Question with NTP authentication on my network

Similar Messages

• 802.1x EAP-PEAPv0 (MSCHAPV2) with computer authentication

  I am a network administrator at seven schools, and a few of these schools are now using 802.1x EAP-PEAPv0 (MSCHAPV2) with computer authentication  only, for wireless security. 
  We are a mixture of 2008 and 2003 (Windows Domain) servers running IAS or NPS for RADIUS.  
  I push out the wireless client’s setting via group policy, and the clients are using WZC. 
  Every now and then, a client will be unable to authenticate/validate during the authentication phase. 
  Some clients this will never happen to and a few it will happen repeatedly. 
  To fix this I have to hard wire the computer and do a gpupdate, even though the computer already had the updates applied previously, and is still part of the domain. 
  Many of our classrooms lack network drops, so wireless is the best for us. 
  Except for this one downfall, it is working great. Any help is appreciated.

  Hi Ryan,
  Thanks for posting here.
  Could you discuss the situation that you mentioned “a client will be unable to authenticate/validate during the authentication phase. 
  Some clients this will never happen to and a few it will happen repeatedly. ”
    in detail ? Can you verify if there is any error or warring that relate with this authentication issue recorded in event log on client and radius server ?
  Only certain computers are facing this issue or all?
  What’s OS running on these client computers?
  According the situation right now , I’d like to share some suggections with you:
  1. An 802.1x client may fail to connect to an Radius server if the Trusted Root CA certificate that issued the Radius server certificate is not installed on
  the client computer. Either verify that the trusted root authority is installed on the client computer or disable certificate validation on the client. To disable certificate validation, access the properties of the connection, and on the Authentication tab,
  click Properties. Click to clear the Validate server certificate check box. EAP-TLS requires the installation of a computer certificate on each RADIUS server and a computer or user certificate, or smart card on all clients. PEAP-MS-CHAPv2 requires the installation
  of a computer certificate on each RADIUS server and the root CA certificates of the issuing CAs of the RADIUS server certificate on each of the client computers.
  2. Verify that Radius is configured for the logging of rejected authentication attempts to the event log. Try the connection again, and then check the system
  event log for an IAS event for the failed connection attempt. Use the information in the log to determine the reason the connection attempt was either rejected or discarded. Logging options are configured on the General tab of the Radius server Properties
  dialog.
  3. Any rejected or discarded connection attempt recorded should identify the Connection Request Policy used. A RADIUS request message is processed only if the
  settings of the incoming RADIUS request message match at least one of the connection request policies. Examine the conditions of the policy identified to see where the request fails.
  4. Determine from the IAS system event log entries whether the authentication failure is for computer auth, user auth, or both. By default, Windows performs
  an 802.1x authentication with computer credentials before displaying the Windows logon screen. Another authentication with user credentials is performed after the user has logged on, and if this fails the machine will be disconnected from the network. Similarly,
  if computer authentication fails but user auth is successful, symptoms will include failure to process login scripts or apply group policies and machine password expiration will not be updated since the user will only be able to logon with cached credentials.
  If you use a smart card for authentication, you can only perform user authentication because smart card usage requires manual entry of a personal identification number (PIN). There is no way to provide the PIN to unlock the smart card certificate during computer
  authentication.
  5. Examine the wireless trace logs captured and search for keywords error, failed, failure, or rejected. This should give an indication as to what point in the
  authentication process the failure occurs.
  Meanwhile, I ‘d like suggest you may start troubleshooting with following the guides below and see if it will help:
  Windows Server 2003 Wireless Troubleshooting
  http://technet.microsoft.com/en-us/library/cc773359(WS.10).aspx
  Troubleshooting Windows Vista 802.11 Wireless Connections
  http://technet.microsoft.com/en-us/library/cc766215(WS.10).aspx
  Thanks.
  Tiger Li
  TechNet Subscriber Support in forum
  If you have any feedback on our support, please contact
  [email protected]
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
  Random computers running Windows XP have this problem.  It does not happen to all of them at once. 
  It is very random.  A computer that has been connecting to the secure network for weeks will all of a sudden not be able to connect. The message is “attempting to authenticate” and it never makes the connection. 
  I checked if logging is turned on and I can see successful events from computers that are working. 
  I can also see failed events from computers that are not ours that tried to connect to our wireless. 
  However for the computers that are having this problem there are no logged events. 
  It is as if they don’t even communicate with the server. 
  Other clients on the same AP are working fine.  I rebooted the IAS service, and RADIUS clients, but this did not help. 
  I also checked all the settings and they are correct, using PEAP, and validating the server certificate is disabled. 
  I did notice that the firewall is also turned on through group policy when the domain is not available.
     Do you think the firewall is blocking the communication? 
  I added an exception to port 1812 UDP and this did not make a difference.

