Secure RD Web Access with Azure MFA

Similar Messages

• Secured Sybase Web Service with outside certificate authority

  Hello,
  I would like to use Secured Sybase Web Service with outside certificate authority, like Symantec. Could you let me know how I can create CSR for sending to Symantec? What other steps do I need to do?
  Thanks,
  Sudarat.

  Hello Jason,
  Thanks for your reply. The certificate authority require the CSR file before issue a signed certificate. If this is a signed certificate for IIS web server, I can create CSR from IIS. But I cannot use a signed certificate created from CSR of IIS with Sybase Web Service. The below steps are what I have tried.
  1. I use CreateCert.exe with /r parameter to create CSR and private key.
  2. I sent CSR to a certificate authority and they send back a signed certificate.
  3. I have to combine a signed certificate from #2 with private key created from #1. Then use that file to specify with -xs{https …when starting the service.
  Are the above steps what I have to do?  If so, do I need to redistribute createcert.exe to my customers who want to use my application and how? Why I cannot use the signed certificate created from CSR of IIS?
  Thanks,
  Sudarat.

• Publish RD Gateway and Web Access with One-Time Password (OTP) / Two-factor Authentication WITHOUT ISA/TMG server

  Hi everybody,
  I've been struggeling with this problem for a few weeks now and can't find a way to solve it.
  We have an RD farm (Server 2012) which consists of two Remote Desktop Servers with Connection Broker and Web Access.
  I've recently published a new server, containing RD Gateway and Web Access in our perimeter network.
  Now we've got restrictions that OTP/2FA must be used for the external deployment and we've decided to go for a solution from Gemalto.
  The "program" is called IDConfim and the server is called SA Server (Strong Authentication).
  Also it's important that NO ISA/TMG server is supposed to be used, the OTP/2FA is supposed to work seamless with the Web Access/Gateway.
  After hours discuss we came to a point were their NPS agent setup would be the only way to accomplish our goals.
  The setup is supposed to be like this:
  LAN:
  1 DC (2008 R2)
  RD Farm (2012)
  1 SA Server (2012)
  DMZ:
  RD Gateway/Web Access (2012)
  Were Gateway and Web Access should forward the authentications with NPS to the NPS agent on the SA server.
  When you print your AD account to authenticate you add the 6 digits of OTP which you recieve from you mobile app.
  Initially this seems to work, the Gateway forwards the request to the remote NPS server, BUT only if you write the correct AD password
  (without the OTP extension).
  If you write the correct AD password the authentication is forwarded to out SA Servern and it's beeing rejeced because the password doesn't
  contain the correct OTP extension.
  The problem comes here.
  When you write you AD password along with the OTP extension you get a Windows Security error in the eventlog (On thw Gateway server) like this:
  An account failed to log on.
  Subject:
  Security ID: NULL SID
  Account Name: -
  Account Domain: -
  Logon ID: 0x0
  Logon Type: 3
  Account For Which Logon Failed:
  Security ID: NULL SID
  Account Name: user
  Account Domain: domain
  Failure Information:
  Failure Reason: Unknown username or password.
  Status: 0xc000006d
  Sub Status: 0x0
  Process Information:
  Caller Process ID: 0x0
  Caller Process Name: -
  Network Information:
  Workstation Name: server
  Source Network Address: 192.168.x.x
  Source Port: 63003
  Detailed Authentication Information:
  Logon Process: NtLmSsp
  Authentication Package: NTLM
  Transited Services: -
  Package Name (NTLM only): -
  Key Length: 0
  This event is generated when a logon request fails. It is generated on the computer where access was attempted.
  The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
  The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
  The Process Information fields indicate which account and process on the system requested the logon.
  The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
  The authentication information fields provide detailed information about this specific logon request.
  - Transited services indicate which intermediate services have participated in this logon request.
  - Package name indicates which sub-protocol was used among the NTLM protocols.
  - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
  What i can see it's a NTLM error, but hey?! aren't we supposed to forward all authentication handeling to the remote NPS server?
  The problem is that no matter what i try the above problem stays there.
  Is it not possible to just forward ALL authentication handeling to a remote server?
  The only solution I've found to get it working someday in the future is this:
  "Remote Desktop Pluggable Authentication and Authorization", which is supposed to be introduced in 2012 R2.
  Also this link describes it:
  http://archive.msdn.microsoft.com/Release/ProjectReleases.aspx?ProjectName=rdsdev&ReleaseId=3745
  Please, bring me some answers before my head explodes! :)
  PS, long question = maybe some errors, ask me if something is unclear.

  Hi,
  Based on our experience, if the NTLM error occurs, please check the password.
  Regards,
  Mike
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Secure a web page with mod_ldap or similar method

  Hi, I need to secure some areas of my site with http basic auth. modauthzldap.so does not exist.. How can I do this on a Leopard Server?

  The pages are on a Leopard server being served up from the installed apache. What are the directives to control access to a location? I want to use the local leopard ldap.
  Typically you do something like:
  <Location />
  AuthzLDAPAuthoritative off
  AuthName "foobar"
  AuthType Basic
  AuthBasicProvider ldap
  AuthLDAPURL ldap://127.0.0.1:389/dc=foo,dc=bar,dc=net?uid
  require valid-user
  </Location>
  Can I control access via group with that kind of directive using the apple auth?
  Thanks.

