Remote Policy Initiation for DMZ Workgroup Servers

Hi,
I could successfully see the client as Active for a DMZ workgroup server. When forced run any policy from client properties on the server, it runs fine. However when trying to run the same from the SCCM console, it gives an error as below.
The area in "Black" denotes the name of the server. The message says "<Server Name> is not on".
The ports are already open and I have tested the patch deployments and it works successfully.

Patch deployment and client notification are two completely different things. Successful patching (or any other standard ConfigMgr activity/action) is meaningless when it comes to client notification. Also, client showing as "active" has nothing
to with client notification. Active simply means that the client has reported in to the MP recently (in the form hw inv, sw inv, heartbeat, or a policy request).
Client notification requires a persistent connection initiated by the client to the client's MP on port 10123 (or 80 as the client will fallback to 80 if 10123 if not available although this does cause more load on the MP).
However, the dialog you have above is not generated by ConfigMgr or client notification. It looks like it is being generated by one of the right-click tools which truly have nothing to do with ConfigMgr. For most of the tools to work, you must be able to
communicate from the console you are working on (since the console is calling the right-click tool) to the target system. Some right-click tools use psexec or WMI and some use WinRM. If the tool cannot make a connection on the appropriate protocol channel,
then it will give you the above message. Ultimately as mentioned though, this has nothing to do with ConfigMgr
Jason | http://blog.configmgrftw.com | @jasonsandys

Similar Messages

2 CF servers,but different remote object path for flash

I have 2 CF servers,but different remote object path for flex in each server.
Eg for one flex program in my dev server I define the remote object as follows
<mx:RemoteObject id="myService" destination="ColdFusion" source="cfide.flex.path_to_file" showBusyCursor="true">
But in my live sevrver I have to do this.
<mx:RemoteObject id="myService" destination="ColdFusion" source="path_to_file" showBusyCursor="true">
How can I make both the same?

Thanks mate,
I tried <use-mappings>true</use-mappings> and restarted the server but its still not working
I think this is the spoiler:
ColdFusion mappings apply only to pages processed by the ColdFusion Server with the cfinclude and cfmodule tags. If you save CFML pages outside of the Web root (or whatever directory is mapped to "/"), you must add a mapping to the location of those files on your server.
from
http://www.adobe.com/livedocs/coldfusion/5.0/Installing_and_Configuring_ColdFusion_Server/ basiconfig9.htm
so that ruins it for flex I guess?

