UAG 2010 - SharePoint Redirect using Direct URLs

In the Initial Internal Application section on our single UAG 2010 trunk our SharePoint2007 application is listed as the Portal home page and the Display home page within portal frame is checked. Users log into the UAG and the next page is our SharePoint2007
site that is inside of a frame, the standard UAG portal toolbar is above. We have a tab within the SharePoint 2007 site that opens up a SharePoint 2010 site in the same frame which works great. If user right clicks in IE and chooses to
open in a new tab/window the SharePoint 2010 site comes up but there is no portal toolbar. This is the same thing that happens if an application is set to open in a new window, the new window does not have the portal toolbar. The goal is to
always have the Portal Toolbar visible regardless however not really sure how to make that happen. Is this actually possible, if so how?

Similar Messages

I accessed the page protected by ADF security using direct url access attac

hi,
I played with my application which is based on SRDemo code (with added ADF security handling protection of resources) using direct url access scenarios. I was able to access a protected page as authenticated but not authorized user. I'll try to explain what I did.
There are two folders/web resources in my application, faces/folderA/* and faces/folderB/*.
roleA only is configured to access first web resource and the roleB is configured to access the second resource.
I used ADF security to authorize only roleA for page in folderA and to authorize only roleB for page in folderB.
I configured error pages in web.xml:
<error-page>
<error-code>400</error-code>
<location>faces/error/error400.jspx</location>
</error-page>
<error-page>
<error-code>401</error-code>
<location>faces/error/error401.jspx</location>
</error-page>
<error-page>
<error-code>403</error-code>
<location>faces/error/error403.jspx</location>
</error-page>
<error-page>
<error-code>404</error-code>
<location>faces/error/error404.jspx</location>
</error-page>
<error-page>
<exception-type>java.lang.Throwable</exception-type>
<location>faces/error/error500.jspx</location>
</error-page>
Other config params are:
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>infrastructure/ABLogin.jspx</form-login-page>
<form-error-page>faces/error/error401.jspx</form-error-page>
</form-login-config>
</login-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>AB Prototype</web-resource-name>
<url-pattern>faces/ABAbout.jspx</url-pattern>
<url-pattern>faces/ABHelp.jspx</url-pattern>
<url-pattern>faces/ABLogout.jspx</url-pattern>
<url-pattern>faces/ABWelcome.jspx</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>A</role-name>
<role-name>B</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>AZone</web-resource-name>
<url-pattern>faces/folderA/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>A</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>BZone</web-resource-name>
<url-pattern>faces/folderB/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>B</role-name>
</auth-constraint>
</security-constraint>
<filter>
<filter-name>adfBindings</filter-name>
<filter-class>oracle.adf.model.servlet.ADFBindingFilter</filter-class>
<init-param>
<param-name>unauthorizedErrorPage</param-name>
<param-value>faces/error/error401.jspx</param-value>
</init-param>
</filter>
<filter>
<filter-name>adfFaces</filter-name>
<filter-class>oracle.adf.view.faces.webapp.AdfFacesFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>adfBindings</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>adfBindings</filter-name>
<url-pattern>*.jspx</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>adfFaces</filter-name>
<url-pattern>*.jsp</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>adfFaces</filter-name>
<url-pattern>*.jspx</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>resources</servlet-name>
<servlet-class>oracle.adf.view.faces.webapp.ResourceServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>adfAuthentication</servlet-name>
<servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
Once I authenticated as user in roleA I was trying to directly access URLs accessible only by users in roleB. In the beginning everything worked OK: I was dispatched to error401.jspx page with message Not authorized... etc.
But I kept trying to access different URLs, like http://localhost:8988/AB/faces, http://localhost:8988/AB/faces/folderB, http://localhost:8988/AB/faces/folderB/pageB.jspx, http://localhost:8988/AB
(not necessarily in that order, I played for a couple of minutes and the system would always dispatch to error401.jspx page if unauthorized attempt. But all of sudden, to my surprise, I got the pageB.jspx page while logged in as user belonging to roleA!)
Not sure how that happened but the connectedUser on pageB (#{userInfo.authenticated}) shows that I am logged in as user whose role is A.
I checked Authorization in ADF security and it is still correct: pageB is only accessible to roleB and pageA is only accessible to roleA.
I hope I made some stupid mistake in my configuration?