• How to implement the security in web service with Weblogic 9.2

  I've generated web service by Web Logic 9.2 using existing WSDL (as per client requirement) and want to add security policy for authentications.
  I have used following annotation in service class.
  @Policies({
  @Policy(uri="policy:Auth.xml" , direction=Policy.Direction.inbound)
  But it gives compilation time error with following message.
  The Policy and Policies annotations are not allowed on jws file when compiledWsdl option is specified
  I've also tried to modify the WSDL to accommodate policy configuration and again generate the web service but problem is being as it is.
  If anybody has solution of this issue then please let me know ASAP.

  Did you get an answer to your question? I have the same problem with WebLogic 10.0.

• Use of security in web service

  Hi,
  I have tried to use security from the example jaas-sample of jwsdp 1.5 .
  I just want to secure my web service with a username/password.
  When I called my service from the client...I see the xml flow :
  <?xml version="1.0" encoding="UTF-8"?>
  <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:enc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" env:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
  <env:Header>
  <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" env:mustUnderstand="1">
  <wsse:UsernameToken>
  <wsse:Username>Ron</wsse:Username>
  <wsse:Password>****</wsse:Password>
  <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">3k18Sv+DMhcO3aoq6YWLB4xa</wsse:Nonce>
  <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2005-03-01T15:26:05Z</wsu:Created>
  </wsse:UsernameToken>
  </wsse:Security>
  </env:Header>
  <env:Body>
  <ns0:getInformations/>
  </env:Body>
  </env:Envelope>
  it seems to be correct but I have an exception :
  Thread : main at 01 mars 2005 16:10:06,593 ERROR Error occured during retrieving informations
  java.rmi.ServerException: JAXRPCSERVLET28 : Informations sur le port manquant
       at com.sun.xml.rpc.client.StreamingSender._raiseFault(StreamingSender.java:497)
       at com.sun.xml.rpc.client.StreamingSender._send(StreamingSender.java:294)
  It works when I not use the security option (in wscompile) ...
  Have you any idea for a solution?

  Hi,
  I tried the xws-security samples and everything worked fine.
  After editing the "java.security" according to the manual with:
  security.provider.2=org.bouncycastle.jce.provider.BouncyCastleProvider
  After that change and a restart of the application server I get the same error message.
  I copied the jar file "bcprov-jdk14-127.jar" from bouncycastle to the jre/lib/ext folder.
  I will check further.
  br
  Dieter

• Disable phone Web access ..

  Hi,
  we are using UC560 for IP Telephony system and i received complain from end users about that any user know the IP address of IP phone he can access it through the web and view all call history  as dialed calls or received calls.
  so i need to disable phone web access to protect end user privacy .
  kindly advice .
  Moe

  Hello Moe,
  Just to add to what John said there is a technical mistake to stop the web access to the phone you need to enter the following on the UC:
  Telephony-service
  Service phone webAccess 1
  Create cnf-files
  For SPA phones you may try the following:
  Cisco SPA303, Cisco SPA500 Series
  To allow or disallow from the phone viewing of the phone web user interface:
  STEP 1 Press the Setupbutton.
  STEP 2 To display the Web Server Writable option either:
  • Select Network> Enable Web Server.
  • Select Settings> Security Configuration> Web Access Enabled.
  NOTE This option is available in SPCP mode only.
  STEP 3 Press Edit to change the status of the Web Access Enabled parameter.
  If the option to edit the parameter is not displayed, press **#to display the option.
  If the edit option still does not display,it might be set by your phone system
  administrator such that you cannot modify this parameter.
  STEP 4 Press Y/ N to toggle the parameter and press ok to set the parameter.
  STEP 5 To save your change, press save.
  HTH,
  Alex
  *Please rate helpful posts

• Cannot receive emails unless outlook client or Outlook web access is open

  My Iphone is not receiving any emails unless I have my outlook client open or i browse the Outlook web access with a browser. I am not sure what is the link. if i have outlook client open on my computer i receive emails to my iphone, no issues there but if close my outlook then i cannot receive any emails. We have Exchange 2003 sp2 and ISA 2006 as the front end server. NEED HELP

  This happens if you have Symantec Virus Scanner scanning your Exchange. We have to change the following registry setting to make it work
  HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\VirusScan
  ProActiveScanning=1

• Outlook Web Access S/MIME control on my system

  I am running Windows 7 home premium and I once had outlook web access S/MIME control on my system and when i logged in a few days ago .....I no longer have the ability to read encrypt messages.  Help???? Please????