No log for am policy agent for iis6

Hello!
Im trying to get Policy Agent for IIS to run on my Win Srv 2003 with IIS6 and Sharepoint Services.
I am running the OpenSSO version of Access Manager.
I have installed the agent and done the initial cofiguration.
When i try to browse the resource i get a login prompt (IIS Basic Auth)and cannot login followed by "Not Authorized 401.3"
I should get redirected to the AM Login page, shouldn't I?
I tried to look for answers in the log file but the /debug/<id> directory i empty.
Anyone know what to do?
The amAgent.properties file:
# $Id: AMAgent.properties,v 1.103 2005/09/19 22:08:34 madan Exp $
# The syntax of this file is that of a standard Java properties file,
# see the documentation for the java.util.Properties.load method for a
# complete description. (CAVEAT: The SDK in the parser does not currently
# support any backslash escapes except for wrapping long lines.)
# All property names in this file are case-sensitive.
# NOTE: The value of a property that is specified multiple times is not
# defined.
# WARNING: The contents of this file are classified as an UNSTABLE
# interface by Sun Microsystems, Inc. As such, they are subject to
# significant, incompatible changes in any future release of the
# software.
# The name of the cookie passed between the Access Manager
# and the SDK.
# WARNING: Changing this property without making the corresponding change
# to the Access Manager will disable the SDK.
com.sun.am.cookie.name = iPlanetDirectoryPro
# The URL for the Access Manager Naming service.
com.sun.am.naming.url = http://login.lta.mil.se:8080/opensso/namingservice
# The URL of the login page on the Access Manager.
com.sun.am.policy.am.login.url = http://login.lta.mil.se:8080/opensso/UI/Login
# Name of the file to use for logging messages.
com.sun.am.policy.agents.config.local.log.file = C:/Sun/Access_Manager/Agents/2.2/debug/Identifier_1414639615/amAgent
# This property is used for Log Rotation. The value of the property specifies
# whether the agent deployed on the server supports the feature of not. If set
# to false all log messages are written to the same file.
com.sun.am.policy.agents.config.local.log.rotate = true
# Name of the Access Manager log file to use for logging messages to
# Access Manager.
# Just the name of the file is needed. The directory of the file
# is determined by settings configured on the Access Manager.
com.sun.am.policy.agents.config.remote.log = amAuthLog.sharepoint.lta.mil.se.80
# Set the logging level for the specified logging categories.
# The format of the values is
# <ModuleName>[:<Level>][,<ModuleName>[:<Level>]]*
# The currently used module names are: AuthService, NamingService,
# PolicyService, SessionService, PolicyEngine, ServiceEngine,
# Notification, PolicyAgent, RemoteLog and all.
# The all module can be used to set the logging level for all currently
# none logging modules. This will also establish the default level for
# all subsequently created modules.
# The meaning of the 'Level' value is described below:
# 0 Disable logging from specified module*
# 1 Log error messages
# 2 Log warning and error messages
# 3 Log info, warning, and error messages
# 4 Log debug, info, warning, and error messages
# 5 Like level 4, but with even more debugging messages
# 128 log url access to log file on AM server.
# 256 log url access to log file on local machine.
# If level is omitted, then the logging module will be created with
# the default logging level, which is the logging level associated with
# the 'all' module.
# for level of 128 and 256, you must also specify a logAccessType.
# *Even if the level is set to zero, some messages may be produced for
# a module if they are logged with the special level value of 'always'.
com.sun.am.log.level = 5
# The org, username and password for Agent to login to AM.
com.sun.am.policy.am.username = UrlAccessAgent
com.sun.am.policy.am.password = PN4rEZ1uhx1404ivWY6HPQ==
# Name of the directory containing the certificate databases for SSL.
com.sun.am.sslcert.dir = C:/Sun/Access_Manager/Agents/2.2/iis6/cert
# Set this property if the certificate databases in the directory specified
# by the previous property have a prefix.
com.sun.am.certdb.prefix =
# Should agent trust all server certificates when Access Manager
# is running SSL?
# Possible values are true or false.
com.sun.am.trust_server_certs = true
# Should the policy SDK use the Access Manager notification
# mechanism to maintain the consistency of its internal cache? If the value
# is false, then a polling mechanism is used to maintain cache consistency.
# Possible values are true or false.
com.sun.am.notification.enable = true
# URL to which notification messages should be sent if notification is
# enabled, see previous property.
com.sun.am.notification.url = http://sharepoint.lta.mil.se:80/amagent/UpdateAgentCacheServlet?shortcircuit=false
# This property determines whether URL string case sensitivity is
# obeyed during policy evaluation
com.sun.am.policy.am.url_comparison.case_ignore = true
# This property determines the amount of time (in minutes) an entry
# remains valid after it has been added to the cache. The default
# value for this property is 3 minutes.
com.sun.am.policy.am.polling.interval=3
# This property allows the user to configure the User Id parameter passed
# by the session information from the access manager. The value of User
# Id will be used by the agent to set the value of REMOTE_USER server
# variable. By default this parameter is set to "UserToken"
com.sun.am.policy.am.userid.param=UserToken
# Profile attributes fetch mode
# String attribute mode to specify if additional user profile attributes should
# be introduced into the request. Possible values are:
# NONE - no additional user profile attributes will be introduced.
# HTTP_HEADER - additional user profile attributes will be introduced into
# HTTP header.
# HTTP_COOKIE - additional user profile attributes will be introduced through
# cookies.
# If not within these values, it will be considered as NONE.
com.sun.am.policy.agents.config.profile.attribute.fetch.mode=NONE
# The user profile attributes to be added to the HTTP header. The
# specification is of the format ldap_attribute_name|http_header_name[,...].
# ldap_attribute_name is the attribute in data store to be fetched and
# http_header_name is the name of the header to which the value needs
# to be assigned.
# NOTE: In most cases, in a destination application where a "http_header_name"
# shows up as a request header, it will be prefixed by HTTP_, and all
# lower case letters will become upper case, and any - will become _;
# For example, "common-name" would become "HTTP_COMMON_NAME"
com.sun.am.policy.agents.config.profile.attribute.map=cn|common-name,ou|organiz ational-unit,o|organization,mail|email,employeenumber|employee-number,c|country
# Session attributes mode
# String attribute mode to specify if additional user session attributes should
# be introduced into the request. Possible values are:
# NONE - no additional user session attributes will be introduced.
# HTTP_HEADER - additional user session attributes will be introduced into HTTP header.
# HTTP_COOKIE - additional user session attributes will be introduced through cookies.
# If not within these values, it will be considered as NONE.
com.sun.am.policy.agents.config.session.attribute.fetch.mode=NONE
# The session attributes to be added to the HTTP header. The specification is
# of the format session_attribute_name|http_header_name[,...].
# session_attribute_name is the attribute in session to be fetched and
# http_header_name is the name of the header to which the value needs to be
# assigned.
# NOTE: In most cases, in a destination application where a "http_header_name"
# shows up as a request header, it will be prefixed by HTTP_, and all
# lower case letters will become upper case, and any - will become _;
# For example, "common-name" would become "HTTP_COMMON_NAME"
com.sun.am.policy.agents.config.session.attribute.map=
# Response Attribute Fetch Mode
# String attribute mode to specify if additional user response attributes should
# be introduced into the request. Possible values are:
# NONE - no additional user response attributes will be introduced.
# HTTP_HEADER - additional user response attributes will be introduced into
# HTTP header.
# HTTP_COOKIE - additional user response attributes will be introduced through
# cookies.
# If not within these values, it will be considered as NONE.
com.sun.am.policy.agents.config.response.attribute.fetch.mode=NONE
# The response attributes to be added to the HTTP header. The specification is
# of the format response_attribute_name|http_header_name[,...].
# response_attribute_name is the attribute in policy response to be fetched and
# http_header_name is the name of the header to which the value needs to be
# assigned.
# NOTE: In most cases, in a destination application where a "http_header_name"
# shows up as a request header, it will be prefixed by HTTP_, and all
# lower case letters will become upper case, and any - will become _;
# For example, "common-name" would become "HTTP_COMMON_NAME"
com.sun.am.policy.agents.config.response.attribute.map=
# The cookie name used in iAS for sticky load balancing
com.sun.am.policy.am.lb.cookie.name = GX_jst
# indicate where a load balancer is used for Access Manager
# services.
# true | false
com.sun.am.load_balancer.enable = false
####Agent Configuration####
# this is for product versioning, please do not modify it
com.sun.am.policy.agents.config.version=2.2
# Set the url access logging level. the choices are
# LOG_NONE - do not log user access to url
# LOG_DENY - log url access that was denied.
# LOG_ALLOW - log url access that was allowed.
# LOG_BOTH - log url access that was allowed or denied.
com.sun.am.policy.agents.config.audit.accesstype = LOG_BOTH
# Agent prefix
com.sun.am.policy.agents.config.agenturi.prefix = http://sharepoint.lta.mil.se:80/amagent
# Locale setting.
com.sun.am.policy.agents.config.locale = en_US
# The unique identifier for this agent instance.
com.sun.am.policy.agents.config.instance.name = unused
# Do SSO only
# Boolean attribute to indicate whether the agent will just enforce user
# authentication (SSO) without enforcing policies (authorization)
com.sun.am.policy.agents.config.do_sso_only = true
# The URL of the access denied page. If no value is specified, then
# the agent will return an HTTP status of 403 (Forbidden).
com.sun.am.policy.agents.config.accessdenied.url =
# This property indicates if FQDN checking is enabled or not.
com.sun.am.policy.agents.config.fqdn.check.enable = true
# Default FQDN is the fully qualified hostname that the users should use
# in order to access resources on this web server instance. This is a
# required configuration value without which the Web server may not
# startup correctly.
# The primary purpose of specifying this property is to ensure that if
# the users try to access protected resources on this web server
# instance without specifying the FQDN in the browser URL, the Agent
# can take corrective action and redirect the user to the URL that
# contains the correct FQDN.
# This property is set during the agent installation and need not be
# modified unless absolutely necessary to accommodate deployment
# requirements.
# WARNING: Invalid value for this property can result in the Web Server
# becoming unusable or the resources becoming inaccessible.
# See also: com.sun.am.policy.agents.config.fqdn.check.enable,
# com.sun.am.policy.agents.config.fqdn.map
com.sun.am.policy.agents.config.fqdn.default = sharepoint.lta.mil.se
