REN Server : Authentication Domain

Similar Messages

• What happens if Domain Controller server authentication certificate expires?

  Dear People,
  We have got two Domain controller servers and accordingly two Azman servers. we
  have got two certificates issued for each Domain controllers to our two Azman servers. Both these certificates are going to expire in next few days. We have few Web
  & Desktop applications for which we authorize a large pool of users with the help of these two Azman servers.
  Now, Issue is, Domain Controller certificates are going to expire soon on both Azman servers. Can somebody tell me, what could be impact of expiration of these certificates?
  will all the application be down after that? Should I must go for renewal of certificates? Please help me as soon as possible otherwise I will be in big trouble. Thanks.

  Hi,
  Based on my research, Domain Controller Authentication certificate is used for client authentication, server authentication and smart card logon.
  You need to renew the certificates before they expire, otherwise problems about smart card logon and SSL connection will occur.
  More information for you:
  Processing Domain Controller Certificates
  http://technet.microsoft.com/en-us/library/cc787009(v=WS.10).aspx
  Best Regards,
  Amy

• PeopleTools 8.53 Ren Server.

  Hi,
  I've got peopletools installed on a windows 7 laptop. I've got the Ren Server running and can run the block test. The PeopleSoft logo is visible as per: "The PeopleSoft gif in the upper left corner will not load if the page's URL is incompatible with the PeopleSoft Authentication Token; this is a normal feature of REN Server security."
  So it appears the ren server URL and PeopleSoft token are OK.
  However, I can't run the ping test as I get an access denied message.
  Has anyone any suggestions!
  Thanks,
  Steve.

  That particular issue usually occurs if you don't have authentication domain set up on your web server and/or REN server. Try the following:
  1) If the authentication domain is not set up on the web server, do the following:
  a. Navigate to PeopleTools > Web Profile > Web Profile Configuration > General tab -> Authentication Domain
  b. Enter the authentication domain. Eg .oracle.com /* Note leading dot character */
  2) If authentication domain is not set up on the REN server, do the following:
  a. Navigate to PeopleTools > REN Server Configuration > REN Server Cluster > REN Server Cluster tab > Authentication Token
  b . Enter the authentication token. Eg oracle.com /* Note there is **no leading dot character */
  Also make sure you are using same protocol to access PeopleSoft application and REN server (in other words, if you log into PeopleSoft application using https, then you need to access REN server using https)
  -Karen

• Trying to configure a Win 2003 Server to use TLS server authentication . . .