• Resources needed to integrate iTunes U with existing authentication?

  I have been reading the on-line and PDF iTunes U Admin guide for a few days now.
  I think I can handle most administration issues, but not how to integrate iTunes U with our existing authentication system, described here http://bit.ly/7oAzpp
  I believe ours is LDAP based.
  Not sure other staff have the time to do it. We may have some CS students that might be able to tackle it.
  As an alternative, are there outside services that might specialize in this?
  Any rough amount of hours or cost?
  I am looking at options, and welcome any feedback.

  Frank, in answer to your questions…
  Frank Fulchiero wrote:
  1. What technologies does one have to be familiar with to write up iTunes U authentication with existing authentication systems? In the sample download, there are files in C, Java, Perl and Python. Do you need to know all of these, in addition to HTML?
  You do not need to know any particular language…Apple's examples are just starting places. Each of those code samples does exactly the same thing, just in a different language. In addition to the samples that Apple provides, others have written similar code samples in languages like C#, VB.Net, and Ruby. "In principle", you could use a language not yet explored by others (say Erlang or Haskell or whatever)…but you would need to do pretty much what the other code samples do.
  If I had to give a rough summary of what you would need to know to implement an iTunes U portal, it'd run like this:
  1. You need to be able to setup a web server. It can be any sort of server with which you are most comfortable…IIS in Windows, Apache running on Linux, or OS X Server's web server (which is also Apache)…or even something else.
  2. You need to know how to get CGI running on your chosen web server. The actual CGI code can be in any language you like (Apple's samples are in Perl, C, Python, etc., as you pointed out). But you need to know how to get CGI code installed and working on your web server. In addition, you need to know just enough about how the code works to adapt it to suit your specific institution.
  3. You need to know just enough about how authentication works at your site to access it in code. "Usually" this is fairly straightforward…but Apple's code samples do not show how to do this—they can't because every institution handles authentication differently…some use LDAP, others Active Directory, some use Banner…others use things like eDirectory—each of these packages gives you a way to determine with a login or bind is going to work.
  Frank Fulchiero wrote:
  2. We are considering pilots with only a few faculty and 50-100 students. I am wondering if it would be any easier, in order to get started, to use OSX Server 10.6' Users and Groups and Open Directory for authentication, instead of our college's AD, and just manually enter the users. Due to security concerns, our network admins might find this more acceptable.
  Certainly that would work. One of the nifty things about iTunes U is that you're not married to any solution you implement…you can always change/grow into something different later.

• HT4864 I am getting a triangle with an exclamation point next to my inbox...it says: There may be a problem with the mail server or network. Verify the settings for account "MobileMe" or try again.  The server returned the error: Mail was unable to log in

  I can send but cannot recieve email
  This is the messege I am gewtting:
  There may be a problem with the mail server or network. Verify the settings for account “MobileMe” or try again.
  The server returned the error: Mail was unable to log in to the IMAP server “p02-imap.mail.me.com” using “Password” authentication. Verify that your account settings are correct.
  The server returned the error: Service temporarily unavailable

  Also if I go to system preferences accounts and re-enter the password it fixes the glitch sometimes.

• Why do I get an "unable to connect - There may be a problem with the mail server or network." message from iCloud.  I have verified the settings.  I can access my iCloud account online but can't send or receive e-mail via the mail account.