# The FQDN Map is a simple map that enables the Agent to take corrective
# action in the case where the users may have typed in an incorrect URL
# such as by specifying partial hostname or using an IP address to
# access protected resources. It redirects the browser to the URL
# with fully qualified domain name so that cookies related to the domain
# are received by the agents.
# The format for this property is:
# com.sun.am.policy.agents.config.fqdn.map = [invalid_hostname|valid_hostname][,...]
# This property can also be used so that the agents use the name specified
# in this map instead of the web server's actual name. This can be
# accomplished by doing the following.
# Say you want your server to be addressed as xyz.hostname.com whereas the
# actual name of the server is abc.hostname.com. The browsers only knows
# xyz.hostname.com and you have specified polices using xyz.hostname.com at
# the Access Manager policy console, in this file set the mapping as
# com.sun.am.policy.agents.fqdn.map = valid|xyz.hostname.com
# Another example is if you have multiple virtual servers say rst.hostname.com,
# uvw.hostname.com and xyz.hostname.com pointing to the same actual server
# abc.hostname.com and each of the virtual servers have their own policies
# defined, then the fqdnMap should be defined as follows:
# com.sun.am.policy.agents.fqdn.map = valid1|rst.hostname.com,valid2|uvw.hostname.com,valid3|xyz.hostname.com
# WARNING: Invalid value for this property can result in the Web Server
# becoming unusable or the resources becoming inaccessible.
com.sun.am.policy.agents.config.fqdn.map =
# Cookie Reset
# This property must be set to true, if this agent needs to
# reset cookies in the response before redirecting to
# Access Manager for Authentication.
# By default this is set to false.
# Example : com.sun.am.policy.agents.config.cookie.reset.enable=true
com.sun.am.policy.agents.config.cookie.reset.enable=false
# This property gives the comma separated list of Cookies, that
# need to be included in the Redirect Response to Access Manager.
# This property is used only if the Cookie Reset feature is enabled.
# The Cookie details need to be specified in the following Format
# name[=value][;Domain=value]
# If "Domain" is not specified, then the default agent domain is
# used to set the Cookie.
# Example : com.sun.am.policy.agents.config.cookie.reset.list=LtpaToken,
# token=value;Domain=subdomain.domain.com
com.sun.am.policy.agents.config.cookie.reset.list=
# This property gives the space separated list of domains in
# which cookies have to be set in a CDSSO scenario. This property
# is used only if CDSSO is enabled.
# If this property is left blank then the fully qualified cookie
# domain for the agent server will be used for setting the cookie
# domain. In such case it is a host cookie instead of a domain cookie.
# Example : com.sun.am.policy.agents.config.cookie.domain.list=.sun.com .iplanet.com
com.sun.am.policy.agents.config.cookie.domain.list=
# user id returned if accessing global allow page and not authenticated
com.sun.am.policy.agents.config.anonymous_user=anonymous
# Enable/Disable REMOTE_USER processing for anonymous users
# true | false
com.sun.am.policy.agents.config.anonymous_user.enable=false
# Not enforced list is the list of URLs for which no authentication is
# required. Wildcards can be used to define a pattern of URLs.
# The URLs specified may not contain any query parameters.
# Each service have their own not enforced list. The service name is suffixed
# after "# com.sun.am.policy.agents.notenforcedList." to specify a list
# for a particular service. SPACE is the separator between the URL.
com.sun.am.policy.agents.config.notenforced_list = SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/UI/* SERVER_PROTO://SERVER_HOST:SERVER_PORTCONSOLE_DEPLOY_URI/* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/login_images/* SERVER_PROTO://SERVER_HOST:SERVER_PORT/docs* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/namingservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/sessionservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/loggingservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/profileservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/policyservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/config* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/js/* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/css/* SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/authservice SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/SAMLAwareServlet SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/SAMLSOAPReceiver SERVER_PROTO://SERVER_HOST:SERVER_PORTSERVER_DEPLOY_URI/SAMLPOSTProfileServlet
# Boolean attribute to indicate whether the above list is a not enforced list
# or an enforced list; When the value is true, the list means enforced list,
# or in other words, the whole web site is open/accessible without
# authentication except for those URLs in the list.
com.sun.am.policy.agents.config.notenforced_list.invert = false
# Not enforced client IP address list is a list of client IP addresses.
# No authentication and authorization are required for the requests coming
# from these client IP addresses. The IP address must be in the form of
# eg: 192.168.12.2 1.1.1.1
com.sun.am.policy.agents.config.notenforced_client_ip_list =
# Enable POST data preservation; By default it is set to false
com.sun.am.policy.agents.config.postdata.preserve.enable = false
# POST data preservation : POST cache entry lifetime in minutes,
# After the specified interval, the entry will be dropped
com.sun.am.policy.agents.config.postcache.entry.lifetime = 10
# Cross-Domain Single Sign On URL
# Is CDSSO enabled.
com.sun.am.policy.agents.config.cdsso.enable=false
# This is the URL the user will be redirected to for authentication
# in a CDSSO Scenario.
com.sun.am.policy.agents.config.cdcservlet.url =
# Enable/Disable client IP address validation. This validate
# will check if the subsequent browser requests come from the
# same ip address that the SSO token is initially issued against
com.sun.am.policy.agents.config.client_ip_validation.enable = false
# Below properties are used to define cookie prefix and cookie max age
com.sun.am.policy.agents.config.profile.attribute.cookie.prefix = HTTP_
com.sun.am.policy.agents.config.profile.attribute.cookie.maxage = 300
# Logout URL - application's Logout URL.
# This URL is not enforced by policy.
# if set, agent will intercept this URL and destroy the user's session,
# if any. The application's logout URL will be allowed whether or not
# the session destroy is successful.
com.sun.am.policy.agents.config.logout.url=
# Any cookies to be reset upon logout in the same format as cookie_reset_list
com.sun.am.policy.agents.config.logout.cookie.reset.list =
# By default, when a policy decision for a resource is needed,
# agent gets and caches the policy decision of the resource and
# all resource from the root of the resource down, from the Access Manager.
# For example, if the resource is http://host/a/b/c, the the root of the
# resource is http://host/. This is because more resources from the
# same path are likely to be accessed subsequently.
# However this may take a long time the first time if there
# are many many policies defined under the root resource.
# To have agent get and cache the policy decision for the resource only,
# set the following property to false.
com.sun.am.policy.am.fetch_from_root_resource = true
# Whether to get the client's hostname through DNS reverse lookup for use
# in policy evaluation.
# It is true by default, if the property does not exist or if it is
# any value other than false.
com.sun.am.policy.agents.config.get_client_host_name = true
# The following property is to enable native encoding of
# ldap header attributes forwarded by agents. If set to true
# agent will encode the ldap header value in the default
# encoding of OS locale. If set to false ldap header values
# will be encoded in UTF-8
com.sun.am.policy.agents.config.convert_mbyte.enable = false
#When the not enforced list or policy has a wildcard '*' character, agent
#strips the path info from the request URI and uses the resulting request
#URI to check against the not enforced list or policy instead of the entire
#request URI, in order to prevent someone from getting access to any URI by
#simply appending the matching pattern in the policy or not enforced list.
#For example, if the not enforced list has the value http://host/*.gif,
#stripping the path info from the request URI will prevent someone from
#getting access to http://host/index.html by using the URL http://host/index.html?hack.gif.
#However when a web server (for exmample apache) is configured to be a reverse
#proxy server for a J2EE application server, path info is interpreted in a different
#manner since it maps to a resource on the proxy instead of the app server.
#This prevents the not enforced list or policy from being applied to part of
#the URI below the app serverpath if there is a wildcard character. For example,
#if the not enforced list has value http://host/webapp/servcontext/* and the
#request URL is http://host/webapp/servcontext/example.jsp the path info
#is /servcontext/example.jsp and the resulting request URL with path info stripped
#is http://host/webapp, which will not match the not enforced list. By setting the
#following property to true, the path info will not be stripped from the request URL
#even if there is a wild character in the not enforced list or policy.
#Be aware though that if this is set to true there should be nothing following the
#wildcard character '*' in the not enforced list or policy, or the
#security loophole described above may occur.
com.sun.am.policy.agents.config.ignore_path_info = false
# Override the request url given by the web server with
# the protocol, host or port of the agent's uri specified in
# the com.sun.am.policy.agents.agenturiprefix property.
# These may be needed if the agent is sitting behind a ssl off-loader,
# load balancer, or proxy, and either the protocol (HTTP scheme),
# hostname, or port of the machine in front of agent which users go through
# is different from the agent's protocol, host or port.
com.sun.am.policy.agents.config.override_protocol =
com.sun.am.policy.agents.config.override_host =
com.sun.am.policy.agents.config.override_port = true
# Override the notification url in the same way as other request urls.
# Set this to true if any one of the override properties above is true,
# and if the notification url is coming through the proxy or load balancer
# in the same way as other request url's.
com.sun.am.policy.agents.config.override_notification.url =
# The following property defines how long to wait in attempting
# to connect to an Access Manager AUTH server.
# The default value is 2 seconds. This value needs to be increased
# when receiving the error "unable to find active Access Manager Auth server"
com.sun.am.policy.agents.config.connection_timeout =
# Time in milliseconds the agent will wait to receive the
# response from Access Manager. After the timeout, the connection
# will be drop.
# A value of 0 means that the agent will wait until receiving the response.
# WARNING: Invalid value for this property can result in
# the resources becoming inaccessible.
com.sun.am.receive_timeout = 0
# The three following properties are for IIS6 agent only.
# The two first properties allow to set a username and password that will be
# used by the authentication filter to pass the Windows challenge when the Basic
# Authentication option is selected in Microsoft IIS 6.0. The authentication
# filter is named amiis6auth.dll and is located in
# Agent_installation_directory/iis6/bin. It must be installed manually on
# the web site ("ISAPI Filters" tab in the properties of the web site).
# It must also be uninstalled manually when unintalling the agent.
# The last property defines the full path for the authentication filter log file.
com.sun.am.policy.agents.config.iis6.basicAuthentication.username =
com.sun.am.policy.agents.config.iis6.basicAuthentication.password =
com.sun.am.policy.agents.config.iis6.basicAuthentication.logFile = C:/Sun/Access_Manager/Agents/2.2/debug/Identifier_1414639615/amAuthFilter

