Setup Client Connection with certificates

Hi,
We need assistance in setting the Clients with Certificates. By Clients we mean, the SharePoint Server Farm where the Application are running for the FAST SEARCH to crawl them.
We have two Virtual Machines,
1. Sharepoint 2010 installed and the Applications running
2. Windows 2008 R2 based system with SQL Server Express 2008 Edition and FAST ESP Search and FSIS installed
We have completed the below mentioned steps
Installed FAST ESP Search with all Pre-requisites and Service Packs/Updates successfully
Installed FSIS Host Controller and running successfully
Executed the PowerShell Script to install and run CTS and IMS using the below PowerShell Script
.\InstallConfig.ps1 -action I -espSdkDir C:\SDK -secureStorageDir C:\SECURE -serviceAccount SLBDOM\Administrator -createGroups -createKeys -installKeys –enableCertificateSecurity
We need assistance in
1. Setting Up Client Certificates
2. Installing FASTSharePointConnector.msi
Can Someone let us know any blog or documentation that tells us how to perform the above two steps.
Thanks
Ram
Thanks Ram

I think what you are asking about is XML Digital Signatures (XML-DSig). This lets you sign Web services messages with a digital signature that can then be, potentially verified, against other authentication/authoritization mechanisms like LDAP.
The specification relating XML-DSig to Web services is managed by OASIS called Web Services Security. Oracle
sits on this standards group and has plans to implement it as it becomes a standard. For current specifications on this check out:
http://www.oasis-open.org/committees/wss/documents/WSS-Core-04-1117.pdf
For Oracle's plans in this area, check out this presentation at:
http://www.oracle.com/pls/oow/oow_user.show_public?p_event=13&p_type=session&p_session_id=38930
See the last few slides for a roadmap after you read through the use cases.
I realize you would prefer code samples and unfortunately I don't have any ... but hopefully this points you in the right direction ... The bottom line, if I understand your question, is that the specs are just emerging for this and if you want to do it now, it really is a roll-your-own solution that you can then retrofit in the standards as they emerge.
Mike.

Similar Messages

Can't setup correctly VPN connection with certificate

First of all: the VPN connection to a Windows server I'm trying to setup in Mac OS X works perfectly with a Windows XP client.
The VPN is of L2TP over IPSEC type and uses a certificate for computer authentication. I've tried to setup the connection on my mac importing the certificate on Keychain and marking the certificate as trusted for every use. I've set up the VPN in System preferences - Network creating a new VPN connection and filling: server address, account name, password for user authentication and selecting the certificate for computer authentication in the "Authentication settings" section. Then I've clicked Apply.
Then, when I click Connect the mac answers with a message something like this (I'm going to translate from the italian message), titled "Internet connection": "The IPSec shared secret is missing. Verify settings and retry.".
So, what's happened? Why mac says me that the "shared secret is missing" while I've never set up that option but instead I've selected the "Certificate" radio button in "Computer authentication" section of "Authentication settings" and correctly selected the imported certificate? The strange thing is that verifying what I've set up in the VPN configuration I've found that the active radio button in "Authentication settings" was the one corresponding to "Shared secret", not the one of "Certificate". It seems that when clicking on Apply the mac doesn't stores the certificate choice but resets the choice to "Shared secret".
Anyone has some suggestions to resolve my problem?
Thank you

to run IKEv2 you need the following EKUs on both server and client certificates. The machines select certificates automatically, the best option is the a), if not present, they proceed to the next b) and c):
a)IPSec IKE
Intermediate (IPSec Protection)
1.3.6.1.5.5.8.2.2 + Server Authentication +
Client Authentication
b)IPSec IKE Intermediate +
Client Authentication
c)Client Authentication
As you may see, both client and server require Client Authentication EKU in the certificate. If you include Server Authentication and IKE Intermediate, you will get more exact match.
ondrej.
Hi ondrej,
Thanks for the reply. I've reissued the certificate with the Client Authentication EKU, but it hasn't made any difference.
Please note that I'm not using machine certificates on the client for authentication - I want to use Secure Password (EAP-MSCHAPv2), which is working when I connect through SSTP. However, the server seems to be determined to use certificates for client authentication
- when I log using wfp, in the wfpdiag.xml file I can see that the authentication method listed is <mmAuthMethod>IKEEXT_CERTIFICATE</mmAuthMethod>. As I understand it, this should not be the case.
How can I get the server to accept EAP-MSCHAPv2 authentication?
Thanks,
Andrew

Am i on the right track for establishing my client connection with BC4J?