  Text limits to the "Question" link prevents a full explanation:
  This is a long-time problem.  I have tried to resolve it with Apple but their "Customer Support" is merely a name.
  I can go online and access my e-mail but when I try to send or receive e-mail via iCloud through my internet server (Google fiber now but the same situation existed with my prior service), I receive "There may be a problem with the mail server or network.  Verify the settings for 'Apple Email' and try again.
  "The server returned the error:  The server 'p0-imap.mail.me.com' refused to allow a connection on port 143."
  Well, I have verified the setting and tried again and again and …
  Well, you get the idea …

  JungleTaxi Cabbie wrote:
  Csound1: iCloud: Configuring Mail with Mac OS X v10.6 or iOS 4
  Enter your Incoming Mail Server, User Name, and Password using the following settings:
  Incoming Mail Server: mail.me.com
  User Name: Your iCloud email address (excluding @me.com)
  Password: Your password
  Last Modified: Jun 27, 2013
  Maybe you should test these things before calling people out, because these settings do function perfectly well.
  iCloud is not supported on Snow Leopard or lower, why bother to mention it?
  The OP has an iCloud account, and that can not be opened without Lion or Mountain Lion (on a Mac), IOS5 or 6 (on an iPhone/iPad)
  The document I linked to is Apples documentation for iCloud on current devices,I don't care whether you believe that you know better than they do, but it will affect the people who follow your advice as it won't work
  JungleTaxi Cabbie wrote:
  Also, if you're not running Lion or Mountain Lion, there is no "Mail, Contacts & Calendars" prefpane.
  I never said that there was, perhaps you imagined it.

• How do I protect my JNLP, my JARs etc. (with Basic Authentication)???

  hi all,
  i know that there is a FAQ ( [see here|http://lopica.sourceforge.net/faq.html#obfuscate] ) answering a related question with "You can use an obfuscator...". ok, but is there really no other solution?
  this is the simplified folder structure of my application on the server:
  [application]
    [etc]
      xyz.xml
    [jars]
      myapp.jar
    launch.jnlp
  website.jsp
  initial start and basic authentication:*
  my first idea was to secure everything underneath "application" with basic authentication via my web.xml (yes, i'm aware of the security concerns). this means everybody can access my website (here: website.jsp) which contains a start button that links to "launch.jnlp". as soon as the user clicks on it, the browser opens its standard authentication dialog since launch.jsp is in a protected area. after entering the correct credentials the jnlp-file is downloaded and java web start takes over control. first of all it seems as it tries to access the same jnlp-file again (??? --> probably in order to check for changes in the jnlp file --> this is certainly not the case for the initial startup) and then wants to download the relevant jar (myapp.jar). because both resources are protected jws opens its own basic authentication dialog where i have to enter the same credentials the second time. as far as i know, there is no solution to pass the credentials between the browser and the jvm.
  second start and basic authentication:*
  if the user starts my application for the 2nd, 3rd, ... time via desktop-link (set in jnlp-file) there is no need for accessing my website with a browser. therefore only the authentication dialog of jws gets displayed. so far, so good!
  and now the actual problem:*
  during runtime my application (signed with verisign certificate and having all permissions) uses commons-vfs and commons-httpclient to access resources on the same server (e.g. etc/xyz.xml). since they're underneath the protected "application" directory as well, my application needs the same credentials the user already entered in the authentication dialog of jws. now i could retrieve these credentials by calling Authenticator.requestPasswordAuthentication() within my application and passing them to vfs and httpclient. however, doing so opens up jws' authentication dialog again. grrr!!! is there a way to prevent this?
  related thougts:*
  i know i could disable jws' default Authenticatior and set my own Authenticator which might be able to return already entered credentials without opening the dialog a second time. however, it seems that even with <property name="javaws.cfg.jauthenticator" value="none" /> jws still opens its own dialog when acessing the JNLP file and the relevant JARs during the startup/download phase. of course, who else if not jws could handle that phase? my application might not even be downloaded at this point. so i guess setting my own Authenticator would not be a solution either (at least not if i want to secure my jnlp and my jars, too). quite the contrary, it would have to open another dialog... :-(
  my current solution:*
  for the moment i use jws' default Authenticatior which allows me to easily protect all my stuff on the server side (jnlp, jar, etc). i can live with the two login dialogs at the initial startup. and instead of querying the credentials from jws' default Authenticatior at runtime, i set two system properties for username and password in the (protected) jnlp-file, query them at runtime and hand it to vfs and httpclient. this prevents the 2nd (or 3rd) dialog but is definitely not a great solution. most of all i'm not happy with the fact that this somehow "destroys" the container-based security advantage of easily configuring authorized users via a separate mechanism e.g. tomcat-users.xml. now there has to be one master-password that has to be set in the jnlp-file! grrr!
  a possible alternative:*
  i'm not sure but would it be better to secure everything with form-based authentication on the website, and dynamically generate username and password into the jnlp-file? but what happens when the admin changes the password on the server and the user starts its application via desktop-link??? in case of basic authentication i think jws would popup the login dialog again. however, if i use the old username and password generated into the jnlp it won't work. i think the user then has to access the website again. this is not good at all! :-(
  the only real solution:*
  should i write a small application which can be downloaded by everybody and on startup queries the user's credentials, validates them with the help of our server, and uses the javax.jnlp-api to download the secured JARs of my real application? this seems so much overkill! does anybody have experiences with this approach? how difficult is it to implement the whole download/update stuff with javax.jnlp?
  WHAT HAVE I MISSED???
  AM I COMPLETELY WRONG???
  WHAT IS THE EASIEST WAY???
  AND WHAT IS THE BEST WAY???
  thank you so much,
  stephan