  Hello msouthousehog,
  Please take a look at the following article.
  https://technet.microsoft.com/en-us/library/bb124432%28EXCHG.65%29.aspx?f=255&MSPPError=-2147217396
  Users who do not have administrator privileges receive an error when they attempt to install Outlook Web Access with the S/MIME control.
  To receive better support, it is recommended to ask in the TechNet OWA forum.
  The professionals there will be glad to help you.
  https://social.technet.microsoft.com/Forums/office/en-US/home?forum=exchangesvrclients
  Thanks for your understanding.
  Best regards,
  Fangzhou CHEN
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Sharing web access

  is it possible to leech off a mobile phones web access with my mac powerbook. that would give me mobile access anywhere I had cell service.

  Unfortunately, I don't know the DSL router you're working with or much about Macs but if everything is working inside the LAN then most likely all you need to do is forward the HTTP port and FTP port to your computer (the web and ftp server) on your router. This is called Port Forwarding and you would need to forward:
  80 (HTTP) to 192.168.1.100 or whatever the IP address is of your computer
  20 - 21 (FTP) to 192.168.1.100 or whatever the IP address is of your computer
  Depending on the FTP method of your server (active or passive) you might need to forward other ports as well but what is essentially happening is that when someone makes either an HTTP request or FTP request from outside your LAN they are stopped when they hit your DSL router because the ports are closed.
  Hope this helps...

• Securing web services with Sun Access Manager

  Hi!
  I have gone through some documentation about Sun Access Manager, and I'm a little bit confused.
  What I want is to secure some web services which are deployed on a BEA WebLogic 9.1 server (WLS). Two solutions are possible: To install some kind of plugin into WLS or to place some kind of proxy in front of WLS. In both cases, the purpose would be to authenticate the caller based on some kind of ticket (SAML or similar) and authorize access to the web service.
  I have read about the "Sun Java System Access Manager Policy Agent 2.2 for Weblogic 9.1" (those guys really like long names....), but in this documentation web services aren't mentioned at all. They only seem to care about HTTP requests from a browser.
  I have also read about the Policy Agent 2.2 in the documentation called "Sun Java System Access Manager Policy Agent 2.2 Guide for Sun Java System Application Server 9.0/Web Services" (puh...). This document explicitly talks about securing web services the way I want.
  My questions are:
  1) Is it possible to secure WLS based web services in the same way using the Policy Agent for WLS?
  2) Are there any documentation/tutorials/etc?
  Thanks in advance :-)
  Anders

  what you need is a webservices agent that would enable you to "protect" your webservice provider, which I assume is on a BEA weblogic provider.
  the "Sun Java System Access Manager Policy Agent 2.2 for Weblogic 9.1" is "NOT" awebservices agent, but a normal J2EE policy agent.
  So.. having said that. here's what I'd recommend.
  1. install the webservices agent on bea weblogic. (note: NOT the J2EE policy agent)
  2. configure it to use your access manager instance for authentication.
  3. configure your webservices client to use the webservice provider. (note: you'd need the webservices APi's available on the client too... so the quick dirty method would be to install the webservices agent on your client too....) you can later bundle the webservices client independently and provide your"customers" with a webservices client bundle...
  4. voila... your webservices are not "protected" by acces manager ;-)

• Integrating a PHP Web App with an Existing Azure Mobile Services and Mobile App

  I've got an existing mobile app that is integrated with Azure's mobile services. The mobile services are currently connected to Azure Active Directory with MFA enabled. I'd like to build a separate PHP-based web application (Azure VM) that uses this existing
  mobile service and authentication.
  I reviewed the Azure PHP SDK, but didn't see any tie-ins to the Mobile Service. Additionally, Azure has some great tutorials, but for mobile services they all seem to focus on iOS, Android, and Windows phone. Any insight into how to tie a PHP-app into this
  backend would be much appreciated!

  Although there isn't any client library for PHP, you can still access Mobile Service using the
  Azure Mobile Service REST API.
  Abdulwahab Suleiman

• Fix many web access problems with IFS 9.0.1 on Solaris (and other OS's)...