I am developing web-application with BC4J JSP project now. However, I find the auto-generated page not that useful as they are not flexible enough. Then, I decided to write coding by myself. But the first problem is - how to write the coding for client connection? To make maintenance easy, I would like to place those connection code in a class file instead of hard-coding each connection details in my JSP or Servlet page.
Question 1: Through the examples I search in my JDeveloper (Candidate 2) directory, found a file TestClient.java in the \BC4J\samples\Caching\src\demo directory with the following codes:
// Create an instance of the application module by name, using local mode
String _am = "demo.DemoModule"; // Fully-qualified application module name
String _cf = "DemoModuleLocal"; // Configuration name for connection info
ApplicationModule am = Configuration.createRootApplicationModule(_am,_cf);
// Find the Managers view object by name in the application module
ViewObject mgrVO = am.findViewObject("Managers");
// We're done with the AM instance, so release it
Configuration.releaseRootApplicationModule(am,true);
Is it for testing only or really useful for the production environment? Am I doing the right thing if i use such method to establish my web client connection? What's the pros and cons for using this method? Any other better alternatives?
Question 2: As I know BC4J automatically takes care of connection pooling as a default manner since version 3.2. Can I still use the following statement
session.setAttribute("user_name", user_name); //Set session attribute
String user_name = (String) session.getAttribute(user_name); // Get session attribute
to capture and assign client session correctly for individual clients?
Question 3: What codes should I use to achieve 'Transaction' update, which assembles the coding as follows:
Connection.setAutoCommit(false); //disable auto commit
connection.commit();
connection.rollback();
connection.close();
Thanks for answering!!!

Question 1: Through the examples I search in my JDeveloper (Candidate 2) directory, found a file TestClient.java in the \BC4J\samples\Caching\src\demo directory with the following codes:
// Create an instance of the application module by name, using local mode
String _am = "demo.DemoModule"; // Fully-qualified application module name
String _cf = "DemoModuleLocal"; // Configuration name for connection info
ApplicationModule am = Configuration.createRootApplicationModule(_am,_cf);
// Find the Managers view object by name in the application module
ViewObject mgrVO = am.findViewObject("Managers");
// We're done with the AM instance, so release it
Configuration.releaseRootApplicationModule(am,true);
Is it for testing only or really useful for the production environment? Am I doing the right thing if i use such method to establish my web client connection? What's the pros and cons for using this method? Any other better alternatives?The Configuration API (createRootApplicationModule, releaseRootApplicationModule) will work. However, please note
that it is intended for java clients that will hold an ApplicationModule reference for a long duration. The BC4J web
frameworks (represented, for example, by the ApplicationModule and ReleasePageResources tags) all use the
SessionCookie interface to acquire/release ApplicationModule instances on a per request basis. This will allow
better scalability. Please see the pooling sample / documentation / javadoc for more information about using these
APIs. The pooling sample servlet is located in \BC4J\samples\Pooling\src\demo\TestPoolServlet.
Question 2: As I know BC4J automatically takes care of connection pooling as a default manner since version 3.2. Can I still use the following statement
session.setAttribute("user_name", user_name); //Set session attribute
String user_name = (String) session.getAttribute(user_name); // Get session attribute
to capture and assign client session correctly for individual clients?BC4J will not interfere with your use of the HttpSession context. How do you intend the "user_name" to be used? Do
you intend it to represent the DB user, JAAS user, etc. If you intend it to be used as the DB user you will need to declare
the "user_name" to BC4J. Please see:
http://technet.oracle.com/products/jdev/howtos/bc4j/howto_dynamic_jdbc.html
Question 3: What codes should I use to achieve 'Transaction' update, which assembles the coding as follows:
Connection.setAutoCommit(false); //disable auto commit
connection.commit();
connection.rollback();
connection.close();ApplicationModule.getTransaction().commit();
ApplicationModule.getTransaction().rollback();
If you are using the Configuration or SessionCookie APIs, as mentioned above, then the connection lifecycle will be
managed for you. So, you should not need to invoke connection.close().
Thanks for answering!!!
Hope this helps.
JR

Communicator 2010 client connection with Akamai.

hello all,
Our Communicator 2010 clients are connected with Akamai ( a92-122-208-27.deploy.akamaitechnologies.com). I thought to check for updates but aim I not sure of the reason. But we use SCCM to update our clients.
The question is how to disable this connectivity to Akamai?
See also this reference:
http://www.networksteve.com/windows/topic.php/Lync_clients_upon_start_opening_up_connections_to_foreign_server/?TopicId=60878&Posts=13
Regards WoutH
Version 4.0.7577.4446

On Step 8 I found multiple product codes for the Conferencing Add-In for Outlook. Here's a list of the ones I found in the machines on my network:
{987CAEDE-EB67-4D5A-B0C0-AE0640A17B5F}
{2BB9B2F5-79E7-4220-B903-22E849100547}
{13BEAC7C-69C1-4A9E-89A3-D5F311DE2B69}
{C5586971-E3A9-432A-93B7-D1D0EF076764}
I'm sure there's others one, just be mindful that this add-in will have numerous product codes.