If the agent doesnot start properly you would always get redirected to com.sun.am.policy.agents.config.accessdenied.url , if thats not specified you will get a 403.
For the agent itself check that the naming.url is correct. the agent username and passwords are correct, and see that the user has priviledges to write to the agent log files. Apart from these post the windows event logs.

How to configure windows services alerts in SCOM 2012 for all agent servers. For eg, Terminal Services, Netlogon, RPC etc..

Hi,
I need to configure different windows services alerts in SCOM 2012. Below are some of the windows services I need to monitor through SCOM.
Serivce: Windows Management Instrumentation
Service: Netlogon
Service: Remote Procedure Call (RPC)
Service: Server Service
Service: Terminal Services
Service: Windows Time
Service: Workstation
Service : WWW Publishing Service
Could some one please assist or share me the details, how to configure these services for windows agent servers.
Thanks..
Regards, Rajeev Parambil

Hi,
A certain set of services are monitored by default on all agents:
DNS Client
DHCP Client
RPC
Workstation
Server
For all the other services you could create a service monitor.
A nice blog series outlining this process can be found here: http://www.bictt.com/blogs/bictt.php/2011/03/16/scom-monitoring-a-service-part1
It's doing common things uncommonly well that brings succes. Check out my SCOM link blog:
SCOM link blog

Why is the Microsoft Office Access Database Engine data source looking for a workgroup information file?

While trying to import to MSSQL2012 from SSDT using the wizard from an Access 2013 DB (.accdb) which is password protected, I get the following error with the username blank and the password field correctly populated:
Cannot start your application. The workgroup information file is missing or opened exclusively by another user. (MicrosoftOffice Access Database Engine)
But according to this link:
http://office.microsoft.com/en-us/access-help/what-happened-to-user-level-security-HA010342116.aspx
MSA10 and beyond shouldn't need workgroup information files, although it's not clear to me if they are
created/used or not.
I can point the wizard to some local version of system.mdw at Advanced -> All -> Jet OLEDB:System Database, and then the error becomes:
Not a valid account name or password. (Microsoft Office Access Database Engine)
for any username I can think of.
Questions:
1. Why does this data source insist on looking for a workgroup information file even though user-level security should be disabled?
2. Why does the Open dialog box for the Microsoft Access Database Engine have *.mdb as the only selectable filetype?
3. How can I get around these errors for an .accdb that is password protected?
Thanks!

Hi JordanPG,
To connect to Access 2007 or later database, we need the Microsoft ACE 12.0 OLE DB driver. SQL Server only installs the Microsoft Jet 4.0 OLE DB driver which can be used to connect to Access 2003 or earlier database. Besides, the Microsoft Jet 4.0 OLE DB
driver only has 32-bit version, but the Microsoft ACE 12.0 OLE DB driver has both 32-bit and 64-bit version. However, the 32-bit and 64-bit Microsoft ACE 12.0 OLE DB drivers cannot be installed on a single server.
According to your description, you can use the 64-bit SQL Server Import and Export Wizard to load data from the Access database, so the 64-bit Microsoft ACE 12.0 OLE DB driver is installed on your computer. Since the BIDS/SSDT is a 32-bit application, the
64-bit Microsoft ACE 12.0 OLE DB Provider is not visible in BIDS/SSDT. So, when you said that you select “Microsoft Access (Microsoft Access Database Engine)" in the SQL Server Import and Export Wizard (it is actually the 32-bit version) started by the SSDT,
I think it should be “Microsoft Access (Microsoft Jet Database Engine)”. Because the Microsoft Jet 4.0 OLE DB driver only supports Access 2003 or earlier format, it threw the error “Test connection failed because of an error in initializing provider. Unrecognized
database format 'C:\myDB.accdb'”.
In this situation, you have two approaches to avoid this issue:
Launch the SQL Server Import and Export Wizard (64-bit), and select “Save SSIS Package” to “File System” on the “Save and Run Package” page. Then, the package will be saved to a specified directory. After that, you can add this existing package to a SSIS
project. The status of the corresponding OLE DB Connection Manager should be Work Offline, or the OLE DB Source will throw an error about 32-bit driver if the Connection Manager is not in Work Offline status, you can ignore that and the package can run successfully
in SSDT as long as the project is set to run in 64-bit runtime mode.
However, for the SSDT 2012 integrated with Visual Studio 2012, the 64-bit runtime mode is disabled. In this situation, to run the package in SSDT, you have to uninstall the 64-bit Microsoft ACE 12.0 OLE DB drivers and install the 32-bit one. Here is the
download link:
http://www.microsoft.com/en-in/download/details.aspx?id=13255
Regards,
Mike Yin
TechNet Community Support

CSS 11000 series with load balancing for high availablity servers

Hi,
We have arrived at a designed,which has 2 PIX firewall(525)in a fault tolerant mode.Two interfaces from each of the PIX is connected directly to two css1000 switch which works in a fault tolerant mode.
other Two interface from each of the two css11000 switch is connected directly to two catalys 4003 switches to which we have Servers attached.
Pls let me know whether this design will work or If you could suggest some other design for high availablity servers which are kept at the DMZ.
Pls note in our design the internet user first hit the frewall and then the CSS11000 and then catalys 4003 and finally the Servers.
If anyone can help me out,pls send me a mail at [email protected]

Are the PIXes to be setup in a failover bundle?
If you use two interfaces in each PIX to connect
to the two CSS systems, are you not complicating the
setup? Which of the two should be called the inside?
I cannot recall whether you can have two inside legs at the current PIX level.