  Not sure, whether I understood correctly, what you wanna do - but up to now I can't see any problem.
  if you have a structure like this:
  /ctxroot/
         launch.jnlp
         /app/
             *.jar
             *.whateveryou may use in your web.xml:
       <servlet>
            <servlet-name>JnlpDownloadServlet</servlet-name>
            <servlet-class>jnlp.sample.servlet.JnlpDownloadServlet</servlet-class>
       </servlet>
       <servlet-mapping>
            <servlet-name>JnlpDownloadServlet</servlet-name>
            <url-pattern>*.jnlp</url-pattern>
            <url-pattern>/app/*</url-pattern>
       </servlet-mapping>
       <security-constraint>
            <web-resource-collection>
                 <web-resource-name>Application</web-resource-name>
                 <url-pattern>/app/*</url-pattern>
                 <http-method>GET</http-method>
                 <http-method>POST</http-method>
            </web-resource-collection>
            <auth-constraint>
                 <role-name>bla</role-name>
                 <role-name>fahsel</role-name>
            </auth-constraint>
            <user-data-constraint>
                 <transport-guarantee>CONFIDENTIAL</transport-guarantee>
            </user-data-constraint>
       </security-constraint>
       <security-constraint>
            <web-resource-collection>
                 <web-resource-name>Subscription</web-resource-name>
                 <url-pattern>*.jnlp</url-pattern>
            </web-resource-collection>
            <user-data-constraint>
                 <transport-guarantee>CONFIDENTIAL</transport-guarantee>
            </user-data-constraint>
       </security-constraint>
       <login-config>
            <auth-method>BASIC</auth-method>
            <realm-name>whatever-realm</realm-name>
       </login-config>
       <security-role><role-name>bla</role-name></security-role>
       <security-role><role-name>fahsel</role-name></security-role>
  ...Than you may use the Service stuff like:
       BasicService bs = (BasicService)ServiceManager.lookup("javax.jnlp.BasicService");
       URL codeBase = bs.getCodeBase();
       URL pu = new URL(codeBase.toString() + "whatever.bla");
       HttpURLConnection res = (HttpURLConnection) pu.openConnection();
       res.setInstanceFollowRedirects(true);
       res.setRequestMethod("GET");
       res.setConnectTimeout(10 * 60 * 1000);
       res.connect();
       String enc = res.getContentType();
  ...Where is the problem? If you wanna intercept certain "calls" to an app resource, just use a filter, which decides, whether to answer the request directly by itself or to pass it to the JnlpDownloadServlet ...

• I forgot my iCloud password, and i can not reset it with email authentication, when i do it, i don't receive any mail from Apple

  I forgot my iCloud password, and i can not reset it with email authentication, when i do it, i don't receive any mail from Apple

  If you don't know your password, don't know your security questions and don't have a rescue address or don't receive a reset email, you should contact AppleCare who will initially try to assist you with a reset email or if unsuccessful will pass you to the security team to reset your security questions for you.
  If you are in a region that doesn't have international telephone support try contacting Apple through iTunes Store Support.

