Untrusted forest with duplicate AD site names

Similar Messages

• Quicklinks with a "New Site Name"

  Hi All,
  I am in the process of implementing an external facing portal for anonymous group with quicklinks.
  I have a main page where I have many "a href" links.
  The targets of these links are quicklinks to various anonymous scheme iviews. Now I have implemented an anonymous portal for which reason all my targets in the a href links are like: anonymous/ql1, anonymous/ql2 etc..
  It works fine. So far my portal url is "http://<host>:<port>/irj/portal/anonymous". So when I navigate from the main page to my iview (ql1) the url formed is "http://<host>:<port>/irj/portal/anonymous/ql1"
  For the finished product we may need to give a site name like "http://www.abc.com". Will this affect my methodology.
  Can you please tell me how this is configured and whether after doing so, it will navigate like this: "http://www.abc.com/ql1"

  Hi Prem,
  One way to achieve that would be to do a URL rewriting. You can achieve that by placing a reverse proxy in front of your portal server.
  The other option would be to put something on the WAS which would intercept every request and rewrite URL's to /anonymous. But you have to take into account some URL's that you don't want to add /anonymous, because there has to be a way to still get to the admin interface.

• Why do I constantly get "This Connection is Untrusted" intermittently and showing unrelated site names?

  Greetings,
  I am using firefox 34.0 on Win7 64bit. This issue occurs intermittently and after I've been viewing and navigating a known secure website. The error message will show completely unrelated sites under the "Technical Details". If I close the browser and restart it, and return to the known secure site the next time the error occurs the sites listed will be different.
  in addition the sites listed have not been visited during that browsing session. And none are accessed through the viewed pages (i.e. "ads").
  I have read the other questions of this type and their solutions and tried them. Nothing has helped. This problem started either in 32.0 or 33.0.
  Thanks!

  Are you referring to the issuer domain of the certificate?
  What sites do you see listed?
  Do a malware check with several malware scanning programs on the Windows computer.
  Please scan with all programs because each program detects different malware.
  All these programs have free versions.
  Make sure that you update each program to get the latest version of their databases before doing a scan.
  *Malwarebytes' Anti-Malware:<br>http://www.malwarebytes.org/mbam.php
  *AdwCleaner:<br>http://www.bleepingcomputer.com/download/adwcleaner/<br>http://www.softpedia.com/get/Antivirus/Removal-Tools/AdwCleaner.shtml
  *SuperAntispyware:<br>http://www.superantispyware.com/
  *Microsoft Safety Scanner:<br>http://www.microsoft.com/security/scanner/en-us/default.aspx
  *Windows Defender:<br>http://windows.microsoft.com/en-us/windows/using-defender
  *Spybot Search & Destroy:<br>http://www.safer-networking.org/en/index.html
  *Kasperky Free Security Scan:<br>http://www.kaspersky.com/security-scan
  You can also do a check for a rootkit infection with TDSSKiller.
  *Anti-rootkit utility TDSSKiller:<br>http://support.kaspersky.com/5350?el=88446
  See also:
  *"Spyware on Windows": http://kb.mozillazine.org/Popups_not_blocked
  *https://support.mozilla.org/kb/troubleshoot-firefox-issues-caused-malware

• SCCM Console, untrusted forest

  Hi,
  I have a site system server with MP, DP in a untrusted forest. Is it possible to install SCCM console on it and connect back to Primary server?
  I have checked all ports that are in the documentation https://technet.microsoft.com/en-us/library/hh427328.aspx?f=255&MSPPError=-2147217396 regarding "Configuration Manager Console" but I still cannot run the console. I have tried opening
  SCCM Console with RunAs and a account in the Primary servers forest.
  Does the MP, DP need to have firewall ports open to the Primary servers forests domain controllers and to authenticate ?
  In that case what are ports needed?
  /A

  Hi Peter,
  We want to have a console on each untrusted forest site system server to be able to manage the computers in the untrusted forest with Right-Click Tools and Remote Control. Because the untrusted site system server is on the network already, many firewall
  ports all already allowed. We don't want to do it through the Primary because of the difficulty of opening for all firewall ports that are needed for remote tools.
  Does that make sense?

