RFC To HTTP Synchronous with SSL Encryption

Similar Messages

• RFC to HTTP Synchronous and SSL encryption

  I have the a Scnario RFC --> XI ---> HTTP with responce coming back from HTTP to xi and then in turn will go back to SAP.
  so it is like :  RFC  to XI and then To HTTP application at BANK partner
  but my case more complex because before i send the message to the web application over HTTP i need to encrypt the message and communicate with the web application of the bank, so i wonder how can we implement SSL to handshake with the bank successfully and how to encrypt the xml before i send the message to the bank ????
  also one more interesting question is : when i send the data to the bank over HTTP they asked me to pass it as an arugment...so what does that mean and how can i send data as an argument inside the HTTP request ??
  so in this case do i have to use HTTP adapter or SOAP adapter ????
  please help me out guys and thanks in advance

  Hi,
  use the HTTP adapter.
  You have to install the SAP crypto lib to enable the HTTPS service in PI.
  Afterwards you have to store the SSL certificates and the certificate chain in PI (TX STRUST).
  Argument/parameter:  eg.  www.xyz.com/script.asp?user=peter
  Cheers,
  André

• File to SOAP (Synchronous) with certificates Encryption and Descryption

  Hi,
  Can anybody advice me how can I develop the scenario file to SOAP (Synchronous Process) with certificates encryption and descryption.
  Thanks,
  Naidu.

  For file to soap sync scenario without using BPM, you need to use the following adapter modules.
  http://help.sap.com/saphelp_nw04/helpdata/en/45/20c210c20a0732e10000000a155369/content.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/45/20cc5dc2180733e10000000a155369/content.htm
  For applying certificates, you need to configure SSL on java stack.
  https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/197e6aec-0701-0010-4cbe-ad5ff6703c16
  Regards,
  Prateek

• CSM HTTP Redirect with SSL

  Problem we are having:
  A client opens an HTTPS connection to a CSM with SSL offload to SSL module. The decrypted clear HTTP request hits the IIS server and is redirected (301).
  The client gets an HTTP redirect and not an HTTPS redirect.
  The reason for the 301 redirect is the IIS server does not have a physical resource but rather a virtual directory so it issues a 301 and adds a /. eg https://www.cisco.com/tech is redirected to https://www.cisco.com/tech/ in a working situation.

  look for the urlrewrite command in order to change HTTP into HTTPS.
  Regards,
  Gilles.

• Using HTTP Services with SSL using Internet Explorer

  Hello,
  Basically what's happening is that the secure services aren't
  loading when I pull up the website when using Internet Explorer.
  The website works perfect in FireFox and Safari however nothing
  loads via the HTTP services when they use SSL. I've read over Lin
  Lin's article
  http://weblogs.macromedia.com/lin/archives/flex/security/index.cfm
  about using SSL with IE however I'm confused as how to implement
  the changes she mentions. She basically mentions a couple of the
  reasons why the httpServices wouldn't be able to load data in when
  connecting via SSL. I've read over the Adobe TechNote at
  http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=fdc7b5c&pss=rss_flashplayer_fdc7b5 c
  but this wasn't clear either.
  1. How do I change the server settings to have the correct
  header information?
  2. Can I change something in the Flex Compiler to allow for
  SSL and IE?
  This works perfect in FireFox and Safari and retrieves data
  with no problems. Any ideas, information would be appreciated.

  Hello,
  Basically what's happening is that the secure services aren't
  loading when I pull up the website when using Internet Explorer.
  The website works perfect in FireFox and Safari however nothing
  loads via the HTTP services when they use SSL. I've read over Lin
  Lin's article
  http://weblogs.macromedia.com/lin/archives/flex/security/index.cfm
  about using SSL with IE however I'm confused as how to implement
  the changes she mentions. She basically mentions a couple of the
  reasons why the httpServices wouldn't be able to load data in when
  connecting via SSL. I've read over the Adobe TechNote at
  http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=fdc7b5c&pss=rss_flashplayer_fdc7b5 c
  but this wasn't clear either.
  1. How do I change the server settings to have the correct
  header information?
  2. Can I change something in the Flex Compiler to allow for
  SSL and IE?
  This works perfect in FireFox and Safari and retrieves data
  with no problems. Any ideas, information would be appreciated.

