User - Internal User Concept in Portal

Similar Messages

• RD Session Broker + NLB doesn't work for external users (internal users on network/WAN are OK)

  Hi all,
  I have run into an issue as the title of this question suggests.
  So the senario is, I have (all Virtual):
  2x 2008 R2 Remote Desktop Servers
  1x 2008 R2 with Session Broker install
  I haven't configured any RD settings on the session broker server (i.e. RD virtual desktop, RD Gateway, etc) It's purely setup as the RD Connection Broker
  Each of the RD servers I have configured 2 NIC's. The 1st NIC is configured with NLB (NLB only setup for traffic on port 3389 all other traffic isn't handled by NLB). The other NIC is configured to be used only for session reconnection. I'm hoping this is
  the right configuration as it's how I have interpreted these guides:
  http://technet.microsoft.com/en-us/library/cc772418%28WS.10%29.aspx
  http://technet.microsoft.com/en-us/library/cc771300%28WS.10%29.aspx
  Please correct me if I have setup the servers incorrectly and what should be differently.
  I have setup the NLBs Cluster IP. A rule has been set on the router to make it available externally
  This worked fine with an old single RD Server (same IP as NLB Cluster IP, currently offline so no conflict) before the RD Farm was implemented. So I know the port forwarding is OK.
  So NLB and Connection Broker Load-Balancing work well for users inside the network. It spreads sessions evenly and there is no problem with DNS resolving the farm name etc. Sessions that are disconnected are reconnected to the same server, etc.
  Accessing the TS Farm from the external address isn't so successful
  Connectivity is random. Rarely it works, sometimes it gets to "initiating remote connection..." and then disconnects. It doesn't work more times than it does.
  So what do I need to do to get this working? Is there another component or something else that I need to configure to get it all working?
  I look forward you your help
  Thanks,
  Trent

  Hi Trent,
  If both the RD session broker and the NLB are working fine in
  the internal network, I suspect that there is something wrong with the external connection. I’d like to confirm the following questions to narrow down this issue:
  1.      
  Can you PING and telnet this RDS farm name when encountering the “disconnect” issue? For example: telnet farmname
  3389.
  2.      
  Can you individually connect to the RDS server when failing to connect it via farm name?
  3.      
  Did you configure any certificate on the RDS server or RD gateway server?
  4.      
  Do you get any event log when this issue happens on the server and client side? If yes, please let me know it word-by-word including the event ID.
  Thanks.

• Sponsor portal and internal users

  Hi
  I have configured on our ISE to use AD-users as sponsors. And this works perfect.
  but I'm also trying to configure an internal user, for the sponsor portal.
  I Have configured it almost the same way so i don't understand why the ISE is reporting :
  Sponsor authentication has failed : Sponsorgroup not found for user        
  My identity store is a sequence for AD and internal users, and i can see from the log that it looks in the right place :
  Identity Store:
  Internal Users
  My condition is that the internal user, should be a member of identity group : sponsorAllAccount
  my identity group : 
  Identity Group:
  SponsorAllAccount
  and then get a created sponsor group, this sponsor grop that is allocated to the condition, works fine for det AD-users.
  Evaluating Identity Policy
  5435 Sponsor authentication has failed
  any suggestions of why ?    I'm now running the lastes 1.1.1 version.
  Br
  Tuva

  Hi  Tarik
  thanks for the answer.
  I'm certain that the user does not exist in the AD domain,  anyhow, then my log would tell me that the authentication failed because of wrong password !? 
  I can se from the log that the ISE is doing lookup in the internal database.
  this is output from he logging : 
  Identity Store:
  Internal Users
  I have ,made a identity store sequence with both AD and internal users.
  Br
  Tuva

• Redirect external user (internet) & internal user (intranet)

  Hi, we are developing a public portal services in which we have two kind of user: a) public user that access through internet to the portal. b) internal user that access inside a domain to the portal.
  We want to know How we can know which is the external and which is the internal in order to assign a portal desktop.
  I have seen in the forms the following options:
  1.-> IISPROXY
  2.-> SPNEGO
  3.-> APACHE & SAPDISPATCHER
  1.-> It seems that we the last release of the portal is obsolete
  2.-> It seems that SPNEGO is for internal use only (intranet).
  3.-> I have not documentation about.
  I would be very grateful if someone give a solution and documentation or links about it.
  Thanks in advanced.
  Regards.

  Hi Optima,
    You can use a appIntegrator to distinguish intranet/ extranet users..
    Have a look at "HowToUseAppIntegrator_en.pdf" from service market place.
  This weblog should give you some idea about appintegrator: Step-By-Step Guide to implement Application Integrator
  Regards,
  SK.

