Useing "Federation Trust" for remote login to cleint

Similar Messages

• The connection was denied because the user account is not authorized for remote login

  Using Terminal Server 2008 not able to get non administrator users to login to the remote desktop. Have tried from Windows server 2008 and from Windows servers 2003. Get error login in "The connection was denied because the user account is not authorized for remote login" from Windows Server 2008. Error "The requested session access is denied" from Windows Server 2000.

  Is that seriously the only way to do this? Doesn't this render the "Allow log on through Terminal Services" GP Setting useless?
  I would like to know this answer, as well.  I have created a new AD group for my assistant admins called "Domain Admins (limited)".  I have added this group to the GP setting "Allow log on through Terminal Services", but the
  assistant admins cannot log in through RDP.  It 'feels like' this is all I would need to do.
  Craig
  Found some good info
  here. There are really two things required for a user to connect to a server via RDP. You can configure one of them via Group Policy but not the other.
  1) Allow log on through Terminal Services can be configured through Group Policy, no problem.
  2) Permissions on the RDP-listener must also be granted.  If your user is a member of the local Administrators group or the local Remote Desktop Users group then this is handled.  If you are trying to utilize a new, custom group (as I am),
  then there isn't a way to do this via group policy (that I have found).
  EDIT: Found the answer.  I am creating a blog post to outline the steps.  They aren't hard, but they're not self-explanatory.  It deals with the Restricted Groups mentioned above, but it's still automate-able using Group Policy so that you
  don't have to touch each computer.  I think the above poster (Andrey Ganev) got it right, but
  I had trouble deciphering his instructions.
  Here is my blog post that walks through this entire process, step-by-step.

• Keychain not updated for Remote Login

  Since installing Lion on both machines: When I connect to my G5 Powermac from my MBAir, I use the Keychain to remember my password. This feature worked in previous OS Versions by selecting  the 'Remember' Option in the dialogue (meaning you would only see the following dialogue when your password changed on the destionation machine).
  With Lion, the Password onthe Keychain is not updated when the flag is set. As a result, when I select the destination machine from the Finder, I always have to wait for 'Not Connected' message (while the process tries to log in with my old password). Then, I have to 'Connect As. ..." and enter my current password (every rassafrassin' time).
  Can someone please patch this thing.
  Thanks,
  g

  I'm having some trouble with an RD server Win 2008 on a domain. I have a group called domain\authorizedpeople that I would like to enable remote access for. I added this group to the gpo: Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Allow log on through Terminal Services. I also added this group to server manager > configure remote desktop on the server itself, and I added this group to the remote desktop users' group on the server for good measure.
  When I try to log on using an account in that group, I get "The connection was denied because the user account is not authorized for remote login". However when I go to server manager > configure remote desktop and add that specific user, it works fine.
  Is there a reasonable explanation for this? I really don't want to have to add...
  This topic first appeared in the Spiceworks Community

• How to make use of 3EC_CS_1R for remote cube.

  hi all,
  I have activated the 3EC_CS_1A for consolidation reports but would like to use 3EC_CS_1R DataSource for remote cube, we have not installed SEM-BCS on the BI system, when trying to use the 3EC_CS_1R on the BI system, it complaints the DataSource can only be used by SEM-BCS. what is the best way to utilise this DataSource?
  do I need to install SEM-BCS in order to use this DataSource? Can I just install BCS component only?
  I am slightly confused as where SEM-BCS should be installed, on BI or ECC system?
  cheers.
  Message was edited by: Joe
          Joe Wong

  no longer relevant

• If I upgrade to Friefox 3.6 I can't use Loginking software for auto login. Any chnce this will be possible in the future?

  I have not upgraded to Firefox 3.6 yet because I am unable to use loginking software for auto login. When will a future update not exclude me from using this software?

  I contacted Login King but never got a response. So, I'm hoping that a future update from Firefox will be the answer. How far off is 3.7?

• Osascript for remote login does not work with Leopard

  We are testing Leopard on one computer in our labs. The only problem so far is that the osascript that we use to remote login to the computers stopped working (although it works fine on the Tiger machines):
  osascript <<EndOfMyScript
  tell application "System Events"
  keystroke "public"
  keystroke tab
  delay 0.5
  keystroke return
  keystroke tab
  delay 0.5
  keystroke return
  keystroke return
  end tell
  EndOfMyScript
  This is a public account with no user password. I've read the discussion below, but have not been able to tweak the command so that it works with Leopard. Any suggestions?
  Thanks.
  http://lists.apple.com/archives/Remote-desktop/2007/Nov/msg00045.html

