R12 External Access

Similar Messages

• Allow the external access to the query massage for WEBI in BO 4.0 ,

  Hi ,
  I created the BEX query and in query properties I checked " Allow External access to this query" and saved the query
  but this check box  option  " Allow External access to this query"  is not saving .
  is there any note need to be implimented for this problem.
  I created the the connection using the information design tool.
  I'm trying to create the Webi using BICS connection form BEX query through Web intellengence rich client
  it is giving the message like "it is not possible to use this Bex query as source for Web intellengence reports. Ask your administrator to edit this query so that it can be used by
  web intellengence and enable the query propery" Allow External access to this query.
  we are using BI - 7.35 support pack  4  and BO - 4.0 SP2
  Did any one has faced this issue, Could you please send your comments
  Regards
  JV
  Edited by: Jennie Juvvanapudi on Oct 13, 2011 3:43 AM

  Upgrade your SAP GUI to 720 and there will be a updated patch at service market place for GUI 720 which will resolve this issue.
  When we faced same issue we had upgraded and our system currently shows
  SAP GUI Release: 720 Final Release
  File Version: 7200.3.7.1066
  Build:            1257409
  Patch Level: 7
  Thanks,
  Suresh

• Lync 2013 mobility and external access not working

  Hi all.
  I installed and configured Lync Server 2013 Front End and Lync Server 2013 Edge on Windows Server 2012 R2.
  Internal lync clients (not mobile) can successfully connect to server and everything works fine for them. External users can connect only with manual configuration of address of external lync server in lync client, autodiscovery doesn't work.
  I also installed and configured IIS ARR Reverse Proxy on Windows Server 2012 R2 using this article -
  http://blogs.technet.com/b/nexthop/archive/2013/02/19/using-iis-arr-as-a-reverse-proxy-for-lync-server-2013.aspx. But it doesn't work too. When I try to connect I get 'Unable to connect to the server. Check your network connection or the server address and
  try again'.
  I configured dns records in the external dns zone.
  For Edge:
  sip.extdomain.ru – IP1
  lyncwebconf.extdomain.ru – IP2
  lyncav.extdomain.ru – IP3
  For Reverse Proxy:
  lyncdialin.extdomain.ru - IP4
  lyncmeet.extdomain.ru - IP4
  lyncextweb.extdomain.ru - IP4
  lyncdiscover.extdomain.ru - IP4
  I issued all needed certificates by the internal CA and added following alternative names.
  For FE certificate:
  sip.cherry.loc
  lync.cherry.loc
  dialin.cherry.loc
  meet.cherry.loc
  admin.cherry.loc
  lyncdiscoverinternal.cherry.loc
  lyncdiscover.cherry.loc
  lyncdialin.extdomain.ru
  lyncmeet.extdomain.ru
  lyncextweb.extdomain.ru
  lyncdiscover.extdomain.ru
  For Edge external and Reverse Proxy:
  lyncav.extdomain.ru
  sip.extdomain.ru
  lyncwebconf.extdomain.ru
  lyncdialin.extdomain.ru
  lyncmeet.extdomain.ru
  lyncextweb.extdomain.ru
  lyncdiscover.extdomain.ru
  cherry.loc
  The root certificate of internal CA installed on all servers and client devices.
  Using Wireshark I see that Reverse Proxy communicating with FE on port 4443.
  Here is an excerpt from mobile client log.
  GET https://lyncdiscover.extdomain.ru/?sipuri=sip:[email protected]
  Request Id: 0x6f54648
  HttpHeader:Cache-Control no-cache
  HttpHeader:Content-Length 1006
  HttpHeader:Content-Type application/vnd.microsoft.rtc.autodiscover+xml; v=1
  HttpHeader:Date Mon, 22 Sep 2014 11:17:45 GMT
  HttpHeader:Expires -1
  HttpHeader:Pragma no-cache
  HttpHeader:Server Microsoft-IIS/8.5
  HttpHeader:StatusCode 200
  HttpHeader:X-AspNet-Version 4.0.30319
  HttpHeader:X-Content-Type-Options nosniff
  HttpHeader:X-MS-Server-Fqdn lync.cherry.loc
  HttpHeader:X-Powered-By ASP.NET, ARR/2.5
  Ôªø<?xml version="1.0" encoding="utf-8"?><AutodiscoverResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-
  instance" AccessLocation="External"><Root><Link token="Domain" href="https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/domain?originalDomain=extdomain.ru" /><Link token="User" href="https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru" 
  /><Link token="Self" href="https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root?originalDomain=extdomain.ru" /><Link token="OAuth"
  href="https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/oauth/user?originalDomain=extdomain.ru" /><Link token="External/XFrame" href="https://lync.cherry.loc/Autodiscover/XFrame/XFrame.html" /><Link
  token="Internal/XFrame" href="https://lync.cherry.loc/Autodiscover/XFrame/XFrame.html" 
  /><Link token="XFrame" href="https://lync.cherry.loc/Autodiscover/XFrame/XFrame.html" /></Root></AutodiscoverResponse>
  </ReceivedResponse>
  2014-09-22 15:17:53.041 Lync[299:715a000] INFO TRANSPORT CUcwaAutoDiscoveryResponse.cpp/119:location value is external
  2014-09-22 15:17:53.042 Lync[299:715a000] INFO TRANSPORT CUcwaAutoDiscoveryResponse.cpp/195:User url is
  https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru
  2014-09-22 15:17:53.042 Lync[299:715a000] INFO TRANSPORT CHttpRequestProcessor.cpp/266:Sending event to main thread for request(0x6f54648)