E8350 - bad upstream performance when LAN clients connect with 1000mb/s

Our office LAN is all 100/1000mbs capable. Our internet provider is 100 mb/s symmetric internet. We believe we've found an issue with upstream buffering in the E8350.
A) A laptop connecting at 100mb/s directly to the E8350 is able to upload at 80 megabits/s
B) The same laptop, connecting via 1000bt directly to the E8350 only gets 10 megabits/s or so
C) Other laptops connected through our LAN at 1000bt also suffer poor performance
D) Putting an older switch which is only capable of 100mb/s between our 1000bt LAN and the E8350 throttles correctly, and we can obtain higher upload speeds for the entire network.
We suspect that in situations A & C, the E8350 is not throttling/buffering traffic arriving on the 1000bt connection correctly, causing the poor upload speeds.
Firmware version is 1.0.0

1000bt? what is that? Do you mean 1000Mb? or 1Gb?
Preferred connections with this router is the use of 1000Mb or 1Gb adapters and switches and CAT6 LAN cabling for wired LAN conections. 100Mb could slow down some performance and you'll not be able to use the 1Gb connection pipe.
Is these connections on the wired LAN cables?
Ensure all devices with wired LAN connectons support 1000Mb or 1Gb speeds.
Ensure all devices with LAN adapter cards are updated for dirvers.
Internet Service Provider and Modem Configurations
What ISP Service do you have? Cable or DSL?
What ISP Modem Mfr. and model # do you have?
Is ISP Modem/Service using Dynamic or Static WAN IP addressing?
What ISP Modem service link speeds UP and Down do you have?
Check cable between Modem and Router, swap out to be sure. Link>http://en.wikipedia.org/wiki/CAT6 is recommended.
Check ISP MTU requirements, Cable is usually 1500, DSL is around 1492 down to 1472. Call the ISP and ask.
http://kb.linksys.com/Linksys/ukp.aspx?vw=1&docid=88e63d78588142e6bb68e22d7faf2046_Configuring_the_M...
What wireless modes are you using?
2.4Ghz and 5Ghz routers: Try single mode G or N or mixed G and N on 2.4Ghz and single mode N or Mixed on 5Ghz?
Channel Width set for Auto 20/40Mhz.
Try setting a manual Channel to a open or unused channel. 1, 6 or 11. 11 for single mode N if the channel is clear. 13 for EU regions. Try channel 48 or 149 on 5Ghz. http://en.wikipedia.org/wiki/List_of_WLAN_channels
http://kb.linksys.com/Linksys/ukp.aspx?vw=1&docid=f2625b15a5d7454b8e7fafbe65d5aa63_4009.xml&pid=80&r...
What security mode are you using? Preferred security is WPA-Personal. WPA2 Only. http://kb.linksys.com/Linksys/ukp.aspx?vw=1&docid=8ce9e83bd3784001aee72da7f1ef48e8_Changing_the_basi...
http://kb.linksys.com/Linksys/ukp.aspx?pid=80&vw=1&articleid=19073
What wireless devices do you have connected?
Ensure any devices with WiFi adapter drivers are updated.
Any 2.4Ghz or 5Ghz cordless house phones or WiFi APs near by?
Any other WiFi routers in the area? Link> Use http://www.techspot.com/downloads/5936-inssider.html to find out. Use v3. How many?
WMM Support must be enabled for single wireless N mode to function.
http://kb.linksys.com/Linksys/ukp.aspx?vw=1&articleid=5471
Router Placement
Forum User - "Well I feel really dumb. After moving the router away from other electronic devices my speeds are back to normal. Just a heads up for anyone experiencing slow speeds, you might want to move it away from other electronics and see if that helps."
3-6' feet minimum safe distance between devices.
Placement on main level floor and central in the building and WELL ventilated is preferred. Not in basements or closets as building materials, or near by electronics devices could interfere or hinder good signal propagation.
http://kb.linksys.com/Linksys/ukp.aspx?vw=1&docid=d9a3b1b2039741948a2365b053a93ea8_3759.xml&pid=80&r...
http://www.smallnetbuilder.com/wireless/wireless-basics/31083-smallnetbuilders-wireless-faq-the-esse...

Setting LDAP connection with Certificate

Hi all,
i need to setup LDAP connetction to verify recipient email address in incoming.
LDAP is protected by SSL,do i need a certificate?
how can i get a certificate? i mean what is the right procedure to request a certificate to CA , internal one that manages Domain Controllers,and install it in ironport ESA?
thanks a lot
smaikol