  I'm having a similar problem - the script below works with my G5 iMacs running 10.4.9 but not the Intel iMacs running 10.4.8. It almost works - the username and password appear in the right boxes, so I run around the room pressing the Return key.
  # This script when used with ASR Send UNIX command will login workstations at the LoginWindow.
  # The script assumes that the cursor is focused in the Name field.
  osascript -e 'tell application "System Events" to keystroke "username"'; \
  osascript -e 'tell application "System Events" to keystroke tab'; \
  osascript -e 'tell application "System Events" to delay 0.5'; \
  osascript -e 'tell application "System Events" to keystroke "password"'; \
  osascript -e 'tell application "System Events" to delay 0.5'; \
  osascript -e 'tell application "System Events" to keystroke return'
  Message was edited by: Catocop

• New screen for remote login

  I have a Mac Mini running MediaCentral or FrontRow in fullscreen. From time to time I would like to login remotely from a Macbook to perform some tasks etc.
  Until now I use ScreenSharing or RemoteDesktop. My problem: Bot solutions share the systems live screen, so I have exit MediaCentral or FrontRow to use the system.
  I would like to login remotely and get a new screen, if possible.

  If you are comfortable enough with the Terminal, enable 'Remote Login' on the Mac Mini and login in to it with the Terminal app via SSH.

• Using Session Variables for User Login - sometimes they don't persist... what am I doing wrong?

  Hi all,
  I'm running a site that requires user login.  I approached the building of this site as almost a complete newb to CF (and dynamic coding in general), and it's been a great learing experience (with lots of help from you guys).
  However, I guess I never learned the correct way to handle a user login.  It seemed to me that I could just test the user-entered credentials against those stored in a database, then set a session variable containg that user's record number.  Then, not only would I have an easy way of knowing who this user was and therefore what info to serve him, but I could test for the existence of a valid login on every page in the protected folder, by adding this code to my application.cfc in that folder:
  <cfset This.Sessionmanagement=true>
  <cfset This.Sessiontimeout="#createtimespan(0,8,0,0)#">
     <cfif NOT isDefined ("session.username") or NOT isDefined ("session.password") or NOT isDefined ("session.storeID")>
       <cflocation url="../index.cfm" addtoken="no">
     </cfif>
  ...and it goes on to run a query and verify that the session.username and session.password match for the store defined by session.storeID.  If not, all session variables are cleared and it bounces you back to the login page.  When the user clicks Logout, all I do is delete all the session variables.
  This seemed to work great for like a year, but lately I've been getting reports that the login doesn't seem to persist for longer than approx. 20 minutes of inactivity.  You can see I specified session variables to remain active for 8 hours (I know that seems like a drastically long login, but it's what's necessary for this application).  I've only gotten this report from a few people, and I myself can't seem to duplicate it... I've tested an inactive login for 45 minutes now and it held.
  SO:  any reason you can think of why session variables would be spontaneously clearing for some people?  Would having your router reset its IP address invalidate the session or something?  Also, the problem seemed to begin appearing after my host upgraded all their servers to CF9... could there be any relation?
  And on a more general note... did I go about this completely the wrong way to begin with?  If so, what's the standard way to manage a login?
  Lots of questions, I know... thanks very much for any answers or suggestions!
  Joe

  Ian,
  Thanks very much - very helpful information.
  Sounds like passing the tokens in every request is probably the way to go for this.  I don't think it's likely that any users will be sharing links, unless they actually intend for the recipient to see their info anyway.
  Is that all I would have to do, is add the tokens to every path?  Would that guarantee that all the session variables would remain valid until timeout or being cleared?
  Again, thanks, you've been really helpful.
  Joe
  On Jun 23, 2010 4:37 PM, Ian Skinner &lt;[email protected]&gt; wrote:
  Unfortunately this is the nature of HTTP web applications.  There is NO state maintained from HTTP request to request.  This is by design in the HTTP protocol specifications.
  ColdFusion provides two methods to circumvent this limitation.  Each method has limitations and caveats.  They both rely on the passing of tokens between the client and the server with every request.  These tokens can be passed as cookies OR URL (GET) variables.  You are using the cookie method, which is the simpler and most common. You may be experiencing the limitation of this method.  If something happens to the cookies the session can be lost.
  You could pass the (CFID &amp; CFTOKEN) OR JESSIONID tokens through the URL query string with every request.  This requires one to add these values to every link, form action, cflocation or other request path in our application.  ColdFusion provides the session.urltoken variable to make this easier to do.  The tokens will be visible to the user.  Also if the links with an individual token is share with other users, via e-mail, chat, social networks, etc and one of these users utilize the link during the life of a session (8 hours apparently in your case).  Then that user will access the session of the original user.
  Cookie session management is by far the most common choice by CF developers.  If these methods do not meet your needs you would need to go beyond the HTTP limitations of web applications.  One might be able to accomplish this with a Flex|Air|Flash applications that can be configured to use a continuous connection to the server.  Thus not suffer the stateless nature of the normal HTTP request-response cycle.
  I do not know if a router resetting would cause cookies to be discarded or otherwise invalidated.  But I would not think it is beyond the relm of possibilities.