  When the installation is done according to the documentation,
  web access does not work because the scripts that add entries to
  the jserv.properties file add duplicate references to
  wrapper.env and wrapper.classpath. Look at the jserv.properties
  file below and look at the remarked-out (#) lines of the
  duplicate references. For example, look at the references to the
  wrapper.env=LD_LIBRARY_PATH
  Oracle, please note this bug so the web access problems are
  minimized when the product is intstalled.
  Thank you,
  William T.
  # Apache JServ Configuration
  File #
  ################################ W A R N I N G
  # Unlike normal Java properties, JServ configurations have some
  important
  # extensions:
  # 1) commas are used as token separators
  # 2) multiple definitions of the same key are concatenated in
  a
  # comma separated list.
  # Execution parameters
  # The Java Virtual Machine interpreter.
  # Syntax: wrapper.bin=[filename] (String)
  # Note: specify a full path if the interpreter is not visible in
  your path.
  wrapper.bin=/d3/Apache/jdk/bin/java
  # Arguments passed to Java interpreter (optional)
  # Syntax: wrapper.bin.parameters=[parameters] (String)
  # Default: NONE
  wrapper.bin.parameters=-Xms64m
  wrapper.bin.parameters=-Xmx128m
  # Apache JServ entry point class (should not be changed)
  # Syntax: wrapper.class=[classname] (String)
  # Default: "org.apache.jserv.JServ"
  # Arguments passed to main class after the properties filename
  (not used)
  # Syntax: wrapper.class.parameters=[parameters] (String)
  # Default: NONE
  # Note: currently not used
  # PATH environment value passed to the JVM
  # Syntax: wrapper.path=[path] (String)
  # Default: "/bin:/usr/bin:/usr/local/bin" for Unix systems
  # "c:\(windows-dir);c:\(windows-system-dir)" for Win32
  systems
  # Notes: if more than one line is supplied these will be
  concatenated using
  # ":" or ";" (depending wether Unix or Win32) characters
  # Under Win32 (windows-dir) and (windows-system-dir) will
  be
  # automatically evaluated to match your system
  requirements
  # CLASSPATH environment value passed to the JVM
  # Syntax: wrapper.classpath=[path] (String)
  # Default: NONE (Sun's JDK/JRE already have a default classpath)
  # Note: if more than one line is supplied these will be
  concatenated using
  # ":" or ";" (depending wether Unix or Win32) characters.
  JVM must be
  # able to find JSDK and JServ classes and any utility
  classes used by
  # your servlets.
  # Note: the classes you want to be automatically reloaded upon
  modification
  # MUST NOT be in this classpath or the classpath of the
  shell
  # you start the Apache from.
  wrapper.classpath=/d3/Apache/jdk/lib/tools.jar
  wrapper.classpath=/d3/Apache/Jserv/libexec/ApacheJServ.jar
  wrapper.classpath=/d3/Apache/Jsdk/lib/jsdk.jar
  # An environment name with value passed to the JVM
  # Syntax: wrapper.env=[name]=[value] (String)
  # Default: NONE on Unix Systems
  # SystemDrive and SystemRoot with appropriate values on
  Win32 systems
  wrapper.env=PATH=/d3/bin
  # An environment name with value copied from caller to Java
  Virtual Machine
  # Syntax: wrapper.env.copy=[name] (String)
  # Default: NONE
  # Uncomment the following lines to set the default locale and
  NLS_LANG
  # setting based on the environment variables.
  # wrapper.env.copy=LANG
  # wrapper.env.copy=NLS_LANG
  # Copies all environment from caller to Java Virtual Machine
  # Syntax: wrapper.env.copyall=true (boolean)
  # Default: false
  # Protocol used for signal handling
  # Syntax: wrapper.protocol=[name] (String)
  # Default: ajpv12
  # General parameters
  # Set the default IP address or hostname Apache JServ binds (or
  listens) to.
  # If you have a machine with multiple IP addresses, this address
  # will be the one used. If you set the value to localhost, it
  # will be resolved to the IP address configured for the locahost
  # on your system (generally this is 127.0.0.1). This feature is
  so
  # that one can have multiple instances of Apache JServ listening
  on
  # the same port number, but different IP addresses on the same
  machine.
  # Use bindaddress=* only if you know exactly what you are doing
  here,
  # as it could let JServ wide open to the internet.
  # You must understand that JServ has to answer only to Apache,
  and should not
  # be reachable by nobody but mod_jserv. So localhost is usually a
  # good option. The second best choice would be an internal
  network address
  # (protected by a firewall) if JServ is running on another
  machine than Apache.
  # Ask your network admin.
  # "*" may be used on boxes where some of the clients get
  connected using
  # "localhost"and others using another IP addr.
  # Syntax: bindaddress=[ipaddress] or [localhost] or [*]
  # Default: localhost
  bindaddress=localhost
  # Set the port Apache JServ listens to.
  # Syntax: port=[1024,65535] (int)
  # Default: 8007
  port=8007
  # Servlet Zones parameters
  # List of servlet zones Apache JServ manages
  # Syntax: zones=[servlet zone],[servlet zone]... (Comma
  separated list of String)
  # Default: NONE
  zones=root
  # Configuration file for each servlet zone (one per servlet zone)
  # Syntax: [servlet zone name as on the zones list].properties=
  [full path to configFile]
  (String)
  # Default: NONE
  # Note: if the file could not be opened, try using absolute
  paths.
  root.properties=/d3/Apache/Jserv/etc/zone.properties
  # Thread Pool parameters
  # Enables or disables the use of the thread pool.
  # Syntax: pool=true (boolean)
  # Default: false
  # WARNING: the pool has not been extensively tested and may
  generate
  deadlocks.
  # For this reason, we advise against using this code in
  production environments.
  pool=false
  # Indicates the number of idle threads that the pool may contain.
  # Syntax: pool.capacity=(int)>0
  # Default: 10
  # NOTE: depending on your system load, this number should be low
  for contantly
  # loaded servers and should be increased depending on load
  bursts.
  pool.capacity=10
  # Indicates the pool controller that should be used to control
  the
  # level of the recycled threads.
  # Syntax: pool.controller=[full class of controller] (String)
  # Default: org.apache.java.recycle.DefaultController
  # NOTE: it is safe to leave this unchanged unless special
  recycle behavior
  # is needed. Look at the "org.apache.java.recycle" package
  javadocs for more
  # info on other pool controllers and their behavior.
  pool.controller=org.apache.java.recycle.DefaultController