• Managing untrusted forest

  Hi All,
  We have actually the following configuration with SCCM 2012 R2 CU4 :
  Same Forest, same Domain (2 x 2 DCs + AD DNS)
   + Primary Site Server with 300 clients  (MP,DP,SUP,SDB,SS,FSP,RSP)
   + Secondary site Server with 300 clients  (MP,DP,SUP,SDB,SS)
  distinct Untrusted Forest (2 DC + AD DNS)
   + 15 clients
  What's the best configuration to manage the untrusted forest ? I already checked the following link (http://blogs.technet.com/b/neilp/archive/2012/08/20/cross-forest-support-in-system-center-2012-configuration-manager-part-1.aspx)
  what's the comm ports requirements ? clients + site system <-> primary site 
  Can we avoid the untrusted clients to access to the pri/sec site servers.
  We plan to add a site System to the primary site in the remote untrusted forest with MP,DP,SUP Roles)
  (afaik a secondary site need trusts which is not permitted)
  We need Inventory, Software Distribution, Windows Updates features on the untrusted forest
  Link between primary and secondary site is ~16Mb/s
  Link between primary and untrusted forest is about ~16Mb/s
  Link between secondary site and untrusted forest is about ~1Gb/s
  Thanks a lot !

  Port used by ConfigMgr is well explained here:
  https://technet.microsoft.com/en-us/library/hh427328.aspx#BKMK_CommunicationPorts
  In addition, be aware that for discovering computers in untrusted forest you need to open port 53 (DNS) between the SCCM server and remote DC (in untrusted forest) OR create a secondary DNS zone for the untrusted forest in your DNS.
  Please take a moment to Vote as Helpful and/or Mark as Answer where applicable. Thanks.

• Why client installation fails in untrusted forest?

  I have one untrusted forest and my ConfigMgr site is published to this untrusted forest ad successfully. When running ccmsetup.exe in untrusted forest it fails and when I look ccmsetup.log I can see that it fails to locate management point. Why is this happening
  because site information is available in AD? 

  If you are trying to do auto site assignment, is there a boundary published for site assignment that this client falls within?
  If not, have you considered just doing SMSSITECODE=<your site code> and also specifying an initial management point for it to contact with SMSMP=<accessible MP>?
  Nash
  Nash Pherson, Senior Systems Consultant
  Now Micro -
  My Blog Posts
  If you've found a bug or want the product worked differently,
  share your feedback.
  <-- If this post was helpful, please click "Vote as Helpful".

• Changing Sites' Names

  Although I am expecting this to happen, but when it does happen, it's really irritating.
  I read in one of the support documents in Apple's Support site, stating that if I want to change the site or page names, I'll have to do it in the site navigation menu and hold down Option key while click Publish All to .Mac. I have 2 sites in my iWeb, both set up to use my personal domain name. I wanted to change the original site names because there were 'space', capital letters, and mandarin characters that appear to be very confusing and difficult.
  So after changing both the site names and some page names, I hold down Option key while click Publish All to .Mac. It didn't work for several times, with error message (at first was connection problem, then it just simply showed that there were error, no code no nothing). When it finally worked after several hours of trying, I lost all the comments in my iWeb.
  I am wondering if this is how it's supposed to work? I mean, if the comments were supposed to be lost after you have changed the site name, then why in the first place Apple didn't state that?
  Another funny thing is, after publishing and noticing that the comments are gone in my iWeb, I emptied cache in Safari and tried to visit the published page. Both the pages are there, of course with no comments. Then I went back to the pages with the old site names, and I can still visit those sites (with the old URLs with capital letters, mandarin characters, etc.) and the comments are there!
  I hope someone can help me out with this. Contacting Apple regarding iWeb never solve my problem, and this is really a sad thing. Many thanks in advance!