• Linux config for remote login oracle enterprise manager

  Hi, all
  I setup oracle 10gr2 on my redhat linux server. I can login oracle enterprise manager locally, using firefox browser. But I can't connect to it using other computer. How should I check and configure the linux please?
  Thanks first!
  wand

  Thank you guys for all your replies! It works after I stop the iptables service. But if I want to keep the firewall, how should I configure iptables please? Could you give me an example? My iptables look like this:
  # Firewall configuration written by system-config-securitylevel
  # Manual customization of this file is not recommended.
  *filter
  :INPUT ACCEPT [0:0]
  :FORWARD ACCEPT [0:0]
  :OUTPUT ACCEPT [0:0]
  :RH-Firewall-1-INPUT - [0:0]
  -A INPUT -j RH-Firewall-1-INPUT
  -A FORWARD -j RH-Firewall-1-INPUT
  -A RH-Firewall-1-INPUT -i lo -j ACCEPT
  -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
  -A RH-Firewall-1-INPUT -p 50 -j ACCEPT
  -A RH-Firewall-1-INPUT -p 51 -j ACCEPT
  -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
  -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
  -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  -A RH-Firewall-1-INPUT -m state state NEW -m tcp -p tcp dport 22 -j ACCEPT
  -A RH-Firewall-1-INPUT -m state state NEW -m tcp -p tcp dport 80 -j ACCEPT
  -A RH-Firewall-1-INPUT -m state state NEW -m tcp -p tcp dport 21 -j ACCEPT
  -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
  COMMIT
  Thanks again!
  wand

• Security Issues for Remote Login to ECC Server

  Hi,
  I have configured the saprouter so that people can remotely access the SAP ECC Servers outside the local area network. The saprouttab file contains the following entry:
  P * * *
  The parameter login/no_automatic_user_sapstar has also been set to a value 1.
  The user DDIC and SAP* can only be accessed using the master password, which is provided at installation time.
  Is my network secure enough? Or do I need to take into account some more steps / measures?
  Regards.

  Hello,
  Generally its not recommended to open up your network in the manner you have mentioned, however if its a requirement you cannot deny here is what first comes to my mind:
  Use the 'S * * *' instead of 'P * * *' (unless you are using ITS/J2EE and letting people access using HTTP(S)) , this will ensure that people are able to access only SAP protocol and not any other protocol
  Use the following link to understand options of saprouter table.
  http://help.sap.com/saphelp_47x200/helpdata/en/4f/992dfe446d11d189700000e8322d00/frameset.htm
  Also,
  It will be a good idea to allow access only to a particular IP Address i.e. the SAP Application Server instead of the entire IP range.
  instead of
  S * * *
  something like:
  S * <sap server ip address> *
  Regards,
  Siddhesh

• Using Cisco ACS for Solaris login authentication

  Hi all
  I am planning to authenticate ssh logins to Solaris 8/9 systems using PAM and radius (while radius is considered the primary solution, tacacs+ could be used, too). The radius/tacacs+ server is provided by a Cisco ACS.
  Can anybody out there confirm that the combination "Solaris & PAM & radius/tacacs+ & Cisco ACS" is correctly doing this authentication stuff? Is there anything to specially consider?
  Thanks, David

  Hard to comment with any certainty but provided the client implementation of RADIUS is sound AND the authentication protocol is one that ACS supports, eg PAP, CHAP, MSCHAP, LEAP, EAP (PEAP/FAST/TLS/GTC/MSCHAP) then should be fine.

• Maximum number of monitors used for remote desktop not working correctly

  My goal is to connect from my home to my work machine but limit the number of monitors used to 2.
  At work, I have a machine running Windows 7 Enterprise SP1 with dual monitors. My home machine is Windows 8.1 Pro and it has 3 monitors (on two video cards).
  I followed the instructions of the MSDN blog post about using multiple monitors for remote desktop but cannot get it to work right.
  Here's what I see when I modify the group policy setting "Limit maximum number of monitors" on the target (work) machine:
  Setting - Result:
  1 - 1
  2 - 1 (???)
  3 - 3
  It looks like I can't limit the number of monitors used to 2, I get either one or all. Am I missing something or is this by design?
  Max

  Hi Max,
  Support for multiple monitors is available when connecting from any Windows 7/8.1 computer, however, there are restrictions when connecting to a computer using multi-monitor mode. When connecting to Windows 7 computers, only computers that are running Windows
  7 Enterprise or Ultimate can be connected to in multi-monitor mode. When connecting to Windows 8.1, only computers that are running Windows 8.1 Professional or Enterprise can be connected to in multi-monitor mode.
  Karen Hu
  TechNet Community Support

