Qm view- certificate required

Similar Messages

• Lync 2013 certificate requirements for multiple SIP domains

  Hi All,
  I am engaged with a client in respect of a Lync 2013 implementation initially as a conferencing platform with a view to enabling EV functions (inc. PSTN conferencing) in the future. They initially need to support 30 SIP domains and eventually
  around 100 SIP domains which is proving to be either not possible or severely cost prohibitive. Their current certificate provider, Thawte, can only support up to 25 SANs and have quoted them 5 figures. We tend to use GeoTrust as they are cheaper but they
  appear to have a limit of 25 SANs. GoDaddy appear to support up to 100 SANs for a pretty reasonable cost. My questions are as follows:
  Is there a way that I’m missing of reducing the number of SANs required on the Edge server?
  Use aliases for access edge FQDNs - Supported by desktop client but not by other devices so not really workable
  Don’t support XMPP federation therefore removing the need for domain name FQDNs for each SIP domain
  Is there a way that I’m missing of reducing the number of SANs required on the Reverse Proxy server?
  Friendly URL option 3 from this page:
  http://technet.microsoft.com/en-us/library/gg398287.aspx
  Client auto-configuration:
  i.     
  Don’t support mobile client auto-configuration in which case no lyncdiscover.sipdomain1.com DNS records or SANs would be required.
  ii.     
  Support mobile client auto-configuration over HTTP only in which case CNAME records are required for each SIP domain (lyncdiscover.sipdomain1.com, etc. pointing to lyncdiscover.designateddomain.com) but no SANs are required.
  iii.     
  Support mobile client auto-configuration over HTTPS in which case DNS records are required for each SIP domain and a SAN entry for each SIP domains is also required. This is because a DNS CNAME to another domain is not supported over
  HTTPS.
  If the answer to 1 and/or 2 is no, are there certificate providers that support over 100 SANs?
  How do certificate requirements differ when using the Lync 2013 hosting pack? I would think that this issue is something that a hosting provider would need to overcome.
  Would the Lync 2013 Hosting Pack work for this customer? The customer uses SPLA licensing so I think is eligible to use the hosting pack but not 100% sure it will work in their environment given that client connections are supposed
  to all come through the Edge where their tenants will be internal and also given the requirement for an ACP for PSTN conferencing.
  Many thanks,

  Many thanks for the response.
  I was already planning to use option 3 from the below page for simple URLs to cut down on SAN requirement.
  http://technet.microsoft.com/en-us/library/gg398287.aspx
  What are the security concerns for publishing autodiscover over port 80? I.e. Is this only used for the initial download of the discovery record and then HTTPS is used for authentication? This seems to be the case from the following note on the below page:
  http://technet.microsoft.com/en-gb/library/hh690030.aspx
  Mobile device clients do not support multiple Secure Sockets Layer (SSL) certificates from different domains. Therefore, CNAME redirection to different domains is not supported over HTTPS. For example, a DNS CNAME record for lyncdiscover.contoso.com that redirects
  to an address of director.contoso.net is not supported over HTTPS.
  In such a topology, a mobile device client needs to use HTTP for the first request, so that the CNAME redirection is resolved over HTTP. Subsequent requests then use HTTPS. To support this scenario, you need to configure your reverse proxy with a web publishing
  rule for port 80 (HTTP).
  For details, see "To create a web publishing rule for port 80" in Configuring the Reverse Proxy for Mobility. CNAME redirection to the same domain is supported over HTTPS. In this case, the destination domain's certificate covers the originating
  domain.”
  I don’t think SRV records for additional SIP domain access edge is a workable solution as this is not supported by some devices.
  As per the below article:
  http://blog.schertz.name/2012/07/lync-edge-server-best-practices/
  “The recommended approach for external client Automatic Sign-In when supporting multiple SIP domains is to include a unique Access Edge FQDN for each domain name in the SAN field.  This is no longer a requirement (it was in OCS) as it is possible to
  create a DNS Service Locator Record (SRV) for each additional SIP domain yet have them all point back to the same original FQDN for the Access Edge service (e.g. sip.mslync.net). 
  This approach will trigger a security alert in Windows Lync clients which can be accepted by the user, but some other clients and devices are unable to connect when the Automatic Sign-In process returns a pair of SRV and Host (A) records which do not share
  the same domain namespace.  Thus it is still best practice to define a unique FQDN for each additional SIP domain and include that hostname in the external Edge certificate’s SAN field”.
  ===================
  1. Basically the requirement is to initially provide Lync conferencing services (minus PSTN conferencing) to internal, external, federated and anonymous participants with a view to providing PSTN conferencing and therefore enterprise voice services later.
  2. The customer currently supports close to 100 SMTP domains and wants to align their SIP domains with these existing domains. The structure of their business is such that “XXX IT Services” provide the IT infrastructure for a collection of companies who
  fall under the XXX umbrella but are very much run as individual entities.
  Question:
  Would you agree that I’m going to need a SAN for every SIP domain’s access edge FQDN?
  Thanks.