Hi,
ADF Security is JAAS permission based and not container managed. Note that unless you explicitly configured ADF Security you don't use ADF Security but container managed security, which is all that I can see in your configurations.
Not sure which version fo JDeveloper you use, but if you could change the following setting
<security-constraint>
<web-resource-collection>
<web-resource-name>AZone</web-resource-name>
<url-pattern>faces/folderA/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>A</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>BZone</web-resource-name>
<url-pattern>faces/folderB/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>B</role-name>
</auth-constraint>
</security-constraint>
to contain jspx file references instead of wildcards like in faces/folderB/* then what you see should no longer be possible. There was a known issue with the security settings in SRDemo that was caused by a defect in OC4J container managed security. I would expect this issue to be fixed in a more recent version of OC4J.
However, the work around until then is to protect all JSPX files in a directory instead of using wild card matches
Frank

How do I query a SharePoint List using a url and filtering on date?

I am reading a SharePoint list using jquery. Everything is working fine
except for the filter. Each list item has an expiration date. I want to retrieve JUST the items that have not expired (Expires > Today) but I can't figure out the url syntax and I've been searching all day for an example and
can't find one. Could someone please help?!? See bold code below.
Thanks,
Glen
$(document).ready(function ()
<strong>var qryWCFUrl = "/sites/MMTP1/_vti_bin/listdata.svc/MMAlerts?$filter=(Expires gt '08/10/2011')&$orderby=Title";
</strong> $.getJSON(qryWCFUrl, function (results)
$.each(results.d.results, function (i, mmAlert)
itemID = mmAlert.Id;
mmTitle = mmAlert.Title;
mmClass = mmAlert.ClassValue;
//alert("Item="+itemID+" Title="+mmTitle+" Class="+mmClass);
AddMMStatus(mmAlert.Id,mmAlert.Title,mmAlert.ClassValue);

Fadi,
Thanks for your response. I actually have another version of the code that uses the SP client objects that works. The problem is site boundries. Let me give a more complete project explanation.
I am creating a master page for a new intranet. As part of this master page, I want to read from an SP list of alerts and post each alert (if not expired) in the SP status bar. I've gotten this to work with SP client objects and jquery (except
for the date filter part). Both of these solutions work fine on the top site level. BUT when trying it out at the sub-site level, the SP client objects version of my code fails. The jQuery version works except the date filtering.
I looked at the example from your link and it looks like a bit of a hybrid to my approaches: JQuery with CAML. My question is; does this example permit me to access a list in the top-level site from the subsites? Please excuse my ignorance,
but I am an EXTREME newbie in this having spent the past 8 years as a VB.Net developer and a little bit of ASP.Net.
Below are the two different versions of my code in different versions of my master page definition:
SP Client Object Version
<script type="text/javascript">
// <![CDATA[
ExecuteOrDelayUntilScriptLoaded(LoadAlerts, "sp.js");
var ctx;
var currAlerts;
function LoadAlerts() {
ctx = new SP.ClientContext.get_current();
list = ctx.get_web().get_lists('/sites/MMTP1/Lists/').getByTitle('MMAlerts');
var cmlQry = new SP.CamlQuery();
var camlExp = '<query><Query><Where><Gt><FieldRef Name="Expires" /><Value IncludeTimeValue="FALSE" Type="DateTime"><Today /></Value></Gt></Where></Query></query>';
cmlQry.set_viewXml(camlExp);
currAlerts = list.getItems(cmlQry);
ctx.load(currAlerts,'Include(ID,Title,Class)');
ctx.executeQueryAsync(GetAlertsSuccess,GetAlertsFailed);
function GetAlertsSuccess() {
var lstEnum = currAlerts.getEnumerator();
while(lstEnum.moveNext()) {
var mmAlert = lstEnum.get_current();
AddMMStatus(mmAlert.get_item('ID'),mmAlert.get_item('Title'),mmAlert.get_item('Class'));
function GetAlertsFailed(sender,args) {
alert('Alerts load failed: ' + args.tostring);
function AddMMStatus(msgID, strTitle, strClass) {
var statID;
var statClass;
var statTitle;
statClass = "<a href=\"#\" onclick=\"javascript:DisplayAlert("+msgID+");\">" + strClass + ": </a>";
statTitle = "<a href=\"#\" onclick=\"javascript:DisplayAlert("+msgID+");\">" + strTitle + "</a>";
statID = SP.UI.Status.addStatus(statClass, statTitle, true);
SP.UI.Status.setStatusPriColor(statID,"red");
function DisplayAlert(msgID) {
var options = {
title: "Miller & Martin Alert!",
url: "/sites/MMTP1/SitePages/ShowAlert02.aspx?ID="+msgID,
allowMaximize: false,
showClose: true
SP.UI.ModalDialog.showModalDialog(options);
// ]]>
</script>
JQuery Version (works except for filtering by date)
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
<script type="text/javascript" >
// <![CDATA[
var itemID;
var mmTitle;
var mmClass;
$(document).ready(function ()
var qryWCFUrl = "/sites/MMTP1/_vti_bin/listdata.svc/MMAlerts?$filter=(Expires gt '08/10/2011')&$orderby=Title";
$.getJSON(qryWCFUrl, function (results)
$.each(results.d.results, function (i, mmAlert)
itemID = mmAlert.Id;
mmTitle = mmAlert.Title;
mmClass = mmAlert.ClassValue;
AddMMStatus(mmAlert.Id,mmAlert.Title,mmAlert.ClassValue);
function AddMMStatus(msgID, strTitle, strClass, strSeverity) {
var statID;
var statClass;
var statTitle;
statClass = "<div id=\"mmAlertTitle\" style=\"display:inline-block;\"><a href=\"#\" onclick=\"javascript:DisplayAlert("+msgID+");\">" + strClass + ": </a></div>";
statTitle = "<div id=\"mmAlertDetail\" style=\"display:inline-block;\"><a href=\"#\" onclick=\"javascript:DisplayAlert("+msgID+");\">" + strTitle + "</a></div>";
statID = SP.UI.Status.addStatus(statClass, statTitle, true);
SP.UI.Status.setStatusPriColor(statID,"green");
function DisplayAlert(msgID) {
var options = {
title: "Miller & Martin Alert!",
url: "/sites/MMTP1/SitePages/ShowAlert02.aspx?ID="+msgID,
allowMaximize: false,
showClose: true
SP.UI.ModalDialog.showModalDialog(options);
// ]]>
</script>

