SharePoint 2010 portal on DMZ with reverse proxy

Hi,
I need to publish sharepoint portal for extranet,Portal can access on internet with AD credential.
i have one WFE,one App and on db server,I need to know WFE server is required to host on DMZ or new server with any reverse proxy tool.
we are more concern about security threat.
Hasan Jamal Siddiqui(MCTS,MCPD,ITIL@V3),Sharepoint and EPM Consultant,TCS
|
| Twitter

Chek below:
http://technet.microsoft.com/en-us/library/dn607304%28v=office.15%29.aspx
Port details:
APP\WEB
1.1.1.1
1.1.1.2
APP\WEB
1.1.1.1
1.1.1.2
TCP 16500-16519
search index component
APP\WEB
1.1.1.1
1.1.1.2
APP\WEB
1.1.1.1
1.1.1.2
TCP 22233-22236
AppFabric Caching Service
APP\WEB
1.1.1.1
1.1.1.2
APP\WEB
1.1.1.1
1.1.1.2
TCP 808
Windows Communication Foundation communication
APP\WEB
1.1.1.1
1.1.1.2
APP\WEB
1.1.1.1
1.1.1.2
TCP 32843, 32844, 32845
Web servers and service applications (the default is HTTP)
APP\WEB
1.1.1.1
1.1.1.2
AD DS \DNS(If multiple please include)
1.1.1.3
TCP 5725 TCP&UDP 389 (LDAP service) TCP&UDP 88 (Kerberos) TCP&UDP 53 (DNS) UDP 464 (Kerberos Change Password)
synchronizing profiles between SharePoint 2013 and Active Directory Domain Services (AD DS)
APP\WEB
1.1.1.1
1.1.1.2
SQL
1.1.1.4
TCP 1433, UDP 1434
SQL Server communication
APP\WEB
1.1.1.1
1.1.1.2
APP\WEB
1.1.1.1
1.1.1.2
TCP 32846
SharePoint Foundation User Code Service
APP\WEB
1.1.1.1
1.1.1.2
SMTP server
1.1.1.5
TCP 25
SMTP for e-mail integration
APP\WEB
1.1.1.1
1.1.1.2
APP\WEB
1.1.1.1
1.1.1.2
TCP 30000
Central Admin
APP\WEB
1.1.1.1
1.1.1.2
APP\WEB
1.1.1.1
1.1.1.2
TCP 2382
SQL Server Browser service
SQL1
1.1.1.4
SQL2
1.1.1.5
TCP 1433 and TCP 5022.
Multiple SQL if exists
APP\WEB
1.1.1.1
1.1.1.2
SQL1
1.1.1.4
TCP port 135
Integration Services service
APP\WEB
1.1.1.1
1.1.1.2
All clients
All
TCP 80/443
For client access
If this helped you resolve your issue, please mark it Answered

Similar Messages

DMZ with reverse proxy

Hi All,
I am trying to configure DMZ.
But I am having only one node for apache.
So I thought of configuring DMZ using Reverse Proxy with no External node.
But I am bit confused with configuration of Reverse Proxy using the apache shipped with E-business
My current archecture like:
Node 1 : Apache ,Forms and MWA
Node 2 : CM and DB
OS : AIX 5.3
Version : 11.5.10.2
DB : 10.2.0.4
1.Will there be 2 apache process running as applmgr on node1(one for external and other for internal)
2.Will there be 2 context files in node1 (one for external and other for internale)
3.How to configure 2 Server name for node1
Thanks in advance

Hi,
Did you review (Note: 438744.1 - Case History: Implementing a Reverse Proxy Alone in a DMZ Configuration - 11i)?
Regards,
Hussein

Portal, BI, & SSO with Reverse Proxy

Hello,
We recently integrated BI (7.0) into our portal environment (EP 7 SP10). Single sign-on was working fine until we needed to allow external users into our system so we had to implement a reverse proxy. This has caused our single sign-on to stop working. It broke in our other systems as well, but for those we have a separate Java stack & made changes to it to get it to work. For our BI environment, we do not have Java. We installed the BI Java component onto the portal server so we could use BI there. Any ideas?
Thank you for your time,
Erin Byrne