• SOAP Receiver Adapter problem (client certificate required)

  My Scenario is similar to described in https://www.sdn.sap.com/irj/sdn/weblogs?blog=/pub/wlg/3721. [original link is broken] [original link is broken] [original link is broken] I have two PI servers running on one machine. I am trying to post message HTTPS with Client authentication via SOAP adapter from one PI system to SOAP adapter of other PI server. I have done the following configuration.
  PI Server AXD - (Client) - Receiver SOAP adapter
  PI Server AXQ - (Server) - Sender SOAP Adapter.
  Steps in AXD
  1. I have created a certificate of AXD in the service_ssl view of key storage.
  2. I have imported the AXQ public certificate in to AXD in the TrustedCAs of Key storage
  Steps in AXQ
  1. I have created a certificate of AXQ in the service_ssl view of key storage.
  2. I have imported the AXD public certificate in to AXQ in the TrustedCAs of Key storage.
  3. I have created a user in AXQ and assigned the certificate of AXD under usermangement in Security provider to this user.
  4. I have added the AXD certificate under Client Authentication tab with require client certificate option checked in the SSL Provider.
  5. I have assigned the user created in AXQ in the step above to the Sender Agreement.
  Now when I post message from AXD with Configure Client Authentication checked (Here I have selected the certificate of AXD and view as service_ssl) I am getting the following error.
  Exception caught by adapter framework: SOAP: response message contains an error XIServer/UNKNOWN/ADAPTER.JAVA_EXCEPTION - java.security.AccessControlException: client certificate required at com.sap.aii.af.mp.soap.ejb.XISOAPAdapterBean.process(XISOAPAdapterBean.java:884) at com.sap.aii.af.mp.module.ModuleLocalLocalObjectImpl0_3
  Any pointer to solve this problem is highly appreciated.
  Thanks
  Abinash

  Hi Hemant,
  I have couple of questions. Why do we need to import certificate for SOAP WS-Security and from where I can get it?
  As far as my scenario goes I am not using message level security.
  Secondly what do you mean by TRUSTED/WebServiceSecurity? I don't see any such view inside the Key Storage.  I can see a view named just WebServiceSecuity though.
  Also I don't have a decentralized adapter installation rather I have two separate PI instances having their own central adapter engine.
  Abinash

• Certificate Requirements / Best Practice for DR Pool

  Good morning
  I'm looking for clarification on the certificate requirements for DR. I already have both my primary pool and my DR pool built, and paired. At the time I configured there, I used two different certificates for each pool. I would really just prefer to use
  one when we build the environment live. 
  Is there some reason I cannot just add *all* servers from both primary and DR pool into one cert as SANs? The subject name/common name of the cert doesn't *really* matter as long as both the pool FQDNs and all server FQDNs are in the Subject Alternative
  Names, right?