Policy Agent for JBoss

Hi,
I have installed SAM (together with S1DS, Web Server and Administration Server (from JES installer)).
I have installed and configured Policy Agent for JBoss AS, but i'm getting a browser "Redirect loop" (Redirection limit for this URL exceeded. Unable to load the requested page. This may be caused by cookies that are blocked.) error after I login with a correct user/password combination when I try to access the sample application.
My browser accepts cookies from all domains and I get no error in console.
My AMAgent.properties looks like this:
com.sun.identity.agents.config.user.mapping.mode = USER_ID
com.sun.identity.agents.config.user.attribute.name = employeenumber
com.sun.identity.agents.config.user.principal = false
com.sun.identity.agents.config.user.token = UserToken
com.sun.identity.agents.config.client.ip.header =
com.sun.identity.agents.config.client.hostname.header =
com.sun.identity.agents.config.load.interval = 0
com.sun.identity.agents.config.locale.language = en
com.sun.identity.agents.config.locale.country = US
com.sun.identity.agents.config.organization.name = /
com.sun.identity.agents.config.audit.accesstype = LOG_BOTH
com.sun.identity.agents.config.log.disposition = ALL
com.sun.identity.agents.config.remote.logfile = amAgent_11_126_14_20_8080.log
com.sun.identity.agents.config.local.logfile = /home/ciuc/stuff/src/j2ee_agents/am_jboss_agent/agent_001/logs/audit/amAgent_11_126_14_20_8080.log
com.sun.identity.agents.config.local.log.rotate = false
com.sun.identity.agents.config.local.log.size = 52428800
com.sun.identity.agents.config.webservice.enable = false
com.sun.identity.agents.config.webservice.endpoint[0] =
com.sun.identity.agents.config.webservice.process.get.enable = true
com.sun.identity.agents.config.webservice.authenticator =
com.sun.identity.agents.config.webservice.internalerror.content = WSInternalErrorContent.txt
com.sun.identity.agents.config.webservice.autherror.content = WSAuthErrorContent.txt
com.sun.identity.agents.config.access.denied.uri =
com.sun.identity.agents.config.login.form[0] =
com.sun.identity.agents.config.login.error.uri[0] =
com.sun.identity.agents.config.login.use.internal = true
com.sun.identity.agents.config.login.content.file = FormLoginContent.txt
com.sun.identity.agents.config.auth.handler[] =
com.sun.identity.agents.config.logout.handler[] =
com.sun.identity.agents.config.verification.handler[] =
com.sun.identity.agents.config.redirect.param = goto
com.sun.identity.agents.config.login.url[0] = http://sam.domain:80/amserver/UI/Login
com.sun.identity.agents.config.login.url.prioritized = true
com.sun.identity.agents.config.agent.host =
com.sun.identity.agents.config.agent.port =
com.sun.identity.agents.config.agent.protocol =
com.sun.identity.agents.config.login.attempt.limit = 0
com.sun.identity.agents.config.sso.decode = true
com.sun.identity.agents.config.amsso.cache.enable = true
com.sun.identity.agents.config.cookie.reset.enable = false
com.sun.identity.agents.config.cookie.reset.name[0] =
com.sun.identity.agents.config.cookie.reset.domain[] =
com.sun.identity.agents.config.cookie.reset.path[] =
com.sun.identity.agents.config.cdsso.enable = false
com.sun.identity.agents.config.cdsso.redirect.uri = /agentapp/sunwCDSSORedirectURI
com.sun.identity.agents.config.cdsso.cdcservlet.url[0] = http://dm-test-win-1:80/amserver/cdcservlet
com.sun.identity.agents.config.cdsso.clock.skew = 0
com.sun.identity.agents.config.cdsso.trusted.id.provider[0] = http://dm-test-win-1:80/amserver/cdcservlet
com.sun.identity.agents.config.logout.application.handler[] =
com.sun.identity.agents.config.logout.uri[] =
com.sun.identity.agents.config.logout.request.param[] =
com.sun.identity.agents.config.logout.introspect.enabled = false
com.sun.identity.agents.config.logout.entry.uri[] =
com.sun.identity.agents.config.fqdn.check.enable = true
com.sun.identity.agents.config.fqdn.default = jbossAS.domain
com.sun.identity.agents.config.fqdn.mapping[] =
com.sun.identity.agents.config.legacy.support.enable = false
com.sun.identity.agents.config.legacy.user.agent[0] = Mozilla/4.7*
com.sun.identity.agents.config.legacy.redirect.uri = /agentapp/sunwLegacySupportURI
com.sun.identity.agents.config.response.header[] =
com.sun.identity.agents.config.redirect.attempt.limit = 0
com.sun.identity.agents.config.port.check.enable = false
com.sun.identity.agents.config.port.check.file = PortCheckContent.txt
com.sun.identity.agents.config.port.check.setting[8080] = http
com.sun.identity.agents.config.notenforced.uri[0] = /agentsample/public/*
com.sun.identity.agents.config.notenforced.uri[1] = /agentsample/images/*
com.sun.identity.agents.config.notenforced.uri[2] = /agentsample/styles/*
com.sun.identity.agents.config.notenforced.uri[3] = /agentsample/index.html
com.sun.identity.agents.config.notenforced.uri[4] = /agentsample
com.sun.identity.agents.config.notenforced.uri.invert = false
com.sun.identity.agents.config.notenforced.uri.cache.enable = true
com.sun.identity.agents.config.notenforced.uri.cache.size = 1000
com.sun.identity.agents.config.notenforced.ip[0] =
com.sun.identity.agents.config.notenforced.ip.invert = false
com.sun.identity.agents.config.notenforced.ip.cache.enable = true
com.sun.identity.agents.config.notenforced.ip.cache.size = 1000
com.sun.identity.agents.config.attribute.cookie.separator = |
com.sun.identity.agents.config.attribute.date.format = EEE, d MMM yyyy hh:mm:ss z
com.sun.identity.agents.config.attribute.cookie.encode = true
com.sun.identity.agents.config.profile.attribute.fetch.mode = NONE
com.sun.identity.agents.config.profile.attribute.mapping[] =
com.sun.identity.agents.config.session.attribute.fetch.mode = NONE
com.sun.identity.agents.config.session.attribute.mapping[] =
com.sun.identity.agents.config.response.attribute.fetch.mode = NONE
com.sun.identity.agents.config.response.attribute.mapping[] =
com.sun.identity.agents.config.bypass.principal[0] =
com.sun.identity.agents.config.default.privileged.attribute[0] = AUTHENTICATED_USERS
com.sun.identity.agents.config.privileged.attribute.type[0] = Role
com.sun.identity.agents.config.privileged.attribute.tolowercase[Role] = false
com.sun.identity.agents.config.privileged.session.attribute[0] =
com.sun.identity.agents.config.service.resolver = com.sun.identity.agents.jboss.v40.AmJBossAgentServiceResolver
com.sun.identity.agents.app.username = amagent
com.iplanet.am.service.secret = AQICJmGvlBWYuAYQndALuvNKiw==
am.encryption.pwd = /mY/WidDT34aJtbcFS0pCKFEt6evPeTF
com.sun.identity.client.encryptionKey= /mY/WidDT34aJtbcFS0pCKFEt6evPeTF
com.iplanet.services.debug.level=error
com.iplanet.services.debug.directory=/home/ciuc/stuff/src/j2ee_agents/am_jboss_agent/agent_001/logs/debug
com.iplanet.am.cookie.name=iPlanetDirectoryPro
com.iplanet.am.naming.url=http://sam.domain:80/amserver/namingservice
com.iplanet.am.notification.url=http://jbossAS.domain:8080/agentapp/notification
com.iplanet.am.session.client.polling.enable=false
com.iplanet.am.session.client.polling.period=180
com.iplanet.security.encryptor=com.iplanet.services.util.JCEEncryption
com.iplanet.am.sdk.remote.pollingTime=1
com.sun.identity.sm.cacheTime=1
com.iplanet.am.localserver.protocol=http
com.iplanet.am.localserver.host=jbossAS.domain
com.iplanet.am.localserver.port=8080
com.iplanet.am.server.protocol=http
com.iplanet.am.server.host=sam.domain
com.iplanet.am.server.port=80
com.sun.identity.agents.server.log.file.name=amRemotePolicyLog
com.sun.identity.agents.logging.level=BOTH
com.sun.identity.agents.notification.enabled=true
com.sun.identity.agents.notification.url=http://jbossAS.domain:8080/agentapp/notification
com.sun.identity.agents.polling.interval=3
com.sun.identity.policy.client.cacheMode=subtree
com.sun.identity.policy.client.booleanActionValues=iPlanetAMWebAgentService|GET|allow|deny:iPlanetAMWebAgentService|POST|allow|deny
com.sun.identity.policy.client.resourceComparators=serviceType=iPlanetAMWebAgentService|class=com.sun.identity.policy.plugins.HttpURLResourceName|wildcard=*|delimiter=/|caseSensitive=false
com.sun.identity.policy.client.clockSkew=1011.126.14.20 is the computer where I have the JBoss installation.
11.126.14.18 is the computer where I have SAM services.
Do you have any idea why this error may occur?
Thank you in advance,
Cristi