  # Security parameters
  # Enable/disable the execution of org.apache.jserv.JServ as a
  servlet.
  # This is disabled by default because it may give informations
  that should
  # be restricted.
  # Note that the execution of Apache JServ as a servlet is
  filtered by the web
  # server modules by default so that both sides should be enabled
  to let this
  # service work.
  # This service is useful for installation and configuration
  since it gives
  # feedback about the exact configurations Apache JServ is using,
  but it should
  # be disabled when both installation and configuration processes
  are done.
  # Syntax: security.selfservlet=true (boolean)
  # Default: false
  # WARNING: disable this in a production environment since may
  give reserved
  # information to untrusted users.
  security.selfservlet=true
  # Set the maximum number of socket connections Apache JServ may
  handle
  # simultaneously. Make sure your operating environment has
  enough file
  # descriptors to allow this number.
  # Syntax: security.maxConnections=(int)>1
  # Default: 50
  security.maxConnections=50
  # Backlog setting for very fine performance tunning of JServ.
  # Unless you are familiar to sockets leave this value commented
  out.
  # security.backlog=5
  # List of IP addresses allowed to connect to Apache JServ. This
  is a first
  # security filtering to reject possibly unsecure connections and
  avoid the
  # overhead of connection authentication.
  # <warning>
  # (please don't use the following one unless you know what you
  are doing :
  # security.allowedAddresses=DISABLED
  # allows connections on JServ'port from entire internet.)
  # You do need only to allow YOUR Apache to talk to JServ.
  # </warning>
  # Default: 127.0.0.1
  # Syntax: security.allowedAddresses=[IP address],[IP Address]...
  (Comma
  separated list of IP addresses)
  #security.allowedAddresses=127.0.0.1
  # Enable/disable connection authentication.
  # NOTE: unauthenticated connections are a little faster since
  authentication
  # handshake is not performed at connection creation.
  # WARNING: authentication is disabled by default because we
  believe that
  # connection restriction from all IP addresses but localhost
  reduces your
  # time to get Apache JServ to run. If you allow other addresses
  to connect and
  # you don't trust it, you should enable authentication to
  prevent untrusted
  # execution of your servlets. Beware: if authentication is
  disabled and the
  # IP address is allowed, everyone on that machine can execute
  your servlets!
  # Syntax: security.authentication=[true,false] (boolean)
  # Default: true
  security.authentication=false
  # Authentication secret key.
  # The secret key is passed as a file that must be kept secure
  and must
  # be exactly the same of those used by clients to authenticate
  themselves.
  # Syntax: security.secretKey=[secret key path and filename]
  (String)
  # Default: NONE
  # Note: if the file could not be opened, try using absolute
  paths.
  #security.secretKey=./etc/jserv.secret.key
  # Length of the randomly generated challenge string (in bytes)
  used to
  # authenticate connections. 5 is the lowest possible choice to
  force a safe
  # level of security and reduce connection creation overhead.
  # Syntax: security.challengeSize=(int)>5
  # Default: 5
  #security.challengeSize=5
  # Logging parameters
  # Enable/disable Apache JServ logging.
  # WARNING: logging is a very expensive operation in terms of
  performance. You
  # should reduced the generated log to a minumum or even disable
  it if fast
  # execution is an issue. Note that if all log channels (see
  below) are
  # enabled, the log may become really big since each servlet
  request may
  # generate many Kb of log. Some log channels are mainly for
  debugging
  # purposes and should be disabled in a production environment.
  # Syntax: log=[true,false] (boolean)
  # Default: true
  log=true
  # Set the name of the trace/log file. To avoid possible
  confusion about
  # the location of this file, an absolute pathname is recommended.
  # This log file is different than the log file that is in the
  # jserv.conf file. This is the log file for the Java portion of
  Apache
  # JServ.
  # On Unix, this file must have write permissions by the owner of
  the JVM
  # process. In other words, if you are running Apache JServ in
  manual mode
  # and Apache is running as user nobody, then the file must have
  its
  # permissions set so that that user can write to it.
  # Syntax: log.file=[log path and filename] (String)
  # Default: NONE
  # Note: if the file could not be opened, try using absolute
  paths.
  log.file=/d3/Apache/Jserv/logs/jserv.log
  # Enable the timestamp before the log message
  # Syntax: log.timestamp=[true,false] (boolean)
  # Default: true
  log.timestamp=true
  # Use the given string as a data format
  # (see java.text.SimpleDateFormat for the list of options)
  # Syntax: log.dateFormat=(String)
  # Default: [dd/MM/yyyy HH:mm:ss:SSS zz]
  log.dateFormat=[dd/MM/yyyy HH:mm:ss:SSS zz]
  # Since all the messages logged are processed by a thread
  running with
  # minimum priority, it's of vital importance that this thread
  gets a chance
  # to run once in a while. If it doesn't, the log queue overflow
  occurs,
  # usually resulting in the OutOfMemoryError.
  # To prevent this from happening, two parameters are used:
  log.queue.maxage
  # and log.queue.maxsize. The former defines the maximum time for
  the logged
  # message to stay in the queue, the latter defines maximum
  number of
  # messages in the queue.
  # If one of those conditions becomes true (age > maxage || size
  maxsize),# the log message stating that fact is generated and the log
  queue is
  # flushed in the separate thread.
  # If you ever see such a message, either your system doesn't
  live up to its
  # expectations or you have a runaway loop (probably, but not
  necessarily,
  # generating a lot of log messages).
  # WARNING: Default values are lousy, you probably want to tweak
  them and
  # report the results back to the development team.
  # Syntax: log.queue.maxage = [milliseconds]
  # Default: 5000
  log.queue.maxage = 5000
  # Syntax: log.queue.maxsize = [integer]
  # Default: 1000
  log.queue.maxsize = 1000