"This document could not be checked out." SharePoint 2010 checkout action using IE8

I am setting up a two-server farm, and most everything works, except the checkout action for a document. This problem occurs in both site collections, one of which requires checkout, and the other does not.
Here are the options I've tried:
Snow Leopard, Firefox 3.0.1 - works
Snow Leopard, Safari - works
Win 2003, IE 7 - works
XP, Firefox - works
XP, IE 8 - "This document could not be checked out. You may not have permission to check out the document or it is already checked out or locked for editing by another user."
In IE8, I am able to open a document as read only then use the button presented by Word to check out the document. I cannot use that as a workaround, as not all users have a version of Office that will allow checkout in that way.
Checkin works fine. I need to resolve the checkout error.

I was having the same problem mentioned here. I noted that this problem only appears when I use the FQDN in the URL ex 'http://hostname.domain.com/default.aspx'. If I access the Sharepoint site using the URL 'http://hostname/default.aspx', then
I do not have any problems checking files in or out.
I ran into this same error pattern when trying to do a document edit (library is set to force a check out), or do a direct check out via the ribbon menu or item context menu. Oddly enough when we would use the 'Edit Properties' ribbon button (which forces
a check out) we did not get an error and the document's status would change to 'checked out'. Below are the two messages we would receive when trying to do a check out:
IE error message - "This document could not be checked out. You may not have permission to check out this document or it is already checked out or locked by another user." - Click OK
IE Error message - "The document could not be opened for editing. A Microsoft SharePoint Foundation compatible application could not be found to edit the document." - Click OK
After trying several different suggestions I realized that I wasn't having the problem when I was accessing the site locally via FQDN but only when I was using the Public Site URL (via https). Turns out we were getting the error because we did not have
an AAM currectly setup. Once I changed our AAM for the Internet zone with the Public URL value instead of the FQDN the error went away.
Hope this helps anyone else trying to track this down. Oh and this was SP2010 w/SP1 (Patch version 14.0.6106.5001) on Win2008 R2 with clients running both Win7 and WinXP using IE8.

Direct URL for IOBJECT in CRM 7.0

Hello,
we use direct URL to call from external a BUPA, like this:
http://<CRMSERVER>:8000/sap(bD1kZSZjPTAxMCZkPW1pbg==)/bc/bsp/sap/crm_ui_start/default.htm?crm-object-type=BP_ACCOUNT&crm-object-action=B&crm-object-value=32326&crm-object-keyname=PARTNER&saprole=ZVTRSACH
How do i need to change this URL to open directly IOBJECT 30000 instead of this BUPA?
Thank you
Best regards
Manfred

Hello Manfred,
Double check this excellent blog:
/people/poonam.assudani/blog/2007/10/08/call-a-specific-component-and-object-from-outside-crm-using-url
There could be a problem with your mapper class: set a breakpoint in method GET_ENTITY_FROM_UI_OBJECT and see what's going wrong... Also check that you're not missing any customizing entry in your navigation bar profile.
Kind regards,
Nicolas Busson.