  It may work, but it's not the path Microsoft recommends:
  https://technet.microsoft.com/en-us/library/gg398094.aspx.  This is one of the reasons I always try use an internal certificate authority, even if I have to deploy one just for Lync, just so little items like this don't matter
  much. 
  If it works, it's up to you.  I'd base that decision on how mission critical the solution is.  If it's your phone system, I'd follow Microsoft's guides to the letter so I'm not in a nightmare situation if I ever have to call Microsoft support. 
  If it's IM and P only, I'd be willing to let some things slide if it's saving you a lot of money. 
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
  SWC Unified Communications
  This forum post is based upon my personal experience and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Receiver SOAP adapter SSL error - client certificate required?

  Hi all,
  Problem configuring SSL in XI 3.0 NW04 SP17....
  I have followed the config steps from Rahul's excellent weblog at <a href="/people/rahul.nawale2/blog/2006/05/31/how-to-use-client-authentication-with-soap-adapter">How to use Client Authentication with SOAP Adapter</a> (my Basis team have done the Visual Admin steps) and am going through his example as it closely matches my requirement. So, I have a test receiver SOAP adapter sending messages to a web service URL defined for a sender SOAP adapter. My test scenario is:
  <b>Sender File -> <u><i>Receiver SOAP -> Sender SOAP</i></u> -> IDoc Receiver -> IDocs in R/3</b>
  The problem components are in italic and underlined above. My Receiver SOAP Adapter has the web service URL, Certificate Keystore Entry and View entered. If, in the Sender SOAP Adapter, I have an HTTP Security Level of HTTPS Without Client Authentication, the interface works fine (note that Rahul suggests you untick the User Authentication in the Receiver but with this Security Level, it seems to work with or without it).
  The problem is when I set HTTPS <b>With</b> Client Authentication in the Sender. I then get the following error in the message monitor:
  SOAP: response message contains an error XIServer/UNKNOWN/ModuleUnknownException - com.sap.aii.af.mp.module.ModuleException: java.security.AccessControlException: <b>client certificate required caused by: java.security.AccessControlException</b>: client certificate required at com.sap.aii.af.mp.soap.ejb.XISOAPAdapterBean.process(XISOAPAdapterBean.java:1111) at com.sap.aii.af.mp.module.ModuleLocalLocalObjectImpl3.process(ModuleLocalLocalObjectImpl3.java:103) at com.sap.aii.af.mp.ejb.ModuleProcessorBean.process(ModuleProcessorBean.java:250) at com.sap.aii.af.mp.processor.ModuleProcessorLocalLocalObjectImpl0.process(ModuleProcessorLocalLocalObjectImpl0.java:103) at com.sap.aii.af.mp.soap.web.MessageServlet.callModuleProcessor(MessageServlet.java:166) at com.sap.aii.af.mp.soap.web.MessageServlet.doPost(MessageServlet.java:421) at javax.servlet.http.HttpServlet.service(HttpServlet.java(Compiled Code)) at javax.servlet.http.HttpServlet.service(HttpServlet.java(Compiled Code)) at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java(Compiled Code)) at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java(Compiled Code)) at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java(Inlined Compiled Code)) at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java(Compiled Code)) at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java(Compiled Code)) at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java(Compiled Code)) at com.sap.engine.services.httpserver.server.Client.handle(Client.java(Inlined Compiled Code)) at com.sap.engine.services.httpserver.server.Processor.request(Processor.java(Compiled Code)) at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java(Compiled Code)) at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java(Compiled Code)) at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java(Compiled Code)) at java.security.AccessController.doPrivileged1(Native Method) at java.security.AccessController.doPrivileged(AccessController.java(Compiled Code)) at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java(Compiled Code)) at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java(Compiled Code)) Caused by: java.security.AccessControlException: client certificate required at com.sap.aii.af.mp.soap.ejb.XISOAPAdapterBean.process(XISOAPAdapterBean.java:843) ... 22 more
  Has anyone got any idea what this could be caused by?
  Many thanks,
  Stuart Richards

  Have you configured the https port with that keystore entry?
  Check out these links:
  http://help.sap.com/saphelp_nw2004s/helpdata/en/b0/881e3e3986f701e10000000a114084/frameset.htm
  http://help.sap.com/saphelp_nw2004s/helpdata/en/5c/15f73dd0408e5be10000000a114084/frameset.htm
  Regards,
  Henrique.