• ICal publication on IIS Website with SSL

  Hi,
  Can i publish iCal calendars on IIS Webdav directory with SSL configuration on an other port than default 443 ???
  I try to publish on this server and this work for:
  - "http" site
  - "https" site with ssl port 443
  but no with "https" site with ssl port 445 for example.
  my publication url is "https://myserver.com:445/calendars/"
  Where is the problem???
  Thanks.

  Hi Parth,
  This forum discusses about web development including HTML, CSS and Script for Internet Explorer. So you post is off-topic here. I suggest you re-post a question to IIS forum for better support.
  http://forums.iis.net/
  Best regards,
  Shu
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Error in scenario "FILE to HTTP(with SSL)" - HTTP client code 110 reason.

  Hi friends,
  Our scenario is as follows:
  We are trying to send XML file from our SAP-XI to external tool "COMMunix XC" (a multi-protocol EDI platform tool).
  We have configured " FILE TO HTTP(with SSL)" scenario (trying to connect HTTPS/port)
  1. We have created RFC destination of type G and refered the same RFC in Communication channel (Adapter type: HTTP)
  2. We have send the SSL Server certificate to other party and ensure that they have imported at thier end.
  3. We have included the certificates from other party in our SAP XI STRUST under SSL Client (Standard) node.
  4. We have tried " CONNECTION TEST " in the RFC destination created in type G (in STEP 1) and it shows the GREEN TICK at bottom, no other message nor any error message
  When we trigger the communication we recieve the error: HTTP client code 110 reason in SXMB_MONI.
  Please let us know if we have missed out some step.
  What does error message indicate,
  Regards,
  Rehan

  Hi Rehan,
  I see that the PROCTIMEOUT was already at a very high value.
  Does this occur for messages of a particularly large size?  If yes, you could increase the parameter
     icm/HTTP/max_request_size_KB = 2097152
  This would need to be done in the sender/receiver system as well as XI.
  Otherwise you could try reproducing the issue and checking the dev_icm log in the work directory, or go to SMICM -> Goto -> Display trace file
  check for errors like NIECONN_REFUSED or "no service for protocol HTTPS" which can often be related to this type of issue.
  Kind regards,
  Sarah

• Crystal Reports export and print fails with SSL / https but works with http

  Windows 2008 Server, 32-bit (IIS7)
  ASP.NET 2.0
  Ajax 1.0
  Crystal Reports version 10.5.3700.0
  http:  printing works, export works
  https:  printing not working, only export to MS Excel and MS Word work.
  I am able to generate reports using both http and https, and the toolbar icons are all showing.  However, I am unable to print or export properly with SSL.
  Printing prompts me with a select printer window, and then a window 'Retrieving Page 1' follow by two messages from Crystal Print Control both stating:
  A communication error occured.  Printing will be stopped.
  Exporting generates various errors depending on which export method is being selected (however Excel and Word work over https).
  I've found the same problem on this site and other forums, but never a resolution to get exporting and printing to work with SSL.  Will someone please provide me assistance or possibly relay what settings they're using if they have Crystal Reports export or printing working over SSL in IIS7?  Everything works fine when I change the address from https to http.
  Please let me know if I can help by providing further information.  We've gone through a great deal of possible solutions with code and I'm currently looking in to IIS settings again.
  Thank you.

  Thanks Ludek. I got it by searching KB number.
  Unfortunately, it didn’t fix my problem even my IE (IE8 and IE 9) has correct setting.  I double check my version. PrintControl.CAB is version 10.2.0.1146. we use VS 2005 Crystal report and VB .NET. It works fine on HTTP. But when we use HTTPS (SSL Certificate from go daddy).
  1: Crystal report export
              Export to MS Excel, Word: pop us “File download”, then click “Save”. It says “Internet Explorer cannot download ReportView.aspx from my site. Internet Explorer was not able to open this internet site. the requested site is either unavailable or cannot be found. Please try it again later”
              Export to RPt, Rich text format: It says “Internet Explorer cannot download ReportView.aspx from my site. Internet Explorer was not able to open this internet site. the requested site is either unavailable or cannot be found. Please try it again later”
              Export to PDF : nothing happened.
  2: Print:
              Pop up dialog to select printer, click “Print” “. Shows windows “Crystal Report Viewer” and pop us error message box. Title is “Crystal Print Control”. Message is “An communication error occurred. Printing will be stopped”. Click “OK” and pop up error message box again.
  Please advise.
  Thank you very much!