  I am trying to
  configure a Win 2003 Server to use TLS server authentication following Method 2 in KB 895443 - see below:-
  Method 2: By using the Certificate Request Wizard
  The following steps describe how to obtain a certificate from a Windows Server 2003 Certification Authority. You can also request a certificate from a Windows 2000
  Certification Authority. Additionally, you must have Read permissions and Enroll permissions on the certificate template file to successfully request a certificate. Use this method if one or more of the following conditions are true:
  You want to request a certificate from an Enterprise Certification Authority.
  You want to request a certificate that is based on a template where the subject name is generated by Windows.
  You want to obtain a certificate that does not require administrator approval before the certificate is issued.
  To obtain a certificate, follow these steps:
  Click Start, click Run, type mmc, and then click OK.
  On the File menu, click Add/Remove Snap-in.
  Click Add, click Certificates, and then click Add.
  Click Computer account, and then click Next.
  If you want to add a certificate to the local computer, click Local computer. If you want to add a certificate to a remote computer, click Another
  computer, and then type the name of that remote computer in the Another computer box.
  Click Finish.
  In the Add Standalone Snap-in dialog box, click Close, and then click OK in the Add/Remove
  Snap-in dialog box.
  Under Console Root, click Certificates (Local Computer).
  Note If you configured the Certificates MMC snap-in to manage a remote computer, click Certificates (servername)instead of Certificates (Local Computer).
  On the View menu, click Options.
  In the View Options dialog box, click Certificate purpose, and then click OK.
  In the right pane, right-click Server Authentication, point to All Tasks, and then click Request New Certificate.
  In the Certificate Request Wizard that starts, click Next.
  In the Certificate types list, click Server Authentication, click to select the Advanced check box,
  and then click Next.
  In the Cryptographic Service Providers list, click Microsoft RSA SChannel Cryptographic Provider.
  I get as far as step 11 and I get the error message:-
  The wizard cannot be started because of one or more of the following conditions:
  - There are no trusted certification authorities (CAs) available.
  - You do not have the permissions to request certificates from the available CAs.
  - The available CAs issue certificates for which you do not have permissions.
  This is covered in KB 927066 – see below:-
  To resolve the problem, follow these steps:
  Verify that the CERTSVC_DCOM_ACCESS group exists in the domain that hosts the certification authority. This group is in the CN=Users container.
  To do this, follow these steps:
  Click Start, click Run,
  type Dsa.msc, and then click OK.
  In the left pane, click the Users container.
  Verify that the CERTSVC_DCOM_ACCESS group is in the right
  pane. If the CERTSVC_DCOM_ACCESS group is not in the right pane, go to step 4.
  Verify that the CERTSVC_DCOM_ACCESS group includes the following member groups:
  Domain Users
  Domain Computers
  If these member groups do not exist in the CERTSVC_DCOM_ACCESS group, go to step 4. 
  Note If users or computers in other domains need to enroll against the certification authority, you must also add those users and computers to the CERTSVC_DCOM_ACCESS group. If the current problem occurs on a domain
  controller, you must also add the Enterprise Domain Controllers group to the CERTSVC_DCOM_ACCESS group. By default, domain controllers are not members of the Domain Computers global group. Therefore, domain controllers
  do not have sufficient DCOM permissions.
  Verify that the CERTSVC_DCOM_ACCESS group has the appropriate DCOM Access permissions and DCOM Launch and Activation permissions on the computer that hosts the certification
  authority.
  Click Start, point to Program,
  point to Administrative Tools, and then click Component Services.
  Expand the Component Services node.
  Expand the Computers node.
  Right-click the My Computer node, and
  then click Properties.
  Click the COM Security tab.
  Under Access Permission, click Edit
  Limits.
  Verify that the CERTSVC_DCOM_ACCESS group has Allow Local Access and Allow
  Remote Access permissions, and then click Cancel.
  Under Launch and Activation Permissions, click Edit
  Limits.
  Verify that the CERTSVC_DCOM_ACCESS group has Allow Local Activation and Allow
  Remote Activationpermissions, and then click Cancel.
  Click Cancel, and then close the Component
  Services console.
  Settings may be incorrect if any one of the following conditions is true:
  The CERTSVC_DCOM_ACCESS group does not exist.
  The default membership of the CERTSVC_DCOM_ACCESS group is incorrect.
  The CERTSVC_DCOM_ACCESS group does not have the correct permissions.
  If any one setting is incorrect, run the following commands at a command prompt. Press ENTER after each command.
  certutil -setreg SetupStatus -SETUP_DCOM_SECURITY_UPDATED_FLAG
  net stop certsvc
  net start certsvc
  Repeat steps 1 through 3 to verify that all the settings are correct.
  Note If the changes affect the group membership of the certification authority server, you must restart the server for the changes to take effect.
  The only part of the above instructions which I have not been able to complete is:-
  “you must also add the Enterprise Domain Controllers group to the CERTSVC_DCOM_ACCESS group”.
  When I click on the CERTSVC_DCOM_ACCESS user then click the Members tab & go to add Enterprise Domain Controllers the option is not there.

  Hi Nick,
  Have you successfully set up an enterprise CA?
  If yes, is the enterprise CA’s certificate located under the Trusted Root Certification Authorities store?
  Best Regards,
  Amy

• Ren Server Issue

  Hi All,
  I am configuring Renserver. I am facing error HTTP 403. i have performed following steps.
  1. configured application server and set psrensrv option, gave auth domain.
  2. restarted domain. did not change any thing in webserver.
  3. i have full permission access and ID has been given ptpt1200 permission.
  4. when i do buffer test it is working.
  5. when i do Ping test it is not working.
  6. Renserver cluster URL i have given application server domain where my domain is configured.
  7. specified same auth domain what i have set in 1st step
  Please let me know if you need any detials.

  Hi Nicolas,
  I have in a situation where i tried several times to change the REN server configuration, but i couldn't get the pop up window properly
  REN server configuration in the PIA configured properly, Buffer test fine, REN url Ping is fine,
  I am running a sample report to window and txt format, the pop-up window is continuously blinking, but after some time saying REN server not able to connect.
  What could be the reason?
  Please let me know.
  Thank You