Hi Smaikol,
On thicase to use the LDAPS (LDAP over SSL), the Microsoft Server will need to meet the requirements you just mentioned, it will need an SSL certificate from a third party CA (Certificate authority)
Requirements for an LDAPS certificate
To enable LDAPS, you must install a certificate that meets the following requirements:
The LDAPS certificate is located in the Local Computer's Personal certificate store (programmatically known as the computer's MY certificate store).
A private key that matches the certificate is present in the Local Computer's store and is correctly associated with the certificate. The private key must not have strong private key protection enabled.
The Enhanced Key Usage extension includes the Server Authentication (1.3.6.1.5.5.7.3.1) object identifier (also known as OID).
The Active Directory fully qualified domain name of the domain controller (for example, DC01.DOMAIN.COM) must appear in one of the following places:
The Common Name (CN) in the Subject field.
DNS entry in the Subject Alternative Name extension.
The certificate was issued by a CA that the domain controller and the LDAPS clients trust. Trust is established by configuring the clients and the server to trust the root CA to which the issuing CA chains.
You must use the Schannel cryptographic service provider (CSP) to generate the key.
Now to get the pertinent certificate you will need to create a request, you will be able to find those instructions and further information within the following link:
- http://support.microsoft.com/kb/321051/en-us
Let me know how it works out!
Please don't forget to rate and mark as correct the helpful Post!
David Castro.
Best regards.

Simply setup client features with server installed in advanced mode...

Hi,
If I setup my server in standard "mode" I see that Leopard clients discover my server automatically and the server try to set all clients fatures (Mail accounts, Ical server, etc.).
There is a way to activate this useful fature ALSO with a server installed in "advanced" mode?
My server need to be installed in advanced mode because it's an open directory master with a DNS that serve all my lan.
Thanks in advance...

Hi Kranthi_06,
According to your description, you have an environment with reporting services installed, the info given by the client they are using reportingservices with sharepoint integrated mode. In SSMS, you can see two databases with names reportserver$DEN2010 and
reportserver$DEN2010tempdb.
In Native Mode, in the SQL Server Installation Wizard, if we select Install and configure option, the ReportServer database will be created automatically through Setup. If we choose the Install only option, we must use the Reporting Services Configuration
Manager to create the database manually. By default, the database format is ReportServer and ReportServerTempDB. In SharePoint Mode, we need to create at least one Reporting Services service application by using SharePoint Central Administration or Reporting
Services PowerShell cmdlets, then three databases are created for each Reporting Services service application and the database names by default include a guid that represents the service application. The following are example names of the three SharePoint
mode databases:
ReportingService_90a9f37075544f22953c4a62e4a9f370
ReportingService_90a9f37075544f22953c4a62e4a9f370TempDB
ReportingService_90a9f37075544f22953c4a62e4a9f370_Alerting
For SSRS 2008 R2 or early versions, we can identify report server mode using the Reporting Services Configuration Manager. For SSRS 2012 or later versions, Reporting Services Configuration Manager no longer supports Reporting Services SharePoint mode. Configuration
of SharePoint mode is completed using SharePoint Central Administration.
Reference:
Verifying SharePoint integrated mode installation
Create a Report Server Database
If you have any more questions, please feel free to ask.
Thanks,
Wendy Fu

Auto-setup client mail with 3rd party servers?

Just curious if this was possible. I know Mail clients can get auto-setup with SLServer, but its likely only for SLServer's own Mail Server.

Hi
If you go to Workgroup Manager > Accounts > joe user > Mail
Click enabled and there is a nice little line that reads "Mail Server". You can type just about anything you want in there.
-or-
click forward and there is a line that accepts [email protected] as the input
Are either of those what you are looking for?
Bob

Troubleshoot and Setup FiOS Connections with VZ In Home Agent

"VZ In Home Agent" is a new desktop tool (Major Enhancement to the earlier FiOS Connection Wizard) that helps with your FiOS services. This tool is simple, easy-to-use and has information about various features of your FiOS Services including 'How to Get Started' with Internet, TV and Phone services along with quick fixes for most common issues. Best part of this tool is that the tool identifies your services and provides customized help.
Just download and install this new helpful tool from http://www.verizon.com/connectionwizard/ and get connected to FiOS instantly. If you already have FiOS Connection Wizard installed on your computer, when you use it the next time, you will automatically be upgraded to this new tool.
Main Features:
Internet Help:
Helps fix internet connectivity issues
Sets up a wireless Internet connection for a computer
Retrieves your wireless network's SSID and WEP encryption key
Helps with Router Reset/Reboot
Finds information about your home network and other Verizon services
Email Help:
Easily sets up your Vz Email account on Outlook, Outlook Express and Windows Mail
Fixes Email Problems
Resets your password if you don't remember it now
Creates an Additional Email Account
TV Help:
Helps with Remotes, Set Top Boxes, Wiring Diagrams, Program Guide, etc
Quickly fixes your "No Picture on TV" and "Set Top Box" issues
Helps with Games, Widgets, etc
Phone Help:
Helps with setting up your Home Voice Mail and other calling features
Helps with Verizon Call Assistant features
Helps with FiOS Voice Account Manager
Instant Access to your Home Voice Mail Access Number
If you face any issues or have any questions/suggestions, please use the Feedback form available on the tool and help us make this tool work better for you.
Minimum system requirements:
Operating System: Windows XP or Vista with Microsoft .NET 2.0 or higher
RAM: 384 MB or more
Storage: 50 MB available on Hard disk
Router: Verizon-supported router (The D-Link routers are the only Verizon-supported routers that do not work with the FiOS Connection Wizard)
Message Edited by Kathleen on 08-17-2009 02:43 PM
Kathleen
Verizon Telecom
Online Center of Excellence
Notice: Content posted by Verizon employees is meant to be informational and does not supercede or change the Verizon Forums User Guidelines or Terms or Service, or your Customer Agreement Terms and Conditions or Plan.