Well BI is your ticket generator in this scenario so you don't need to import any certificate into BI... instead it's the BI certificate you need imported into the Portal since Portal is now the ticket acceptor.
When you're in Query Designer and you attempt to publish your Query you're calling a module called BEx Broadcaster. This is used to "brodcast" your query to a web host.
Check out these links from the Security Guide for BI for more info. I think your answer is here.
Publishing in the Portal
http://help.sap.com/saphelp_nw2004s/helpdata/en/4b/b41540bf1af72ee10000000a1550b0/content.htm
Information Broadcasting in the Web Note scenario 3.
http://help.sap.com/saphelp_nw2004s/helpdata/en/00/b41540bf1af72ee10000000a1550b0/content.htm
Let us know how you fair.
-Kevin

Peoplesoft Portal with Reverse Proxy, content provider also need RP?

Hello there,
I need your help, I am currently implementing a PS Portal, I set my CRM as content provider, for safety reasons public access portal is configured using a reverse proxy (rp), my question is: Is there a different option to configure the CRM also with reverse proxy? as static content generated by CRM are then shown through the Website Portal (already rp),
Thanks and regards.
Alexander C.

I also would like overcome this issue. I could not find an answer anywhere on Metalink or OTN.
Can a reverse-proxy (i.e. using ProxyPass & Reverse) be used with and internal Portal?
John Z
Butler Mfg. Co.
[email protected]

Portal 10.1.2 with reverse proxy

Hi,
Does anybody configure Portal 10.1.2 working with reverse proxy behind the firewall?
I tried using generic docs and Metalink Notes 270160.1, 262451.1, unsuccessful.
I ended with SSO not starting at all.
Now i have fresh install without proxy and I am looking for some success reference.
Thanx
Jiri

What are you going to use for the Reverse Proxy?
1) Apache
2) Oracle Isapi IIS Plugin
3) Oracle HTTP Server
4) Webcache
I've been dealing with basically #1, #2 for the past month so I could have some info for you there. How is your MT's / Infra configured? same server, different servers? Will the proxy be in another server? Do you have webcache running?
I would suggest making sure it works internally first with the name that you want before putting the reverse proxy infront of it. I have 1 URL that works now both internally and externally though a reverse proxy.
It sounds like your having some SSO configuration related issues with your name. These are somewhat difficult to troubleshoot, so if needed open a TAR and Oracle Support can pretty quickly help you resolve those.

Portal 9041 with reverse proxy

Hi,
Does anybody configure Portal 9.0.4.1 working with reverse proxy ?
I doesn't find any doc for 9041... only for 10.1.2 and 902
Thao

The 9.0.4 Portal Configuration Guide has a section about setting this up:
5.6 Configuring Reverse Proxy Servers
The 9.0.4 documentation library can be found on OTN:
http://www.oracle.com/technology/documentation/appserver10g.html

Fronting actual application with reverse proxy

Hi All
I am very novice to proxy server field.
Actually i have to use proxy server as a top layer for an application which is using Sun access manager authentication.
Now to configure the reverse proxy i first map the regular and reverse mapping for my application lets say mapping
http://rp1/app1 to http://example.com/app
Now this app http://example.com/app is protected by Sun Access manager and redirect the request to url something like http://hostname/amserver/UI/login/goto.....
Now when the user hit the url http://rp1/app1 as the application is protected it redirect the user to
http://hostname/amserver/UI/login/goto..... and it is visible to user which should not be.
I want that actual url shud not be shown to the user so i also try to map
http://hostname/amserver/UI/login with reverse proxy url (new).
but then it gives me HTTP 403 error.
I want to know in case of reverse proxy if the destination url redirect the request to some other application how can we avoid the user to show the actual redirection url and show him some proxy url so that user will not be know the url where actually the applications are deployed.
Please help.
Any pointer will be really helpful.
Thanks in advance.