  2014-09-22 15:17:53.042 Lync[299:3c2a218c] INFO APPLICATION CTransportRequestRetrialQueue.cpp/822:Req. completed, Stopping timer.
  2014-09-22 15:17:53.043 Lync[299:3c2a218c] INFO APPLICATION CUcwaAutoDiscoveryGetUserUrlOperation.cpp/290:Received a root response
  2014-09-22 15:17:53.043 Lync[299:3c2a218c] INFO APPLICATION CUcwaAutoDiscoveryGetUserUrlOperation.cpp/224:UcwaAutoDiscoveryGetUserUrlOperation completed with
  url = https://lyncdiscover.extdomain.ru/?sipuri=sip:[email protected], userUrl = https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru, status = S_OK (S0-0-0)
  2014-09-22 15:17:53.043 Lync[299:3c2a218c] INFO APPLICATION CTransportRequestRetrialQueue.cpp/725:Response received for req. GET-UnAuthenticatedGet(0x6f54648): S_OK (S0-0-0) (Success); Done with req.; Stopping resend timer
  2014-09-22 15:17:53.044 Lync[299:3c2a218c] INFO TRANSPORT CCredentialManager.cpp/176:getSpecificCredential for serviceId(1) returning: credType (1) signInName ([email protected]) domain (cherry) username (user) password.empty() (0) certificate.isValid() (0)
  privateKey.empty() (1) compatibleServiceIds(1)
  2014-09-22 15:17:53.044 Lync[299:3c2a218c] INFO TRANSPORT CMetaDataManager.cpp/403:Received a request to get the meta data of type 0 for url
  https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru
  2014-09-22 15:17:53.044 Lync[299:3c2a218c] INFO TRANSPORT CMetaDataManager.cpp/458:Sending Unauthenticated get to get the web-ticket url
  2014-09-22 15:17:53.044 Lync[299:3c2a218c] INFO TRANSPORT CTransportThread.cpp/135:Added Request() to Request Processor queue
  2014-09-22 15:17:53.045 Lync[299:3c2a218c] INFO TRANSPORT CAuthenticationResolver.cpp/109:Waiting on Meta Data from https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru
  2014-09-22 15:17:53.045 Lync[299:659a000] INFO TRANSPORT CTransportThread.cpp/347:Sent Request() to Request Processor
  2014-09-22 15:17:53.045 Lync[299:3c2a218c] INFO APPLICATION CTransportRequestRetrialQueue.cpp/385:Submitting new req. GET-AuthenticatedUserGetRequest(0x6e83da8)
  2014-09-22 15:17:53.045 Lync[299:659a000] WARNING TRANSPORT CCredentialManager.cpp/317:CCredentialManager::getSpecificCredential returning NULL credential
  for serviceId (4) type (1)!
  2014-09-22 15:17:53.046 Lync[299:3c2a218c] INFO APPLICATION CUcwaAutoDiscoveryService.cpp/1263:Submitting Authenticated AutoDiscovery request to
  https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru
  2014-09-22 15:17:53.046 Lync[299:659a000] INFO TRANSPORT TransportUtilityFunctions.cpp/689:<SentRequest>
  GET https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru
  Request Id: 0x133b6a8
  HttpHeader:Accept
  </SentRequest>
  2014-09-22 15:17:53.046 Lync[299:659a000] INFO UTILITIES CHttpStreamPool.cpp/399:Allocating stream 0x6e73850 for url - https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user with persistent id as 16
  2014-09-22 15:17:53.047 Lync[299:659a000] VERBOSE TRANSPORT CHttpProxyHelper.cpp/435:CHttpProxyHelper::discoverProxy : No proxy found for url 
  https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru. Sending over direct connection.
  2014-09-22 15:17:53.050 Lync[299:659a000] ERROR TRANSPORT CHttpConnection.cpp/1029:Request Type = 0x%u0x6e743a0 Error domain = kCFErrorDomainCFNetwork code = 0x2 ErrorDescription = The operation couldn’t be completed. (kCFErrorDomainCFNetwork error 2.) ErrorFailureReason
  = ErrorRecoverySuggestion =  
  2014-09-22 15:17:53.050 Lync[299:659a000] ERROR UTILITIES CHttpConnection.cpp/958:GetAddrInfo returned error 0x8
  2014-09-22 15:17:53.050 Lync[299:659a000] INFO UTILITIES CHttpStreamPool.cpp/467:Releasing stream 0x6e73850.
  2014-09-22 15:17:53.050 Lync[299:659a000] INFO UTILITIES CHttpStreamPool.cpp/599:Releasing stream 0x6e73850.
  2014-09-22 15:17:53.051 Lync[299:659a000] INFO TRANSPORT CHttpRequestProcessor.cpp/173:Received response of request() with status = 0x22020001
  2014-09-22 15:17:53.051 Lync[299:659a000] INFO TRANSPORT CHttpRequestProcessor.cpp/201:Request resulted in E_ConnectionError (E2-2-1). The retry counter is: 0
  2014-09-22 15:17:53.051 Lync[299:659a000] WARNING TRANSPORT CCredentialManager.cpp/317:CCredentialManager::getSpecificCredential returning NULL credential
  for serviceId (4) type (1)!
  2014-09-22 15:17:53.052 Lync[299:659a000] INFO TRANSPORT TransportUtilityFunctions.cpp/689:<SentRequest>
  GET https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru
  Request Id: 0x133b6a8
  HttpHeader:Accept
  </SentRequest>
  2014-09-22 15:17:53.052 Lync[299:659a000] INFO UTILITIES CHttpStreamPool.cpp/399:Allocating stream 0x14102a0 for url - https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user with persistent id as 16
  2014-09-22 15:17:53.053 Lync[299:659a000] VERBOSE TRANSPORT CHttpProxyHelper.cpp/435:CHttpProxyHelper::discoverProxy : No proxy found for url
  https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru. Sending over direct connection.
  2014-09-22 15:17:53.056 Lync[299:659a000] ERROR TRANSPORT CHttpConnection.cpp/1029:Request Type = 0x%u0x14080f0 Error domain = kCFErrorDomainCFNetwork code =