When will this new service support Mac OS, only Windows right now

[Partially solved] Setup wired connection with VMware

Hello everyone !
I'm fairly new to archlinux and I have been trying it with VMware Player 5, with a Windows Seven host.
So with the first install I tried, everything worked really great with the Beginner's Guide, so I made another install with the settings I really want.
I had access to Internet during the whole install, but after rebooting, the connection is not working with the dynamic IP nor the static IP, even though I configured it with net-auto-wired. I tried to mess with the two network adapters created by VMware but nothing worked yet. When I try to ping, I have the "unknown host" error.
What really surprises me is that it worked really well for the first install, and during the whole process of the second one.
Thanks !
Last edited by guiguizmo91 (2013-01-20 18:53:10)

After reading the Network Configuration, it seems that the problem is here : https://bugs.archlinux.org/task/30235
Here, the guy is using Virtualbox, but it might be almost the same problem. I have to run manually :
dhcpcd enp2s1
After that, I do not get the unknown host error.
The Network Configuration Wiki page says :
If the dhcpd service starts before your network card module (FS#30235), manually add your network card to /etc/modules-load.d/*.conf. For example, if your Realtek card needs r8169 to be loaded, create:
/etc/modules-load.d/realtek.conf
r8169
Tip: To find out which modules are used by your network card, use lspci -k.
Using the tip, it says that my card (Intel Corporation 82545EM Gigabit Ethernet Controller) uses the kernel driver e1000, so I tried the solution from the Wiki, with a file in /etc/modules-load.d/ containing e1000, but it does not work.
What should I do to have it work directly ?
Thanks for your attention.

EJB client Connectivity with JServer

Dear all friends,
I deploy me EJB-Jar file properly in Oracle 8i JServer but when I want to
use that EJB file by client I get the following error messages
(the following errors appear when I reach to the line
EJBHome homeInterface = (EJB.EJBHome) ic.lookup(ejbUrl)
java.lang.NoClassDefFoundError: oracle.aurora.rdbms.ClassResolver
java.lang.Object oracle.aurora.jndi.sess_iiop.sess_iiopURLContextFactory.getObjectInstance(java.lang.Object, javax.naming.Name, javax.naming.Context, java.util.Hashtable)
javax.naming.Context javax.naming.spi.NamingManager.getURLContext(java.lang.String, java.lang.Object, java.util.Hashtable)
javax.naming.Context javax.naming.spi.NamingManager.getURLContext(java.lang.String, java.util.Hashtable)
javax.naming.Context javax.naming.InitialContext.getURLOrDefaultInitCtx(java.lang.String)
java.lang.Object javax.naming.InitialContext.lookup(java.lang.String)
I have the following classpath:
E:\Program Files\Oracle\JDeveloper 3.0\java1.2\jre\lib\;E:\Oracle\Ora81\jdbc\lib\classes12.zip;E:\Oracle\Ora81\lib\aurora_client.jar;E:\Oracle\Ora81\lib\vbjorb.jar;E:\Oracle\Ora81\lib\vbjapp.jar
Could anyone please help me that what should I do?
any suggestion would be appreciated.
Amirali
null

Hello,
Try the following:
1. execute the following cmd:
c:\jdev_home\bin\setjboenv "c:\jdev_home" 8i
2. add the EJBClient jar to the classpath
3. Run your client
Also, if you use the command line a lot then I recommend that you install JDeveloper in a custom directory (say c:\JDev) which is easier to navigate to from the command prompt
Regards,
Arun

No internet access on clients connected with any one Windows server 2k8, 2k8 r2, 2k12, 2k12 r2

I have install AD and DNS, No DHCP on windows server 2008 r2. which has two NIC external and internal.
Domain: mhpd.com
Computer name: win2k8
External
ip: 172.16.31.32/16
gw:172.16.0.1
dns:8.8.8.8
4.2.2.2
Internal:
ip: 172.16.31.31/16
gw: blank
dns:127.0.0.1
IN DNS i have set forwarders 8.8.8.8 and 4.2.2.2 which is succeefully resolved. root hints is ok
Clients configuration(client did not add in ad)
ip:172.16.2.241/16
gw:172.16.31.32
dns:172.16.31.32
Question: I am able to access internet on domain controller cum server 2008. But on client computer display yellow symbol on lan icon and no internet access ping win2k8 successful.
ping win2k8.mhpd.com successful. ping 8.8.8.8 or ping google.com request time out.
what is problem in my configuration?