Hi,
pease try the JDeveloper forum
JDeveloper and ADF
Frank

Portal with reverse proxy

I have been trying to implement my portal with a reverse proxy as described in the whitepaper Oracle9iASPortal Configuration Options dated Dec 2000. It hasn't gone well. I did get it to work on a plain portal with no users or customizations but now when I try to set it up with a portal with minor configuration changes, it no longer works thru the reverse proxy. Has anyone had success using Oracle9iASPortal v 1.0.2.1 with a reverse proxy?

The 9.0.4 Portal Configuration Guide has a section about setting this up:
5.6 Configuring Reverse Proxy Servers
The 9.0.4 documentation library can be found on OTN:
http://www.oracle.com/technology/documentation/appserver10g.html

Sharepoint 2013 + Windows Server 2012 as reverse proxy

Hello All -
I'd like to ask if anyone has any experience with the new Windows Server 2012 (reverse) proxy, in providing a single sign-on service to Sharepoint 2013.
Scenario:
My client has a Sharepoint 2013 with 3 web applications (portal, teamsites, mysites). All three URLs are available externally via HTTPS only. All clients have AD credentials (no requirement for claims based authentication), although this includes 3 domains
in two different forests (trusts exist). Everything is already configured to allow clients access from domain-joined devices.
My client would like mobile devices (not domain-joined) to be able to access the three web applications without repeated logon prompts. Browser default settings must be used, they do not want to instruct people to perform any configuration on their mobile
device - it all has to work "out of the box" from the client side. Clients will be using iPads and iPhones with Safari, Windows Phones, Androids etc.
I'm considering proposing the use of a reverse-proxy, and rather than using the now depracated Forefront TMG or probably soon-to-be depracated UAG, I would like to jump straight in to the new and very cool looking Windows 2012 proxy server.
It's my understanding that this will provide a single sign-on service in this scenario. I'm unsure whether an ADFS server is also required even for pass-through, the information available is unclear, and also whether any special configuration is required
to a domain controller (DCs in the environment are all 2008R2, with 2008R2 functional level).
I would appreciate it if anyone could give an overview or point me in the direction of some accurate documentation regarding all of the above. Most importantly, if any of my assumptions above seem incorrect, please let me know.
Thank you!
sysadmin

I've heard no supportability statement with SharePoint and the Web Application Proxy (likely because it isn't GA yet). However, it does use ADFS for SSO, so you'll have to SAML-enable your Web Applications. The only downside to this is if you
use anything that is SAML-unfriendly, like PowerPivot [Data Refresh] and at least in 2010, Visio Services and InfoPath Forms Services.
Trevor Seward, MCC
Follow or contact me at...
&nbsp&nbsp
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

401 Unauthorized: Running portal behind an APACHE reverse proxy

Hello to all,
we've got following scenario:
www <-HTTPS-> APACHE (external SSL termination) <-HTTPS-> portal
If I call the internal URL (https://backend.xy.de:443/irj/portal) of the portal,
I'll be redirected to the logon servlet and logon to the portal application is possible.
Now we set up a APACHE reverse proxy in oder to access the portal from internet.
I've set up a virtual host:
<VirtualHost test.xy.de:443>
 <Location />
 ProxyPass https://backend.xy.de:443/
 ProxyPassReverse /
 </Location>
</VirtualHost test.xy.de:443>
But now if I call the portal application https://test.xy.de/irj/portal I get the following error:
Unauthorized
This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.
Any idea how to fix this?
Regards Christian

Hello Tobias,
I have adapted your idea, but without success.
I've checked the cookies. No cookies are delivered by the J2EE-Server.
HTTP-ResponseHeader contains following entries:
HTTP/1.1 401 Unauthorized
Date: Thu, 26 Jan 2012 08:31:55 GMT
WWW-Authenticate: Negotiate
Content-Length: 381
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
But its a bit strange.
If I call url https://xy.de/index.html the start page will be displayed.
A log on to system information is possible, but if I try to open the nwa, I get the same error.
So I think this is a problem with the logon servlet. Sites with basic-authentication work.
Calling the logon servlet direct https://xy.de/logon/logonServlet I get the same error.
I don't think, there is a problem with the apache configuration.
If I change the ProxyPass directive to another J2EE server everything works fine.
There is only one difference between both system.
System 1 (error system) is a SAP Netweaver 7.01 SP10
The other system is a SAP Netweaver 7.02 SP 9
Regards Christian
Edited by: Christian Kaiser on Jan 26, 2012 9:53 AM