• Error 18452 "Login failed. The login is from an untrusted domain and cannot be used with Windows authentication" on SQL Server 2008 R2 Enterprise Edition 64-bit SP2 clustered instance

  Hi there,
  I have a Windows 2008 R2 Enterprise x64 SP2 cluster which has 2 SQL Server 2008 R2 Enterprise Edition x64 SP2
  instances.
  A domain account "Domain\Login" is administrator on both physcial nodes and "sysadmin" on both SQL Server instances.
  Currently both instances are running on same node.
  While logging on to SQL Server instance 2 thru "Domain\Login" using "IP2,port2", I get error 18452 "Login failed. The login is from an untrusted domain and cannot be used with Windows authentication". This happened in the past
  as well but issue resolved post insatllation of SQL Server 2008R2 SP2. This has re-occurred now. But it connects using 'SQLVirtual2\Instance2' without issue.
  Same login with same rights is able to access Instance 1 on both 'SQLVirtual1\Instance1' and "IP1,port1" without any issue.
  Please help resolve the issue.
  Thanks,
  AY

  Hello,
  I Confirm that I encountred the same problem when the first domain controller was dow !!
  During a restarting of the first domain controller, i tried to failover my SQL Server instance to a second node, after that I will be able to authenticate SQL Server Login but Windows Login returns Error 18452 !
  When the firts DC restart finishied restarting every thing was Ok !
  The Question here : Why the cluster instance does'nt used the second DC ???
  Best Regards     
  J.K

• Using Sent Unix Command in ARD 3 with proxy authentication

  I'd like to use Unix commands to update Apple software through ARD thus allowing me to lock the computer screen before the process using the ARD command to do so, thus keeping the users from interfering with the process .
  Our network utilizes password protected firewall proxy that hangs ARD when using the softwareupdate command through ARD's "Send Unix Command..." at the point in which it would ask for authentication if using the same command in the terminal.
  Is there a Unix/terminal script or a series of script commands that could be modified to wait and enter the appropriate authentication at the previous mentioned prompt?
  I've researched this topic on this forum and discover a few post that states it is not possible but they are fairly old posts so I am hoping ARD 3 has some scripts or commands that can pass thru a username and password

  Welcome,
  I use the "System Events" handler, e.g.:
            tell application "System Events" to delay 5.5
            tell application "System Events" to keystroke "K"
            tell application "System Events" to delay 0.5
            tell application "System Events" to keystroke return
  Regards,
  Shawn

• Intel Mac OS X can't connect using 802.1x with TTLS authentication

  To login at the wireless network on my school I use the following settings:
  802.1x connection with TTLS authentication and TTLS inner authentication set to PAP.
  My MacBook Pro logs in, but has a self assigned ip-address and I can't use the network.
  On my old iBook and my friend's Powerbook with exact the same settings it works perfect. (and gets an assigned ip-address throug DHCP.
  Bug in the Intel version of Mac OS X I guess?

  Regarding the post about other intel macs being unaffected, I don't have an imac so I don't know for sure, but the connectivity problems seem to be more widely reported for the macbooks. It's certainly possible they are affected as well, but I was under the impression they were using a different chipset and/or firmware. (note to self, check on that).
  What I cant understand is why they have changed the
  airport express card for the intel macs, albeit the
  processor has changed but that shouldn't affect the
  card as that should be processor
  The intel macs were largely designed by intel. I suspect that apple provided case dimensions and a specifications list which intel then used for the designs. The wireless cards in the powerbooks were based (iirc) on a pc-card bus. The older airports were based on PCMCIA-16.
  In the macbooks, it appears to be a mini-PCI-express. (I had to send my back for noise issues. ASP might tell you what bus it connects to). The benefit to this is better speed and the possibility of future expansion. Dell uses the same connector.
  Some side-benefits of having the board designed by intel (or with heavy intel involvement) is that we can already dual-boot windows XP. Wireless seems to work fine if you run windows on the macbook. Therefore, I think this is a driver issue likely to be resolved sooner rather than later.