  0x2 ErrorDescription = The operation couldn’t be completed. (kCFErrorDomainCFNetwork error 2.) ErrorFailureReason = ErrorRecoverySuggestion =
  2014-09-22 15:17:53.056 Lync[299:659a000] ERROR UTILITIES CHttpConnection.cpp/958:GetAddrInfo returned error 0x8
  2014-09-22 15:17:53.056 Lync[299:659a000] INFO UTILITIES CHttpStreamPool.cpp/467:Releasing stream 0x14102a0.
  2014-09-22 15:17:53.056 Lync[299:659a000] INFO UTILITIES CHttpStreamPool.cpp/599:Releasing stream 0x14102a0.
  2014-09-22 15:17:53.057 Lync[299:659a000] INFO TRANSPORT CHttpRequestProcessor.cpp/173:Received response of request() with status = 0x22020001
  2014-09-22 15:17:53.057 Lync[299:659a000] INFO TRANSPORT CHttpRequestProcessor.cpp/201:Request resulted in E_ConnectionError (E2-2-1). The retry counter is: 1
  2014-09-22 15:17:53.057 Lync[299:659a000] INFO TRANSPORT CHttpRequestProcessor.cpp/266:Sending event to main thread for request(0x133b6a8)
  2014-09-22 15:17:53.058 Lync[299:3c2a218c] INFO TRANSPORT CMetaDataManager.cpp/572:Received response for meta data request of type 60 with status 570556417
  2014-09-22 15:17:53.058 Lync[299:3c2a218c] ERROR TRANSPORT CMetaDataManager.cpp/588:Unable to get a response to an unauthenticated get to url
  https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru
  2014-09-22 15:17:53.059 Lync[299:3c2a218c] INFO TRANSPORT CAuthenticationResolver.cpp/208:MetaData retrieval for url https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru completed with status 570556417
  2014-09-22 15:17:53.059 Lync[299:3c2a218c] INFO TRANSPORT CAuthenticationResolver.cpp/238:Deleting 1 pended Meta data requests for url
  https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru
  2014-09-22 15:17:53.059 Lync[299:3c2a218c] ERROR TRANSPORT CAuthenticationResolver.cpp/334:Unable to get the meta data for server url
  https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru
  2014-09-22 15:17:53.059 Lync[299:3c2a218c] INFO TRANSPORT CAuthenticationResolver.cpp/337:Failing request to the request manager
  2014-09-22 15:17:53.060 Lync[299:3c2a218c] INFO TRANSPORT CRequestManager.cpp/284:Failing secure request UcwaAutoDiscoveryRequest with status E_ConnectionError (E2-2-1)
  2014-09-22 15:17:53.060 Lync[299:3c2a218c] INFO APPLICATION CTransportRequestRetrialQueue.cpp/822:Req. completed, Stopping timer.
  2014-09-22 15:17:53.060 Lync[299:3c2a218c] INFO APPLICATION CUcwaAutoDiscoveryService.cpp/1358:Received autodiscovery response with status E_ConnectionError (E2-2-1)
  2014-09-22 15:17:53.060 Lync[299:3c2a218c] INFO APPLICATION CUcwaAutoDiscoveryService.cpp/1316:Raising Autodiscovery event with status E_ConnectionError (E2-2-1) for eventType 0
  2014-09-22 15:17:53.061 Lync[299:3c2a218c] INFO APPLICATION CUcwaAutoDiscoveryServiceRetrialWrapper.cpp/417:Received event for type 0 with status E_ConnectionError (E2-2-1)
  2014-09-22 15:17:53.061 Lync[299:3c2a218c] INFO APPLICATION CUcwaAutoDiscoveryServiceRetrialWrapper.cpp/539:Autodiscovery scheduled retrial timer. Timer 0.000000 seconds
  2014-09-22 15:17:53.061 Lync[299:3c2a218c] INFO APPLICATION CAlertReporter.cpp/64:Alert received! Category 1, Type 201, level 0, error E_ConnectionError (E2-2-1), context '', hasAction=false
  2014-09-22 15:17:53.061 Lync[299:3c2a218c] INFO APPLICATION CAlertReporter.cpp/117:Alert cleared of Category 1, Type 201, cleared 0 alerts
  2014-09-22 15:17:53.062 Lync[299:3c2a218c] INFO APPLICATION CTransportRequestRetrialQueue.cpp/725:Response received for req. GET-AuthenticatedUserGetRequest (0x6e83da8): E_ConnectionError (E2-2-1) (RemoteNetworkTemporaryError); Done with req.; Stopping resend
  timer
  2014-09-22 15:17:53.062 Lync[299:3c2a218c] INFO UI CMAlertViewController.mm/87:ObservableListItem Added event received
  2014-09-22 15:17:53.062 Lync[299:3c2a218c] INFO UI CMAlertViewController.mm/97:showalert is 1
  2014-09-22 15:17:53.063 Lync[299:3c2a218c] INFO UI CMConversationCommon.mm/43:not signed in
  2014-09-22 15:17:53.063 Lync[299:3c2a218c] INFO UI CMConversationCommon.mm/43:not signed in
  2014-09-22 15:17:53.063 Lync[299:3c2a218c] INFO UI CMConversationCommon.mm/43:not signed in
  2014-09-22 15:17:53.063 Lync[299:3c2a218c] INFO UI CMConversationCommon.mm/43:not signed in
  2014-09-22 15:17:53.063 Lync[299:3c2a218c] INFO UI CMConversationCommon.mm/43:not signed in
  2014-09-22 15:17:53.064 Lync[299:3c2a218c] INFO UI CMNotificationManager.mm/697:desired view is alert, size 1
  2014-09-22 15:17:53.064 Lync[299:3c2a218c] INFO UI CMNotificationManager.mm/737:adding the desired view
  2014-09-22 15:17:53.065 Lync[299:3c2a218c] INFO UI CMNotificationManager.mm/472:reposition floating views
  2014-09-22 15:17:53.065 Lync[299:3c2a218c] INFO UI CMAlertViewController.mm/104:showalert is 1
  2014-09-22 15:17:53.065 Lync[299:3c2a218c] INFO UI CMAlertViewController.mm/108:showalert is 0
  2014-09-22 15:17:53.066 Lync[299:3c2a218c] INFO UI CMUIUtil.mm/410:Mapping error code = 0x22020001, context = , type = 201
  2014-09-22 15:17:53.066 Lync[299:3c2a218c] INFO UI CMUIUtil.mm/1708:Mapped error message is 'Unable to connect to the server. Check your network connection or the server address and try again. 