  I've had a similar problem. Lost ALL COMMENTS after changing the site around... very frustrating. I have a backup of my original domain file, and when i open it at first they comments are there, but when I go to publish, they disappear. What's up with this?

• Site name lost Site Disappears

  I needed to copy an iWeb site to a folder and did so by changing the publishing settings.  But when I tried to switch the setting back and publish the site to Mobile Me the site essentially disappeared.  To make things a little more interesting, I'm using a private domain name.
  Worse case scenario, how can I go back to square one and reload the site to MobileMe and use the private domain name?

  Don't use the 'go to site link'.
  Open Safari and clear your browser cache first and then enter your domain name and see if this works.
  If not, then you need to go back to iWeb and re-publish your site to MobileMe again from iWeb, but with your original site name.  If it is still not working after this, then you say that you have a domain name with forwarding set up - you need to go to your domain name registrar and check your forwarding settings there - go to the DNS settings to check your CNAME forwarding and also check that you have entered your domain name correctly into your MobileMe account under personal domain name.
  If your site is still not working, then your other option would be to log into your MobileMe account under System Preferences and go directly to your iDisk and delete your site from there and go back to iWeb and then re-publish it.  However, if you have CNAME forwarding set up for your domain name, then a different site name should not make any difference at all, because CNAME is simply forwarding your domain name to web.me.com and is not specific like web forwarding.
  If you have masked web forwarding instead of CNAME, then this will make a difference because web forwarding is site specific.  Which forwarding method are you using?  CNAME or web forwarding?
  Finally, publishing your site to a local folder, even if you do change the site name should not affect a site that is already published in any way at all.  Publishing to a local folder is not really publishing , so anything already online should not be affected.

• When logging onto a web site with a log on name firefox is changing logon name from Kostas to kostas as the site is case sensitive it is not acceptable. how do I correct this? Thanks

  I registered with a web site and used the name Kostas as the log on name. Entered a question and recieved replies
  When I later tried to log onto the web site to say thankyou ,and enter Kostas in the log on box a reminder appears created by Firefox of kostas, I ignore this, move to the password box and firefox changes the log on name to kostas with small k. The register is case sensitive so for quite a while I could not understand what was going wrong? I eventually managed to log on by using a rival system
  My previous experience is that if you use a different log on name it is recorded and then you choose the correct one to use? But in this case I am given no choice
  How can I correct this please
  Probably no connection but
  I registerd with another site and recieved an e-mail in which I had to click on web address to confirm registration and came up with an error message, tried a few times and same thing happened?? The webmaster of this site had no record of my registration details?
  Finally I had a phone call from a company called NERD-I.com
  offering to solve various computor problems at a fee. I did not take up their offer, but hope they do not have anything to do with my current problems??
  Many thanks

  Hi Corel
  Thank you for your reply
  However I need the lower case version for some sites and the upper case version for the site in question? To make matters worse this site does not allow you to change your log on name unless it is in the form of an e-mail address
  So what I need is Kostas for this site and kostas saved for other sites and allow me to choose which one I want to use
  How do I do this please
  I have no bother with this on Win Internet Explorer but I like Firefox
  Mind it may be as simple as deleting The appropriate entry and resetting with Kostas instead of kostas?
  But I would appreciate knowing the correct solution from an expert

• How do I remove old web site when publishing new site with same URL in iweb? Hit replace when publishing new iweb site (so we could have control over changes) but new site name is attached to old via a / after our www address we want to keep.