• Routing internal users through UAG

  We have published SharePoint on the UAG and want all internal users to access SharePoint through the UAG, as if they were connecting from outside our network. This is working. The problem is that we are trying to publish Office Web Apps
  for SharePoint and it is not working internally or externally. We followed the TechNet article "Publishing Office Web Apps Server Using a Reverse Proxy Server." Is this a supported configuration (to route all internal traffic through UAG
  as if the connection was external to the network)? 

  Thanks for your reply. The underlying setup is the following and this should clarify things a bit:
  UAG is load balancing SharePoint farm.
  Internal DNS is the same as the Public DNS to access SharePoint. (For example sp.domain.com)
  At this point Office Web Apps works normally for both internal and external users.
  Since we want users to experience the same login steps, the following was done:
  A DNS record was created internally, so that sp.domain.com resolves to the public IP of the UAG. This way everyone is going through the UAG for access regardless if they are internal or external users. This is when we started having issues. It seems that
  there is a loop somewhere when office web apps tries to send the document back to SharePoint.

• BSP - UserId and Password for Internal Users - Anonymous for other users

  Hello,
  We developed an application via BSP's. This application can be accessed by two kind of users.
  1. External Users, with should access the page without using a userId and password.
  2. Internal Users, they will have more authorisation and need to specify their userId and Password.
  How can we accomplish this? I tried internal aliases, but can't get it to work properly.
  In the first service 'zbsp' I didn't specify a userId and password in sicf.
  Then I created an internal alias 'zbsp' referring to this 'zbsp'. In this alias I specified a userId and Password, but the system still asks for a userId and Password. (and after logging in the system gives the following error: The application name in URL .../bc/bsp/sap/zbsp2/uat_report.htm is invalid.)
  What did I do wrong? Or are there other ways to accomplish this?
  Greetings,
  Bart

  Take a look at the following mesaages that discussed the whole SSO and SSO2 ticket logins.
  As for a way to handle the two different login types. Well first and formost - active the SSO Tickets on your system.  Set your BSP up for that.
  Then create a new starting page with an alias to the pöublic section for BSP's in your system. On this page make two links.
  For your external users - one that redirects to your BSP passing the user and password in the url for the "read only external user" - that's the sap-user=name here&sap-password=passwordhere.
  For your internal people give them simply the link to the BSP which when they click it will see no user name and password and redirect them to the BSP login.
  Make sure you setup the BSP login according to SAP note 517860 and follow the instructions from http://help.sap.com/saphelp_nw04/helpdata/en/1d/13c73cee4fb55be10000000a114084/frameset.htm using the supplied SYSTEM_PUBLIC)
  It's a bit basic but it works, we do it
  Oh and setting up the system for the SSO (transaction sso2) is very very simple!!

• Getting error while creating the user in user administration in portal

  Hi folks,
       i am unable to create the user in user administration in portal due to the following error,
  could you please help regarding this issue
  "Current user has user creation permissions in the UME, but cannot create users in the back-end system (data source). The original and possibly untranslated message was: "No active writeable datasource found for user creation, check your Persistence Configuration.".

  Hi All,
  I am closing this thread as this is not in the correct forum.  This should be opened in LDAP or UME.  Please open the thread under the correct heading.
  Beth Maben
  EP - Senior Support Consultant
  AGS Primary Support, Business Suite & Technology
  Please see the UWL Wiki @
  http://www.sdn.sap.com/irj/scn/wiki?path=/display/bpx/uwl+faq  ***

• ISE internal user authentication failure - user not found

  Hi Forumers'
  I trying to do wireless 802.1x, where identity store using intenral user.
  But i found this error message when i trying to connect
  Authentication failed                                                                                 :
  22056 Subject not found in the applicable identity store(s)
  My authrorization rules is built like this
  identity groups = user identities group / " mygroup"
  condition = no setting
  permissions = standard / PermitAccess
  Question 1
  Any troubleshooting step to do on this?
  Question 2
  For the Authorization rules, what's the condition should set for using Internal User as Identity store?
  Thanks
  Noel

  The error is caused to an authentication failure and is not an issue with authorization
  You need to look at your authentications policy (Policy->Authentications) and see which identity store was authenticated against
  In addition can do the Live Authentications page (Monitor->Authentications) and for the failing record click on the icon under details. This will give you the full details of the requets processing and you can see which rule was matched in the identity policy (Identity Policy Matched Rule) and "Selected Identity Stores".

• The NLS operation failed because the registry key Control Panel\International\User Profile cannot be opened. Error code is 2. Error message: The system cannot find the file specified.