Hi haresh,
First, the network is overlapped on your computer.
Second, AD DS is not recommended to be installed on a multihomed computer.
Both of these will cause conmunication issues.
You may need to re-plan your network.
Best Regards.
Steven Lee
TechNet Community Support

Exchange 2013, Outlook 2007 clients Problems with Outlook Anywhere connection

Hi everyone,
I have a mail system Exchange 2013 SP1, on Windows Server 2012 R2.
I have only one mail server with the Client Access and Mailbox roles Server.
I have a Wildcard certificate type *. Mydomain.com.
All connections to the Outlook Anywhere Outlook 2010, Outook 2013 work correctly.
The ActiveSync connections are working properly, too.
But Outlook 2007 clients connecting with Outlook Anywhere asking for credentials continuously fail continuously.
How can I solve this?
thank you very much
Microsoft Certified IT Professional Server Administrator

Hi,
Based on my experience, we need to set Outlook provider with the domain name if it's wildcard certificate:
Set-OutlookProvider -Identity EXPR -CertPrincipalName msstd:*.domain.com
http://technet.microsoft.com/en-us/library/cc535023(EXCHG.80).aspx
Thus, I recommend you try the above configuration and test the Outlook connection again.
Thanks,
Angela Shi
TechNet Community Support

I cannot establish VPN connection with rv120w to shrew soft client

1. I bought 2 rv120w router and install one direct to WAN and one behind router-hub.
2. one behind router is set DMZ, and each are conneted Site to Site vpn
3. I need to connect each site with my mobile devices(1 notebook, 2 Win8 tablets, 2 android devices )
4. i use wibro mobile router, win8 devices're behind router, and their fort is fowarded(DMZ)
5. I'll take care of Android devices later, here now, my trouble is Win8 devices
6. i installed cisco QuickVPN software. frankly,that software is shit. i don't know why but it even cannot reach router, no log generated on rv120w. and i dont want PPTP connection. sorry for criticism but I'm sure many of QuickVPN users(and people who fail to be a user) agree with me. it's 2014. not 1998.
Cisco should be shamed for that software. it looks like a second grade collage student's 2nd semester project(Many of them're batter nowadays.) and doesn't work.
more amazing fact is that's only software that RV series provides officialy. What the...so in conclusion, Cisco does not provide any IPSec client connection tool at all. does that makes any sense?
7. i tried 10 or more hours to make IPSec client connection with many vpn client soft ware, this is my closest shot.
RV120W log :
2014-10-02 15:03:05: [rv120w][IKE] INFO: Configuration found for 175.xxx.xxx.xxx[500].
2014-10-02 15:03:05: [rv120w][IKE] INFO: Received request for new phase 1 negotiation: 11x.xxx.xxx.xxx[500]<=>175.xxx.xxx.xxx[500]
2014-10-02 15:03:05: [rv120w][IKE] INFO: Beginning Aggressive mode.
2014-10-02 15:03:05: [rv120w][IKE] INFO: Received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
2014-10-02 15:03:05: [rv120w][IKE] INFO: Received unknown Vendor ID
2014-10-02 15:03:05: [rv120w][IKE] INFO: Received unknown Vendor ID
2014-10-02 15:03:05: [rv120w][IKE] INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
2014-10-02 15:03:05: [rv120w][IKE] INFO: Received unknown Vendor ID
2014-10-02 15:03:05: [rv120w][IKE] INFO: Received Vendor ID: RFC 3947
2014-10-02 15:03:05: [rv120w][IKE] INFO: Received unknown Vendor ID
2014-10-02 15:03:05: [rv120w][IKE] INFO: Received Vendor ID: DPD
2014-10-02 15:03:05: [rv120w][IKE] INFO: Received Vendor ID: DPD
2014-10-02 15:03:05: [rv120w][IKE] INFO: Received unknown Vendor ID
2014-10-02 15:03:05: [rv120w][IKE] INFO: Received unknown Vendor ID
2014-10-02 15:03:05: [rv120w][IKE] INFO: Received unknown Vendor ID
2014-10-02 15:03:05: [rv120w][IKE] INFO: Received Vendor ID: CISCO-UNITY
2014-10-02 15:03:05: [rv120w][IKE] INFO: Received unknown Vendor ID
2014-10-02 15:03:05: [rv120w][IKE] INFO: For 175.xxx.xxx.xxx[500], Selected NAT-T version: RFC 39472014-10-02 15:03:06: [rv120w][IKE] INFO: Floating ports for NAT-T with peer 175.xxx.xxx.xxx[4500]
2014-10-02 15:03:06: [rv120w][IKE] INFO: NAT-D payload does not match for 11x.xxx.xxx.xxx[4500]
2014-10-02 15:03:06: [rv120w][IKE] INFO: NAT-D payload does not match for 175.xxx.xxx.xxx[4500]
2014-10-02 15:03:06: [rv120w][IKE] INFO: NAT detected: Local is behind a NAT device. and alsoPeer is behind a NAT device
2014-10-02 15:03:06: [rv120w][IKE] INFO: Sending Xauth request to 175.xxx.xxx.xxx[4500]
2014-10-02 15:03:06: [rv120w][IKE] INFO: ISAKMP-SA established for 11x.xxx.xxx.xxx[4500]-175.xxx.xxx.xxx[4500] with spi:90dd9f6bf4d51d95:70f7c62456edef9e
2014-10-02 15:03:06: [rv120w][IKE] INFO: Received attribute type "ISAKMP_CFG_REPLY" from 175.xxx.xxx.xxx[4500]
2014-10-02 15:03:06: [rv120w][IKE] INFO: Login succeeded for user "fxxxxxxxxX1"
2014-10-02 15:03:06: [rv120w][IKE] INFO: Received attribute type "ISAKMP_CFG_REQUEST" from 175.xxx.xxx.xxx[4500]
2014-10-02 15:03:06: [rv120w][IKE] ERROR: Local configuration for 175.xxx.xxx.xxx[4500] does not have mode config
2014-10-02 15:03:06: [rv120w][IKE] WARNING: Ignored attribute 5
2014-10-02 15:03:06: [rv120w][IKE] ERROR: Local configuration for 175.xxx.xxx.xxx[4500] does not have mode config
2014-10-02 15:03:06: [rv120w][IKE] ERROR: Local configuration for 175.xxx.xxx.xxx[4500] does not have mode config
2014-10-02 15:03:06: [rv120w][IKE] ERROR: Local configuration for 175.xxx.xxx.xxx[4500] does not have mode config
2014-10-02 15:03:06: [rv120w][IKE] ERROR: Local configuration for 175.xxx.xxx.xxx[4500] does not have mode config
2014-10-02 15:03:06: [rv120w][IKE] WARNING: Ignored attribute 28678
2014-10-02 15:03:06: [rv120w][IKE] ERROR: Local configuration for 175.xxx.xxx.xxx[4500] does not have mode config
2014-10-02 15:03:06: [rv120w][IKE] ERROR: Local configuration for 175.xxx.xxx.xxx[4500] does not have mode config
2014-10-02 15:03:06: [rv120w][IKE] ERROR: Local configuration for 175.xxx.xxx.xxx[4500] does not have mode config