• IE unable to connect to Oracle HTTP Server v10.1.2 with SSL

  Hi,
  I configured OHS with SSL to run APEX applications.
  This configuration can be run from Mozilla browsers and Opera, but not from Internet Explorer.
  I suspect that IE doesn't support 256-bit encryption, as both browser above support it. So I set several combination of SSL Cipher Suite in ssl.conf. I also set IE to use TLS v1, SSLv2, and SSLv3. But this doesn't show any results. I also found that several sites which has 256 bit encryption (read the information from Mozilla and Opera browser) can also be opened by IE (read as 128 bit encryption). So I guess the encryption is not the problem, and I move on to the Apache error_log files.
  What I found from Apache's error_log.xxxx is
  [error] mod_ossl: SSL call to NZ function nzos_Handshake failed with error 29014 (server ---.---.com:4443, client --.--.--.--)
  [error] mod_ossl: Unknown error
  [error] mod_ossl: SSL call to NZ function nzos_Handshake failed with error 28864 (server ---.---.com:4443, client --.--.--.--)
  [error] mod_ossl: SSL IO error [Hint: the client stop the connection unexpectedly]
  So I looked in the Metalink and found Note:312041.1 and applied patch 4960210 and restart the server. But now it wouldn't start at all, despite that all configuration files were not changed.
  Any help would be greatly appreciated.
  Regards,
  Aulia Bismar

  You can use any PKCS#12 file with OHS if it includes the complete private key and certificate chain. With Oracle Wallet Manager (owm) you could also create a private key, import it, import the CA certificate as trusted certificate, create a certificate request for the private key, get the certificate response from the CA and import this.
  If you use an unsual CA, ie cacert.org, you must import the CA root certificate as a trusted server certificate for IE.
  --olaf                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           

• WCF service fronted with SSL enabled NGINX load balancer shows HTTP based WSDL url instead of HTTPS

  Hi,
  I have WCF service hosted using IIS 8.5 on application server. And application servers are fronted with NGINX load balancer with SSL enabled. Backend communication protocol between NGINX to application server is http. 
  When customer visits public domain url (https://xxx.com/service.svc), they can see the WSDL url with http://xxx.com/service.svc?wsdl. 
  What change should I make so that WSDL url will have https instead of http ? 
  This is service side configuration.
  <system.serviceModel>
      <services>
        <service name="Service.IService">
          <endpoint address="" binding="basicHttpBinding" bindingNamespace="http://xyz.com/Service" name="Service_Endpoint" contract="Service.IService" />
        </service>
      </services>
      <bindings>
        <basicHttpBinding />
      </bindings>
      <client />
      <behaviors>
        <serviceBehaviors>
          <behavior>
            <serviceThrottling maxConcurrentCalls="5000" maxConcurrentInstances="2147483647" maxConcurrentSessions="5000" />
            <serviceMetadata httpGetEnabled="true" />
            <serviceDebug includeExceptionDetailInFaults="true" />
          </behavior>
        </serviceBehaviors>
      </behaviors>
      <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
    </system.serviceModel>
  Thanks in advance !!