  I hit the replace when publishing the new iweb site (so we could have control over changes - last one was not an apple based site) but new site name is attached to old via a forward slash and underscore after our www address. Makes it very messy with a very long web address.  Original address now followed by iweb site name followed by name of first page? Went for iweb as not that computer literate - all going so well?! Cheers for help in anticipation. Have to get off to work now but be great end to week if we could be sorted tonight. Rupes

  Well yes of course, if you try and publish through iWeb there won't be an option to publish without your site folder which is exactly why I told you to download Cyberduck and use Cyberduck to upload your site to your server having published your site from iWeb to a local folder.  That is what you need to do if you don't want your site name to be included in yoru url.
  It would have been easier also if you had used Cyberduck initially to connect to your server and delete your old site yourself - at least that way you would have deleted the correct files rather than relying on your hosting service to do it and doing it incorrectly.
  Download Cyberduck and then select the publish to a local folder option from iWeb and then use Cyberduck to upload your site to your server, but rather than uploading the whole site folder and separate index file, upload ONLY the contents of your site folder and then your url will be http://www.domain.com/page_name.html.
  It really isn't rocket science!

• DUPLICATE DATABASE IN ANOTHER HOST WITH THE SAME DATABASE NAME

  Hi all.
  I want duplicate a database(dbteste1 host:wander) to another host(magda) with the same database name.
  My tnsnames in host wander is this:
  DBTESTE1 =
  (DESCRIPTION =
  (ADDRESS_LIST =
  (ADDRESS = (PROTOCOL = TCP)(HOST = wander)(PORT = 1521))
  (CONNECT_DATA =
  (SERVICE_NAME = dbteste1)
  DBTEST1 =
  (DESCRIPTION =
  (ADDRESS_LIST =
  (ADDRESS = (PROTOCOL = TCP)(HOST = magda)(PORT = 1521))
  (CONNECT_DATA =
  (SERVICE_NAME = dbteste1)
  Tnsping is ok !!!
  Follow the rman command;
  RMAN> run
  duplicate target database to dbtest1 nofilenamecheck;
  and i get the following message:
  RMAN-06136: ORACLE error from auxiliary database: ORA-01503: CREATE CONTROLFILE falhou
  ORA-01504: o nome 'dbtest1' do banco de dados nÒo corresponde ao parÔmetro db_name 'dbteste1'
  If i run this command:
  RMAN> run
  duplicate target database to dbteste1 nofilenamecheck;
  and i get the following message:
  RMAN-03015: error occurred in stored script Memory Script
  RMAN-06136: ORACLE error from auxiliary database: RMAN-20021: database not set
  RMAN-06031: could not translate database keyword
  I´m using oracle 9.2.0.7 on Windows

  Wrong procedure and connection command,
  check Oracle document,
  Duplicating a Database with Recovery Manager
  http://download.oracle.com/docs/cd/B10501_01/server.920/a96566/rcmdupdb.htm#RCMUG012
  Follow all steps listed.

• IWEB - web.me  -site name contains duplicate entries in the name

  After having link problems in my site, I deleted all entries and republished by selecting "Publish Entire Site". The site was rebuilt, but instead of the site name being http://web.me.com/membername/Welcome.html
  it is
  http://web.me.com/membername/http__web.me.commembernamey/Welcome.html
  The site name displayed in iWEB and the Mobile Me site publishing settings is correct. I have tried to rename and republish the site, but the duplicate name still exists?????

  you will always see double names.
  The only reason it is "double" is because You gave your site the same name as your url, instead of something short and simple.
  Wish there was a solution that the data is saved in the directory itself and not in the sub.
  You can ask Apple to offer that option here:
  http://www.apple.com/feedback/iweb.html
  But I think it's unlikely because truncating the site structure like that makes the RSS Subscribe links on blog pages non-functioning.