• SAP Crystal Report using SQL Server Authentication and Windows Authenticati

  I'm a SAP Crystal Report, version for Visual Studio 2010 Beginner
  my ingredients are
  1.windows 7 ultimate service pack1
  2.sql server 2008 standard edition
  3.visual studio 2010 pro
  4.SAP Crystal Report, version for visual studio.net
  I was created a report named customersByCity.rpt using OLE DB (ADO) -> Microsoft OLE DB Provider for SQL Server -> I'm supply Server, User ID, Password and Database. I assume me using SQL Server Authentication for my report
  Then, my ASP.NET files as following
  //ASP.NET
  <%@ Page Language="C#" AutoEventWireup="true" CodeFile="viewCustomersByCity.aspx.cs" Inherits="viewCustomersByCity" %>
  <%@ Register Assembly="CrystalDecisions.Web, Version=13.0.2000.0, Culture=neutral, PublicKeyToken=692fbea5521e1304"
      Namespace="CrystalDecisions.Web" TagPrefix="CR" %>
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  <html xmlns="http://www.w3.org/1999/xhtml">
  <head runat="server">
      <title></title>
  </head>
  <body>
      <form id="form1" runat="server">
      <div><asp:Label ID="lblMsg" runat="server" BackColor="Yellow" ForeColor="Black"></asp:Label>
   <CR:CrystalReportViewer ID="CrystalReportViewer1" runat="server" AutoDataBind="true"></CR:CrystalReportViewer>
      </div>
      </form>
  </body>
  </html>
  //code-behind
  using System;
  using System.Collections.Generic;
  using System.Linq;
  using System.Web;
  using System.Web.UI;
  using System.Web.UI.WebControls;
  using System.Collections;
  using CrystalDecisions.CrystalReports.Engine;
  using CrystalDecisions.Shared;
  public partial class viewCustomersByCity : System.Web.UI.Page
      private const string PARAMETER_FIELD_NAME = "city";   
      private ReportDocument customersByCityReport;
      private void ConfigureCrystalReports()
          ConnectionInfo connectionInfo = new ConnectionInfo();
          connectionInfo.ServerName = @"WKM1925-PCWKM1925";
          connectionInfo.DatabaseName = "Northwind";
          connectionInfo.UserID = "sa";
          connectionInfo.Password = "sysadmin25";
          SetDBLogonForReport(connectionInfo);
      private void SetDBLogonForReport(ConnectionInfo connectionInfo)
          TableLogOnInfos tableLogOnInfos = CrystalReportViewer1.LogOnInfo;
          foreach (TableLogOnInfo tableLogOnInfo in tableLogOnInfos)
              tableLogOnInfo.ConnectionInfo = connectionInfo;
      private void SetCurrentValuesForParameterField(ReportDocument reportDocument, ArrayList arrayList)
          ParameterValues currentParameterValues = new ParameterValues();
          foreach (object submittedValue in arrayList)
              ParameterDiscreteValue parameterDiscreteValue = new ParameterDiscreteValue();
              parameterDiscreteValue.Value = submittedValue.ToString();
              currentParameterValues.Add(parameterDiscreteValue);
          ParameterFieldDefinitions parameterFieldDefinitions = reportDocument.DataDefinition.ParameterFields;
          ParameterFieldDefinition parameterFieldDefinition = parameterFieldDefinitions[PARAMETER_FIELD_NAME];
          parameterFieldDefinition.ApplyCurrentValues(currentParameterValues);
      protected void Page_Load(object sender, EventArgs e)
          customersByCityReport = new ReportDocument();
          string reportPath = Server.MapPath("customersByCity.rpt");
          customersByCityReport.Load(reportPath);
          ConfigureCrystalReports();
          ArrayList arrayList = new ArrayList();
          arrayList.Add("paris");
          arrayList.Add("Madrid");
          arrayList.Add("Marseille");
          arrayList.Add("Buenos Aires");
          arrayList.Add("Sao Paulo");
          ParameterFields parameterFields = CrystalReportViewer1.ParameterFieldInfo;
          SetCurrentValuesForParameterField(customersByCityReport, arrayList);
          CrystalReportViewer1.ReportSource = customersByCityReport;
  1st scenario
  When in a runtime, it's keep appear a dialog box. This dialog box ask me to suppy Server, User ID, Password and Database. Once all information is supplied, my report display the data as expected
  2nd scenario
  I change my report using OLE DB (ADO) -> Microsoft OLE DB Provider for SQL Server -> checked on Integrated Security. I just choose Server, and Database. I assume me using Windows Authentication
  When in a runtime, there's no dialog box as above. My report display the data as expected. really cool
  Look's like, when report using SQL Server Authentication there's some problem. but, when report using Windows Authentication, it's fine.
  I'm looking for comment. Please help me

  Hello,
  MS SQL Server 2008 requires you to install the MS Client Tools for 2008.
  Once install then update all of your reports to use the SQL Native 10 as the OLE DB driver.
  The try again, if it still fails search, lots of sample log on code in this forum.
  Don

• Unable to bind MacBook Pro (running 10.6 - Snow Leopard ) to Windows Server 2003 domain

