Untrusted Connection Warnings for One Domain User

I have one domain user that constantly gets "This connection is Untrusted" warnings and has to continually add the exemptions. On a couple of sites the adding of exemptions fail and then get the following under the technical details: "xxxxx uses an invalid security certificate. This certificate is not trusted because no issuer chain was provided. (Error code sec_error_unknown_issuer)" and is unable to go into that site. It only happens to the one domain user and other domain users do not have the same issue of constantly getting the warnings and having to add exemptions and are able to get into the same sites that the exemptions failed on for the affected user. The affected user can go to another computer on the network and not have any issues with the warnings and able to go to any of site. It appears to be the one computer with the affected user's profile. I've tried uninstalling and reinstalling Firefox, including deleting the Mozilla folder under the user's profile application data to no avail. Any ideas for a solution to this issue?

This can also be a problem with the cert8.db file.
Check out why the site is untrusted and click "Technical Details to expand this section.<br>If the certificate is not trusted because no issuer chain was provided (sec_error_unknown_issuer) then see if you can install this intermediate certificate from another source.
You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates.
*Click the link at the bottom of the error page: "I Understand the Risks"
Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate".
*Click the "View..." button and inspect the certificate and check who is the issuer of the certificate.
You can see more Details like intermediate certificates that are used in the Details pane.
If <b>"I Understand the Risks"</b> is missing then this page may be opened in an (i)frame and in that case try the right-click context menu and use "This Frame: Open Frame in New Tab".
*Note that some firewalls monitor (secure) connections and that programs like Sendori or FiddlerRoot can intercept connections and send their own certificate instead of the website's certificate.
*Note that it is not recommended to add a permanent exception in cases like this, so only use it to inspect the certificate.

Similar Messages

  • Outlook 2013 people pane is not showing any items for internal domain users. External contacts works fine

    I have recently purchase a new PC which has Windows 8.1, and Outlook 2013, connected to an exchange 2010 SP3 RU4 server.
    In the People pane, the for External clients, then this box populates correctly, but for internal domain users, it shows "There are no items to show in this view"
    On my OLD PC using XP, and Outlook 2010, connected to the SAME account, then people pane shows correctly for all users.
    Any help appreciated
    regards
    Chris

    Hi Chris,
    I have checked in my Windows 8 and Outlook 2013 with Exchange 2010 SP3 RU4 environment. There are three folders listed under My Contact in my People pane:
    Contacts: The contacts which we added and saved
    manually before.
    Lync Contacts: The contacts we added in Lync.
    Suggested contacts folder: Automatically
    keeps track of everyone you send a message to, but isn’t in your Outlook contacts. Please note that it is different from Auto-Complete List.
    Therefore, I suppose that the meaning of “but for internal domain users, it shows ‘There are no items to show in this view’ ” is that there is no contacts in the
    Contacts folder. Is it right? If I misunderstand, please point it out. And we need to add and save users manually in this folder.
    Thanks,
    Winnie Liang
    TechNet Community Support

  • Is there a fix for Mail keeping 4 connections open for one.......?!

    Is there a fix for Mail keeping 4 connections open for one email account setup as IMAP.......?!
    Im just wondering whether this is possible because it means our company website falls over when the processes go over 25! There are a lot of emails.....
    It is a massive pain and ideally we dont want to upgrade our hosting package if we can help it!
    There must be a way round it?! Someone brainy know any tricks?!

    Ernie Stamper wrote:
    Never have encountered this -- more info, please? What are 4 connections, exactly?
    Very simple: Mail opens one connection for each IMAP mailbox on the account. Typically, this means Inbox, Sent Mail, Drafts, and Trash, but also includes Apple Mail To Do and Junk and any mailboxes/folders the user has created.
    The problem is that Mail is keeping these connections open when it's done checking for new mail, even when *Use IDLE command if server supports it* is not enabled. With 4 email accounts on one server, this causes a "500 Internal Server Error" because there are too many processes running. As soon as I quit Mail, my web server resumes serving pages.
    Message was edited by: Don Morris