• Re: Quality Certificate requirement At MIGO for raw material

  Dear all,
  I have a requirement where I want the system ask for Quality certificate while doing the goods receipt. The system should not allow me to process the transaction-MIGO if certificate is not recieved.
  Please advice
  Regards,
  Vivek Sharma

  Hi Vivek,
  You need to perform following settings.
  Configuration
  Follow the path
  Run trx QCC0->QM in Logistics->QM in Procurement-->Define Control Keys.
  Here create your own control key
  Where you can set the rest data as per your requirement but for to check the check box for "Cert Required" is must be activated to meet the requirement relevant to this thread.
  Save
  Say you have configured your Control Key ZZ01
  Now just below this one small configuration is mandatory is Run trx QCC0->QM in Logistics->QM in Procurement-->Define Keys for Certificate Processing
  Maintain Description
  Execute it and go to "Define Certificate Types"
  Here either for your relevant certification type or  for new type (if you wish to create new), maintain the data as below
  "Certificate Required for Each Purchase Order Item" ==== Active
  "Certif. per GR Item" ==== Active
  "Certif. check required" ==== Active
  "Control W/O Certif." Set any error message, I would suggest to select "Without lot error message, with lot error message"
  "Enhanced cert. processing" ==== Don't Activate
  "No certif. confirmation at GR" ==== Don't Activate
  The rest settings are not important to maintain so leave them blank.
  At Master Level
  In QM view of MM for the material maintain "QM Control Key" that just created "ZZ01"
  and the certificate type that is just created or amended. under the procurement data.
  Maintain Q-Info record for Material - Vendor - Plant combination (QI01)
  Now as per your requirement system will ask for the confirmation for certificate receipt as Yes/No. under the Purchase Order data in MIGO at item level data.
  If you select "NO" to it it will not allow to post the GR.
  I hope this is what you were looking for.
  Regards,
  Shyamal

• Certificate Requirement for Lync 2013 Standard Edition

  I have successfully run the setup of lync 2013 standard edition now I am stuck due to certificates required for lync 2013. when I generate a csr. it show the subjected urls for that.
  hostname.domain.com
  sip.domain.com
  diali.domain.com
  meet.domain.com
  admin.domain.com
  lyncdiscover.domain.com
  lyncdiscoverinternal.domain.com
  im.domain.com (External URL)
  so if I go for 3 party CA then I need 8 certicate only for internal lync. As I also need to connected federated partner and external user so I need Edge for again I need 3 more certificates
  web.domain.com
  a/v.domain.com
  sip.domain.com
  now when I go for these certificate it quit costly and I didn't understand why such certifcates required. can anyone help me to fix such requirement.
  Or, what are the necessary url to which I buy 3 party CA rest leave as it is.
  I also want to deploy Edge with single adopter as we have only one network so can anyone assist me to proceed it further.
  Talha Faraz Malik

  To save on the cost of your third party certificates, I would deploy an internal certificate authority to sign certificates for your internal front end.   For your third party certificate, you would only need the SANs for the edge and for your
  reverse proxy and as Edwin said, this can be a single cert with multiple SANs.
  For example, for your edge you would need:
  sip.domain.com
  web.domain.com
  You would not need A/V as this role does not require a SAN on your certificate.  On the same certificate, which you could also use on your reverse proxy, you'd likely want the following FQDNs.
  lyncdiscover.domain.com
  im.domain.com (your external web services FQDN)
  meet.domain.com
  dialin.domain.com
  You may also want to consider your internal web services FQDN and include the following so third party mobile devices can connect without needing a certificate installed:
  im_internal.domain.com (your internal web services FQDN)
  lyncdiscoverinternal.domain.com
  I'm sure that's not entirely clear yet, so feel free to ask more questions or what the purpose of each is. 
  When you say Edge with a single adapter, you mean a single adapter in a DMZ or internal?  You definably want two NICS, both in separate DMZs, but I've managed to get the edge working with a single adapter in a DMZ before.  What you don't want is
  the edge in your internal network.
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
  SWC Unified Communications
  This forum post is based upon my personal experience and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Can't login Lync suddenly, the error is" There was a problem acquiring a personal certificate required to sign in."