  # Enable/disable logging the channel name
  # Default: false
  # log.channel=false
  # Enable/disable channels, each logging different actions.
  # Syntax: log.channel.[channel name]=[true,false] (boolean)
  # Default: false
  # Info channel - quite a lot of informational messages
  # hopefully you don't need them under normal circumstances
  # log.channel.info=true
  # Servlets exception, i.e. exception caught during
  # servlet.service() processing are monitored here
  # you probably want to have this one switched on
  log.channel.servletException=true
  # JServ exception, caught internally in jserv
  # we suggest to leave it on
  log.channel.jservException=true
  # Warning channel, it catches all the important
  # messages that don't cause JServ to stop, leave it on
  log.channel.warning=true
  # Servlet log
  # All messages logged by servlets. Probably you want
  # this one to be switched on.
  log.channel.servletLog=true
  # Critical errors
  # Messages produced by critical events causing jserv to stop
  log.channel.critical=true
  # Debug channel
  # Only for internal debugging purposes
  # log.channel.debug=true
  #wrapper.classpath=/d3/ord/jlib/ordim.zip
  #wrapper.classpath=/d3/ord/jlib/ordhttp.zip
  # Oracle XSQL Servlet
  wrapper.classpath=/d3/lib/oraclexsql.jar
  # Oracle JDBC
  wrapper.classpath=/d3/jdbc/lib/classes12.zip
  # Oracle XML Parser V2 (with XSLT Engine)
  wrapper.classpath=/d3/lib/xmlparserv2.jar
  # Oracle XML SQL Components for Java
  wrapper.classpath=/d3/rdbms/jlib/xsu12.jar
  # XSQLConfig.xml File location
  wrapper.classpath=/d3/xdk/admin
  # Oracle BC4J
  wrapper.classpath=/d3/ord/jlib/ordim.zip
  wrapper.classpath=/d3/ord/jlib/ordvir.zip
  wrapper.classpath=/d3/ord/jlib/ordhttp.zip
  wrapper.classpath=/d3/BC4J/lib/jndi.jar
  wrapper.classpath=/d3/BC4J/lib/jbomt.zip
  wrapper.classpath=/d3/BC4J/lib/javax_ejb.zip
  wrapper.classpath=/d3/BC4J/lib/jdev-rt.jar
  wrapper.classpath=/d3/BC4J/lib/jbohtml.zip
  wrapper.classpath=/d3/BC4J/lib/jboremote.zip
  wrapper.classpath=/d3/BC4J/lib/jdev-cm.jar
  wrapper.classpath=/d3/BC4J/lib/jbodomorcl.zip
  wrapper.classpath=/d3/BC4J/lib/jboimdomains.zip
  wrapper.classpath=/d3/BC4J/lib/collections.jar
  wrapper.classpath=/d3/Apache/Apache/htdocs/onlineorders_html
  #wrapper.classpath=/d3/Apache/Apache/htdocs/OnlineOrders_html/Onl
  ineOrders.jar
  # The following classpath entries are necessary for EJBs to run
  in IAS or DB when
  present
  wrapper.classpath=/d3/lib/aurora_client.jar
  wrapper.classpath=/d3/lib/vbjorb.jar
  wrapper.classpath=/d3/lib/vbjapp.jar
  # Oracle Servlet
  wrapper.classpath=/d3/lib/servlet.jar
  # Oracle Java Server Pages
  wrapper.classpath=/d3/jsp/lib/ojsp.jar
  # Oracle Util
  wrapper.classpath=/d3/jsp/lib/ojsputil.jar
  # Oracle Java SQL
  wrapper.classpath=/d3/sqlj/lib/translator.zip
  # Oracle JDBC
  #wrapper.classpath=/d3/jdbc/lib/classes12.zip
  # SQLJ runtime
  wrapper.classpath=/d3/sqlj/lib/runtime12.zip
  # Oracle Messaging
  wrapper.classpath=/d3/rdbms/jlib/aqapi.jar
  wrapper.classpath=/d3/rdbms/jlib/jmscommon.jar
  # OJSP environment settings
  #wrapper.env=ORACLE_HOME=/d3
  # The next line should be modified to reflect the value of the
  SID for your
  webserver.
  #wrapper.env=ORACLE_SID=cmpdb
  #wrapper.env=LD_LIBRARY_PATH=/d3/lib
  ## Enable the flag below if you are using jdk 1.2.2_05a or above
  #wrapper.env=JAVA_COMPILER=NONE
  # Advanced Queuing - AQXML
  wrapper.classpath=/d3/rdbms/jlib/aqxml.jar
  #wrapper.classpath=/d3/rdbms/jlib/xsu12.jar
  #wrapper.classpath=/d3/lib/xmlparserv2.jar
  wrapper.classpath=/d3/lib/xschema.jar
  #wrapper.classpath=/d3/jlib/jndi.jar
  wrapper.classpath=/d3/jlib/jta.jar
  oemreporting.properties=/d3/Apache/Jserv/oemreporting/oemreportin
  g.properties
  zones = root, oemreporting
  wrapper.classpath=/d3/jlib/share-opt-1_1_9.zip
  wrapper.classpath=/d3/jlib/caboshare-opt-1_0_3.zip
  wrapper.classpath=/d3/jlib/marlin-opt-1_0_7.zip
  wrapper.classpath=/d3/jlib/tecate-opt-1_0_4.zip
  wrapper.classpath=/d3/jlib/ocelot-opt-1_0_2.zip
  wrapper.classpath=/d3/jlib/regexp.jar
  wrapper.classpath=/d3/jlib/sax2.jar
  #wrapper.classpath=/d3/jlib/servlet.jar
  wrapper.bin.parameters= -DORACLE_HOME=/d3
  #wrapper.env=LD_LIBRARY_PATH=/d3/lib32
  wrapper.env.copy=DISPLAY
  wrapper.bin.parameters=-DORACLE_HOME=/d3
  #wrapper.classpath=/d3/lib/vbjorb.jar
  #wrapper.classpath=/d3/lib/vbjapp.jar
  wrapper.classpath=/d3/classes/classesFromIDLVisi
  wrapper.classpath=/d3/jlib/swingall-1_1_1.jar
  wrapper.classpath=/d3/jlib/ewtcompat3_3_15.jar
  wrapper.classpath=/d3/jlib/ewt-3_3_18.jar
  wrapper.classpath=/d3/jlib/share-1_1_9.jar
  wrapper.classpath=/d3/jlib/help-3_2_9.jar
  wrapper.classpath=/d3/jlib/ice-5_06_3.jar
  wrapper.classpath=/d3/jdbc/lib/classes111.zip
  wrapper.classpath=/d3/classes
  wrapper.classpath=/d3/jlib/oembase-9_0_1.jar
  wrapper.classpath=/d3/jlib/oemtools-9_0_1.jar
  wrapper.classpath=/d3/jlib
  wrapper.classpath=/d3/jlib/javax-ssl-1_1.jar
  wrapper.classpath=/d3/jlib/jssl-1_1.jar
  wrapper.classpath=/d3/jlib/netcfg.jar
  wrapper.classpath=/d3/jlib/dbui-2_1_2.jar
  #wrapper.classpath=/d3/lib/aurora_client.jar
  #wrapper.classpath=/d3/lib/xmlparserv2.jar
  wrapper.classpath=/d3/network/jlib/netmgrm.jar
  wrapper.classpath=/d3/network/jlib/netmgr.jar
  wrapper.classpath=/d3/network/tools
  wrapper.classpath=/d3/jlib/kodiak-1_2_1.jar
  wrapper.classpath=/d3/sysman/jlib/netchart360.jar
  wrapper.classpath=/d3/jlib/pfjbean.jar
  wrapper.env=SHLIB_PATH=/d3/lib32
  wrapper.env=LIBPATH=/d3/lib32
  wrapper.classpath=/d3/ultrasearch/lib/isearch_midtier.jar
  wrapper.classpath=/d3/ultrasearch/lib/isearch_query.jar
  wrapper.classpath=/d3/ultrasearch/lib/jgl3.1.0.jar
  wrapper.classpath=/d3/lib/mail.jar
  wrapper.classpath=/d3/lib/activation.jar
  wrapper.classpath=/d3/ultrasearch/jsp/admin/config
  # Additions for iFS
  ## DO NOT REMOVE OR ALTER THE FOLLOWING LINE ....
  # iFS true
  # Uncomment if you want to use the same Jserv as other
  applications
  wrapper.classpath=/d3/9ifs/custom_classes
  wrapper.classpath=/d3/9ifs/settings
  wrapper.classpath=/d3/9ifs/lib/adk.jar
  wrapper.classpath=/d3/9ifs/lib/email.jar
  wrapper.classpath=/d3/9ifs/lib/http.jar
  wrapper.classpath=/d3/9ifs/lib/release.jar
  wrapper.classpath=/d3/9ifs/lib/repos.jar
  wrapper.classpath=/d3/9ifs/lib/utils.jar
  wrapper.classpath=/d3/9ifs/lib/webui.jar
  wrapper.classpath=/d3/9ifs/lib/provider.jar
  wrapper.classpath=/d3/jlib/javax-ssl-1_2.jar
  wrapper.classpath=/d3/jlib/jssl-1_2.jar
  wrapper.env=ORACLE_HOME=/d3
  wrapper.env=ORACLE_SID=cmpdb
  wrapper.env=LD_LIBRARY_PATH=/d3/lib:/d3/ctx/lib:/d3/lib32
  wrapper.env=NLS_LANG=.US7ASCII
  ## Additions for the iFS zone
  # Uncomment if you want to use the same Jserv as other
  applications
  zones=ifs
  ifs.properties=/d3/Apache/Jserv/etc/ifs.properties
  # End iFS section