Hi,
Thanks for your responses, I've included my AMAgent.properties below if you could take a look at it.
I only seem to run into the problem when I authenticate if the following is set:
com.sun.identity.agents.config.profile.attribute.fetch.mode = HTTP_HEADER
If that is set to NONE then I can access the application fine, but if i use the HTTP_HEADER and attempt to pass information via the header I get stuck in the loop which results in the message <strong>".Redirection limit for this URL exceeded. Unable to load the requested page. This may be caused by cookies that are blocked."</strong>
There is no helpful output in either my container log or the Policy Agent logs.
The myHost.local. exists within my /etc/hosts file and using ping and other tools resolve fine.
I am using JBOSS 4.2.2 on Linux (and windows).
If anyone can help save my sanity it would be appreciated.
com.sun.identity.agents.config.filter.mode = URL_POLICY
com.sun.identity.agents.config.user.mapping.mode = USER_ID
com.sun.identity.agents.config.user.attribute.name = employeenumber
com.sun.identity.agents.config.user.principal = false
com.sun.identity.agents.config.user.token = UserToken
com.sun.identity.agents.config.load.interval = 0
com.sun.identity.agents.config.locale.language = en
com.sun.identity.agents.config.locale.country = US
com.sun.identity.agents.config.audit.accesstype = LOG_NONE
com.sun.identity.agents.config.log.disposition = REMOTE
com.sun.identity.agents.config.remote.logfile = amAgent_8089.log
com.sun.identity.agents.config.local.logfile = /usr/j2ee_agents/am_jboss_agent/agent_001/logs/audit/amAgent_8089.log
com.sun.identity.agents.config.local.log.rotate = false
com.sun.identity.agents.config.local.log.size = 52428800
com.sun.identity.agents.config.webservice.enable = false
com.sun.identity.agents.config.webservice.endpoint[0] =
com.sun.identity.agents.config.webservice.process.get.enable = true
com.sun.identity.agents.config.webservice.authenticator =
com.sun.identity.agents.config.webservice.internalerror.content = WSInternalErrorContent.txt
com.sun.identity.agents.config.webservice.autherror.content = WSAuthErrorContent.txt
com.sun.identity.agents.config.login.form[0] = /manager/AMLogin.html
com.sun.identity.agents.config.login.form[1] = /host-manager/AMLogin.html
com.sun.identity.agents.config.login.error.uri[0] = /manager/AMError.html
com.sun.identity.agents.config.login.error.uri[1] = /host-manager/AMError.html
com.sun.identity.agents.config.login.use.internal = true
com.sun.identity.agents.config.login.content.file = FormLoginContent.txt
com.sun.identity.agents.config.auth.handler[] =
com.sun.identity.agents.config.logout.handler[] =
com.sun.identity.agents.config.verification.handler[] =
com.sun.identity.agents.config.redirect.param = goto
com.sun.identity.agents.config.login.url[0] = http://myHost.local:8080/amserver/UI/Login
com.sun.identity.agents.config.login.url.prioritized = true
com.sun.identity.agents.config.login.url.probe.enabled = true
com.sun.identity.agents.config.login.url.probe.timeout = 2000
com.sun.identity.agents.config.agent.host =
com.sun.identity.agents.config.agent.port =
com.sun.identity.agents.config.agent.protocol =
com.sun.identity.agents.config.login.attempt.limit = 0
com.sun.identity.agents.config.sso.decode = true
com.sun.identity.agents.config.amsso.cache.enable = true
com.sun.identity.agents.config.cookie.reset.enable = false
com.sun.identity.agents.config.cookie.reset.name[0] =
com.sun.identity.agents.config.cookie.reset.domain[] =
com.sun.identity.agents.config.cookie.reset.path[] =
com.sun.identity.agents.config.cdsso.enable = false
com.sun.identity.agents.config.cdsso.redirect.uri = /agentapp/sunwCDSSORedirectURI
com.sun.identity.agents.config.cdsso.cdcservlet.url[0] = http://myHost.local:8080/amserver/cdcservlet
com.sun.identity.agents.config.cdsso.clock.skew = 0
com.sun.identity.agents.config.cdsso.trusted.id.provider[0] = http://myHost.local:8080/amserver/cdcservlet
com.sun.identity.agents.config.cdsso.secure.enable = false
#com.sun.identity.agents.config.cdsso.domain[0] =
com.sun.identity.agents.config.logout.application.handler[] =
com.sun.identity.agents.config.logout.uri[] =
com.sun.identity.agents.config.logout.request.param[] =
com.sun.identity.agents.config.logout.introspect.enabled = false
com.sun.identity.agents.config.logout.entry.uri[] =
com.sun.identity.agents.config.fqdn.check.enable = true
com.sun.identity.agents.config.fqdn.default = am.ufidev.local.
com.sun.identity.agents.config.fqdn.mapping[] =
com.sun.identity.agents.config.legacy.support.enable = false
com.sun.identity.agents.config.legacy.user.agent[0] = Mozilla/4.7*
com.sun.identity.agents.config.legacy.redirect.uri = /agentapp/sunwLegacySu<br />