  Hi there, I've been working on this problem for a few hours now (and a few hours last Thursday) and don't feel I'm getting anywhere, so I'm reaching out for help....
  My organisation has just purchased a new MacBook Pro, running Snow Leopard (OSX 10.6) and as a Technical Support Engineer I have been asked to configure it for an end user.
  I am currently trying to join it to our corporate domain, which is a Windows Server 2003 domain operating at the Windows Server 2003 Native domain functional level.
  The MacBook is configured to use DHCP, and has been assigned valid IP address, DNS servers etc by the DHCP server. It can resolve all names on our network, including the names of our domain controllers. When I use nslookup to resolve the name of the domain "my_domain.local" it returns a list of DC's on the domain, which would indicate to me that name resolution is working perfectly. It is using our primary DNS server, 'Ponus' to resolve these names - Ponus is also the Domain Controller in this site.
  To attempt to join the MacBook to the domain I have created a computer account for it on the domain, in the Computers container. I have gone into System/Library/Core Services and run the Directory Utility.
  In the directory Utility I have ticked Active Directory and clicked on it to edit. The 'Forest' field is greyed out and set to 'Automatic', in the 'Domain' field I have entered my_domain.local, which is the FQDN of my domain. I click Bind and when prompted enter my Domain Admin username and password (in the 'Create Computer Account in:' field it displays correctly as CN=Computers,DC=my_domain,DC=local.)
  When I click OK I get the message: Invalid domain. An invalid Domain and Forest combination was specified. You should enter a fully qualified DNS name for the domain and forest (e.g., ads.company.com).
  I have attempted writing the domain as my_domain.local, my_domain.local., MY_DOMAIN.LOCAL and MY_DOMAIN.LOCAL. but I get the same error each time. I have checked and rechecked DNS is resolving OK, and cannot see why it cannot find the Domain and Forest from the FQDN that I am entering. Even so I tried creating records in the hosts file on the MacBook to point to the main Domain Controller at this site (Ponus) but this didn't change anything.
  I have seen a few people report the same issue online but the responses tend to fizzle out before anyone gets to the bottom of it. I have seen some indication that people with an understore (_) in their domain name, or with a .local domain name may experience issues with joining Mac hosts, however these details are very vague and if true there must be a workaround.
  If anyone could help me with this I would greatly appreciate it, I'm running out of time to complete this work and have run out of things to try.
  I have an inkling that this is due to the Mac for some reason not reading the SRV records for the DCs and LDAP in DNS, or to do with the Mac looking only at one SRV record (ie. there is one for a new DC that we haven't deployed yet), not being able to reach this and giving up, but I'm clutching at straws really with my limited knowledge of the Macs process for joining the domain.
  Many many thanks,

  Hi there,
  A simple suggestion , please make sure both MacBook Pro clock and the server clock are the same meaning the hour/Min/ sec both should match. A least difference of 3 seconds is fine.
  I had faced this problem in many place and only solution was to match the time and it will bind immediatly.

• How to Create a SQL Agent Job For A SSIS Package with Sql Server Authentication

  Hi ALl,
  I have a SSIS package which basically has a data flow task in which i pull the data from one server and copy it into another server and my source server is the one where i dont have windows authentication and i have to only use a sql server authentication
  . This package runs fine if i click the server connection properties type the password and save it.
  Now, my task is to set up a sql agent job which basically uses a proxy account and takes this package from the file system and runs it.But when i try to run this package, its failing with an error saying 
  "Login Failed For rpt5user" where rpt5user is the username for my sql server authentication of the source connection.
  Can someone please help me with any suggestions on how to do this?
  I have heard that we can achieve it by using xml config file which i have never used and i am trying to google around but for no luck.
  So, If someone can please throw any suggestions or ideas on this it would be great.
  Thanks

  You need to add password as a config item and set it from the file source or sql table
  see this as an example
  http://blogs.msdn.com/b/runeetv/archive/2009/12/22/ssis-package-using-sql-authentication-and-dontsavesensitive-as-protectionlevel.aspx
  Please Mark This As Answer if it solved your issue
  Please Mark This As Helpful if it helps to solve your issue
  Visakh
  My MSDN Page
  My Personal Blog
  My Facebook Page

• Error (2931) VMM is unable to complete the request. The connection to the VMM agent on the virtualization server (host.domain.local) was lost.