  Result of Lync Connectivity Analyzer.
  External Auto discover service : https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root
  Starting Lync server autodiscovery
  Please wait; this test may take several minutes to complete...
  Starting automatic discovery for secure (HTTPS) internal channel
  lyncdiscoverinternal.extdomain.ru can't be resolved by the DNS server. Skipping internal discovery.
  Starting automatic discovery for secure (HTTPS) external channel
  Server discovery has completed for https://lyncdiscover.extdomain.ru/.
  Automatic discovery results for https://lyncdiscover.extdomain.ru/
  Access Location : Internal
  SIP Server Internal Access : lync.cherry.loc
  SIP Server External Access : sip.extdomain.ru
  SIP Client Internal Access : lync.cherry.loc
  SIP Client External Access : sip.extdomain.ru
  Internal Auth broker service : https://lync.cherry.loc/Reach/sip.svc
  External Auth broker service : https://lync.cherry.loc/Reach/sip.svc
  Internal Auto discover service : https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root
  External Auto discover service : https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root
  Internal MCX service : https://lync.cherry.loc/Mcx/McxService.svc
  External MCX service : https://lync.cherry.loc/Mcx/McxService.svc
  Internal UCWA service : https://lync.cherry.loc/ucwa/v1/applications
  External UCWA service : https://lync.cherry.loc/ucwa/v1/applications
  Internal Webscheduler service : https://lync.cherry.loc/Scheduler
  External Webscheduler service : https://lync.cherry.loc/Scheduler
  Total server discovery time: 5,0 seconds
  Server discovery succeeded for secure (HTTPS) external channel against URL https://lyncdiscover.extdomain.ru/
  Starting automatic discovery for unsecure (HTTP) external channel
  Couldn't connect to URL http://lyncdiscover.extdomain.ru/[email protected] (HTTP status code NotAcceptable)
  Server discovery failed for unsecured external channel against http://lyncdiscover.extdomain.ru/
  Starting the requirement tests for Lync Mobile 2013 App
  Please wait; this test may take several minutes to complete...
  Testing the app requirements using the following discovery response:
  Access Location : Internal
  SIP Server Internal Access : lync.cherry.loc
  SIP Server External Access : sip.extdomain.ru
  SIP Client Internal Access : lync.cherry.loc
  SIP Client External Access : sip.extdomain.ru
  Internal Auth broker service : https://lync.cherry.loc/Reach/sip.svc
  External Auth broker service : https://lync.cherry.loc/Reach/sip.svc
  Internal Auto discover service : https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root
  Internal MCX service : https://lync.cherry.loc/Mcx/McxService.svc
  External MCX service : https://lync.cherry.loc/Mcx/McxService.svc
  Internal UCWA service : https://lync.cherry.loc/ucwa/v1/applications
  External UCWA service : https://lync.cherry.loc/ucwa/v1/applications
  Internal Webscheduler service : https://lync.cherry.loc/Scheduler
  External Webscheduler service : https://lync.cherry.loc/Scheduler
  Starting tests for Mobility (UCWA) service
  Verifying internal Ucwa service: https://lync.cherry.loc/ucwa/v1/applications
  Successfully created the UCWA service
  Completed tests for Mobility (UCWA) service
  Verification failed for Mobility (UCWA) service. The service could not be reached from an external network.
  Select All results above for more information about the failures. Detailed information can also be found in the log file.
  Your deployment meets the minimum requirements for Lync Mobile 2013 App.