No presence icons are shown in SharePoint 2010 portal

I have had a trouble with Lync 2013 and SharePoint 2010;though I can see the colored presence orbs in both Outlook 2010 (Exchange Serrver 2010 ) and Lync Client 2010 (Lync Server 2013 Enterprise),no orbs are shown in SharePoint Server 2010 portal
All servers are built in one resource domain, but exchange,lync and SPP accounts are authenticated through one account domain. A login account is related to another one (resource domain) with SID.
If you have any information, please advice.
Best Regards,

Hi maitai007,
If the Microsoft Lync 2010 or Lync 2013 client is not running, or if no user is signed in, the presence status is not available in SharePoint. Make sure that the user is signed in to Lync and that presence is working correctly in the Lync client.
Click the link below for more information.
Lync presence is unavailable or missing in SharePoint sites
http://support.microsoft.com/kb/2813701
Best regards,
Eric

SharePoint 2010 search webservices compatibility with SharePoint 2013

Please let us know whether the SharePoint 2010 search webservice is compatible with SharePoint 2013.
When we try to hit the SharePoint 2013 search service with the query developed in the Sharepoint 2010 , we are getting "System.Not supported" exception as response from server.
Below is the search query we are using:
"<soap:Envelope xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\">"
 + "<soap:Body>"
 + "<Query xmlns=\"urn:Microsoft.Search\">"
 + "<queryXml>"
 + "<QueryPacket xmlns=\"urn:Microsoft.Search.Query\">"
 + "<Query>"
 + "<Range><StartAt>1</StartAt><Count>50</Count></Range>"
 + "<SupportedFormats>"
 + "<Format>urn:Microsoft.Search.Response.Document:Document</Format>"
 + "</SupportedFormats>"
 + "<Context>"
 + "<QueryText type=\"MSSQLFT\"> SELECT fileName,Title,Path,Write,SiteName,URL,FileExtension,isDocument,contentClass FROM scope() WHERE CONTAINS(Path, SITE_PORT)
and (contentClass = 'STS_Web' OR contentClass = 'STS_ListItem_DocumentLibrary' OR contentClass = 'STS_List_DocumentLibrary') ORDER BY lastModifiedTime DESC </QueryText>"
 + "</Context>"
 + "</Query>"
 + "</QueryPacket>"
 + "</queryXml>"
 + "</Query>"
 + "</soap:Body>"
 + "</soap:Envelope>";
Please help

Hi Raghuramk,
is the web service is a search query web service? if yes, i suppose sharepoint 2013 already deprecated,
Search Query web service
Description: The Search Query web service is deprecated in SharePoint 2013.
In SharePoint Server 2010, the Search Query web service exposes the SharePoint Enterprise Search capabilities to client applications. This enables you to access search results from client and web applications outside the context of a SharePoint site.
Reason for change: The Search Query web service is deprecated because the client object model (CSOM) and a new REST-based web service are available for developing Office-wide extensibility scenarios. The CSOM exposes the same functionality
as the Search Query web service, and a larger set of functionality for stand-alone client applications.
http://technet.microsoft.com/en-us/library/ff607742.aspx#section2
Regards,
Aries
Microsoft Online Community Support
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Load Balancing with Reverse Proxy Plug-in in SunOne 6.1

Hello
we are configuring our reverse proxy web server SunOn 6.1 for load balancing and we have some conflicting information that we have found on the internet. The options we have found are the following:
1- In one case, it seems that all we need to do is add the destination servers to the servers parameter (quoted, space-delimited). We have read that the proxy server will simply round-robin requests.
2- In another case, we have seen that we have to use an loadbalancer.xml file with the server names and reference the file from both magnus.conf and obj.conf.
I have doubts about the second option because I really think this is configuration in 7.0 not 6.1.
Also, I also need to configure session stickiness but it is not clear how this works. There is an option for sticky cookies that defaults to JSESSIONID if not configured. Does this mean that I will have session stickiness but simply without the use of cookies?
ANY HELP? We need to solve this in the next day.

