_020200.WWV_FLOW_FND_USER_API", line 19
  ORA-06512: at "FLOWS_020200.WWV_FLOW_FND_USER_API", line 324
  ORA-06512: at "FLOWS_020200.HTMLDB_UTIL", line 456
  ORA-06512: at line 10

• Question on configuring remote cfc call

  I am curious if i can connect to remote cfc, hosted on the server other then localhost through FB4? For example i have some cfc which are displaying some data from a remote DB. I'd like to have my Flash Builder project to be connected to the ColdFusion server on my shared hosting and display an actual data from there,or at least to be able to connect to a cfc on the same server through Data Panel. Is this doable? How i can configure my project to access remote CF server.
  Thanks in advance.

  Yes , you can.  I'm not sure how to use the Flashbuilder4 data-services thing to connect to the remote services.  But you have to make sure your remote cfc enviroment has a crossdomain.xml file.  I always forget to have one of those and I spend more time than necessary bug-hunting.
  Sincerely ,
    Ubu

• Is there a way of protecting PDF documents from printing and/or copying?

  Does anybody know a way of protecting PDF documents from printing and/or copying? All this within the OS possibilities? Is there a way?
  know one can buy expensive programmes like from Adobe, but I use it so little that I would like a cheaper solution. Freeware would be great, shareware also.
  Any suggestion grateful received.

  No way to do that using the OS (although the entire pdf can be encrypted, once the password is applied the document is open for copying/printing).
  However, the freeware PDFLab does allow password protection, the 'owner' pw allows full access, the 'user' pw can be restricted for printing, copying, etc:
  http://www.iconus.ch/fabien/pdflab/
  This can also be done with Adobe's Create PDF Online, but the above is free, and works well.
  Hope this helps...

• Could not connect to Orchestrator web service - Unauthorized: Access is denied due to invalid credentials

  I am trying to set up the Orchestrator Connector for Service Manager, when running the test, I get the error
   <h2>401 - Unauthorized: Access is denied due to invalid credentials.</h2>
    <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
  The account I am using is the system account for Service Manager. I have added that account to the local admin group on the Orchestrator server as well as the Orchestrator admin group. But to no avail.
  Now when I am logged on to the Orchestrator server locally with my account, I can access the Orchestration Console with no problem, however when I try to connect to it remotely using my account, it will not accept my credentials. I need to sort this out,
  can anyone help?
  Paul Arbogast

  I found the solution, using the IIS Manager I changed the Windows authentication providers by moving NTLM above negotiate.
  Paul Arbogast

• Hybrid Remote App Unable to Access this resource

  I am having a difficult time getting my Hybrid remote app to authenticate properly. Configuration is as follows:
  Hybrid Remote App collection with S2S VPN between remote app VNet and Azure VNet following the guide:
  http://blogs.msdn.com/b/rds/archive/2014/07/21/how-to-link-azure-remoteapp-to-an-existing-vnet.aspx
  Client Server model Application with the Client installed on custom remote app image and server side on azure Vnet along with a cloud DC
  DC Syncing with Azure AD using AAD Sync Services and utilizing the mail attribute for AAD Login ID
  Remote App deploys successfully and joins to the domain (I can see the computer objects in the specified OU). I am able to publish my apps an assign user access. I am also able login through the azure remote app application and see my published apps. 
  However once I try to launch the remote app it prompts me once again to login, which I do, then it hangs for a while before erroring out with the following message
  "An error occurred while remote desktop connection was accessing this resource. Retry the connection or contact your system administrator."
  Since this is a hybrid deployment I am able to login to the session host OS.  Whenever I do I am logged in with a temporary profile (I am not sure if this is normal or not).  I see very little in the event logs on the session host, nor the DC.
  I have verified connectivity between the remote app and the DC through ping both ways. The S2S VPN is up and functioning properly.  The session host and the DC have access to other domain resources and the web.  I have also seen documentation
  on a "'Known Issue" with this error related to large profile disks but this does not apply as I have never been able to successfully launch the app.  Any assistance with be greatly appreciated I am at my wits end. Please let me know
  if I can add any additional information that would help solve the issue.

  Hi,
  Do you have the User Principal Name (UPN) suffix that you are using configured in your Active Directory?  For example, say you use
  [email protected] for the initial sign on to Azure RemoteApp, and when you launch an application you also enter
  [email protected] in the second authentication prompt.  Is
  [email protected] a valid UPN in your cloud Active Directory--the AD that is hosted on your DCs?
  -TP