Migrating to Sharepoint 2013 from 2010 - Can you use the same URL for the Web Application without affecting the 2010 environment?

Hi,
I am currently trying to migrate our SharePoint 2010 environment to SharePoint 2013. The first thing I'm doing is creating a 2013 development environment to verify that this migration goes smoothly. I'm also doing this so that we will have a testing environment
after the upgrade to 2013 is complete.
So here is my question: I have a 3 tier farm including; 1 app server, 1 wfe, and 1 sql server. I have made a copy of our SharePoint 2010 database and installed that on our sql server 2012 sever (This new environment is on 3 completely separate servers from
our 2010 environment). I have also installed the prereqs and configured SharePoint 2013 on the App server and wfe servers, as well as configuring the necessary service applications (I have created a completely new 2013 database where I will migrate my 2010
database content when I'm ready).
I am now at the point where I need to create a new web application on the 2013 app server, where I will be migrating the copied 2010 database. (Also note that we have a 2010 development site called https://[email protected])
When I go to create a new web application in our 2013 dev environment, can I use the same url (https://[email protected]) to create this web app, or will this screw up our current 2010 dev environment?
I'm new to SharePoint migrations, so I apologize if this is a stupid question.
Thanks in advance for any insight you can share on this!
Boe Barlage

So, what you are recommending is that before I create a web application in my new 2013 environment, I need go into my hosts file on my 2013 app server and alter it to point to my 2013 wfe.
Then after I do that, then I can create my new web application on my 2013 app server with the same url as my 2010 testing environment
(https://[email protected]).
Then after that I should be able to access my new sharepoint 2013 environment at the same URL (https://[email protected])?
I must be missing something.
In your first reply, you told me to alter the host file on my 2010 app server and point it to my 2010
wfe (I guess I thought it probably already is). You also told me to alter the host file on my 2013 app server and point it to my 2013 wfe.
so I am confused on after I do this, what url would I access my 2010 test environment, and what url would
I access my 2013 test environment?
I am fine with having my test environment as a different URL until I am totally ready to roll everything over and kill the 2010 site. But I want to make sure that when I migrate my database, none of the site links are broken.
I also want to make sure that if I proceed this way, I want to be sure that I will be able to modify the URL to what my 2010 environment is (without a lot of headaches) when I am ready to kill the 2010 site.
Thanks again for your help, it's much appreciated!
Boe Barlage

Publish Sharepoint 2013 with UAG 2010 SP3

Hi All,
I'm hoping some of you may be trying to accomplish the same task I am and are seeing similar problems.
We have a single SharePoint 2013 Server running in our forest behind a UAG server that is setup to publish other applications (Exchange and RDS Connections which all works fine). When publishing the SharePoint site following the instructions found
here (http://www.wictorwilen.se/sharepoint-2013-and-unified-access-gateway-uag-2010-service-pack-3) we are presented with the logon to UAG and then
redirected to the SharePoint site where I'm informed that I don't have access to the site. One change that we made to the instructions above was to terminate SSL on the UAG server and are using HTTP to the sharepoint server from UAG.
The SharePoint site shares the same DNS name as the internal network and the users can access the site internally with no issue.
My gut feeling on this issue is that some where UAG is not passing the credentials to the SharePoint server correctly but I'm not able to locate a log to determine failed login attempts. If someone could point me to where that may be that could be
pretty helpful.
Any help that you can provide would be greatly appreciated.
Thanks,
Jeremy,

Hi Jeremy,
Did you ever get this sorted? We've just migrated from Sharepoint 2010 to 2013 and everything looks good - except in the UAG (2010 SP3) that gives a "this site hasnt been shared with you". We also have SSL termination in the UAG, and the internal name is
different from the external name, but it worked in Sharepoint 2010 without this issue. And yes we recreated the application with the 2013 template.
// Kristoffer

Can we use direct planning URL with SSO enabled in 11.1.2.2.300?