  Experts,
  kindly advice for this error when create vm from a templates, while i'm not having this issue when create the vm to another host from the same templates,
  firewall is disabled and no antivirus on the host.
  The network and the ping is very stable, and the WS-Management service is running on the host,
  Host  : windows server 2012 R2
  VMM : 2012 R2 3.2.7895.0
  VMM updated from RU2 to RU5
  Error (2931)
  VMM is unable to complete the request. The connection to the VMM agent on the virtualization server (host.domain.local) was lost.
  Unknown error (0x80338029)
  Recommended Action
  Ensure that the Windows Remote Management (WS-Management) service and the VMM agent are installed and running and that a firewall is not blocking HTTPS traffic.
  This can also happen due to DNS issues. Try and see if the server (ms-lab-01.eccsolutions.local) is reachable over the network and can be looked up in DNS. You can ping the virtualization server from VMM management server and make sure that the
  IP address returned matches the IP address locally obtained from the virtualization server.
  If the error still persists, restart the virtualization server, and then try the operation again.
  Ahmad Samir | MCSE 2003, MCSE 2012 Private Cloud | MCTS: SCOM 2007, Lync 2010, Exchange 2010.

  Ok  I will try another template,
  and the drop happen in the customization after deploying the VHDX file as my first image.
  I had this answer from partner forum. but i didn't try it yet
  Backup your VMM database and then check the
  tbl_VMM_Lock table in the
  VMM database to see if it has any locks listed, do this after stopping the System Center Virtual Machine Manager Service.
  If there are locks listed in the tbl_VMM_Lock
  table you can clear them by executing the prc_VMM_ReleaseAllLocks
  stored procedure.
  Ahmad Samir | MCSE 2003, MCSE 2012 Private Cloud | MCTS: SCOM 2007, Lync 2010, Exchange 2010, Server Virtualization.

• New Adobe Media Server Authentication Add-In

  A new rebranded Adobe Media Server Authentication Add-In for Flash Media Live Encoder(FMLE) has been posted on FMLE download page. This version will work with both Adobe Media Server as well as Flash Media Server.
  Grab it from here
  https://www.adobe.com/cfusion/entitlement/index.cfm?e=fmle3
  Team AMS

  thank you for your help but it did not work for me i installed the FMS on the default pass knowing iam using win 64 and i installed the FMS authentication add-in for this version it said installation complete and the server restarted
  i used cmd to reach /conf i found the 2 files i used command
  users add -u username -p password
  to add the user
  i tried to test and started FMLencoder v3.2 and it just started to stream and did not ask me for any username or password as you can see here
  Wed May 04 2011 20:12:01 : Selected video input device: Chicony USB 2.0 Camera
  Wed May 04 2011 20:12:02 : Selected audio input device: Microphone (Realtek High Defini
  Wed May 04 2011 20:12:20 : Renaming existing file from C:\Users\Eslam\Videos\sample.flv to C:\Users\Es\Videos\sample.9.flv
  Wed May 04 2011 20:12:22 : Primary - Connected to FMS/3,5,1,516
  Wed May 04 2011 20:12:22 : Primary - Network Command: onBWDone
  Wed May 04 2011 20:12:22 : Primary - Stream[livestream] Status: Success
  Wed May 04 2011 20:12:22 : Primary - Network Command: onFCPublish
  Wed May 04 2011 20:12:22 : Primary - Stream[livestream] Status: NetStream.Publish.Start
  Wed May 04 2011 20:12:22 : Session Started
  Wed May 04 2011 20:12:23 : Audio Encoding Started
  Wed May 04 2011 20:12:24 : Video Encoding Started
  how can i verify the add on working correctly and use it

• Single Authentication Domain

  Hi,
  I am creating a new environment on PT 8.50 for Portal 9.1 with DB as Oracle 11G R2 on Linux OS which is on domain xyz.com and i have an old environment of portal8.8 on domain abc.com.WE are trying to provide a link from Portal9.1 to Portal8.8 which is on a different domain.Is it possible to establish a single authentication domain between them as both the domains are different?
  Webserver being used is IBM Websphere
  Thanks
  Vijay

  If I understand your question correctly, I think the answer is no.
  You can't establish a PeopleSoft single signon relationship between a PIA site that's on domain xyz.com with one that's on abc.com.
  Single signon requires PSTOKEN authentication to work, and browsers will not forward cookies across domains (this would be a security vulnerability), so this can't happen because the target site would never get a PSTOKEN cookie to authenticate against when clicking the link.
  But you can do something like this:
  site 1 = company1.corporation.com
  site 2 = company2.us.corporation.com
  If your names were set up this way, then you could set your cookie domains and AuthTokenDomain to .corporation.com and set them up with single signon links to each other. The key is what is the domain associated with the PSTOKEN at the time it was issued, and will it be allowed to be forwarded to and accepted by the other site?
  Theoretically, you could also set up .com as the authtoken domain, but that would be really bad from a security perspective, because you would basically be allowing anybody on the Internet to send you a PSTOKEN.