• No external access. Lion Server 10.7

  Hi All,
  I have Lion Server 10.7 running on a quad core mac server. Everything is working internally and I can access all the services etc. I have purchased a ssl certificate for the server. With all the correct port forwards in place (using a pfsense router) I can not get any external access to work no matter what I do. I have other servers behind this router and they all work. It seems to be just a OSX thing. Any ideas or has this been seen before. I tried to search for it but couldn't find anything similar.
  Cheers
  Ryan

  Now I feel like a reall idiot! I was looking through the httpd.conf and trying all the complicated solutions... I figured as I had never run into this before it couldn't be. But the more I thought about it the more i realised I haven't actually run a web server here, plenty of others but not http.. Thanks so much!!
  All working now

• Source system set up for internal / external access

  Hi all.
  We have an EP 6.0 (NW04 SP16) system delivering BW data from a back-end BW 3.1/3.2 system.  We are using BW Report iViews to deliver all reports to external and internal users.  I am having a very specific problem when setting up the source system for the BW system.
  The BW Report iView object uses the WAS hostname parameter(found under: System Administration -> System Configuration -> Systems -> BWSourceSystem -> Open ->Object -> "Web Application Server (WAS)") when retrieving the back-end BW report. 
  When this parameter is set using an internal host id (internal_host.company.com) internal users can access the report in question, but external users can't.  Alternatively, when this parameter is set using an external host id (ie. the host of our DMZ proxy server) external users can access the report, but internal users can't.
  I need to find a way to use one hostname for this parameter that will work for both internal and external users.  I have worked with the HTTPURLLOC table and this solution works great for URL iViews, but not for BW Report iViews.  Does anyone have any suggestions?  Thanks!

  Hi Shashi.
  We did find a solution using web dispatcher.  We actually installed two instances of web dispatcher... one in our DMZ for external access and another one our corporate LAN.  The web dispatchers are configured identically and the EP instance knows only one hostname:
  name.company.com
  The port passed to the URL https://name.company.com:port is what tells web dispatcher what to do with the request (ie. pass the request to EP, BW, ECC, R/3, etc.).
  Be aware that EP allows for only one hostname for Source System Setup - my name.company.com in my example above -(this is the EP Web Application Server hostname (WAS) parameter found under System Admin - System Config - Systems) - so you may need to do something like we did:
  register name.company.com on the internet as a public address and use that DNS mapping for external users (using your DMZ version of webdispatcher).  Subsequently, use internal DNS or host name mapping to register an internal private addresss for name.company.com (using your LAN version of web dispatcher).  this will allow both internal / external users access to the portal and other SAP back-end systems.
  It may sound a bit kludgy, but believe me - we tried everything to make this work.  I took this all of the way to SAP and this was the recommendation SAP made for allowing both internal and external users access to portal and BW data.
  Hope this helps!