  • Ship-To Address not getting picked for one particular user

    Hi SRM Gurus,
    I am working on SRM5.0 system with ECC6.0 as backend.
    For one particular SRM user, the Ship-To address number which has been maintained in his attributes through transaction PPOMA_BBP, as default delivery address, is not populated when he creates a SC.
    This default ship-to address is not seen while creating the cart even though the address can be found via the F4 search help in the same SC.
    Can anyone tell me why this is happening for one particular user?
    Please note that this problem is occuring even when the user is shopping for self and creating a new SC (no copying from template). So SAP note 1055203 is not valid in my case.
    I have checked the ADRC table, and this address number exists. Infact, when I assign this address number to some other user's Ship-To attribute, this default delivery address is picked in the SC.
    So, I understand that the problem is not with the address, but with the linking of this address number to this user. I even tried deleting and re-assigning the address number in the attribute to this user. But, it doesnot work still.
    Can anyone help me out?
    Thanks n Regards,
    Ancy

    Ship to address not being picked from attributes for any user it was being picked from Org address data , and I had reset the value
    now , when I am trying to create a SC and I have tried to add delivery address  bby 2 types .
    1. By adding through the portal
    2> i have tried to add the same throgh ppomabbp in user attributes "Delivery address"
    I have also made it default however when I raise the SC it again shows me as blank :
    I am not too sure how do I populate the value that I need . Please see below still the delivery address is blank !!

  • Is it possibel to create one connection [pool for one report only

    Hi is it possibe to create one connection pool for one report only. Others report are running from the another connection pool under same DB.
    Thanks,

    Hi,
    Why do u want seperate connectionpool for that single report?
    I dont think its possible.Direct database request will be good solution for this.Try importing those columns which are used to build that report into physical layer and create new subject area.Not sure weather its right way to do.
    Regards,
    Srikanth

  • One Domain user have problem seeing flash Content.

    Hallo.
    Im a IT student in a small company (around 100 domain users). We are using windows 7 and the latest Flash version (12.0.0.38). We are using Internet explore 11.
    All the users in our domain have same rights. But one of them have a flash problem. He cant see flash on his userprofile. It prompt him with the message "You need to install flash version 10.1 or higher.....". I tried all kind of stuff and fixes from your forum. Registry, clear Internet explore cashe, Settings updating internet explore, downgrading it. uninstalling/installing flash like 10 times, but nothing seems to work. Mozilla dont work either, the only way he can see flash content is from Google Chrome browser, and we dont support that.
    If i open Internet Explore as administrator its fine, so the computer know its there, but something is blocking flash or something for him as a user.
    "His" the only problem. Any idea?
    thanks
    -Jimmi Olesen

    If he's sending to users in the same Exchange organization and having this issue, I suggest checking to see if he's configured as an IAMP or POP connection in Outlook.  Internal delivery should never be marked as spam.  If he does have an IMAP
    or POP connection, change it to an Exchange connection, preferably on cached mode.
    If it's to external recipients, though, the recipient will need to add this person's address to their trusted senders list.  The sending organization can't change how a receiving organization is going to handle their email.

  • Exchange 2013 sp1 smtp NTLM auth for child domain users

    i have exchange organization with exchange 2007 sp 3 & exchange 2013 sp1.
    there are  all users in Exchange 2013 server (mail flow is through Exchange 2013 server)
    i have single forest, 2 site (site1, site2), root domain root.local and 1 child domain ch.root.local
    DC  for child domain is located in site2 (dc.ch.root.local)
    multirole exchange 2013 server is installed in root domain.
    i am traing to configure smtp receive connector with NTLM auth and have one problem.
    when user in child domain try send email through this receive connector i see in log
    <,AUTH NTLM,
    >,334 <authentication response>,
    *,SMTPSubmit SMTPAcceptAnyRecipient BypassAntiSpam AcceptRoutingHeaders,Set Session Permissions
    *,CH\user1,authenticated
    *,,Setting up client proxy session failed with error: 535 5.7.3 Unable to proxy authenticated session because either the backend does not support it or failed to resolve the user
    *,,"Setting up client proxy session failed with error: 451 4.4.0 Primary target IP address responded with: ""535 5.7.3 Unable to proxy authenticated session because either
    the backend does not support it or failed to resolve the user."" Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts. The last endpoint attempted was 192.168.1.15:465"
    but authentication is succesfull for users from root domain.
    why do it can be?
    Thanks.

    thanks for link
    at smtp receive logs (Hub transport role) i've found the  next:
    Client Proxy EXMAIL2013,08D134DAF6CE1C51,49,192.168.1.15:465,
    *,NT AUTHORITY\SYSTEM,authenticated
    >,235 <authentication response>,
    <,XPROXY SID=08D130D354F520D1 IP=192.168.1.21 PORT=57085 DOMAIN=[192.168.1.21] CAPABILITIES=0 SECID=Uy0xxx...
    *,,Error while looking up SamAccountName chuser: The user name or password is incorrect.\r\n
    *,None,Set Session Permissions
    >,250 XProxy accepted but user identity could not be obtained,