  Dear all,
  This is a real issue in working. Our company provides office 365 mailbox and its lync for users.
  Recently, many users meet such issue of " There was a problem acquiring a personal certificate required to sign in."
  The lync version is 2010 and even I removed lync2010 cache for user's profile, that user still can't login lync.
  See below picture.    
  Please give help and show advice.
  Franklin hong

  Hi,
  The issue may be caused by that the user’s security credentials were corrupted or an RSA folder on the user’s computer may be blocking authentication.
  Here is a similar case may help you:
  http://community.office365.com/en-us/f/166/t/80399.aspx
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support

• When i try to access my hotmail, i always get "view certificate" and i can not get to my email.

  every time i try to get to my hotmail, i get a message "view certificate" and it would not allow me to get to email from hotmail. and if i can sign in rarely, i can not sign out.
  == This happened ==
  Every time Firefox opened
  == i try to sign in to my email

  My fiancee had the same problem with her laptop. Try making sure your time/date are set correctly. Other than that, I'm not sure. It worked for her, hope it works for you! :)

• RDS Certificate Requirements

  Hello, I have implemented the following RDS configuration however I am having some trouble in locating the exact SSL certificate requirements that are needed for this setup. Any help with this would be much appreciated.
  Environment:
  Internal Domain Name: contoso.com
  External Domain Name. contoso.com
  1 x server with RDS Gateway installed
  1 x server with RDS Web Access installed
  1 x Session Broker
  2 x Session Hosts, configured in a farm with the name farm.contoso.com
  Please note that the Gateway and Web Access roles are installed on seperate servers. There is no ISA/TMG server in this implementation.
  I believe I require the following certifcates:
  RD Gateway - Public CA Single Name certificate containing the publically resolvable name of gateway.contoso.com
  Web Access - Public CA Single Name certificate containing the publically resolvable name of webaccess.contoso.com
  Session Hosts - Public CA SAN certificate containg the publically resolvable name of farm.contoso.com and the servers internal FQDN of host1.contoso.com and host2.contoso.com
  If possible could someone please confirm if this is correct, it would be very much appreciated.
  Kind Regards.

  Hi Alex,
              thank you for your reply, and yes that is correct regarding DNS. I plan to purchased the following certificates for my environment based on our discussion, can you please confirm if
  this is correct.
  RD Gateway - 1 x public CA single subject name SSL certificate for the publically resolvable name of remote.contoso.com
  RD Web Access - 1 x public CA single subject name SSL certificate for publically resolvable name of webaccess.contoso.com
  Session Hosts - 1 x public CA single subject name SSL certificate for farm.contoso.com for both session hosts and RemoteApp signing
  Or I could purchase 1 x SAN certificate with all of the above external namespaces? Any feedback would be much appreciated.
  Kind Regards.

• Certificate required during receipts

  Hi Experts,
  I have configured the following in SPRO---> Control key in QM Proc.
  1. QM Control key created with Tick in Certificate required & Block Invoice
  2. Certificate type defined with tick in all the following for
              Certi for each PO item,
              GR items,
              assigned control with certificate error: without lot: Error message; with lot: Status, No skip to Stock
              Enhanced certificate processing
              No certificate check at GR
  3. Material master
      Tick in QM Proc
      QM Control key selected
     Certificate type selected
  But I am not getting error in during GR & UD.
  Pls help me to solve this issue
  Regards,
  VRMP

  Have you tried using the indicator "Certifiicate  check required" in the certificate type?
  FF

• Is there an app to download so you can view videos requiring quick time?