  Hi,
  For this scenario, you could just enable SSL in IIS to get HTTPS endpoints. If your service is exposed at https then you configure the same using “httpsGetEnabled”:
  <behaviors>
  <serviceBehaviors>
  <behavior
  name="MyServiceTypeBehaviors"
  >
  <serviceMetadata
  httpGetEnabled="true"
  />
       </behavior>
  </serviceBehaviors>
  </behaviors>
  For more information, you could refer to:
  http://www.codeproject.com/Articles/327260/What-s-new-in-WCF-Automatic-HTTPS-endpoint-for
  http://blogs.msdn.com/b/brajens/archive/2007/04/26/accessing-description-metadata-wsdl-of-wcf-web-service.aspx
  Regards

• Http client------ XI  (via HTTP with SSL),

  hi forum,
  we have a http client that sends a http erquest to XI, by using sap/xi/adapter_plain
  service,  i mean plain http adapter
  but for scurity reasons i need HTTPS communication,
  can u tell me how to enable HTTPS (HTTP with SSL) communiaction in the same scenario,
  http client------>XI  (via HTTP with SSL)

  hi sudeep,
  u need to create a comm ch of adapter type http n set the security level there.
  refer this for help:
  http://help.sap.com/saphelp_nw04/helpdata/en/14/80243b4a66ae0ce10000000a11402f/frameset.htm
  [reward if helpful]
  regards,
  latika.

• Securing Portal with SSL/https

  Has anyone successfully setup oracle portal 9.0.2 on solaris running all over secure sockets for both login/server and portal ?
  I've followed the otn documentation but i'm still having problems with gettin portal to work with https.
  It's driving me insane!! please help with any suggestions.
  Kind Regards
  Neil

  Hi,
  We did the following steps and it working :)
  Assuming that HTTPS is correctly working and without security aspects.
  Assuming that the HTTPS is 443
  1) configure Webcache to work on port 443 and link it to the 4444 port of Apache
  1) configure SSO
  I directly change in WWSEC_ENABLER_CONFIG_INFO$ LS_LOGIN_URL to the https URL
  the LSNR_TOKEN has to be like 'myhost' and not 'myhost:port'
  2) Login to SSO and update the HOME, SUCCESS and CANCEL URL of SSO
  to https
  3) register mod_osso against the new SSO Server
  4) register the portal using ptlasst
  (if possible remove the already installed portal)
  beware You might have big trouble with groups you have created.
  5) Add in ORACLE_HOME\j2ee\OC4J_Portal\applications\portal\WEB-INF\web.xml
  <init-param>
  <param-name>httpsports<param-name>
  <param-value>443:4444</param-value>
  </init-param>
  That is it !!!!
  You have also to protect some URL with SSL and
  to redefine some virtual path
  The best test is to stop WebCache to liste http port
  Have fun
  Philippe Camelio
  SysAdmin

• RFC to HTTP Scenario, Dynamic URL .... Limitation with 200 Character...

  Hi Experts,
  I am doing an RFC to HTTP Scenario. In which the Target URL is Dynamic and i am passing some values from the input payload.
  The Problem is the Target URL length is around "487" character and the Dynamic configuration property allow to pass an maximum if 200 character to "Target URL".
  How to solve this ...Any way to achive this...
  Regards,
  Jude

  Hello,
  The Problem is the Target URL length is around "487" character and the Dynamic configuration property allow to pass an maximum if 200 character to "Target URL".
  You can check Michal's reply in this thread, http://forums.sdn.sap.com/thread.jspa?messageID=7767169#7767169. There is no official statement from SAP that they will change it.
  What you can do is to use a third-party tool to shorten the URL e.g bit.ly I am unsure though of licensing reasons. Or an alternative is to place the parameters in the HTTP Body, in that way, you can place as much parameters as you like.
  Hope this helps,
  Mark