Hi,
Oracle is saying you have to use workspace to accesss planning app. We are able to go directly to planning in our current prod environment (11.1.2.0).
But where in 11.1.2.2, we can not use directl planning URL (https://www.ppbebi-dw.army.mil/HyperionPlanning/LogOn.jsp). When you click on this URL, it prompt me to select my login credentials. Once you select your login credentials, it opens planning login page again with my userid and asking password screen.
Oracle saying that they are not supporting using planning by direct URL.
Can you please let us know is there any workaround to use dirrect planning URL instead going thru workspace.
Can I attach screenshots to this thread? I don't know how to attach, please let me know if I can attach.
Thanks
Poorna

Hello,
OUD uses its own embedded database engine, based on Oracle Berkeley DB Java Edition (Oracle Berkeley DB)
It does not rely on any additional external DB.
Sylvain
Please mark this response as correct or helpful when appropriate to make it easier for others to find it

Update Sharepoint 2013 document library folder columns using document url

Hi All,
I have a SharePoint document library. In that library I am having folder name called Folder1. In this folder Folder1 I have 4 files in it. Now. I need to update the status column of these 4 files in Folder1 folder using the url of these 4 files.
So can anyone help me in to solve this problem. I am using SharePoint 2013 and Visual studio 2012. I want the code in C#.
Thanks & Regards,
Kishore
Kishore

Hi,
According to your post, my understanding is that you want to update the field within the folder.
I have made a simple code demo below to update the field within the folder, you can have a look at it.
using (SPSite site = new SPSite("http://YourSiteURL"))
using (SPWeb web = site.OpenWeb())
SPList list = web.Lists.TryGetList("Lib1");
if (list != null)
foreach (SPListItem folderItem in list.Folders)
if (folderItem.Title == "Folder1")
SPListItem item = list.GetItemById(5);
item["Status"] = "Updated";
item.Update();
Console.WriteLine("Field update successfully...");
Thanks & Regards,
Jason
Jason Guo
TechNet Community Support

Webservice https passthru using UAG 2010

Hi Team,
I have an application which need to be allowed from externally using https traffic. Application authentication need to be hadled by the webservice in the backend . Which means i need to allow without authentication in UAG.
I did below steps already and am almost close to the fix. But need your expert advice to proceed please.
1) Created a new trunk and unchecked authentication settings for the trunk
2)Disabled component installation and scripting under session tab
3)Created an application specific web application for the site .
After above am able to access the portal from the browser. But there is an office template update application which uses this URL in the backend. But application traffic is failing throuhg this and below it the error
head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/InternalSite/InitParams.aspx?referrer=/InternalSite/Login.asp&resource%5Fid=DDD75E7316B94F199BFB1B4C3AF3AD2A&login%5Ftype=10&site%5Fname=globaltemplate&secure=1&URLHASH=bb4bf683%2D5644%2D4405%2D87d7%2D61fd457997bd&orig%5Furl=https%3A%2F%2Fgtupdate%2Deu%2Ecorporateroot%2Enet%2F">here</a>.</body>
UAG web monitor logs does not giveany error. But i see for the application trafffic it shows as an un authenticated traffic.
Request to suggest if anyone has clarity on the issue. Also let me know in case you need more details.
Please keep in mind am able to get the page without any authentication pop up thru browser. But not from the application. Thanks in advance

And an update, I did another application publishing on a separate trunk/portal to a similar page
/index.cfm?FuseAction=Programs.Home
And I get the same error. Is there a switch/setting/policy I am missing to allow it to run those?

URL Manipulation when content-type is application/json (with UAG 2010)

Hey,
I got a website published through HTTPS trunk (UAG2010) which works with "application/json" content type at some parts (AJAX objects).
The parts which use applicaton/json content-type are loaded with a bad URL's on the client side (the internal URLs)
How can i configure that UAG will manipulate this content-type? (so the HAT mechanism will manipulate these get requests and responses)
Thank you, Idan.

Hi Idan,
We had a similar issue with internal links not being translated for a particular UAG published website. You'll need to run fiddler or httpwatch from a UAG client to identify the failing URL link extension types, eg .jsp and .RF
Open the trunk configuration, and select the portal tab, click
edit under Search and Replace Response Content.
Under Servers, put the fqdn of the web server / publishing address, and under URLs, add the identified extensions.
We also had to have a custom WhlFiltSecureRemote_HTTPS.xml file created under
Von\Conf\Websites\%trunk_name%\conf\CustomUpdate
which included the defined application type for the published website, and tells UAG when to use the search and replace parser.
Hope that helps.
http://chrisocallaghan.blogspot.com/

Publish Exchange 2013 using UAG 2010 Sp4

Hi,
We need to publish Exchange 2013 through UAG 2010. But we are not getting any dedicated link for UAG 2010 to publish Exchange 2013. we have UAG 2010 with SP4.
Is there any Step by step UAG 2010 configuration link to publish Exchange 2013?
Thanks
jitender