  Is there an app to download so you can view video requiring quick time? I'm a new apple user and have read that adobe flash is not an option. Hoping there is something out there to download

  Anything that plays in QuickTime can be "shared" to iTunes and synced to videos.

• Certificates required during SharePoint configuration

  Hi,
  I would like to understand what all certificates we have to install in SharePoint servers as part of fresh installation and configuration? To my understanding, we have to import SSL web certificates for web applications using port 443/HTTPS/SSL communication.
  Is my understanding correct? Any help on this certificate requirements is much appreciated.
  BR, Sarath

  Hi,
  typically you choose to access our SharePoint through SSL. So yes, for each Web Application you will need a SSL certificate either from an internal trusted CA or a public one. You need to add it to the bindings in IIS directly.
  Furthermore if you plan to use the SharePoint 2013 App Model, there are additional requirements where you typically need a wildcard certificate.
  If you have any questions, please let me know.
  Regards,
  Dennis

• GR with quality certificate required

  Hi All,
  I have set certificate require in my PO. During GR, it will prompt me whether I have receive my certificate. If no system will post the stock into block stock as I did not active quality inspection lot. So if I have receive the certificate after GR, will this stock be posted to unrestricted stock automatically ? Or I need to do a manual transfer posting?
  Please kindly advice.

  Hi,
  After you get quality certificate you need to do transfer posting. According to my knolwedge system won't post the stock  to unrestricted stock automatically. Thanking you.

• External Edge Certificate Requirements

  Could somebody help me with this issue.
  First off, I just realized that I posted this in the wrong category. We are running Lync Server 2013, not 2010.
  I am experiencing every imaginable issue with our Lync deployment possible. Being that I am so new to IT, I do not know a definitive answer to this seemingly elusive question.
  We are running Lync Server 2013 Standard Edition single server pool with Mediation Server co-located.
  The question is, is it a requirement to have the external access service FQDN as not only the CN, but as well the first SAN entry? I am finding conflicting information across the internet.
  Our company would like to use only one single public cert, so I have been trying to make this single public cert work across our Lync deployment. I am wondering whether or not this could be the cause of my woes.
  Currently our one public certificate SN is our domain name; contoso.com.
  I have consolidated the three edge services (web, access, A/V) into one FQDN and single IP and used three different port number assignments. That FQDN is not the CN of our public cert. It is not even the first SAN entry on this cert.
  Please help me.
  You are much appreciated.

  Take Michaels comments on board, but to answer your  question regarding the certificate requirements;
  If you're using a single IP solution on your Edge server, then all your edge services (access, webconf, and av) will share the same FQDN as you rightly eluded to. This FQDN needs to be the CN / SN of the external certificate that is in use on that edge
  server. So yes, as your certificate currently has 'yourdomain.com' as it's CN / SN, this will not work - you will need to provision a certificate that has the FQDN of the edge services as the CN / SN.
  In answer to your question regarding the CN / SN also being listed as a SAN, please see the below excerpt from
  this TechNet article.
  "Even though the certificate subject name is equal to the access Edge FQDN, the subject alternative name must also contain the access Edge FQDN because Transport Layer Security (TLS) ignores the subject name and uses the subject alternative name entries
  for validation."
  I use a single name certificate for Edge in my lab without any SANs, and it works fine - but for a production environment I would always advise that you adhere to documentation, and also consider using 3 public IPs for your edge services if feasible.
  Using a single name certificate also means that you won't be able to populate it with your Reverse Proxy certificate requirements.
  Kind regards
  Ben
  Note: If you find a post informative, please mark it so using the arrow to the left. If it answers a question you've asked, please mark the thread as answered to aid others when they're looking for solutions to similar problems or queries.
  Lync | Skype | Blog: Gecko-Studio