• How to configure sso with SSL step by step

  Purpose
  In this document, you can learn how to configure SSO with SSL. After user have certificate installed in browser, he can login without input username and password.
  Overview
  In this document we will demonstrate:
  1.     How to configure OHS support SSL
  2.     How to Register SSO with SSL
  3.     Configure SSO for certificates
  Prerequisites
  Before start this document, you should have:
  1.     Oracle AS 10g infrastructure installed (10.1.2)
  2.     OCA installed
  Note:
  1.     “When you install Oracle infrastructure, please make sure you have select OCA.
  2.     How Certificate-Enabled Authentication Works:
  a.     The user tries to access a partner application.
  b.     The partner application redirects the user to the single sign-on server for authentication. As part of this redirection, the browser sends the user's certificate to the login URL of the server (2a). If it is able to verify the certificate, the server returns the user to the requested application.
  c.     The application delivers content. Users whose browsers are configured to prompt for a certificate-store password may only have to present this password once, depending upon how their browser is configured. If they log out and then attempt to access a partner application, the browser passes their certificate to the single sign-on server automatically. This means that they never really log out. To effectively log out, they must close the browser.
  Enable SSL on the Single Sign-On Middle Tier
  The following steps involve configuring the Oracle HTTP Server. Perform them on the single sign-on middle tier. In doing so, keep the following in mind:
  l     You must configure SSL on the computer where the single sign-on middle tier is running.
  l     You are configuring one-way SSL.
  l     You may enable SSL for simple network encryption; PKI authentication is not required. Note though that you must use a valid wallet and server certificate. The default wallet location is ORACLE_HOME/Apache/Apache/conf/ssl.wlt/default.
  1.     Back up the opmn.xml file, found at ORACLE_HOME/opmn/conf
  2.     In opmn.xml, change the value for the start-mode parameter to ssl-enabled. This parameter appears in boldface in the xml tag immediately following.
  <ias-component id="HTTP_Server">
  <process-type id="HTTP_Server" module-id="OHS">
  <module-data>
  <category id="start-parameters">
  <data id="start-mode" value="ssl-enabled"/>
  </category>
  </module-data>
  <process-set id="HTTP_Server" numprocs="1"/>
  </process-type>
  </ias-component>
  3.     Update the distributed cluster management database with the change: ORACLE_HOME/dcm/bin/dcmctl updateconfig -ct opmn
  4.     Reload the modified opmn configuration file:
  ORACLE_HOME/opmn/bin/opmnctl reload
  5.     Keep a non-SSL port active. The External Applications portlet communicates with the single sign-on server over a non-SSL port. The HTTP port is enabled by default. If you have not disabled the port, this step requires no action.
  6.     Apply the rule mod_rewrite to SSL configuration. This step involves modifying the ssl.conf file on the middle-tier computer. The file is at ORACLE_HOME/Apache/Apache/conf. Back up the file before editing it.
  Because the Oracle HTTP Server has to be available over both HTTP and HTTPS, the SSL host must be configured as a virtual host. Add the lines that follow to the SSL Virtual Hosts section of ssl.conf if they are not already there. These lines ensure that the single sign-on login module in OC4J_SECURITY is invoked when a user logs in to the SSL host.
  <VirtualHost ssl_host:port>
  RewriteEngine on
  RewriteOptions inherit
  </VirtualHost>
  Save and close the file.
  7.     Update the distributed cluster management database with the changes:
  ORACLE_HOME/dcm/bin/dcmctl updateconfig -ct ohs
  8.     Restart the Oracle HTTP Server:
  ORACLE_HOME/opmn/bin/opmnctl stopproc process-type=HTTP_Server
  ORACLE_HOME/opmn/bin/opmnctl startproc process-type=HTTP_Server
  9.     Verify that you have enabled the single sign-on middle tier for SSL by trying to access the OracleAS welcome page, using the format https://host:ssl_port.
  Reconfigure the Identity Management Infrastructure Database
  Change all references of http in single sign-on URLs to https within the identity management infrastructure database. When you change single sign-on URLs in the database, you must also change these URLs in the targets.xml file on the single sign-on middle tier. targets.xml is the configuration file for the various "targets" that Oracle Enterprise Manager monitors. One of these targets is OracleAS Single Sign-On.