HI,
This may work for you.
obj.conf
<Object name="passthrough1">
Service fn="service-passthrough" servers="http://localhost:8080"
</Object>
<Object name="default">
AuthTrans fn="match-browser" browser="MSIE" ssl-unclean-shutdown="true"
NameTrans fn="assign-name" from="/idm(|/*)" name="passthrough1"
NameTrans fn="ntrans-j2ee" name="j2ee"
NameTrans fn="pfx2dir" from="/mc-icons" dir="D:/Sun/WebServer6.1/ns-icons" name="es-internal"
NameTrans fn="document-root" root="$docroot"
PathCheck fn="nt-uri-clean"
PathCheck fn="check-acl" acl="default"
PathCheck fn="find-pathinfo"
PathCheck fn="find-index" index-names="intro.htm,index.html,home.html,index.jsp"
ObjectType fn="type-by-extension"
ObjectType fn="force-type" type="text/plain"
Service method="(GET|HEAD)" type="magnus-internal/imagemap" fn="imagemap"
Service method="(GET|HEAD)" type="magnus-internal/directory" fn="index-common"
Service method="(GET|HEAD|POST)" type="~magnus-internal/" fn="send-file"
Service method="TRACE" fn="service-trace"
Error fn="error-j2ee"
AddLog fn="flex-log" name="access"
</Object>
<Object name="j2ee">
Service fn="service-j2ee" method="*"
</Object>
<Object name="cgi">
ObjectType fn="force-type" type="magnus-internal/cgi"
Service fn="send-cgi"
</Object>
<Object name="es-internal">
PathCheck fn="check-acl" acl="es-internal"
</Object>
============================================
magnus.conf
# The NetsiteRoot, ServerName, and ServerID directives are DEPRECATED.
# They will not be supported in future releases of the Web Server.
NetsiteRoot D:/Sun/WebServer6.1
ServerName abc
ServerID https-www.abc.com
RqThrottle 128
DNS off
Security off
ExtraPath D:/Sun/WebServer6.1/bin/https/bin
Init fn=flex-init access="$accesslog" format.access="%Ses->client.ip% - %Req->vars.auth-user% [%SYSDATE%] \"%Req->reqpb.clf-request%\" %Req->srvhdrs.clf-status% %Req->srvhdrs.content-length%"
Init fn="load-modules" shlib="D:/Sun/WebServer6.1/bin/https/bin/j2eeplugin.dll" shlib_flags="(global|now)"
Init fn="load-modules" shlib="D:/Sun/WebServer6.1/plugins/passthrough/passthrough.dll"