• ADFS external access

   Hi,
   here is a quick question.
   I am in the process of  installing ADFS on production. I am wondering about external access i.e. I will get a third party certificate
   but the server is in my domain and only with one nic with a private ip address. I have not found any documents on how  external  traffic is contolled   or managed to the ADFD server. Should I use NAT. I must be missing something.
  pls adv,
  Erró

  Erro,
  The piece you're missing is the Web Application Proxy (in 2012 R2) known as the ADFS Proxy in previous versions of ADFS. This is a server that sits in your DMZ and sends requests on to the ADFS server inside the network. Since you don't seem to be in
  product yet may I suggest running 2012 R2. Here's why:  WAP supersedes the ADFS Proxy server.  When you want to upgrade your ADFS environment and you have an ADFS proxy server, you can't use it anymore.  You'd be forced at that time to go to
  WAP.  Just food for thought.  Here's more on each subject, and since you're now pointed in the right direction I'm sure a quick Bing will render the information to fill the gaps.
  Web Application Proxy -
  http://technet.microsoft.com/en-us/library/dn383650.aspx
  ADFS Proxy server -
  http://blogs.technet.com/b/askds/archive/2012/01/05/understanding-the-ad-fs-2-0-proxy.aspx
  http://blogs.technet.com/b/askds/archive/2012/01/05/understanding-the-ad-fs-2-0-proxy.aspx
  Hope this helps.

• How to setup external access in VM?

  We need to setup a Microsoft VM and allow external access without using my company VPN as we need to test the web services integration with other vendors. could you please help how to setup external access? Thanks

  Hi Wilson,
  As a prerequisite , that VM need to access the gateway .
  It means that you need to
  create an external virtual switch then connect that VM to external virtual switch then allocate a LAN IP for VM .
  http://technet.microsoft.com/en-us/library/jj647786.aspx
  After this you may think of this VM as a physical machine in your LAN then do what you need .
  Best Regards
  Elton Ji
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Best practises regarding Internal and External access to SIM

  Currently we have two separate Active Directories one internal and one in the DMZ and plan to have one SIM on an segmented network allowing access for our internal users directly to SIM UI and external users thru portlets that talks to SIM.
  The external AD hosts some internal users that also needs access to the DMZ applications so we can save efforts in managing to separate SIM environments in development, tests, upgrades, unique UID etc...
  What are the best practices on the market is this a preferred choice with only one SIM or with one SIM internally and one SIM in DMZ hosting suppliers, customers etc?
  With a single SIM environment are you allowing internal users accessing SIM from Internet to change internal AD password or have you restricted the functionality in some way for internal users accessing SIM from internet?
  How about challenge response questions are you allowing users to have the same both internally and externally or setup different for different user interfaces?
  Anyone willing to share how your environment is setup for internal and external access?

  Yes for handling the access to the SIM we probably need to look into some kind of access management solution to get it to work in a secure way.
  The question is a bit complex with many different factors controlling the outcome of the SIM implementation, but I hope to get some idées with this thread of how we can solve it.
  The question still remains if its common to have one or to SIM's and what internal users is allowed to do in SIM from Internet.
  Ex are internal users allowed to change their password in internal Active Directory thru SIM from Internet or what have others done to limit the functionality?

• Configuring BO Mobile with external access

  Hi Experts,
  I am trying to configure Business Objects Mobile in my company server (windows 2008) with an external access to it. I have two servers - master and client (hyper V). I installed BOBJI 4.0 server and BOXI client on master server and planning to have mobile server on hyper V. I have gone through the SAP documents on installation and deployment but confused on installing and configuring mobile server and accessibility both internally (wireless router) and externally (outside company network)
  1) Is it a better practice to have mobile sever on hyper v?
  2) Should i create a proxy server for the process? If on which one should be - master or client?
  If anybody has done similar to this, can they share any documentation or best practices followed?
  Appreciate your earliest help.
  regards,
  Arun

  Hi Durga,
  in intranet we will have HTTP it is working fine.
  in Internet HTTPS. issue occurs.
  Previously we are using the mobile client version which less than 5.1 Release. we never had any issue with HTTP or HTTPS.
  Today we have upgraded mobile client to 5.1.32. And issue started occurring.
  we are not using any VPN to connect. our web url is enabled in internet to access the reports.
  Note:we have verified the web url in the internet by connecting it from other system which is out of our network. There launchpad/CMS are working fine without having any issue with HTTPS.
  Only issue in Mobile Device.
  Refer the below notes to have some more information.
  http://service.sap.com/sap/support/notes/1658001
  http://service.sap.com/sap/support/notes/1962026

• Lync 2010 Client unable to verify certificate - External access

  we have recently setup Lync 2013 and it is working fine internally.  I am now trying to setup external access. We only require the remote users to be able to use their client externally without VPN.  
  I have setup the edge server with 1 NAT'd public ip address and FQDN option. So the 3 services are using the same IP but different port(as shown below).  
  access access.domain.com port 5061
  webconf access.domain.com port 444
  A/V access.domain.com port 443
  I used our internal CA to issue internal and external certificates and then added the Internal CA as a trusted root CA on the machine with the client trying to connect externally.
  I have published the following records to external dns:
  _sip_tls.domain.com which points to access.domain.com
  access.domain.com points to the public ip on the firewall
  I expected at this point that I would be able to login. Auto configuration times out externally.  If I manually set the external server name to "access.domain.com" and try to sign in it says "there was a problem verifying the certificate
  from the server".  
  the logs on the client says: 
  SECURE_SOCKET: negotiation failed: 80090322, principal name: [access.domain.com]
  Also I can see the traffic going from my external client to the firewall to the edge server.
  I understand that the external certificate on the edge should be through a public CA but we won't be using any of federation options so my internal CA cert should work for logging in through the client?  What am i missing? 
  Let me know if i can provide more info.
  Thanks!