  About your home page; Manually set up Firefox with the window(s) and tab(s)
  the way you want them to be. Then;
  '''''Firefox Options > General > Homepage'''''.
  Press the button labeled ''''Use Current'''.'
  =====================================
  Open a new window or tab. In the address bar, type '''''about:config'''''.
  If a warning screen comes up, press the '''''Be Careful''''' button.
  This is where Firefox finds information it needs to run.
  At the top of the screen is a search bar. Enter '''''browser.newtab.url'''''
  and press enter. '''''browser.newtab.url'''''
  tells Firefox what to show when a new tab is opened.
  If you want, right click and select '''''Modify'''''. You can change the
  setting to;<BR><BR>about:home (Firefox default home page),<BR>
  about:newtab (shows the sites most visited),<BR>
  about:blank (a blank page),<BR>
  or you can enter any web page you want.<BR><BR>
  The same instructions are used for the new window setting, listed as
  '''''browser.startup.homepage'''''.

• Error while Authenticating sharepoint site with Azure AD users using Azure Access Control Namespace

  I have a Sharepoint site running on Azure virtual Machine. Now i want to authenticate my sharepoint site with Azure AD users.
  For this i have followed below link, but getting error after login.
  Using Microsoft Azure Active Directory for SharePoint 2013 authentication
  I have implemented as given on reference link, but still facing error. When i access my url from browser, it will ask me through which you want to logon.
  Then on selection of ACS Provider, it will redirect me to office365 login. After i submit my credentials, it will redirect me to
  https://testvm.cloudapp.net/_trust/
  and got error. So i checked in sharepoint log and found below error.
  Cannot find site lookup info for request Uri urn:sharepoint:spvms.
  SPAudienceValidator: Audience uri 'urn:sharepoint:spvms is not valid for the context.
  Getting Error Message for Exception Microsoft.IdentityModel.Tokens.FailedAuthenticationException: The Audience URI could not be validated.
  SPSaml11SecurityTokenHandler: Audience validation failed for request 'https://testvm.cloudapp.net/_trust/' with
  the following audience URIs: 'urn:sharepoint:spvms', .
  Application error when access /_trust/, Error=The Audience URI could not be validated.
  at Microsoft.SharePoint.IdentityModel.SPSaml11SecurityTokenHandler.ValidateConditions(SamlConditions conditions, Boolean enforceAudienceRestriction)
  at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ValidateToken(SecurityToken token)
  at Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection.ValidateToken(SecurityToken token)
  at Microsoft.IdentityModel.Web.TokenReceiver.AuthenticateToken(SecurityToken token, Boolean ensureBearerToken, String endpointUri)
  at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequest request)
  at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args)
  at Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs eventArgs)
  at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
  at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