  • RFC Communication Channel only allows for one Logon User

    We're currently building a SOAP over HTTPS application in XI where
    an RFC communication channel connects to R3 with a logon user id
    and logon password (RFC Client Parameter). When updates are made
    on the R3 side using BAPI_NETWORK_MAINTAIN (for example), they're all
    done with the one logon user id. So fields "Last Changed by" or "Created by" have the
    one id, and any approvals can only be done by the one manager over the one id XI uses.
    If the external application passed an id (and password if necessary) to
    XI, is there any way connect to R3 using the passed id, and not have to
    use the one generic id .  If we're limited to the one id, is it
    possible on the R3 side to be able to change the id to a passed id that
    can then run the BAPI's/RFC's ?

    Hi Kye
    These should help you
    https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/8798be90-0201-0010-d093-85f728778d37
    https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/2a9dbe90-0201-0010-b283-a56f64534f18
    To capture parameter from URL you need to use ASMA for SOAP.
    Thanks
    Gaurav

  • I keep getting an "untrusted connection" warning for nearly every url including my banks and have to go through the "confirm exception" etc steps. How can I keep having to go through this?????

    I keep getting the untrusted connection warning and have to go thru all these freaking steps to get access and it happens OVER and OVER again for the EXACT same sites. One example is below citibank.com. MY BANK. EVERY TIME.
    == URL of affected sites ==
    http://www.citibank.com

    Hi there, I was getting the same type problems whenever connecting to a secure site. The problem was caused by my PC's clock. I had manually set the date back a few years to test an app that I was developing. As soon as I corrected the time, all connections were OK again.

  • Reporting Services - Content Manager shows all reports for all domain users even without permissions

    I have installed
    reporting services 2008 in:  Site
    Settings option / Security only 3 users
    have added:
    BUILTIN \ Administrators                
    System Manager
    MYDOMAIN \ user1                         
    System Manager, System User
    MYDOMAIN \ user2                         
    System Manager, System User
    I have the same settings in the "start
    up" folder and inside the folder
    where are my reports, however if I authenticate
    any user with different domain
    to user1 and user2 can see all content
    of the report manager can even
    manage it.
    Help me, greetings
    Jenny

    however if I
    authenticate any user with
    different domain to user1 and user2 can see
    all content of the report manager can
    even manage it.
    Hello,
    Did you means that other domain user account (Other-Domain\user3) can access reports on the Report Manager without grant any permission? As per my understanding, it is not possible. SQL Server Reporting Services uses Windows Authentication
    defaultly to determine who can perform operations and access items on a report server.
    Based on your description, you grant the local Administrators group and two domain users with system-level role: System Administrator.  System-level role assignments grant access to global tasks and permissions that apply to a report
    server site, That's may cause the user can access and manage all contents on the Report Manager.
    If you want to set permissions for accessing conntents on Report Manager, you can just specify itme-level role assignments.For example, if you grant user with Browser role on a report, the user can view report and report properties, but cannot edit
    report properties.
    Reference:
    Lesson 1: Setting System-Level Permissions on a Report Server
    Lesson 2: Setting Item-Level Permissions on a Report Server
    Regards,
    Fanny Liu
    Fanny Liu
    TechNet Community Support

  • Grant read permissions for one new user in db2

    Hello,
    we wish to have one new user in database which only can read in all tables. For the moment i´ve no idea to create this. The command "grant select ...." is not possible for a single user and all tables.
    Regards
    Olaf

    we can   grant select permission for all table through below steps
    1. Run this command on command promt
    db2  "  select ' grant select on table ' ,  tabname, ' to user  username ' from syscat.tables" > filename
    2. Run the above file
    db2 " db2  -vtf filename"
    Thanks & Regards
    BALAJI
    tcs

  • After joining computer to the windows doamin i cannot change password for Mac for the domain user

    After joining computer to the windows doamin i cannot change password for Mac for the domain user

    Hi,
    Did this problem occures after installed Windows 8.1 Update 1? Here is another thread that had similar problem. Also I don't think this problem relate with Domain. Please refer to the solution of the thread below for reference, If there is any
    progress, please let us know.
    http://social.technet.microsoft.com/Forums/en-US/08993680-b6f5-4e80-b031-d32fec97d682/not-able-to-right-click-on-tiles-after-81-update?forum=w8itproge
    Roger Lu
    TechNet Community Support

  • Connection keys for 2.0 users

    I currently administer employees having Contribute 2, 3 and
    CS3. New Contribute users get CS3 but old users are still on 2 and
    3. I also train users so I have all 3 versions on my PC. Since
    installing CS3 I can no longer send connection keys to version 2
    users who have had it reinstalled due to getting a new PC or having
    an old PC re-imaged. When I try to use Contribute 2 to send a
    connection key I am told that it is being administered by a newer
    version of Contribute yet sending a connection key from a newer
    version results in the users getting a message that the connection
    key file is corrupt. How do I send connection keys to my version 2
    users?