Hi Jitender,
Based on my knowledge, publishing Exchange 2013 with UAG 2010 is similar with publishing Exchange 2010.
I find a related Blog and Guid for your reference:
1. Publishing Exchange Server 2010 with Forefront UAG and TMG
http://blogs.technet.com/b/exchange/archive/2010/07/16/publishing-exchange-server-2010-with-forefront-uag-and-tmg.aspx
2. Publishing Exchange Server 2010 with Forefront Unified Access Gateway 2010 and Forefront Threat Management Gateway 2010
http://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=8946
Please also notice the System requirement of both Exchange 2013 and UAG 2010.
System Requirement
Exchange 2013
http://technet.microsoft.com/en-us/library/aa996719(v=exchg.150).aspx
UAG 2010 SP4
Supported Operating System
Windows Server 2008 R2
Servers running Forefront UAG and SP4 require the following:
• Windows Server 2008 R2 Standard, Windows Server 2008 R2 Enterprise, or Windows Server 2008 R2 DataCenter.
• Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 2
Thanks
Mavis Huang
TechNet Community Support

Access Denied Web Application with Claims authentication NTLM only when using secondary URL

I have a SharePoint 2010 server farm with 2 web front ends, an application server and a database server. Both front ends are internal to
our network and are not behind a load balancer.
NOTE THAT I HAD TO SUBSTITUTE hzzp with hzzp so that I had no links in the body of this post since I am not verified
I setup a new web application called "SharePoint 41171" with:
Public URL:
hzzp://testserver1:41171
Claims authentication
NTLM only: no forms auth
No SSL
New web site "SharePoint 41171"
New app pool
New content database
I create a top level site collection and name mydomain\myusername as the primary site collection admin
I am able to access this site as expected at
hzzp://testserver1:41171 with the aforementioned site collection owner id: mydomain\myusername
I add an alternate access mapping for a secondary URL for this web application in the Intranet zone:
hzzp://iwatest.mydomain.com
So my AAMs for the site read as:
hzzp://testserver1:41171
Default     hzzp://testserver1:41171
hzzp://iwatest.mydomain.com
Intranet     hzzp://iwatest.mydomain.com
When I attempt to log on to
hzzp://iwatest.mydomain.com with the same user name and password, I get "access denied".
I can access this site using
hzzp://iwatest.mydomain.com if I log in as the farm account. This is the only account that seems to work.
Side Note: If I create a separate web application without claims - just NTLM and create the same AAMs, I can login fine with the same secondary
URL and the same user name
IP address properly maps to this machine.
I reviewed the ULS logs and find the following:
10/30/2012 16:20:23.45              w3wp.exe (0x0E78)
                0x1724       SharePoint Foundation              Monitoring
                nasq                        Medium Entering
monitored scope (Request (GET:hzzp://iwatest.mydomain.com:80/_layouts/AccessDenied.aspx?Source=hzzp%3A%2F%2Fiwatest%2Emydomain%2Ecom))
10/30/2012 16:20:23.45              w3wp.exe (0x0E78)
                0x1724       SharePoint Foundation              Logging Correlation Data
      xmnv                        Medium Name=Request (GET:hzzp://iwatest. mydomain.com:80/_layouts/AccessDenied.aspx?Source=hzzp%3A%2F%2Fiwatest%2Emydomain%2Ecom)
8f313b5e-8476-4dd4-9abe-0cb6dbe024b6
10/30/2012 16:20:23.45              w3wp.exe (0x0E78)
                0x1724       SharePoint Foundation              Logging Correlation Data
      xmnv                        Medium Site=/          8f313b5e-8476-4dd4-9abe-0cb6dbe024b6
10/30/2012 16:20:23.45              w3wp.exe (0x0E78)
                0x1724       SharePoint Foundation              General
                   8e2s                        Medium
Unknown SPRequest error occurred. More information: 0x80070005       8f313b5e-8476-4dd4-9abe-0cb6dbe024b6
10/30/2012 16:20:23.45              w3wp.exe (0x0E78)