• UPDATE STANDBY SITE NAME with DATAGUARD BROKE "DGMGRL"

  I've a llitlle PB with my Dataguard
  After shutdown both sites to increase SGA size in Primary site and update in secondary site too
  I start the Primary site without Pb.
  But the Secondary site don't want to start.
  When I do a startup it fails.i check in Dataguard and i found
  The Pb is the secondary site name is not ('DMWEBDG_srvsdmwebp02')
  bu only "DMWEBDG"
  And I can't find any way to update the site name in Dataguarg.
  the Alter command doesn't explain very well.
  Soes anyone knows how to do it?
  Thxs
  DGMGRL> show site verbose 'DMWEBDG_srvsdmwebp02'
  Site
  Name: 'DMWEBDG_srvsdmwebp02'
  Hostname: 'srvsdmwebp02'
  Instance name: 'DMWEBDG'
  Service Name: '(DESCRIPTION=(ADDRESS_LIST = (ADDRESS=(PROTOCOL=tcp)(HOST=srvsdmwebp02.int.imd.ch)(PORT=1525)))(CONNECT_DATA=(SID=DMWEBDG)(SERVER=DEDICATED)))'
  Standby Type: 'physical'
  Number Built-in Processes: '2'
  Number Generic Processes: '0'
  Enabled: 'yes'
  Required: 'yes'
  Default state: 'STANDBY'
  Intended state: 'STANDBY'
  PFILE: ''
  Number of resources: 1
  Resources:
  Name: DMWEBDG_srvsdmwebp02 (default) (verbose name='DMWEBDG_srvsdmwebp02')
  Current status for "DMWEBDG_srvsdmwebp02":
  Warning: ORA-01034: ORACLE not available

  Thxs
  The PB was Solved.

• SUP in untrusted forest using SCCM 2012 SP1

  Hi, I have a single primary site in a single domain/AD forest. I also have a single site system in an untrusted forest behind a firewall.
  I have installed a DP and an MP onto this server in the untrusted forest and have now installed WSUS and added the SUP role. The SUP role has been installed, however the SUP in the untrusted forest isnt synching its catalog from the SUP in the primary
  site.
  In the Software Update Point Synchronisation Status, its source is specified as Microsoft Update, rather than the name of the Priamry Site server with the SUP role.
  The relevant ports 80/443/8530/8531 are open between the two forests, but it doesnt appear to attempt to sync from the primary site.
  How do I get this SUP to sync from the Primary site? I've tried setting a WSUS Server Connection Account, but this doesnt appear to make any difference.
  Thanks for your help.
  Carl

  I had to remove the use of the proxy server at the primary SUP so that it downloads directly from the internet without the use of a proxy.
  As soon as this was removed the untrusted SUP synchronised successfully. Even though the proxy isnt specified in the SUP properties of the untrusted site system, it still appears to use this when performing a sync.
  Do you want to file this on Connect as feedback to the Product Group?
  https://connect.microsoft.com/ConfigurationManagervnext/Feedback
  Rob Marshall | UK | My Blog |
  WMUG |
  File CM12 Feedback |
  CM12 Docs |
  CM12 Release Notes

• Untrusted Forest Discovery failed

  I'm having a issue with remote untrusted forest.  Forest Discovery fails, but I can publish site server information to this forest. 
  ERROR: [ForestDiscoveryAgent]: Failed to connect to forest domain.com. This can be because of disjoint DNS namespaces, network connectivity or server availibility issue. Error Information The specified forest does not exist or cannot be contacted.
  Entering function ReportForestConnectionFailureStatusMessage()
  Calling ReportStatus, keys= SMS_AD_FOREST_DISCOVERY_MANAGER, -2147474744, 2
  I have configured conditional forwarders between forests and name resolution works. There shouldn't be any firewall issues either and I tested SRV records via nslookup with this method
  Type nslookup, and then press ENTER.
  Type set type=all, and then press ENTER.
  Type _ldap._tcp.dc._msdcs.<var>Domain_Name</var>, where <var>Domain_Name</var> is the name of your domain, and then press ENTER.
  Nslookup lists correct domain controllers from remote forest.
  Any ideas what could be causing this? I think it's AD related problem.

  LDAP://DCNAME.domain.com/OU=Computers,DC=domain,DC=com 
  I tested this last week and this works. Now I can discover computer objects from untrusted forest. There must be something wrong with the ad/dns infrastructure becasue
  normally you dont need to specify domain controller directly because it should find it with srvlookup.