HCI/ECC connection issue with reverse proxy

Hi,
we are struggling to set up the connection from C4C to ECC using a reverse proxy (apache).
Thank you for any help!
Best Regards
Florian
Our apache config is as follows:
<VirtualHost *:443>
ServerName customer.reverseproxy.com
SSLEngine On
SSLProxyEngine On
ErrorLog /var/www/customer/log/error.log
Customlog /var/www/customer/log/access.log "common"
# TransferLog "<Apache_home>/logs/access.log"
# Offical SSL Certificate for customer.reverseproxy.com
SSLCertificateFile "/etc/apache2/ssl/customer/customer_cert.pem"
SSLCertificateKeyFile "/etc/apache2/ssl/customer/customer_key_np.pem"
SSLCACertificateFile "/etc/apache2/ssl/customer/SSL123_CA_Bundle.pem"
# SSLCertificateChainFile "<Apache_home>/conf/proxy-server-ca.crt" # activate the client certificate authentication
#SSLCertificateChainFile "/etc/apache2/ssl/customer/SAP-CA.crt"
# Signing CA's for SAP client certificate (Baltimore CyberTrust Root & Verizon Public SureServer CA G14-SHA2 + more)
SSLCertificateChainFile "/etc/apache2/ssl/customer/SAPClientCA.pem"
SSLVerifyClient require
SSLVerifyDepth 10
SSLOptions +ExportCertData +StdEnvVars
# CA's from SAP and customer for backend connections between Proxy and SAP system (Baltimore CyberTrust Root & Verizon Public SureServer CA G14-SHA2 + more)
SSLProxyCACertificateFile "/etc/apache2/ssl/customer/SAP-CA.crt"
# SSLProxyMachineCertificateFile <Apache_home>/conf/proxy-client.pem
# initialize the special headers to a blank value to avoid http header forgeries
RequestHeader set SSL_CLIENT_CERT ""
<Location />
 # add SSL_CLIENT_CERT header to forward real client certificate
 RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s"
 ProxyPass https://sap.internal.com:8300/
 ProxyPassReverse https://sap.internal.com:8300/
</Location>
</VirtualHost>
On the HCI we get the following error shown
Message Processing Log{
ContextName = com.sap.scenarios.cod2erp.customermaster.replicate
IntermediateError = true
MessageGuid = AFU2MVOblsS5yIwpSvYiCt7XnLaT
Node = vsaxxxxxx.od.sap.biz
OverallStatus = FAILED
ReceiverId = Q47_
StartTime = Tue Apr 21 11:15:31 UTC 2015
StopTime = Tue Apr 21 11:15:31 UTC 2015
Children [
 Invoked endpoint{
 Cxf.EndpointAddress = https://HCI.intaas.hana.ondemand.com/cxf/COD/ERP/BP_MASTER_REPLICATION
 Error = Inbound processing in endpoint at https://HCI.intaas.hana.ondemand.com/cxf/COD/ERP/BP_MASTER_REPLICATION failed with message "Sequential processing failed for number 0. Exchange[Message: [Body is not logged]]. Caused by: [org.apache.cxf.interceptor.Fault - Could not send Message.]", caused by "SunCertPathBuilderException:unable to find valid certification path to requested target"
 StartTime = Tue Apr 21 11:15:31 UTC 2015
 Status = FAILED
 StopTime = Tue Apr 21 11:15:31 UTC 2015
 Children [
 Entering Camel route route52{
 StartTime = Tue Apr 21 11:15:31 UTC 2015
 Children [
 Exchange ID-vsaxxxxxx-od-sap-biz-40387-1427614280233-51-38 created in Endpoint[cxf://bean:my308416_]{
 StartTime = Tue Apr 21 11:15:31 UTC 2015
 Children [
 Processing exchange ID-vsaxxxxxx-od-sap-biz-40387-1427614280233-51-38 in ref:encodingProcessor{
 StartTime = Tue Apr 21 11:15:31 UTC 2015
 StepId = process151
 StopTime = Tue Apr 21 11:15:31 UTC 2015
 Children [
 Processing exchange ID-vsaxxxxxx-od-sap-biz-40387-1427614280233-51-38 in removeHeaders[*]{
 StartTime = Tue Apr 21 11:15:31 UTC 2015
 StepId = removeHeaders52
 StopTime = Tue Apr 21 11:15:31 UTC 2015
 Children [
 Processing exchange ID-vsaxxxxxx-od-sap-biz-40387-1427614280233-51-38 in setHeader[MessageId]{
 StartTime = Tue Apr 21 11:15:31 UTC 2015
 StepId = setHeader76
 StopTime = Tue Apr 21 11:15:31 UTC 2015
 Children [
 Processing exchange ID-vsaxxxxxx-od-sap-biz-40387-1427614280233-51-38 in sap-map-pi:COD_ERP_BusinessPartnerERPBulkReplicateRequest{
 Sent To URI = sap-map-pi://COD_ERP_BusinessPartnerERPBulkReplicateRequest
 StartTime = Tue Apr 21 11:15:31 UTC 2015
 StepId = CallActivity_1
 StopTime = Tue Apr 21 11:15:31 UTC 2015
 Time Taken = 11
 Children [
 Processing exchange ID-vsaxxxxxx-od-sap-biz-40387-1427614280233-51-38 in ref:idocOutboundRequest{
 StartTime = Tue Apr 21 11:15:31 UTC 2015
 StepId = process152
 StopTime = Tue Apr 21 11:15:31 UTC 2015
 com.sap.sod.utils.idoc.soap.messageid= 00163E0CB1A01EE4BA82F713C72AD65B
 Children [
 Processing exchange ID-vsaxxxxxx-od-sap-biz-40387-1427614280233-51-38 in split[bean{idocPackageSplitter, method=split}]{
 Error = org.apache.camel.CamelExchangeException: Sequential processing failed for number 0. Exchange[Message: [Body is not logged]]. Caused by: [org.apache.cxf.interceptor.Fault - Could not send Message.], cause: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 StartTime = Tue Apr 21 11:15:31 UTC 2015
 StepId = CallActivity_2
 StopTime = Tue Apr 21 11:15:31 UTC 2015
 Children [
 Successor Exchange ID-vsaxxxxxx-od-sap-biz-40387-1427614280233-51-39 created with reference to Exchange ID-vsaxxxxxx-od-sap-biz-40387-1427614280233-51-38{
 StartTime = Tue Apr 21 11:15:31 UTC 2015
 StopTime = Tue Apr 21 11:15:31 UTC 2015
 Children [
 Processing exchange ID-vsaxxxxxx-od-sap-biz-40387-1427614280233-51-39 in setHeader[SapIDocContentType]{
 StartTime = Tue Apr 21 11:15:31 UTC 2015
 StepId = setHeader77
 StopTime = Tue Apr 21 11:15:31 UTC 2015
 Children [
 Processing exchange ID-vsaxxxxxx-od-sap-biz-40387-1427614280233-51-39 in removeHeader[ssl_client_cert]{
 StartTime = Tue Apr 21 11:15:31 UTC 2015
 StepId = removeHeader197
 StopTime = Tue Apr 21 11:15:31 UTC 2015
 Children [
 Processing exchange ID-vsaxxxxxx-od-sap-biz-40387-1427614280233-51-39 in removeHeader[ssl_client_user]{
 StartTime = Tue Apr 21 11:15:31 UTC 2015
 StepId = removeHeader198
 StopTime = Tue Apr 21 11:15:31 UTC 2015
 Children [
 Processing exchange ID-vsaxxxxxx-od-sap-biz-40387-1427614280233-51-39 in removeHeader[operationName]{
 StartTime = Tue Apr 21 11:15:31 UTC 2015
 StepId = removeHeader199
 StopTime = Tue Apr 21 11:15:31 UTC 2015
 Children [
 Processing exchange ID-vsaxxxxxx-od-sap-biz-40387-1427614280233-51-39 in removeHeader[operationNamespace]{
 StartTime = Tue Apr 21 11:15:31 UTC 2015
 StepId = removeHeader200
 StopTime = Tue Apr 21 11:15:31 UTC 2015
 Children [
 Processing exchange ID-vsaxxxxxx-od-sap-biz-40387-1427614280233-51-39 in cxf:bean:Q47_{
 Error = org.apache.cxf.interceptor.Fault: Could not send Message., cause: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 Sent To URI = cxf://bean:Q47_
 StartTime = Tue Apr 21 11:15:31 UTC 2015
 StepId = MessageFlow_2
 StopTime = Tue Apr 21 11:15:31 UTC 2015
 Time Taken = 123
 Children [
 Sent message to endpoint{
 Cxf.EndpointAddress = https://customer.reverseproxy.com:443/sap/bc/srt/idoc?sap-client=310
 Error = Outbound processing in endpoint at https://customer.reverseproxy.com:443/sap/bc/srt/idoc?sap-client=310 failed with message "Could not send Message.", caused by "SunCertPathBuilderException:unable to find valid certification path to requested target"
 StartTime = Tue Apr 21 11:15:31 UTC 2015
 Status = FAILED
 StopTime = Tue Apr 21 11:15:31 UTC 2015
 Exchange ID-vsaxxxxxx-od-sap-biz-40387-1427614280233-51-39 failed{
 StartTime = Tue Apr 21 11:15:31 UTC 2015
 Status = FAILED
 Exchange ID-vsaxxxxxx-od-sap-biz-40387-1427614280233-51-38 failed{
 StartTime = Tue Apr 21 11:15:31 UTC 2015
 Status = FAILED
 Children [
 Exiting Camel route route52{
 StartTime = Tue Apr 21 11:15:31 UTC 2015
ReceiverIds [
 Q47_