• Users using SQL Server Authentication

  What tables/views would I use to create a list of users using SQL Server Authentication? I want the name, whether password (complexity) policy is set and whether password expiration is set. I only want current/active users.

  You can query query sys.sql_logins to get this information.
  http://msdn.microsoft.com/en-GB/library/ms174355.aspx
  Regards, Ashwin Menon My Blog - http:\\sqllearnings.com

• 802.1x for server authentication

  Hello everybody,
  this the first time I write on this forum, so please excuse me if I do something wrong.
  My objective is to authenticate servers in my customer's server farm, so that none can put an unauthorised server in place.
  I am thinking about using 802.1x machine authentication to reach my aim.
  Does anybody has experience about similar situations?
  The server platforms are:
  - Windows 2k Server
  - Windows 2k Advanced Server
  - Linux Redhat
  - IBM AIX
  Which are the applicable EAP methods for each platform?
  Has anybody experienced the use of 802.1x client such as Meetinghouse or Funk Odissey on the mentioned platforms?
  Thank you in advance.
  Kind regards,
  Barbara

  EAP, EAP-TLS, EAP-MS-CHAP v2, and PEAP authentication
  The support that 802.1X provides for Extensible Authentication Protocol (EAP) types allows you to choose from several different authentication methods for wireless clients and servers.
  EAP
  802.1X uses EAP for message exchange during the authentication process. With EAP, an arbitrary authentication method, such as certificates, smart cards, or credentials, is used. EAP allows for an open-ended conversation between an EAP client (such as a wireless computer) and an EAP server (such as an Internet Authentication Service (IAS) server). The conversation consists of requests for authentication information by the server and responses by the client. In order for authentication to be successful, the client and the server must use the same authentication method.
  EAP-TLS
  EAP-Transport Layer Security (TLS) is an EAP type that is used in certificate-based security environments, and it provides the strongest authentication and key determination method. EAP-TLS provides mutual authentication, negotiation of the encryption method, and encrypted key determination between the client and the authenticating server. If you want to use certificates or smart cards for user and client computer authentication, you must use EAP-TLS or, for enhanced security, Protected EAP (PEAP) with EAP-TLS.
  EAP-MS-CHAP v2
  EAP-Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2) is a mutual authentication method that supports password-based user or computer authentication. During the EAP-MS-CHAP v2 authentication process, both the server and client must prove that they have knowledge of the user's password in order for authentication to succeed. With EAP-MS-CHAP v2, after successful authentication, users can change their passwords, and they are notified when their passwords expire.
  EAP-MS-CHAP v2 is available only with PEAP.
  PEAP
  PEAP is an authentication method that uses TLS to enhance the security of other EAP authentication protocols. PEAP provides the following benefits: an encryption channel to protect EAP methods running within PEAP, dynamic keying material generated from TLS, fast reconnect (the ability to reconnect to a wireless access point by using cached session keys, which allows for quick roaming between wireless access points), and server authentication that can be used to protect against the deployment of unauthorized wireless access points.

• Moving from Novell Zenworks to Windows Server 2008 domain

  I am trying to find ways to automate the process of moving between a Novell Zenworks environment to a server 2008 domain. The first problem to my understanding is changing the names of the machines to legal values in our Windows XP Pro Clients. They are currently mostly named, cata_rm#_computer# (where # is a defined value set manually). To my understanding underscore _ is an invalid character for joining a domain so we want to have an automated script that can easily be deployed over the network to basically replace all "_"with "-". Is this necessary or can this issue be handled easier ****her down the road on moving to a windows domain?
  We would then like to be able to deliver a payload via zenworks that will cause all of Novell and Zenworks to be removed from the computer and once that is complete add the computer to the new windows domain. Ideally the payload could be easily run from a network share or flash drive as well. Unattended installers may be available for this software suite but we would want to combine the uninstall process with adding the domain so we can move from our poor zenworks domain to a windows domain without ever touching most of our machines.
  This is not my project but I am interested in learning how this process could be completed as painlessly as possible hopefully learning something along the way. Anything from links to guides on where to get started looking to more developed solutions would be greatly appreciated. Thank you for any assistance you can provide.

  None the less the beginning of my problem, removing Novell is a Novell issue. Thankfully I have figured out most of the removal of novell and zenworks already, now just working on fixing the client names and joining the windows AD domain.
  Originally Posted by mdallair
  Hi firemandan9,
  As you probably know this is a Novell support forums and you are asking how to get rid of Novell. May be a better place is the Microsoft Forums.
  Martin Dallaire

• Is server authentication mandatory for using SSL?