How to Create Roaming Profile(s) For Windows Workgroups

This Tutorial Shows how to create roaming profile(s) for Windows Workgroups.
Here are the steps in order to do this:
On the host PC:
1. Goto 'Folder Options'>'View' and un-tick 'Use Simple File Sharing'.
2. Goto Network Connections and right click on the 'Local Area Connection' (Ethernet recommended)
3. Goto Properties>General, and tick 'File and Printer Sharing'.
Click Apply + Ok.
4. Goto Control Panel>User Accounts, add a new user.
5. Logon to this user, and open the profile folder properties.
5b. Share this folder.
6. Make the Share permissions so that 'everyone' has: Full Control, Read, Change.
Click Apply + Ok.
7. Click on 'Caching' and disable Caching for this Share.
Click Ok.
8. Now goto the 'Security' tab and give 'Administrator' and 'SYSTEM' 'Full Control'.
Click Apply + Ok.
On the remote PC(s):
1. Make the same User as on the Host.
1b.Logon to the account and log back out again. Delete the profile folder from 'Documents and Settings'.
3. Give 'SYSTEM': 'Read','Read and Execute','List Folder Contents' to the 'Administrators' Profile
4. Type 'lusrmgr.msc' into run, goto: 'Users', double click on the new user and goto the 'Profile' tab.
4b. In the 'Profile Path' box, type \\hostPCname\ProfileName.
Click Apply + Ok
*Note* Replace the \\path\ accordingly to what names are on your Host PC.
5. Goto regedit>HKLM\Software\Microsoft\Windows NT\CurrentVersion. Double click
on 'ProfileList'.
Find which key is for the new user. (Example S-1-5-21-58435627-18431725-18026167-1003)
6. Right click that key and goto: 'Permissions' and give 'SYSTEM' 'read'.
*Note* Once you logon to the roaming profile from the remote PC for the first time you can undo this step.
7. goto GPEdit>Computer Configuration/Administrative Templates/System/User Profiles:
Enable these settings:
'Do not check for user ownership of roaming profile folders'
'Delete cached copies of roaming profiles'
'Log users off when roaming profile fails'
"Add the Administrators security group to roaming profiles'
'Prevent roaming profile changes from propagating to the server'
7b. Make 'Timeout for dialog boxes' '1' (seconds)
8. goto: Computer Configuration/Security Settings/Local Policies/Security Options:
Make 'Number of previous logons to cache (if server is unavailable) '0'
Now you're ready to login to the Profile on the remote PC.
*Note* Sometimes, when windows loads it takes a minute for the profile folder to become shared again.
Thanks for reading.

Hi,
I have replied to the below thread mentioning the FM's to create Profile sets, profiles and also target groups. This may be helpful to you.
Re: target group creation
Regards,
Priyanka

Group Policy design for Terminal Server

Hi, I am mixed about group policy design for Terminal server
My Infrastructure is so;
Zone
      ->Department
                   ->User
                   ->Computers
      ->Department
                   ->User
                   ->Computers
      ->Department
                   ->User
                   ->Computers
Server
       ->OtherServer
        ->TerminalServer (TerminalComputersGPO)
I create two group policy for user and for terminal server computers (security filtered for Terminal_Users)
I want to use terminal server user policy but it must effect
just in terminal computers. not TS user's computers. what i must do? where i must locate it?
Please click "Vote As Helpful" if it is helpful for you and "Propose as Answer"

Hi Davut EREN - TAT,
According to your description, you would like
terminal server user policy applying to users which log on to terminal computers. Right?
As MuhammadUmar's suggestion, you can use Loopback in replace mode. The GPO list for the user is replaced in its entirety by the GPO list that is already obtained for the computer at computer startup.
In the real work environment Loopback processing of Group Policy is usually used on Terminal Servers. For example we have users with enabled folder redirection settings, but we do not want these folder redirection to work when the users log on to the
Terminal Server, in this case we enable Loopback processing of Group s Computer account and do not enable the folder redirection settings.
For more information about this policy, please refer to the following articles:
Loopback processing with merge or replace
Loopback processing of Group Policy
Regards,
Lany Zhang

Client Installation on DMZ workgroup server

Hi,
Please let me know how the DMZ workgroup client communicate with SCCM 2012 server which is in domain.
Also what client installation properties we need to mentioned while manully installing the client on DMZ workgroup server.
Whether PKI certificate will required for authentication?
I thing only http 80 port will required for communication, please correct if I am wrong.
Please suggest.
Regards
Parag

A client in a workgroup and / or dmz has the same port requirements as any other client. For a complete list see:
http://technet.microsoft.com/en-us/library/hh427328.aspx;
For some guidance on installing a client on a workgroup server see:
http://technet.microsoft.com/en-us/library/gg712298.aspx;
It's not a ConfigMgr requirement that a client in a workgroup requires a PKI certificate.
The key is that the clients in the dmz can communicate and resolve the management point.
My Blog: http://www.petervanderwoude.nl/
Follow me on twitter: pvanderwoude

ISCSI initiator for OS X ?

as topic states ... i'm about to replace my direct SCSI storage systems over iSCSI & would like to direct connect to my G5 - not having to share through my win/linux servers first .
thanks,
marco

I would also like to add my need for an iSCSI initiator for OSX. Vista has one built in, Leopard should get one too. Especially since ATTO software wants way too much money for something that should be part of the OS to begin with and is free for all other platforms besides OSX.

TS2072 Remote Desktop Client for MS Windows Server 2003

I need to be able to access my work server to obtain information form our Windows 2003 Server. We have our product prices and other information on servers and today I use the remote desktop client that comes with Windows 7. I was hoping to find a suitable solution to allow me to use my macbook pro with OSX 10.7.4 Software. Does anyone know how to use OSX to make a remote desktop connection as you would through windows 7. I've seen CoRD and Microsoft did have a version but it's for older versions of OSX. I could run W7 but then I would have to purcase another copy and VM if I decided to run it virtual.
Thanks

This is not an Apple Remote Desktop issue - ARD is Apple's software for managing networked Macs - but CoRD and Microsoft Remote Desktop Connection for Mac should both work with Windows 2003 and both work on Mac OS X 10.7; I have used both on my systems. iTap Mobile RDP is another option, and the one I use daily since I've found it to be faster than either CoRD or Microsoft RDC, though iTap is not free.
Regards.

Setting up the Apache HTTP Plugin for several BEA Servers

Hey together,
i would like to setup the apache http plugin for several bea-servers.
I am running apache 1.x on my hp-ux system. There are 2 bea-server-domains on this box and both should be proxied by the plugin simultaneously.
As far as i know it isn't possible to run 2 or more instances of the apache webserver. I heard of virtualhosts, maybe i should try this one out.
Somebody knows how to deal with this problem or does any1 know if virtualhosts could cope with my needs?
Thanks in advance

Ok here i am again and i'm stuck. Here my wishes again:
there are 2 weblogic-instances (domains) running on a machine xxx, instance A listening on port 8041, instance B listening on port 8051. I want to configure apache virtualhosts in combination with weblogic plugins, so that request with /ld will be sent to instance A while requests with /ldd will be sent to instance B. Both are no clusters. Therefore i tried it with the following configuration (httpd.conf):
<VirtualHost xxx:8080>
     DocumentRoot "/opt/hpws/apache/htdocs"
     ServerName xxx:8080
     <IfModule mod_weblogic.c>
     WebLogicHost xxx
     WebLogicPort 8041
     #MatchExpression *
     #PathPrepend=/test2
     </IfModule>
     <Location /ld>
     SetHandler weblogic-handler
     PathTrim /ld
     </Location>
</VirtualHost>
# VirtualHost2 = xxx:8090
<VirtualHost xxx:8090>
     DocumentRoot "/opt/hpws/apache/htdocs"
     ServerName xxx:8090
     <IfModule mod_weblogic.c>
     WebLogicHost xxx
     WebLogicPort 8051
     #MatchExpression *
     #PathPrepend=/test2
     </IfModule>
     <Location /ldd>
     SetHandler weblogic-handler
     PathTrim /ldd
     </Location>
Doesnt really work. Can some1 help please?
Thanks

Setting up Remote Desktop Apps for access from a Mac with 2FA

Hi
Setting up Remote Desktop Apps for access from a Mac with 2FA.
I have a server 2012 remote access gateway, with remote apps published(which uses single signon), behind a 2FA connection (web based) and want to know if its possible to allow macs to connect to the remote Apps behind it. i cannot permanently remove any
of the above setup as it is a requirement.
When i connect from a mac i can login to both the 2FA and remote access web pages and see all the apps but when i click on any app it downloads it to the mac and when i try to run it using Remote Desktop App for MAC i get an error :
"httpendpointexception: 4, The non-proxy http connection failed to connect with the message: 500 internal Server Error."
I have tried with 2fa turned off for testing and get the same result.Does it support 2012 TSGW server? does it support Remote desktop apps? as i cant find a definitive answer on either.
Thanks in advance for any advice.