2014-10-02 15:03:06: [rv120w][IKE] ERROR: Local configuration for 175.xxx.xxx.xxx[4500] does not have mode config
2014-10-02 15:03:06: [rv120w][IKE] INFO: Purged ISAKMP-SA with proto_id=ISAKMP and spi=90dd9f6bf4d51d95:70f7c62456edef9e.
2014-10-02 15:03:07: [rv120w][IKE] INFO: ISAKMP-SA deleted for 11x.xxx.xxx.xxx[4500]-175.xxx.xxx.xxx[4500] with spi:90dd9f6bf4d51d95:70f7c62456edef9e
Phase 1 Setting
Selected IKE Policy View
General
Policy Name
FDCStD
Direction / Type
Responder
Exchange Mode
Aggresive
Enable XAUTH Client
Local Identification
Identifier Type
Local Wan IP
FQDN
112.167.xxx.xxx
Peer IKE Identification
Identifier Type
Remote Wan IP
FQDN
175.xxx.xxx.xxx
IKE SA Parameters
Encryption Algorithm
3DES
Authentication Algorithm
SHA-1
Authentication Method
Pre-Shared Key
Pre-Shared Key
qpwoeiruty
Diffie-Hellman (DH) Group
Group 2 (1024bit )
SA-Lifetime
28800 Seconds
Phase2 setting
Add / Edit VPN Policy Configuration
Policy Name
Policy Type
                        Auto Policy                         Manual Policy
Remote Endpoint
                        IP Address                         FQDN
NETBIOS
Enable
Local Traffic Selection
Local IP
                        Any                         Single                         Range                         Subnet
Start Address
End Address
Subnet Mask
Remote Traffic Selection
Remote IP
                              Any                               Single                                  Range                               Subnet
This field is not editable, because netbios is selected.
Start Address
End Address
Subnet Mask
Split DNS
Split DNS
Enable
Domain Name Server 1
Domain Name Server 2
(Optional)
Domain Name 1
Domain Name 2
(Optional)
Manual Policy Parameters
SPI-Incoming
SPI-Outgoing
Encryption Algorithm
                        3DES                         None                         DES                         AES-128                         AES-192                         AES-256                         AES-CCM                         AES-GCM
Key-In
Key-Out
Integrity Algorithm
                        SHA-1                         SHA2-256                         SHA2-384                         SHA2-512                         MD5
Key-In
Key-Out
Auto Policy Parameters
SA-Lifetime
                        Seconds                         KBytes
Encryption Algorithm
                        3DES                         None                         DES                         AES-128                         AES-192                         AES-256                         AES-CCM                         AES-GCM
Integrity Algorithm
                        SHA-1                         SHA2-256                         SHA2-384                         SHA2-512                         MD5
PFS Key Group
Enable
                        DH-Group 1 (768 bit)                         DH-Group 2 (1024 bit)                         DH-Group 5 (1536 bit)
Select IKE Policy
                                                         FDCStSFKS                                                                                  FDCStD
Shres client setting
Phase 1 Setting
Selected IKE Policy View
General
Policy Name
FDCStD
Direction / Type
Responder
Exchange Mode
Aggresive
Enable XAUTH Client
Local Identification
Identifier Type
Local Wan IP
FQDN
112.167.xxx.xxx
Peer IKE Identification
Identifier Type
Remote Wan IP
FQDN
175.xxx.xxx.xxx
IKE SA Parameters
Encryption Algorithm
3DES
Authentication Algorithm
SHA-1
Authentication Method
Pre-Shared Key
Pre-Shared Key
qpwoeiruty
Diffie-Hellman (DH) Group
Group 2 (1024bit )
SA-Lifetime
28800 Seconds
Phase2 setting
Add / Edit VPN Policy Configuration
Policy Name
Policy Type
                        Auto Policy                         Manual Policy
Remote Endpoint
                        IP Address                         FQDN
NETBIOS
Enable
Local Traffic Selection
Local IP
                        Any                         Single                         Range                         Subnet
Start Address
End Address
Subnet Mask
Remote Traffic Selection
Remote IP
                              Any                               Single                                  Range                               Subnet
This field is not editable, because netbios is selected.
Start Address
End Address
Subnet Mask
Split DNS
Split DNS
Enable
Domain Name Server 1
Domain Name Server 2
(Optional)
Domain Name 1
Domain Name 2
(Optional)
Manual Policy Parameters
SPI-Incoming
SPI-Outgoing
Encryption Algorithm
                        3DES                         None                         DES                         AES-128                         AES-192                         AES-256                         AES-CCM                         AES-GCM
Key-In
Key-Out
Integrity Algorithm
                        SHA-1                         SHA2-256                         SHA2-384                         SHA2-512                         MD5
Key-In
Key-Out
Auto Policy Parameters
SA-Lifetime
                        Seconds                         KBytes
Encryption Algorithm
                        3DES                         None                         DES                         AES-128                         AES-192                         AES-256                         AES-CCM                         AES-GCM
Integrity Algorithm
                        SHA-1                         SHA2-256                         SHA2-384                         SHA2-512                         MD5
PFS Key Group
Enable
                        DH-Group 1 (768 bit)                         DH-Group 2 (1024 bit)                         DH-Group 5 (1536 bit)
Select IKE Policy
                                                         FDCStSFKS                                                                                  FDCStD
Shres client setting
8. in rv120w setting for advanced seup> Policy Type>
there's two option FQDN and IP Adress
when I'm in none static IP Adress environment, how should I set that field?
RV120w do not support none static IP Adress?