  Is server authentication mandatory for using SSL sockets, or is there a way around it?
  In other words, how can I take advantage of SSL sockets without dealing with any kind of certificates? Do I have any other options?

  Ok folks, I found my answer.Here�s the deal.
  Here are some helpful sites: I hope they will also help you understand this topic better and make your life little easier.
  //====================================
  http://www.onjava.com/pub/a/onjava/2001/05/03/java_security.html
  http://www-105.ibm.com/developerworks/education.nsf/java-onlinecourse-bytitle/96B42A25DD270CA886256BAA006351B4?OpenDocument
  http://www.ddj.com/documents/s=870/ddj0102a/rl1
  //====================================
  Neither Server nor Client authentication is mandatory. However, if you don�t use proper ciphersuite (that doesn�t require any authentication), the connection will die so to avoid this problem, you need to enable those ciphersuites manually. Read on.
  In most modes, SSL encrypts data being sent between client and server and also provides (optional) peer authentication.
  These kinds of protection are specified by a "cipher suite", which is a combination of cryptographic algorithms used by a given SSL connection. During the negotiation process, the two endpoints must agree on a ciphersuite that is available in both environments. If there is no such suite in common, no SSL connection can be established, and no data can be exchanged.
  The cipher suite used is established by a negotiation process called "handshaking".
  There are two groups of cipher suites which you will need to know about when managing cipher suites:
  �     Supported cipher suites: all the suites which are supported by the SSL implementation. This list is reported using getSupportedCipherSuites.
  �     Enabled cipher suites, which may be fewer than the full set of supported suites.
  This group is set using the setEnabledCipherSuites method, and queried using the getEnabledCipherSuites method. Initially, a default set of cipher suites will be enabled on a new socket that represents the minimum suggested configuration.
  Implementation defaults require that only cipher suites which authenticate servers and provide confidentiality be enabled by default. Only if both sides explicitly agree to unauthenticated and/or non-private (unencrypted) communications will such a ciphersuite be selected.
  When SSLSockets are first created, no handshaking is done so that applications may first set their communication preferences: what cipher suites to use, whether the socket should be in client or server mode, etc. However, security is always provided by the time that application data is sent over the connection.
  The suite is chosen based upon the credentials that each side possesses and suites that each side supports. For example, a server can�t support an RSA cipher suite unless it has an available RSA private key.
  The client and server must support at least one common cipher suite in order to communicate; if they both support multiple ciphers, the strongest available suite will be chosen.
  The strings are part of the SSL specification and are defined as:
  SSL_<key exchange algorithm>with<encryption algorithm>_<hash algorithm>
  When a number appears in the encryption algorithm, it refers to the key strength of the encryption: higher numbers are more secure.
  setEnabledCipherSuites(String[] suites) method controls which particular cipher suites are enabled for use on this connection.
  �     The cipher suites must have been listed by getSupportedCipherSuites() as being supported.
  �     Even if a suite has been enabled, it might never be used if no peer supports it, or the requisite certificates (and private keys) are not available.
  getSupportedProtocols(): Returns the names of the protocols which could be enabled for use on an SSL connection.
  setEnabledCipherSuites(String[] suites): Controls which particular cipher suites are enabled for use on this connection.
  Let me give you some code that will help you understand little better.
  One is Client.java for the client and the other one is Server.java for the server.
  Compile and run them in two separate consoles.
  ( By the way, I assume that you have properly installed JSSE on your system.)
  //===== Client.java: ===================================================
  import java.io.*;
  import java.net.*;
  import javax.net.ssl.*;
  public class Client
       public static void main(String[] args)
            (new Client()).doIt();
       }//end main
       private void doIt()
            int port = 3333;
            String host = "localhost";
  /*          String[] enable = {"SSL_DH_anon_WITH_RC4_128_MD5",
                      "SSL_DH_anon_WITH_DES_CBC_SHA",
                      "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA",
                      "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",
                      "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA"};
  */          try
            SSLSocketFactory sslFact =
            (SSLSocketFactory)SSLSocketFactory.getDefault();
            SSLSocket s =
            (SSLSocket)sslFact.createSocket(host, port);
                 //String[] suites;
                 //Get all the default CipherSuites
                 System.out.println("\n*** Default CipherSuites ***\n");
                 String [] defaultSuites=sslFact.getDefaultCipherSuites();
                 for(int i = 0; i<defaultSuites.length; i++)