  Happy to help BUT..
  Just keeping with TechNet etiquette.
  we have moved on to a new issue so we really need to see a new question as that way the posts are helpful to the whole community and easy to find based on the question asked
  Some advice given above has assisted in directing you to the root cause, please mark these as helpful, remember that assistance is given voluntarily and every contributor needs recognition
  Please mark posts as answer/helpful if it answers your question.
  Blog -  LyncSorted

• CSA - External Access Policy

  Greetings!
  Guys, I need some help. One of our customers bought the CSA solution in order to protect and narrow Internet access when an employee is out of the office.
  Here is the scenario: If an employee takes one of the company's laptop to his house/hotel/etc and try to access any Internet based service(HTTP, HTTPS, P2P, FTP, Torrent, etc) it is MANDATORY that this person establish a VPN connection, this way all content will be processed by the company's Proxy and Firewall, there isn't split tunnel policy; otherwise all TCP/UDP stream should be BLOCKED.
  I'm using the Roaming - Force VPN(action: Query the User, when: MC unreachable & Ethernet Active and NOT when: MC is reachable) and the Cisco VPN Client Rule Modules; there is no Temporary Allow Web Browser rule enabled. But I need some help with the parameters, what happens is that if the user answer yes(allow) to the Query message and does not have a VPN Connection he still manages to access the internet and that's not acceptable.
  I need to BLOCK ALL UDP/TCP stream at first, ask the user if the VPN is established, check the status of the VPN connection and then, if is tunnel is UP allow access else block everything until the VPN is established.
  Can you guys help me?
  Thanks in advance!
  Att, Daniel Yamashita
  PS: I'm using CSA MC v.5.2.0.263 hot fix(fcs-csamc-hotfix-5.2.0.263-w2k3-k9.zip)

  Greetings "followurself",
  Sorry taking this long to answer but yes, I've managed to deploy the CSA as our customer wanted.
  I've decided to create my own Rule and Policy Modules. I'm not sure if this is what you need but here is a simple sketch:
  CSA-External Access Policies
  [Rule Modules >> Windows Rule Modules]
  -Name: External_Access
  -Operating System: All Windows
  -State Conditions: Apply this rule module only if the following state conditions are met
  \> When: Ethernet Active and Management Center Not Reachable
  \-> Not when: Management Center Reachable
  [Rules]
  (1)Terminate All
  *Type: Network Access Control
  *Action: Priority Terminate Process (take precedence)
  *When ...: Active FTP Client Applications, Active HTTP Client Applications, Active TCP Client Applications, Active UDP Client Applications, Active UDP Server Applications, Active TCP Server Applications, Instant Messenger Applications
  *But not in ...: Cisco VPN Client, Web Browser Applications
  *Attempt to act as a client or server for network services: $Ephemeral Port Ranges, $TCP, $TCP Ephemeral server ports, $UDP, $UDP Ephemeral server ports
  *Communicating with host addresses: $All_But_Private_Local >> Matching: but not: 10.0.0.0-10.255.255.255, 172.16.0.0-172.31.255.255, 192.168.0.0-255.255, @(local)
  *Using these local interfaces:
  (2)Priority_Deny-Everything but http,https to local and VPN Peer
  *Type: Network Access Control
  *Action: Priority Deny (take precedence)
  *When ...: Active TCP Client Applications, Active UDP Client Applications
  *But not in ...: Cisco VPN Client
  *Attempt to act as a client for network services: $FTP Control Channel, $HTTP, $Instant Messenger Protocols, $UDP Ephemeral server ports, $TCP Ephemeral server ports, $FTP Client Data Channel, $Email, $DNS, $ALT-HTTP
  *Communicating with host addresses: $All_But_Private_Local
  *Using these local interfaces:
  (3)Allow Web Browser only to Private Range
  *Type: Network Access Control
  *Action: Priority Allow (take precedence)
  *When ...: Web Browser Timed (custom class, $Web Browser Clients with Remove process from application class after 30 seconds)
  *But not in the following class:
  *Attempt to act as a client for network services: $DNS, $HTTP, $ALT-HTTP
  *Communicating with host addresses: $Only Private Local and VPN Peer IP Addresses >> Matching: 10.0.0.0 10.255.255.255, 172.16.0.0-172.31.255.255, 192.168.0.0-255.255, @(local)
  *Using these local interfaces:
  (4)Warning Message: VPN in NOW
  *Type: Network Access Control
  *Action: Query User(take precedence) | Query Settings: Establish VPN Connection(Allowed actions = Default Action = Logged = Allow)
  *When ...:
  *But not in the following class: Cisco VPN Client, MS Logon Setup Applications, MS winlogon
  *Attempt to act as a client or server for network services: $TCP Ephemeral server ports, $TCP, $UDP, $UDP Ephemeral server ports
  *Communicating with host addresses: $All but 127.0.0.1 >> Matching: but not: 127.0.0.1 && @(local)
  *Using these local interfaces:
  The Kit generated contains the following groups: + Desktop_All_Typed_Edited (Base Permission + Agent UI Control Disabled +Virus Scanner Module) + External Access.
  As you can see the trigger for these rules is the Ethernet Active and if the MC Server is reachable or not. The only way the Pop-Up message could appear is when the MC is unreachable.
  I might've mapped a little too much but I it worked great! Let me know if this is what you need. Remember that you should worry more about what to deny than to allow ok?
  If there is anything else, don't hesitate to ask.
  Regards, Dan