Hi,
Thank you for posting in Windows Server Forum.
From Error description it seems to be a communication issue between your Mac and your RD gateway server. If you connect from extranet, you may need Remote Desktop Gateway or a VPN/Direct Access connection to your intranet, or forward port 3389 on your router.
500 Internal Server Error seems to be a HTTP related error.
The HTTP status code in IIS 7.0, IIS 7.5, and IIS 8.0
Also, please double check the settings if you have a RD gateway implemented in you intranet.
http://redmondmag.com/articles/2013/12/24/rd-gateway-in-windows-server.aspx
In Windows Server 2012 R2 RD Gateway pluggable authentication is also introduced. This allows custom authentication routines to be used with RD Gateway. For example building a two-factor solution on top of RD Gateway is now possible which allows doing token-authentication
to the RD Gateway which works seamlessly with RD Web Access or RDP file launching.
Please check below article for more information.
Windows Server 2012 R2 is coming what does this add to RDS – VDI
In addition, please provide the log file from the client for further research.
Microsoft Remote Desktop -> About Microsoft Remote Desktop -> Send log via email
Hope it helps!
Thanks.
Dharmesh Solanki
TechNet Community Support

How to configure time synchronization for two NTP servers

We have IOSXR 4.2.1 on routers CRS3 and ASR9K with all recomended SMUs; we need to configure the time synchronization for two NTP servers with the configuration below, but the routers became unstable; synchronize with one NTP servers for some time, then switch to other NTP server, and keep doing this. Anyone know why this behavior?
ntp
authentication-key 1 md5 encrypted 01070F074F0A05
authenticate
trusted-key 1
server 10.192.32.32 prefer
server 10.192.32.33
source Loopback50
update-calendar
RP/0/RP0/CPU0:DFCRSDTC1#sh log | i ntp
Wed Jul 10 09:37:04.621 BRSPO
RP/0/RP0/CPU0:Jul 4 21:29:18 : ntpd[256]: %IP-IP_NTP-5-SYNC_LOSS : Synchronization lost : 10.192.32.32 : Peer unreachable or clock selection failed
RP/0/RP0/CPU0:Jul 4 21:29:18 : ntpd[256]: %IP-IP_NTP-5-HP_CONN_LOST : High priority NTP peer connection lost - Stratum 2->15.
RP/0/RP0/CPU0:Jul 4 21:29:18 : ntpd[256]: %IP-IP_NTP-5-ALL_CONN_LOST : All NTP peer connections failed.
RP/0/RP0/CPU0:Jul 4 21:29:27 : ntpd[256]: %IP-IP_NTP-5-HP_CONN_RECOVERED : High priority NTP peer connection recovered - Stratum 15->2.
RP/0/RP0/CPU0:Jul 4 21:30:21 : ntpd[256]: %IP-IP_NTP-5-SYNC_LOSS : Synchronization lost : 10.192.32.32 : Peer unreachable or clock selection failed
RP/0/RP0/CPU0:Jul 4 21:30:21 : ntpd[256]: %IP-IP_NTP-5-HP_CONN_LOST : High priority NTP peer connection lost - Stratum 2->15.
RP/0/RP0/CPU0:Jul 4 21:30:21 : ntpd[256]: %IP-IP_NTP-5-ALL_CONN_LOST : All NTP peer connections failed.
RP/0/RP0/CPU0:Jul 4 21:31:36 : ntpd[256]: %IP-IP_NTP-5-HP_CONN_RECOVERED : High priority NTP peer connection recovered - Stratum 15->2.
RP/0/RP0/CPU0:Jul 4 21:35:56 : ntpd[256]: %IP-IP_NTP-5-SYNC_LOSS : Synchronization lost : 10.192.32.33 : Peer unreachable or clock selection failed
RP/0/RP0/CPU0:Jul 4 21:35:56 : ntpd[256]: %IP-IP_NTP-5-HP_CONN_LOST : High priority NTP peer connection lost - Stratum 2->15.
RP/0/RP0/CPU0:Jul 4 21:35:56 : ntpd[256]: %IP-IP_NTP-5-ALL_CONN_LOST : All NTP peer connections failed.
RP/0/RP0/CPU0:Jul 4 21:40:11 : ntpd[256]: %IP-IP_NTP-5-HP_CONN_RECOVERED : High priority NTP peer connection recovered - Stratum 15->2.
RP/0/RP0/CPU0:Jul 4 21:50:52 : ntpd[256]: %IP-IP_NTP-5-SYNC_LOSS : Synchronization lost : 10.192.32.33 : System clock selection failed
RP/0/RP0/CPU0:Jul 4 21:50:52 : ntpd[256]: %IP-IP_NTP-5-HP_CONN_LOST : High priority NTP peer connection lost - Stratum 2->6.
RP/0/RP0/CPU0:Jul 4 21:59:26 : ntpd[256]: %IP-IP_NTP-5-HP_CONN_RECOVERED : High priority NTP peer connection recovered - Stratum 6->2.
RP/0/RP0/CPU0:Jul 4 22:25:07 : ntpd[256]: %IP-IP_NTP-5-SYNC_LOSS : Synchronization lost : 10.192.32.33 : System clock selection failed
RP/0/RP0/CPU0:Jul 4 22:25:07 : ntpd[256]: %IP-IP_NTP-5-HP_CONN_LOST : High priority NTP peer connection lost - Stratum 2->6.
RP/0/RP0/CPU0:Jul 4 22:56:16 : ntpd[256]: %IP-IP_NTP-5-SYNC_LOSS : Synchronization lost : 10.192.32.33 : Peer unreachable or clock selection failed
RP/0/RP0/CPU0:Jul 4 22:56:16 : ntpd[256]: %IP-IP_NTP-5-ALL_CONN_LOST : All NTP peer connections failed.

Hi Claudio, that ddts is pretty generic to be honest but yes it is filed to address sync issues in the XR NTP algo.
The thing is that XR ntp clock selection is a bit different then iOS and follows the specs very closely which results in this erroneous loss behavior.
For instance, you could also see this issue with a sync loss if the update time is only 500msec off what it was before and that will result in a ntp sync loss rather then adjusting to it.
Also I wanted to mention that the ntp prefer is a bit of a misnomer in XR (since it follows the specs differently then IOS) and this knob was taken over from IOS really.
You might get some joy if you set it to one server only and see if that helps?
regards
xander

Remote Policy Initiation for DMZ Workgroup Servers

Similar Messages

Maybe you are looking for