  1.     Change Single Sign-On URLs
  Run the ssocfg script, taking care to enter the command on the computer where the single sign-on middle tier is located. Use the following syntax:
  UNIX:
  $ORACLE_HOME/sso/bin/ssocfg.sh protocol host ssl_port
  Windows:
  %ORACLE_HOME%\sso\bin\ssocfg.bat protocol host ssl_port
  In this case, protocol is https. (To change back to HTTP, use http.) The parameter host is the host name, or server name, of the Oracle HTTP listener for the single sign-on server.
  Here is an example:
  ssocfg.sh https login.acme.com 4443
  2. Restart OC4J_SECURITY instance and verify the configuration
  To determine the correct port number, examine the ssl.conf file. Port 4443 is the port number that the OracleAS installer assigns during installation.
  If you run ssocfg successfully, the script returns a status 0. To confirm that you were successful, restart the OC4J_SECURITY instance:
  ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=OC4J_SECURITY
  Then try logging in to the single sign-on server at its SSL address:
  https://host:ssl_port/pls/orasso/
       3. Back up the file targets.xml:
  cp ORACLE_HOME/sysman/emd/targets.xml ORACLE_HOME/sysman/emd/targets.xml.backup
  4. Open the file and find the target type oracle_sso_server. Within this target type, locate and edit the three attributes that you passed to ssocfg:
  ·     HTTPMachine—the server host name
  ·     HTTPPort—the server port number
  ·     HTTPProtocol—the server protocol
  If, for example, you run ssocfg like this:
  ORACLE_HOME/sso/bin/ssocfg.sh http sso.mydomain.com:4443
  Update the three attributes this way:
  <Property NAME="HTTPMachine" VALUE="sso.mydomain.com"/>
  <Property NAME="HTTPPort" VALUE="4443"/>
  <Property NAME="HTTPProtocol" VALUE="HTTPS"/>
  5.Save and close the file.
  6.     Reload the OracleAS console:
       ORACLE_HOME/bin/emctl reload
  7. Issue these two commands:
  ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=HTTP_Server
  ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=OC4J_SECURITY
  Registering mod_osso
  1.     This command sequence that follows shows a mod_osso instance being reregistered with the single sign-on server.
  $ORACLE_HOME/sso/bin/ssoreg.sh
       -oracle_home_path $ORACLE_HOME
       -config_mod_osso TRUE
       -mod_osso_url https://myhost.mydomain.com:4443
  2.     Restarting the Oracle HTTP Server
  After running ssoreg, restart the Oracle HTTP Server:
  ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=HTTP_Server
  Configuring the Single Sign-On System for Certificates
  1.     Configure policy.properties with the Default Authentication Plugin
  Update the DefaultAuthLevel section of the policy.properties file with the correct authentication level for certificate sign-on. This file is at ORACLE_HOME/sso/conf. Set the default authentication level to this value:
  DefaultAuthLevel = MediumHighSecurity
  Then, in the Authentication plugins section, pair this authentication level with the default authentication plugin:
  MediumHighSecurity_AuthPlugin = oracle.security.sso.server.auth.SSOX509CertAuth
  2.     Restart the Single Sign-On Middle Tier
  After configuring the server, restart the middle tier:
  ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=HTTP_Server
  ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=OC4J_SECURITY
  Bringing the SSO Users to OCA User Certificate Request URL
  The OCA server reduces the administrative and maintenance cost of provisioning a user certificate. The OCA server achieves this by authenticating users by using OracleAS SSO server authentication. All users who have an Oracle AS SSO server account can directly get a certificate by using the OCA user interface. This reduces the time normoally requidred to provision a certificate by a certificate authority.
  The URL for the SSO certificate Request is:
  https://<Oracle_HTTP_host>:<oca_ssl_port>/oca/sso_oca_link
  You can configure OCA to provide the user certificate request interface URL to SSO server for display whenever SSO is not using a sertificate to authenticate a user. After the OracleAS SSO server authenticates a user, it then display the OCA screen enabling that user to request a certificate.
  To link the OCA server to OracleAS SSO server, use the following command:
  ocactl linksso
  opmnctl stoproc type=oc4j instancename=oca
  opmnctl startproc type=oc4j instancename=oca
  You also can use ocactl unlinksso to unlink the OCA to SSO.