• Can't Set Remote Login OFF via Send Unix Command systemsetup

  Trying to use the System Setup->Remote Login template in ARD to turn off Remote Login (SSH) in Sharing panel of System Preferences on Mac that is administered through Apple Remote Desktop.
  In Apple Remote Desktop (ARD), I select the client machine, then choose "Send Unix Command..." from the "Manage" menu. In resultant window, I pick "System Setup->Remote Login (SSH) from the "Template" drop down box in the upper right. That populates the upper window with Unix commands. I edit/change the "on" to "off" and tell the dialog to Run command as User: root, then click on "Send" button.
  Progress bar goes forever with no change.
  I can turn off Remote Login via ARD by controlling each client machine via an ARD WINDOW, then navigating to the Sharing Preference pane, but that process is tedious when performing for multiple client Macs.
  Strange, but I CAN use the "Send Unix Command..." outlined above to turn ON Remote Login, and get the status of Remote Login ("systemsetup -getremotelogin"). Just can't turn OFF Remote Login (quickly/efficiently).
  man systemsetup suggests I need to write the command as "setremotelogin -f off" but that failed with an improper command syntax error.
  Thoughts?

  It’s waiting for you to type a confirmation. If you run this command on the command line normally, you’ll see the message:
  Do you really want to turn remote login off? If you do, you will lose this connection and can only turn it back on locally at the server (yes/no)?
  Use this command instead:
  systemsetup -f -setremotelogin off

• Federated Search for Documentum

  Hi. Has anybody implemented a federated search for Documentum? I think Documentum uses Verity internally for full text indexing, but Verity is tightly integrated with Documentum's own metadata search - does Documentum expose the search functionality as a web service - is there any customization required on this web service (meaning, is it already a SOAP web service that Plumtree understands readily or do we have to write any custom code). Any inputs on implementing federated search for remote search repositories such as Verity, FAST, Autonomy would be helpful?

  Hi Bbelko, as Raji mentioned,
  Lync Desktop Client cannot search any external source outside your organization.
  Nevertheless, Lync Full Client can search against your local Outlook contact lists (only your personal contact and linked contact lists like LinkedIn or Facebook). Additionally, Lync is generating its own Address Book (ABS) which it can search against. You
  can modify in Lync how the service should generate the address book, based on the GAL. GAL here does NOT mean the Exchange GAL, instead it is the Active Directory. It only queries information based on Exchange attributes.
  http://technet.microsoft.com/en-us/library/gg429711.aspx
  How this helps understanding how the service is working via the User Replicator.
  Federated contacts can be therefor also only maintained in AD.
  Thomas
  Whenever you see a helpful reply, click on Vote As Helpful & click on Mark As Answer if a post answers your question.

• Exchange2010 migration to Exchange 2013 federation trust failed (Outlook Provider Failure)

  We are in a migration Exchange 2010 to Exchange 2013.
  On the 'old' Exchange 2010 we are using a Federation Trust to 2 order company's. The federation trust for mailbox's on the exchange 2013 wont work.
  We removed the federation trust on the old exchange 2010 server and create a new federation trust on the new Exchange 2013 server. We also changes the DNS TXT records. Creating the new federation trust without errors. But when the 2 order company's trying
  to connect (add our company name for trust) they get a error.
  A have trying to run a couple tests on the new Exchange 2013 server and found this error:
  [PS] C:\Windows\system32>Test-OutlookWebServices -debug -Identity [email protected] -MailboxCredential(Get-Credential
  cmdlet Get-Credential at command pipeline position 1
  Supply values for the following parameters:
  Credential
  Source                              ServiceEndpoint                    
  Scenario                       Result  Latency
  (MS)
  AM111.AM.LAN                        autodiscover.company.nl            Autodiscover: Outlook
  Provider Failure     144
  AM111.AM.LAN                        webmail.company.nl                
  Exchange Web Services          Success     134
  AM111.AM.LAN                        webmail.company.nl                
  Availability Service           Success     207
  AM111.AM.LAN                                                           
  Offline Address Book           Skipped       0

  Hi,
  Are you add primary SMTP domain as a federated domain? If not, please run below command to achieve this function:
  Add-FederatedDomain -DomainName contoso.com
  Configure federated sharing for the Exchange 2013 organization. Complete the steps in
  Configure federated sharing.
  Configure federated delegation (previous name for federated sharing) for the Exchange 2010 SP2 organization. Complete the steps in
  Configure federated delegation.
  Besides, I find an similar thread about Autodiscover service failed within federated trust, for your convenience:
  https://social.technet.microsoft.com/Forums/ie/en-US/ea192e0a-1363-4cb6-9fc4-2973f64afc23/the-response-from-the-autodiscover-service-at?forum=exchange2010
  Best Regards,
  Allen Wang