• Configure security realm for external Access Manager in App server 8.1

  Hi All,
  I would like to protect my j2ee application using access manager running on an external host.
  I would like to configure the security realm in Sun app Server 8.1 for the external Access Manager
  external host & port of AM is:
  http://svrd234d.dnn.com.au:58765
  Please verify if these are the correct settings for the agentRealm configuration on Sun App server 8.1.
  classname="com.sun.amagent.as.realm.AgentRealm"
  property name="jaas-context" value="agentRealm"
  property name="base-dn" value="ou=People,dc=dnn,dc=com,dc=au"
  property name="hostURL " value="http://svrd234d.dnn.com.au:58765"

  Did you download AS8.1 agent under http://www.sun.com/download/products.xml?id=4266924d?
  If you can unjar am_as81_agent_2_1.jar after installing the J2EE agent, you will find AgentRealm.class under com.sun.amagent.as.realm.
  Please also note that page 161 of J2EE agent guide shows how to disable AgentRealm to better fit your agent policy mode. Check it out http://docs-pdf.sun.com/816-6884-10/816-6884-10.pdf
  Jerry

• Exchange 2010 .Disable external access for Autodiscovery and RPC

  Hi Team,
  Once i publish my Owa page in exchange 2010 .Automatically i was able to access.
  https://domainname.com/autodicovery
  https://domainname.com/rpc
  https://domainname.com/owa/oma
  I need to block access from external world to these websites.Pls help

  Hi,
  Before we go further, I'd like to confirm if you want to block external Outlook access. If yes, we can disable Outlook Anywhere since external Outlook access use Outlook Anywhere to connect to server.
  Additionally, there are three methods for external Outlook users to connect to Autodiscover service. If we don't add public A record and SRV record, Autodiscover cannot work.
  And we can separate web sites for internal access and external access and don't add Autodiscover and RPC virtual directories in the external access web site. and here is an article about OWA virtual directory, and you can refer to the article for Autodiscover
  and RPC:
  http://blogs.technet.com/b/messaging_with_communications/archive/2011/05/02/how-to-block-owa-for-external-users.aspx
  Thanks,
  Angela Shi
  TechNet Community Support

• How I can set up the DynDns inside the Time capsule, or only with the Time capsule I have external access from a PC for ex.?

  How I can set up the DynDns inside the Time capsule, or only with the Time capsule I have external access from a PC for ex.?

  MobileMe service is finished.. to get remote access to the Mac or TC you use iCloud account.. but that is for files.. not to access web cams.
  Without dyndns client in the TC, you can perhaps run dyndns on the computer or video recorder..many of these will have clients built into them.
  Even better get a static Public IP from your ISP.. that is the correct professional way to do it.
  Or you can use whatever broadband modem you have and remove the TC as the main router.. simply bridge it. Use your adsl router for connection. Almost all adsl have built in dyndns.
  Sorry your language is very hard to follow.. and I am sure you are finding my answers similarly difficult.
  Basically the TC is about the hardest device to setup because it is lacking important networking functions.
  Get a vpn router and use vpn connection is far superior to any other method. But you cannot do it with TC.

• Exchange 2013 OWA - Restrict External access to OWA, while keeping internal access open

  I'm looking for the best way to restrict users who can access OWA externally, while keeping internal access to OWA open to everyone.  We would preferably like to control who has external access to OWA with an AD group. Users who have external access,
  would need both external and internal access to OWA. Internal users would only have internal access to OWA.
  TMG is off the table since it is EOL. Reverse proxy might be a possibility, but I'm running into issues with the security setup and passing credentials.
  Does anyone know the best way of restricting external access without disabling internal access?
  Thanks

  Not sure if this still applies to 2013 or not, haven't tried yet...
  http://blog.leederbyshire.com/2013/03/13/block-or-allow-selected-users-depending-on-location-and-ad-group-membership-in-microsoft-exchange-2010-outlook-web-app/
  Blog |
  Get Your Exchange Powershell Tip of the Day from here