Hi Abinash,
now we are one step further and receive a HTTP 401 on the reverse proxy. It looks like the client cert from HCI is not handled correctly. Can you help?
Best Regards
Florian
HCI log
Sent message to endpoint{
Cxf.EndpointAddress = https://customer.reverse.com:443/sap/bc/srt/idoc?sap-client=310
Error = Outbound processing in endpoint at https://customer.reverse.com:443/sap/bc/srt/idoc?sap-client=310 failed with message "HTTP response '401: Unauthorized' when communicating with https://customer.reverse.com:443/sap/bc/srt/idoc?sap-client=310"
StartTime = Fri Apr 24 11:03:12 UTC 2015
Status = FAILED
StopTime = Fri Apr 24 11:03:12 UTC 2015
Apache config
<VirtualHost *:443>
ServerName cuscrm.webmail.cus.com
SSLEngine On
SSLProxyEngine On
ErrorLog /var/www/cuscrm/log/error.log
Customlog /var/www/cuscrm/log/access.log "common"
# TransferLog "<Apache_home>/logs/access.log"
# Offical SSL Certificate for cuscrm.webmail.cus.com
SSLCertificateFile "/etc/apache2/ssl/cuscrm/cuscrm_cert.pem"
SSLCertificateKeyFile "/etc/apache2/ssl/cuscrm/cuscrm_key_np.pem"
SSLCertificateChainFile "/etc/apache2/ssl/cuscrm/ThawteCAChain.pem"
# SAP Baltimore Cybertrust Chain for Client authentication
SSLCACertificateFile "/etc/apache2/ssl/cuscrm/SAPCybertrust.pem"
SSLVerifyClient require
SSLVerifyDepth 10
SSLOptions +ExportCertData +StdEnvVars
# CA's from SAP and Schunk for backend connections between Proxy and SAP system
#SSLProxyCACertificateFile "/etc/apache2/ssl/cuscrm/SAP-CA.crt"
SSLProxyCACertificateFile "/etc/apache2/ssl/cuscrm/SAPCHAIN.pem"
# SSLProxyMachineCertificateFile <Apache_home>/conf/proxy-client.pem
# initialize the special headers to a blank value to avoid http header forgeries
RequestHeader set SSL_CLIENT_CERT ""
<Location />
# add SSL_CLIENT_CERT header to forward real client certificate
RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s"
ProxyPass https://internal.sap:8300/
ProxyPassReverse https://internal.sap:8300/
</Location>
</VirtualHost>