• Autoscaling Application block for Azure worker role console app not working. Get error as The HTTP request was forbidden with client authentication

  I have written a console application to test the WASABi(AutoScaling Application Block) for my worker role running in azure. The worker role processes the messages in the queue and I want to scale-up based on the queue length. I have configured and set the
  constraints and reactive rules properly. I get the following error when I run this application.
  [BEGIN DATA]{}
      DateTime=2013-12-11T21:30:02.5731267Z
  Autoscaling General Verbose: 1002 : Rule match.
  [BEGIN DATA]{"EvaluationId":"4f9f7cb0-fc0d-4276-826f-b6a5f3ea6801","MatchingRules":[{"RuleName":"default","RuleDescription":"The default constraint rule","Targets":["AutoscalingWebRole","AutoscalingWorkerRole"]},{"RuleName":"ScaleUpOnHighWebRole","RuleDescription":"Scale
  up the web role","Targets":[]},{"RuleName":"ScaleDownOnLowWebRole","RuleDescription":"Scale down the web role","Targets":[]},{"RuleName":"ScaleUpOnHighWorkerRole","RuleDescription":"Scale
  up the worker role","Targets":[]},{"RuleName":"ScaleDownOnLowWorkerRole","RuleDescription":"Scale down the worker role","Targets":[]},{"RuleName":"ScaleUpOnQueueMessages","RuleDescription":"Scale
  up the web role","Targets":[]},{"RuleName":"ScaleDownOnQueueMessages","RuleDescription":"Scale down the web role","Targets":[]}]}
      DateTime=2013-12-11T21:31:03.7516260Z
  Autoscaling General Warning: 1004 : Undefined target.
  [BEGIN DATA]{"EvaluationId":"4f9f7cb0-fc0d-4276-826f-b6a5f3ea6801","TargetName":"AutoscalingWebRole"}
      DateTime=2013-12-11T21:31:03.7516260Z
  Autoscaling Updates Verbose: 3001 : The current deployment configuration for a hosted service is about to be checked to determine if a change is required (for role scaling or changes to settings).
  [BEGIN DATA]{"EvaluationId":"4f9f7cb0-fc0d-4276-826f-b6a5f3ea6801","HostedServiceDetails":{"Subscription":"psicloud","HostedService":"rmsazure","DeploymentSlot":"Staging"},"ScaleRequests":{"AutoscalingWorkerRole":{"Min":1,"Max":2,"AbsoluteDelta":0,"RelativeDelta":0,"MatchingRules":"default"}},"SettingChangeRequests":{}}
      DateTime=2013-12-11T21:31:03.7516260Z
  Autoscaling Updates Error: 3010 : Microsoft.Practices.EnterpriseLibrary.WindowsAzure.Autoscaling.ServiceManagement.ServiceManagementClientException: The service configuration could not be retrieved from Windows Azure for hosted service with DNS prefix 'rmsazure'
  in subscription id 'af1e96ad-43aa-4d05-b3f1-0c9d752e6cbb' and deployment slot 'Staging'. ---> System.ServiceModel.Security.MessageSecurityException: The HTTP request was forbidden with client authentication scheme 'Anonymous'. ---> System.Net.WebException:
  The remote server returned an error: (403) Forbidden.
     at System.Net.HttpWebRequest.GetResponse()
     at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
     --- End of inner exception stack trace ---
  Server stack trace: 
     at System.ServiceModel.Channels.HttpChannelUtilities.ValidateAuthentication(HttpWebRequest request, HttpWebResponse response, WebException responseException, HttpChannelFactory`1 factory)
     at System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyResponse(HttpWebRequest request, HttpWebResponse response, HttpChannelFactory`1 factory, WebException responseException, ChannelBinding channelBinding)
     at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
     at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
     at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
     at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
     at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs)
     at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
     at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
  If anyone know why I am getting this anonymous access violation error. My webrole is secured site but worker role not.
  I appreciate any help.
  Thanks,
  ravi
    

  Hello,
  >>: The service configuration could not be retrieved from Windows Azure for hosted service with DNS prefix 'rmsazure' in subscription id **************
  Base on error message, I guess your azure service didn't get your certificate and other instances didn't have certificate to auto scale. Please check your upload the certificate on your portal management. Also, you could refer to same thread via link(
  http://stackoverflow.com/questions/12843401/azure-autoscaling-block-cannot-find-certificate ).
  Hope it helps.
  Any question or result, please let me know.
  Thanks
  Regards,
  Will 
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• HTTPS with Client Authentication in SOAP sender Adapter

  Hi All,
  In SOAP Sender communication channel. When I generate WSDL with “HTTP Security Level = HTTP:” it works when third party tries to send data to XIwebservice.
  But when I tried with “HTTPS with Client Authentication” option its giving error
  “InfoPath either cannot connect to the data source, the service has timed out, or the server has an invalid certificate.”
  Please guide how to use “HTTPS with Client Authentication” option, and what all configuration need to apply in XI & in third party to use this.
  Regards