  H,
  Since upgrading Windows server 2008 R2 to Server 2012 Standard edition, we get this repetitious critical error in the event log:
  Event 1001
  Op Code NLS initialization
  The NLS operation failed because the registry key Control Panel\International\User Profile cannot be opened. Error code is 2. Error message: The system cannot find the file specified.
  We originally found that the regional date settings after changing them in regional settings (DD/MM/YYYY) and they did not inherit properly from the upgrade but they are ok now. 
  I've looked at HKCU\.Default\Control Panel\International and nothing looks obviously wrong. Country codes, time & date formats are correct.
  How do we ascertain the  cause of this error and the specific registry key that might be problematic?

  Hi,
  This could be caused by firewall rules or security softwares.
  http://www.tomshardware.com/forum/242579-44-hkcu-control-panel-international-opened
  And in addition, the fix is worth a try.
  Nothing happens when you double-click "Region" in Control Panel 
  http://support.microsoft.com/kb/2958845
  Please Note: Since the first web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

• I have installed Adobe Lightroom CC.  In the process of launching, a popup appears, that says:  "AN INTERNAL ERROR HAS OCCURRED.  Cannot create the required folder:  /Users/(my user name)/Library/Application Support/Adobe/Lightroom/Develop Presets."  So e

  I have installed Adobe Lightroom CC.  In the process of launching, a popup appears, that says:  "AN INTERNAL ERROR HAS OCCURRED.  Cannot create the required folder:  /Users/(my user name)/Library/Application Support/Adobe/Lightroom/Develop Presets."  So even though Lightroom CC is installed, it will not launch.  What do I need to do to allow it to launch?

  The problem was solved today.  Here's the full story.  I'm a Mac user.  At first I installed Lightroom CC on my iMac (desktop).  I had this problem so I called Adobe, and was referred to a "special unit" .  After about an hour the tech solved it for me ... we did a screen sharing and she took control of my computer for a loooong time.  Because of language difficulties, at first I wondered if she knew what she was doing but she eventually solved it.  Although she couldn't explain exactly what she was doing, she summarized it by saying "it was a permissions problem."  I asked if I would have the same issue later when I installed it on my laptop (Macbook Air).  She said probably not.
  But I did.  The same internal error popup arose on launch and launch did not complete on my laptop.  I tried chat but no joy so I eventually called Apple Care.  I had noticed that on my laptop (and the iMac for that matter), that there was no Library folder after my user name.  The Apple tech explained that the Library folder is actually there but it is hidden because it's very easy for users to do some very nasty things to their computer by going astray while in the Library folder.  The folder is actually there, but they hide it.  I did remember seeing that the tech helping me with my iMac had typed the work "Library" while she was controlling my computer.  Basically she had activated the hidden Library folder so she could open the path that Lightroom was trying to follow to create that "Develop Presets" folder.  For some reason, the inability to create that folder in the launch process was preventing launch from being completed.  The Apple tech said she didn't actually have to do that and activated the Library folder by use of the Go selection on the menu bar.  Anyway, once that complete path was replicated and opened, the next step was to go to the Lightroom Permissions field and add my user name to the user categories already there and enable "read and write" permissions to my user name.  Once done, I shut down my laptop, and then rebooted.  I launched Lightroom and then boom, voila, heavens to betsy, etc. it launched and suddenly a dismal weekend turned into a great one. 
  I am not a geek, so I hope this makes some sense.  I also hope Lightroom launches again tomorrow and beyond! 

• How to authenticate external and internal users on different AD

  What is the recommended way to authenticate external users as well as internal employees in a customer facing application?
  We have external users in an Active Directory in the DMZ and our employees in our internal DMZ.  Unfortunately we don't have an identity management system in place and wondering if there is a way we could authenticate user against two active directories without creating a trust between them.
  We are implementing EP7.0
  Thanks in Advance.

  You can also use user partitioning. A feature of the UME which allows for having different user persistence options for different users. What you could do in this case have the external user stored in the local db or an LDAP for the external users and the internal users stored in an internal LDAP directory. For more details about <a href="http://help.sap.com/saphelp_nw2004s/helpdata/en/e0/b60b404b2b1e07e10000000a1550b0/frameset.htm">user partitioning</a>, please see the docs.
  regards,
  Patrick

• Endeca : multi invoice pay throwing correct error for internal user but it is failing to throw the same error for external user

  Hi,
  1) Internal User expected exception:
  Exception: Payments,apply credits,disputes and print are not supported when multiple customer/currency transactions are selected
  2) External User is throwing below error instead of throwing above exception.
  Error
    You are trying to access a page that is no longer active.
    The referring page may have come from a previous session. Please select Home
     to proceed.
  found this MACCHECK from fnd logs of external user payment.
  MACCHECK: . Parameter failing validation is :mode. The parameter mode with value MultiPay could not be recognized as part of Server's response on the previous request.  Incoming URL is : /OA_HTML/OA.jsp?page=/oracle/apps/ar/irec/endeca/webui/EndecaDummyPG . Current URL is : /OA_HTML/OA.jsp?page=/oracle/apps/ar/irec/endeca/webui/OIREndecaCustHomePG&akRegionApplicationId=222&_ti=1125493452&oapc=10&retainAM=Y&addBreadCrumb=N&oas=6-LL4ndIUFLX-2zjQAQD6A.. . Referer URL is : https://<hostname>:4443/endeca/web/ar/customer?doAsUserLanguageId=en_US&languageId=en_US . HTTP Request Method is : POST
  can someone please help.
  Thanks,
  RRS