  I want 100,000 external users to have access to my SharePoint online Site collection.
  I was thinking of going the Azure AD route, where external users will have there ID's created in Azure AD cloud.
  Trying to figure how I can integrate Azure AD cloud with my SharePoint Online Site collection.
  Currently my site collection is tied to On-premise AD.
  Is there a way to integrate the SharePoint online to use both Azure AD and On-premise AD?
  Thanks
  Nate
  Any Answer here?

• A problem with Win 7 Pro, Outlook Web Access based on Exchange Server 2003, and two different domains

  Dear Microsoft Support,
  As mentioned in the title,
  I have two domains. One is Domain A at HQ. The other one is Domain A at branch office. A laptop having Win 7 Pro OS is a client of Domain A. The Domain A has Exchange Server 2003. Users of Domain B get connected to Exchange Server for email services. In
  all clients of the Domain B, IP address of the email server added in C:\Windows\System 32\drivers\etc\host file.
  Whereas in the clients of Domain A it was not done, because all the servers including the email server belong to the Domain A.
  Now, a user with Domain A's client (it is a laptop) came to Branch office and wanted to access the Outlook (using Outlook Web Access). since there is no IP address added in the Host file of the laptop, connectivity to email is not possible. When I try to
  add the IP address, I was not able to do so due to Domain A's security reasons.
  So, let me know, is there a way out to add the IP address in the host file of the Domain A's client.
  Thanks in advance.
  Ravi Sekhar Modukuru

  I would suggest adding the mailserver address in Domain B's DNS. Would that be possible?
  I agree. The correct solution in this case (since it appears you already have a two-way Domain Trust in place) is to properly configure DNS in Domain 'B' to be a secondary of Domain 'A' and completely eliminate the need to maintain the HOSTS file.
  Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
  SolarWinds Head Geek
  Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
  My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
  http://www.solarwinds.com/gotmicrosoft
  The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.