    I tried again this morning by entering the following:
    Identify Administrator:
    First Name: Edwin
    Last Name: McGee
    e-mail: [email protected]
    Next -->
    Name Workspace:
    Workspace: GUESTROOM
    Next -->
    Select Database Schema:
    Request a new schema
    Next -->
    New schema to create: PDAM
    Initial space allocation: 10MB
    Next -->
    Justify request:
    Development and Testing via OTN APEX Forum.
    Next -->
    Enter Verification code: blah-blah-blah-blah not really, but it doesn't matter what I enter here because it is different each time)
    Submit request -->
    Resulting page:
    ORA-01400: cannot insert NULL into ("FLOWS_030000"."WWV_FLOW_PROVISION_COMPANY"."COMPANY_NAME")
    Error requesting Workspace: .
    Return to application.
    It is interesting to note that the page where I enter the verification code does not show any of the data I entered previously (e.g. First Name, Last Name, etc.).
    I am running Windows 2000 Professional with administrative privileges and MS IE 6.0.2800.1106 128-bit cipher SP1. I also have Java Plug-in 1.6.0_01and I am using JRE version 1.6.0_01 Java HotSpot(TM) Client VM. I suspect that this is probably a local issue, but did not encounter this problem when I initially configured my first workspace. Thanks.
    Ed

  • Multiple domain mailboxes for one AD user in exchange 2013

    I just wanted to make sure that this hasn't changed in exchange 2013 or if there's a better way to do this
    we have a few users that need an email for companyA.com and CompanyB.com. For easy separation we've decided to create a separate mailbox for each email. Right now the only way i can figure how to easily associate both mailboxes with 1 AD user is to set up
    their main email as their default mailbox, then create a shared mailbox and grant full permission for that user. Then in Outlook they have access to both accounts from 1 profile. 
    However I'm not sure how this would work for mobile access.  In Office365 connecting to 2 exchange accounts on a mobile device was pretty straight forward since each mailbox had a unique login. I know when a shared mailbox is created, a disabled user
    is created in AD, I'm wondering if i can enable that account and then the user uses that login to connect to that account through their mobile device. Or maybe theres a simpler way to accomplish this goal? 

    we have a few users that need an email for companyA.com and CompanyB.com.
    Hi Derek,
    Why not just create an additional email address for the users?
    "You can use the EAC or the Shell to add or remove an email address for a user mailbox. You can configure more than one email address for the same mailbox. The additional addresses are called
    proxy addresses. A proxy address lets a user receive email that’s sent to a different email address. Any email message sent to the user's proxy address is delivered to their primary email address, which is also known as the
    primary SMTP address or the default reply address."
    Add or Remove Email Addresses for a Mailbox
    http://technet.microsoft.com/en-us/library/bb123794.aspx
    "create a shared mailbox and grant full permission for that user"
    Do you mean a few users have a shared email address? For example:
    UserA:
    Primary(main) address: [email protected], shared address:
    [email protected]
    UserB:
    Primary(main) address: [email protected], shared address: [email protected]
    If not, you can just create an addtional address for the users.
    If you have any feedback on our support, please click
    here
    Frank Wang
    TechNet Community Support

  • Use one account or multiple for 10 domain users of Office 2013 Home & Business

    I have 10 seats of the retail version of Office Home & Business 2013 for use in a domain environment. Windows 7 Pro 64, Server 2008R2 environment. No exchange. Blank slate.
    Should I install all with the same account for ease of management, or setup a new MS Live account for each user? Can I do either, and what are the advantages to each?
    Thank you.

    Hi,
    Both are ok, but neither is really good.
    In your scenario, I suggest you use Office 365 to manage all these, which is more recommended:
    http://office.microsoft.com/en-001/business/compare-office-365-for-business-plans-FX102918419.aspx
    http://office.microsoft.com/en-001/business/compare-all-office-365-for-business-plans-FX104051403.aspx
    Regards,
    Melon Chen
    TechNet Community Support

Maybe you are looking for