  Well, I compared my classpath between my windows batch file and the
  makefile (that comes with the samples installation) on Solaris and realized
  that I am using different sets of jars.
  So, I removed the extra jars from the makefile to narrow down the
  problem. If I remove the /opt/SUNWam/lib/servlet.jar from the makefile,
  I can reproduce this problem on the Solaris box as well.
  When I include this servlet.jar on my windows machine the program works!
  Only jars I have in my classpath are amclientsdk.jar and servlet.jar which
  I have copied from my installation (/opt/SUNWam/lib) on the Solaris box.
  Just the same way, by copying the am_services.jar, saaj-api.jar, and jaxm-api.jar,
  from the Solarix box to the windows machine,
  I am also able to pull the assertions from the Access Manager.
  I installed Sun Java Enterprise System 2005Q1 on a Solaris 10 machine.
  During the installation, I configured to install the Access Manager
  in Sun Application Server.
  Why do I need to have different set of jars on the windows machine
  for the Access Manager client SDK ?
  Could you please point me to a download link where I could download
  the correct Windows Access Manager Client SDK for
  Sun Java System Access Manager 6.0 (Sun JES 2005Q1)?
  Thanks.

• Maximum message size for internal users

  Hi,
  Is it possible to configure a maximum message size for internal users and also create exceptions?
  The templates available in Transport Rules only allow for "when size of any attachment is greater or equal". This is not ideal as users can add 50 X 1MB attachaments to an email etc.
  Configuring Transport settings or Receive Connectors do not allow for exceptions.
  Thank you.

  Hi Prakash,
  Thanks for the link to the thread. The AD site link configuration is valid but does not account for the required exceptions. E.g User A can send unlimited size message to User B but not to User C.
  The thread also mentions the Transport Rule configuration stated in my original post but that configuration has one major flaw. Users can circumvent the control by splitting attachments.

• Some Users on randomly basis unable to send mails from 2003 exchange to 2007 Exchange users Internally.

  Hi All,
  Some Users on randomly basis are unable to send e-mails from 2003 exchange to 2007 Exchange users Internally.
  They are sending mails from outlook and users from 2007 dont have any issues.
  But sometime mails from 2003 to 2007 goes without any issue.
  The NDR reported is as below.
  From: System Administrator
  Sent: 22 February 2014 15:59
  To: XYZ
  Subject: Undeliverable: Regarding Test Message
  Your message did not reach some or all of the intended recipients.
       Subject:  Regarding Test Message
       Sent:     22/02/2014 15:59
  The following recipient(s) could not be reached:
       XXX,XYZ on 22/02/2014 15:59
             The message contains a content type that is not supported
             <HubServer.Domain.UK #5.6.0 smtp;554 5.6.0 STOREDRV.Deliver.Exception:PropertyValidationException; Failed to process message due to a permanent exception>

  Hi,
  According to the NDR, I found this point "The message contains a content type that is not supported".
  Please verify whether the un-delivered messages contain some Sensitive
  Information,  signatures or attachments that cannot pass the Exchange 2007 Edge server. Please also check the content type of the un-delivered messages.
  Found a useful KB for your reference:
  Frequently asked questions about MIME and content conversion in Exchange 2000 Server and in Exchange Server 2003
  http://support.microsoft.com/kb/836555/en-us
  Hope it is helpful
  Thanks
  Mavis
  Mavis Huang
  TechNet Community Support

• Delayed mail for internal user send a mail to gmail account

  hi to every one,
  Today we are facing an issue in exchange server 2010
  Whenever internal user send a mail to some of gmail accounts user receives a mail from postmaster states that
  This is an automatically generated Delivery Status Notification.
  THIS IS A WARNING MESSAGE ONLY.
  YOU DO NOT NEED TO RESEND YOUR MESSAGE.
  Delivery to the following recipients has been delayed.
  Action: delayed
  Status: 4.4.7
  Will-Retry-Until:
  Regards
  Kart26

  Hi,
  Did the issue occur when the specific user you mentioned above sent email to two gmail users at a time?
  Is there any recipient limit for this specific user?
  To narrow down the issue, I recommend you check the smtp log about this specific user for related messages.
  Best regards,
  Belinda
  Belinda Ma
  TechNet Community Support