                0x1724       SharePoint Foundation              Monitoring
                b4ly                        Medium Leaving
Monitored Scope (Request (GET:hzzp://iwatest.mydomain.com:80/_layouts/AccessDenied.aspx?Source=hzzp%3A%2F%2Fiwatest%2Emydomain%2Ecom)). Execution Time=8.66003919492561   8f313b5e-8476-4dd4-9abe-0cb6dbe024b6
Basically it tells me that access is denied. I didnt see anything that stood out here.
I found this article:
hzzp://social.technet.microsoft.com/Forums/en-US/sharepointadminprevious/thread/ded9188b-ee03-4ef0-bb50-3ad138110e0c, which pointed me in the direction of ensuring that the portal
super user and portal reader accounts were properly added to my web application. I followed the every popular article on doing this:
hzzp://technet.microsoft.com/en-us/library/ff758656.aspx, but still no luck. As per the thread, I added the 2 domain accounts to the user policy with appropriate privilege
and then set them as the super user and super reader accounts via powershell, and yes I did prefix those names with "i:0#.w|mydomain\". To be exta sure, I repeated this for all web applications on this server with slightly different powershell steps
depending on wether or not claims was enabled on the web application.
The Claims to Windows Token Service is running.
I saw some mention of ensuring that the secure token service is running with a proper application pool account, but we are not running that service
and I cant imagine what that would have to do with my situation.
I have deleted and readded the web application and repeated these steps to no better effect.
I gave the mydomain\myusername full control for the web application through the user policy, ensured that it was indeed the primary site collection
owner and added it to the default site owners group. None of this helped.
I changed the application pool account to the farm account. No change in behavior.
Rebooted IIS and the machines many times along the way.
Further, when I attempt to sign in as a different user after being denied, I get "an unexpected error has occured message. I found the following
in ULS:
10/30/2012 11:19:03.71 w3wp.exe (0x182C)
0x1210 SharePoint Foundation                 Logging Correlation Data
xmnv     Medium              Name=Request (GET:hzzp://iwatest.mydomain.com:80/_layouts/accessdenied.aspx?loginasanotheruser=true&Source=hzzp%3A%2F%2Fiwatest%2Emydomain%2Ecom)
cc409ec2-4889-42fa-aa7d-9cc4535e4f0e
10/30/2012 11:19:03.71 w3wp.exe (0x182C)
0x1210 SharePoint Foundation                 Logging Correlation Data
xmnv     Medium              Site=/    cc409ec2-4889-42fa-aa7d-9cc4535e4f0e
10/30/2012 11:19:03.72 w3wp.exe (0x182C)
0x1210 SharePoint Foundation                 General
         8e2s                Medium              Unknown SPRequest error occurred.
More information: 0x80070005      cc409ec2-4889-42fa-aa7d-9cc4535e4f0e
10/30/2012 11:19:03.72 w3wp.exe (0x182C)
0x1210 SharePoint Foundation                 Runtime
        tkau                Unexpected       System.NullReferenceException: Object reference not set to an instance
of an object.    at Microsoft.SharePoint.ApplicationPages.AccessDeniedPage.LogInAsAnotherUser()     at Microsoft.SharePoint.ApplicationPages.AccessDeniedPage.OnLoad(EventArgs e)     at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)            cc409ec2-4889-42fa-aa7d-9cc4535e4f0e
10/30/2012 11:19:03.74 w3wp.exe (0x182C)
0x1210 SharePoint Foundation                 Monitoring
b4ly                Medium              Leaving Monitored Scope (Request (GET:hzzp://iwatest.mydomain.com:80/_layouts/accessdenied.aspx?loginasanotheruser=true&Source=hzzp%3A%2F%2Fiwatest%2Emydomain%2Ecom)).
Execution Time=22.5439266722447           cc409ec2-4889-42fa-aa7d-9cc4535e4f0e
By the way, this occurs for the farm account also after a successful login and an attempt to sign in as a different user.
Any help would be greatly appreciated