  Rohan,
  With spy you can trace the entire route, since you are using client authentication using certificate, it would be a better option to verify with the certificate.
  You also have the option of using a username/pwd combo though that is not advocated as it lowers security levels and is permeable to passive sniffing.
  So the answer to your question is yes, after importing the certificate with sender and third party reciever a test would reveal the complete scenario along with any issues that you could encounter..
  Regards
  Ravi Raman

• Can Actions Menu of Interactive Reports work with Custom Authentication?

  My testing is leading my to believe that Actions Menu do not work with Custom Authentication (but only work with APEX Authentication) in APEX 3.1.2? If that's true then is there a work around to this?
  Just to clarify, I've posted/asked this question twice before:
  1) Re: Actions Menu in Interactive Reports does not sort, filter, select cols etc
  2) Interactive Report actions don't work for users (i.e. for non-developers)
  But I've come to believe this is the main problem. I just don't know how to resolve/work around this?
  Thanks for any help.

  I haven't setup a sample because my custom authentication is using LDAP authentication. I'm not sure how I can replicate that on the samples server?
  I'm using LDAP authentication with a Page Sentry function. My further testing reveals that the Page Sentry function is setting the APEX variable user to NULL (ie blank) whenever there's any code in the Page Sentry function box. PL/SQL code as simple as
  BEGIN return TRUE; END;
  in the Page Sentry function box sets the "user" is set to <null>. When the Page sentry function box is left empty (no code specified) it sets the "user" properly after authentication against the specified LDAP directory.
  What all this has to do with Interactive Reports...
  It seems like when the user is NULL it messes-up Interactive Reports that are stored in the flows database. Although it shows the default report properly, but no runtime interactive actions (filtering, sorting, column break, etc.) work.
  Can someone please correct or confirm this?
  Thanks.

• 802.1x with AD authentication in a wired environment

  Hello,
  I have a question about 802.1x authentication. I want use a combination from 802.1x and a domain authentication on a AD from microsoft. I think the first login request is the domain login, but the port on the switch is always blocked. After the PC is already up, then I can login with 802.1x authentication. Please let me know what is the best solution for this scenario. The customer need a domain login and he want use the 802.1x authentication.
  Give it a solution with only 1 login request???
  thanks
  Jens

  You can enable Machine Authentication with Windows 2000/XP/2003 clients. For this to work you need to use either PEAP or EAP-TLS. PEAP requires only a certifacate on the RADIUS Server. EAP-TLS requires a client certificate installed in the machine store on the 2000/XP/2003 client. With Machine Authentication the switchport authenticates the PC using 802.1x prior to user logon.
  You can push certificates down to Machines & Users via Active Directory Group Policy (you can't push user certificates down with a 2000 AD or 2000 Clients). You need to also enable Remote Access privileges for Machines as well.
  http://support.microsoft.com/kb/318750/EN-US/
  http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/ed80211.mspx
  I have this deployed in a test environment at the moment using Microsoft IAS (Radius). Due to the way the IAS policies are created you need to plan things out carefully. Each switch has to be added individually to the IAS Server so it can look ugly (no more so than a DHCP server though).
  HTH
  Andy

• Why do you need to enable http communication with Basic authentication with Exchange Admin IP?

  The pre-reqs for the Exchange Admin IP say you have to make a few changes on your Exchange server (2010 on prem in my case). I have a few questions about those pre-reqs and I'm not able to find documentation online to help:
  Why does http communication with basic authentication for the powershell virtual directory in IIS need to be enabled? In the IP you still specify to connect over an SSL connection. The concern is what is being sent over unencrypted and what impacts are
  there to the security of the Exchange server.
  What role does the IP connect to (MBX/CAS/HT)? I'm not an Exchange guy so I don't know which roles install the PowerShell virtual directory.
  Are there any technet pages or white papers that talk about the MS developed IPs in any more detail than basic config?
  I appreciate any help anyone can offer. Thanks!
  -Raj

  Yeah I find this perplexing as well. I'm guessing it has something to do with Opalis origins perhaps.
  Would be good to understand why.