Move sharepoint 2010 list to 2013 with lookup columns

Hi all,
Iam planning to move my sharepoint 2010 list to 2013.I done this using save site as template.But the look up columns are showing empty data.Can u please let me know the best solution to do this.
Regards,
Praveen

The reason the lookup column doesn’t work anymore in your SharePoint 2013 list is because Save
Site as Template, preserve all the list settings. Therefore, the lookup column still points to the original list which
was located on your SharePoint 2010 list. The lookup column stores GUID of the web, list, and the field to which it points
and GUID are unique IDs that identifies a list/library/site/feature in a farm.
Using SharePoint Manager you can find the LookupList, LookupWebId and LookupField of
your old SharePoint 2010 lookup column and compare it with your new 2013 lookup column. You will see the difference.
There are two approach to get your values in lookup again.
1(a). Create a new list and update the lookup values.
1(b). Delete the lookup column and create a new lookup column and point it to the new list created in the above point.
2. Update the SchemaXml property
of the lookup column through SharePoint Manager.
I will provide you with a good reference on how to use SharePoint Manager while managing your lookup columns. http://blog.johnsworkshop.net/moving-lists-with-lookup-columns-inside-your-site-collection/
Please remember to click 'Mark as Answer' and Vote as Helpful if the reply answers your query.

SharePoint 2010 portal on DMZ with reverse proxy

Similar Messages

Maybe you are looking for