Thanks spadminspadmin:
I have, though I am not sure that what I've added there is correct:
The URL that I am trying to use to access the web application's IIS site is hxxp://iwatest.mydomain.com. I added a binding to the IIS site as follows:
Type    Host name                      port        IP address
http     iwatest.mydomain.com     41171     *
Is that correct?

UAG 2010 SP4 and Outlook 2011 for MAC

Hi
We have UAG 2010 SP4 with trunk where autodiscover and EWS services are published without pre-authentication (Authorize all users). Exchange 2013 accepts basic auth on services.
RCA tests for Outlook Anywhere are passing and we can configure any windows/Outlook2007+ from internet through UAG using autodiscover.
However with Outlook2011 for MAC does not go through the mail account creation process when connecting to UAG.
According to Outlook logs, it will connect to autodiscover service and receive correct service urls for EWS, OAB etc.
After autodiscover, it tries to connect to EWS which fails and logs following UAG message
"<DIV style=""" id=""Error_Msg"">You are not authorized to access the application.</div>"
However with browser and same credentials I can connect to all service urls and they popup authentication prompt and lets user in. Outlook 2011 MAC works when connecting directly to Exchange so this is 99% sure an UAG issue.
Any suggestion where to look at?

I guess you already went through this http://technet.microsoft.com/en-us/library/ee921443.aspx
On Exchange, there is a command related to Outlook for Mac
Set-CASMailbox -Identity <alias> -EWSAllowEntourage:$True –EWSAllowMacOutlook:$true –EWSAllowList:"*+Mail*"
According to the blog entry below, if you publish with UAG/TMG it has to be enabled on the Organization level :
http://blog.hametbenoit.info/Lists/Posts/Post.aspx?ID=197
Please don't do it in production, it is just a suggestion :)

Creating a new folder in a SharePoint library using C# Windows Application.

I have tried to create a folder within a SharePoint document library. The coding is as follows.
Text Box Name: txtNewFolderName
Button Name : btnCreateNewFolder
private void btnCreateNewFolder_Click(object sender, EventArgs e)
//String parameters for site URL and site name
const string siteUrl = "http://thekingsbury/";
const string siteName = "/SiteDirectory/thekingsbury/";
//Freeze UI
Cursor = Cursors.WaitCursor;
btnCreateNewFolder.Enabled = false;
//Use SPSite constructor to assign site collection based on top-level URL
SPSite siteCollection = new SPSite(siteUrl);
//Assign target site (SPWeb instance) based on site name
SPWeb site = siteCollection.AllWebs[siteName];
//Create an instance of SPDocumentLibrary based on the named doc library list
SPDocumentLibrary docLibrary = (SPDocumentLibrary)site.Lists["Test Library"];
//Create instance of SPFolderCollection and add a named folder based on forms input,
//then update library to reflect added folder
SPFolderCollection myFolders = site.Folders;
myFolders.Add("http://thekingsbury/Test%20Library/" + txtNewFolderName.Text + "/");
docLibrary.Update();
//UI clean-up
Cursor = Cursors.Default;
btnCreateNewFolder.Enabled = true;
Site URL :
http://thekingsbury/
Site Name: thekingsbury
Document Library : Test Library
My problem is when I click the button it gives an error as the following.
The Web application at http://thekingsbury/ could not be found.
Verify that you have typed the URL correctly.
If the URL should be serving existing content, the system administrator may need to add a new request URL mapping to the intended application.
The error shows at the following statement.
"SPSite siteCollection = new SPSite(siteUrl);"
I created both Windows & Web solutions and the result was the same.
Note: I have add the reference to the SharePoint using the Microsoft.SharePoint.dll file. And used the "using Microsoft.SharePoint;" statement.
Please can someone help me on this matter.It's a real paint to me.

The complete solution using an InfoPath 2010 form is as the below.
using Microsoft.Office.InfoPath;
using System;
using System.Xml;
using System.Xml.XPath;
using Microsoft.SharePoint;
using Microsoft.SharePoint.Client;
using Microsoft.SharePoint.Linq;
namespace Create_Folder_In_SharePoint_Library
public partial class FormCode
public void InternalStartup()
((ButtonEvent)EventManager.ControlEvents["btnCreateFolder"]).Clicked += new ClickedEventHandler(btnCreateFolder_Clicked);
public void btnCreateFolder_Clicked(object sender, ClickedEventArgs e)
SPSite mySite = new SPSite("Http://thekingsbury/");
SPWeb myWeb = mySite.OpenWeb();
//Code to retreive the new library.
XPathNavigator xLibraryName = MainDataSource.CreateNavigator();
String NewLibraryName = xLibraryName.SelectSingleNode("/my:myFields/my:LibraryName", NamespaceManager).Value;
//Code to retreive the library description.
XPathNavigator xLibraryDesc = MainDataSource.CreateNavigator();
String NewLibDesc = xLibraryDesc.SelectSingleNode("/my:myFields/my:LibraryDescription", NamespaceManager).Value;
//Code to retreive the new folder name.
XPathNavigator xFolderName = MainDataSource.CreateNavigator();
String NewFolderName = xFolderName.SelectSingleNode("/my:myFields/my:FolderName", NamespaceManager).Value;
//Creating the new library.
myWeb.Lists.Add(NewLibraryName, NewLibDesc, SPListTemplateType.DocumentLibrary);
myWeb.Update();
//Creating the new folder within the new library.
SPDocumentLibrary newDocLibrary = (SPDocumentLibrary)myWeb.Lists[NewLibraryName];
SPFolderCollection newFolders = myWeb.Folders;
newFolders.Add("http://thekingsbury/" + NewLibraryName + "/" + NewFolderName + "/");
newDocLibrary.Update();
I think everyone can use this.
When you are generating a folder always try to avoid reserved characters : ; # $ % ^ a and suchlike.

UAG 2010 - SharePoint Redirect using Direct URLs

Similar Messages

Maybe you are looking for