Hi kastwf001,
My name is Mehdi from Cisco Technical Support, just want to inform you regarding QuickVPN is an light software using IPsec service of windows, so here it depend of windows and firewall ... IPsec setting on windows, encryption ...
anyhow for RV120W it's open for 3rd party software as ShrewVPN , TheGreenBow ... and working as expected since those software are using their ip sec services ..
Please follow configuration steps on RV120W and ShrewVPN (screenshots taken from you post) :
Please let me know if you have any question
Please rate the post or mark as answered to help other Cisco Customers
Regards
Mehdi

How to setup client portal

How do I setup client portal with user name and password to each clients file for their view and/or adding a pdf or other document?

Could you put a few more words around the problem you're solving here, and some background? (The answer to this question can range from a simple Apache directive to a huge content management system, depending on some of those details.)
How many folks are involved (and what's your likely growth rate)? (Small numbers of folks can be managed manually, where larger numbers of users means different choices.)
Are you running Open Directory? (Apache can be connected into that, and you can manage access from there.)
Are you looking for a web content management system (CMS) in addition to controlling access to specific documents, or just the authentication? (Uploading documents generally means keeping track of the associated files and avoiding collisions, which is more complex and can potentially be risky - file uploads can lead to web server breaches, if they're not managed correctly. In comparision, controlling access and allowing downloads.)
Web content management systems (which are more common choices for what can be called a "portal") have varying requirements and features. There's a CMS matrix comparison site available.
For some of the core features, the 10.6 Web Services manual as a starting point, looking at the Realms-related discussions there, and potentially at WebDAV. It's also possible to password-protect specific directories using Apache directives; that's the simplest, but it doesn't scale all that well.

Setup Client Connection with certificates

Similar Messages

Maybe you are looking for