  I have read the SSO admin guide, and performed the steps for enabling SSL on the SSO, and followed the steps to configure mod_osso with virtual host on port 4443 as mentioned in the admin guide.
  The case now is that when I call my form (which is developed by forms developer suite 10g and deployed on the forms server which is SSO enabled) , it calls the SSO module on port 7777 using http (the default behaviour).
  on a URL that looks like this :
  http://myhostname:7777/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=.......
  and gives the error :
  ( Forbidden
  You don't have permisission to access /sso/auth on this server at port 7777)
  when I manually change the URL to :
  https://myhostname:4443/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=.......
  the SSO works correctly.
  The question is :
  How can I change this default behaviour and make it call SSO on port 4443 using https instead ?
  Any ideas ?
  Thanks in advance

• Outlook 14.4.8 not synchronizing with Exchange 2007 anymore (shows "downloading" but no new messages shown in inbox"

  Outlook 14.4.8 on iMAC Retina and Yosemite 10.10.2 is not synchronizing with Exchange 2007 anymore (shows "downloading" but no new messages shown in inbox".
  Accessing Mails with Webbrowser and from Windows Outlook is working correctly.
  All Macs (also the ones with OS 10.6.8) do not anymore show any new messages in inbox.
  Restarted Server, tried to disable autodiscover on macs and deleting/adding account and repairing database does not fix the problem. Also restarted server several times.
  We have the same problem on 2 imacs retina with yosemite and on 2 mac pro with 10.6.8 and different office 2011 versions.
  i tried to configure the exchange account in apple mail on yosemite and it also states "connected" and does list some folders but no new mails are getting in.
  Windows clients and outlook on them works and syncs fine, and also when connecting via webbrowser at owa it must be a mac-specific/webdav issue.
  exchange 2007 Sp3 Version 8.3 (bild 83.6) and Update Rollup 15 for sp3 (automatic updates "HIGH" for server and clients)
  there is one update popping up again and again even after everytime successull installation: Windows Mlicious Software Removal Tool x64 - October 2010.
  i tried to configure a new user with empty mailbox and configured it with microsoft mail (mac - yosemite)  as exchange and was able to send a mail from there (even if quite delayed).
  but there are not coming in any mails.
  same exchange accounts triggered by imap do work and also via owa.
  Exchange Accounts in Outlook for MAC and also in Mail (Yosemite) do show the folder structures but there is no mails showing up. I can send mails from the exchange accounts created but they seem to be processed with a delay of like 15minutes and outlook
  is giving error "end of file reached" but messages are send after some time.
  Does seem like EWS is extremely slow, to slow perhaps to sync and therefore ending in timeout.
  Also i cannot reach the server from externally over ssl https 443. if testing port 443 of exchange from outside the port seems closed even firewall settings of sbs 2008 and sonicwall ports are correctly open.
  could it be there is something in regarding webdav which is very slow and leading to timeouts ?
  in application log i do have the following two information events every few minute:
  The Exchange Web Services started successfully. Event ID 1
  and
  Process STORE.EXE (PID=3688). Exchange Active Directory Provider has discovered the following servers with the following characteristics: 
   (Server name | Roles | Enabled | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version) 
  In-site:
  SERVER.org.local CDG 1 7 7 1 0 1 1 7 1
   Out-of-site:
  Errors in Application log:
  The Open Procedure for service "BITS" in DLL "C:\Windows\system32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section 
  The entry <C:\WSUS\WSUSCONTENT\CONTENTFOLDERACLSCHECK.TXT> in the hash map cannot be updated.
  An exception Microsoft.Exchange.Data.Storage.ConversionFailedException occurred while converting message Imap4Message 69447
  Also outlook 2011 clients are asked by time to time to reenter pwds and errors like "connection is closed. 13" 
  Faulting application taskeng.exe, version 6.0.6002.18342, time stamp 0x4cd34898, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3d16, exception code 0xc000071b, fault offset 0x0000000000082445, process id 0x3288
  Certificate Services Client Provider pautoenr.dll raised an exception. Exception code 3221225477.
  Backup Exec:
  FULL_BACKUP -- The job failed with the following error: A failure occurred querying the Writer status.
  Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.  This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.  The
  error returned from CoCreateInstance 
  Exchange VSS Writer (instance 2d932ef8-6319-4ab8-a45f-1242480b44ad:15) failed with error code 1295 when processing the backup completion event. 

  Hi,
  Since Outlook running on Windows works well, it seems an issue on the Mac side. I suggest ask Mac for help so that you can get more professional suggestions.
  More information for your reference:
  Please try to verify whether there is any expired certificate from the computer personal store.
  If it is the case, please remove them.
  Thanks
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Mavis Huang
  TechNet Community Support