                      System.out.println("["+i+"] Default CipherSuite ="+defaultSuites);
                 //Get all the supported CipherSuites
                 System.out.println("*** ================= ***");               
                 System.out.println("\n*** CipherSuites Enabled by default ***\n");
                 String [] enabledSuites=s.getEnabledCipherSuites();
                 for(int i = 0; i<enabledSuites.length; i++)
                      System.out.println("["+i+"] Enabled CipherSuite="+enabledSuites[i]);
                 System.out.println("*** ================= ***\n");
                 System.out.println("***\n Supported CipherSuites ***\n");
                 String [] supportedSuites=sslFact.getSupportedCipherSuites();
                 for(int i = 0; i<supportedSuites.length; i++)
                      System.out.println("["+i+"]Enabled Supported CipherSuite ="+supportedSuites[i]);
                 //Get all enabled CipherSuites
                 System.out.println("*** ================= ***\n");
                 System.out.println("\n*** Old and Newly enabled Anonymous CipherSuites ***\n");
                 //s.setEnabledCipherSuites(enable);
                 //Enable all supported CipherSuites
                 s.setEnabledCipherSuites(supportedSuites);
                 String [] suites=s.getEnabledCipherSuites();
                 for(int i = 0; i<suites.length; i++)
                      System.out.println("["+i+"] Newly enabled Anonymous CipherSuites="+suites[i]);
                 System.out.println("*** ================= ***\n");
                 System.out.println(" The strongest available CipherSuite is chosen by the System.");
                 System.out.println(" But it has to be enabled first, otherwise it ignores it. ");
                 System.out.println("Currently Selected CipherSuite = "+s.getSession().getCipherSuite()+"\n");
                 System.out.println("*** ================= ***");
                 // Send messages to the server through
            // the OutputStream
            // Receive messages from the server
            // through the InputStream
            OutputStream out = s.getOutputStream();
            InputStream in = s.getInputStream();
                 PrintWriter p = new PrintWriter(out);
                 p.println("Hi Buddy!");
                 p.println("Wanna have a beer?");
                 p.println("All right, let's have some.");
                 p.flush();
                 out.close();
       in.close();
       s.close();
            catch (IOException e)
                 System.out.println(""+e);
  }//end class
  //===== Here's Server.java ==============================================
  import java.io.*;
  import java.net.*;
  import javax.net.ssl.*;
  public class Server
       public static void main(String[] args)
            (new Server()).doIt();
       }//end main
       private void doIt()
            int port = 3333;
            SSLServerSocket ss;
            String[] enable = {"SSL_DH_anon_WITH_RC4_128_MD5",
                      "SSL_DH_anon_WITH_DES_CBC_SHA",
                      "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA",
                      "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",
                      "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA"};
            try
            SSLServerSocketFactory sslSrvFact =
            (SSLServerSocketFactory)
            SSLServerSocketFactory.getDefault();
                 //Get all the default CipherSuites
                 String [] suites=sslSrvFact.getDefaultCipherSuites();
                 for(int i = 0; i<suites.length; i++)
                      System.out.println(""+i+". DEFAULT CIPHER SUITE="+suites[i]);
                 suites=sslSrvFact.getSupportedCipherSuites();
                 for(int i = 0; i<suites.length; i++)
                      System.out.println(""+i+". SUPPORTED CIPHER SUITE="+suites[i]);
                 System.out.println("*** ================= ***");
            ss =(SSLServerSocket)sslSrvFact.createServerSocket(port);
                 suites=ss.getEnabledCipherSuites();
                 for(int i = 0; i<suites.length; i++)
                      System.out.println(""+i+". ENABLED CIPHER SUITE="+suites[i]);
                 ss.setEnabledCipherSuites(enable);
                 suites=ss.getEnabledCipherSuites();
                 for(int i = 0; i<suites.length; i++)
                      System.out.println(""+i+". NEW ENABLED CIPHER SUITE="+suites[i]);
                 System.out.println("*** ================= ***");
            SSLSocket c = (SSLSocket)ss.accept();
  //          ServerSocket ss = new ServerSocket(port);
  //          Socket c = ss.accept();
            OutputStream out = c.getOutputStream();
            InputStream in = c.getInputStream();
                 BufferedReader br = new BufferedReader(new InputStreamReader(in));
            // Send messages to the client through
            // the OutputStream
            // Receive messages from the client
            // through the InputStream
            while(true)
  //               int i = in.read();
                      String inputString = br.readLine();
                      if(inputString != null)
                      System.out.println(inputString);
                 else
                      out.close();
                      in.close();
                      c.close();
                 ss.close();
            catch (IOException e)
                 System.out.println(""+e);
  }//end class
  //========= Good Luck! ===================