Using cached credentials (LSASS) with portable browser to access webproxy with integrated authentication (NTLM)

Similar Messages

• Trying to log into a RDS server using cached credentials

  I have a Windows Server 2012 R2 with Remote Desktop Services installed and it is a member server in my domain.   As a test,  I have cut the network connection between the RDS server and the domain controller.   I can log into the
  RDS server at the console with my cached domain account,  but I can't RDP into the server with my cached domain accout.   It is telling me the specified domain either does not exist or could not be contacted.   Does RDS sessions not
  use cached credentials ?    I have set the Group Policy Option: Interactive logon: Number of previous logons to cache (in case domain controller is not available) to 30.   That didn't seem to make any difference.  Thanks for any
  help with this problem.

  Hi,
  By default Network Level Authentication (NLA) will be used for RDP connections, and this requires the domain controller to be available.  If you needed to you could disable the requirement to use NLA in the collection properties and set a custom rdp
  property so that clients would not attempt to use NLA when they connect.  The downside of this approach is clients will never use NLA when connecting and instead will see a server-side log on screen, and may get multiple prompts for credentials.
  It is preferred to use NLA where possible, which in most cases it is since modern clients support it.
  -TP

• Issue with SharePoint foundation 2010 to use Claims Based Auth with Certificate authentication method with ADFS 2.0

  I would love some help with this issue.  I have configured my SharePoint foundation 2010 site to use Claims Based Auth with Certificate authentication method with ADFS 2.0  I have a test account set up with lab.acme.com to use the ACS.
  When I log into my site using Windows Auth, everything is great.  However when I log in and select my ACS token issuer, I get sent, to the logon page of the ADFS, after selected the ADFS method. My browser prompt me which Certificate identity I want
  to use to log in   and after 3-5 second
   and return me the logon page with error message “Authentication failed” 
  I base my setup on the technet article
  http://blogs.technet.com/b/speschka/archive/2010/07/30/configuring-sharepoint-2010-and-adfs-v2-end-to-end.aspx
  I validated than all my certificate are valid and able to retrieve the crl
  I got in eventlog id 300
  The Federation Service failed to issue a token as a result of an error during processing of the WS-Trust request.
  Request type: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
  Additional Data
  Exception details:
  Microsoft.IdentityModel.SecurityTokenService.FailedAuthenticationException: MSIS3019: Authentication failed. ---> System.IdentityModel.Tokens.SecurityTokenValidationException:
  ID4070: The X.509 certificate 'CN=Me, OU=People, O=Acme., C=COM' chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. 'A certification chain processed
  correctly, but one of the CA certificates is not trusted by the policy provider.
  at Microsoft.IdentityModel.X509CertificateChain.Build(X509Certificate2 certificate)
  at Microsoft.IdentityModel.Tokens.X509NTAuthChainTrustValidator.Validate(X509Certificate2 certificate)
  at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token)
  at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()
  at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
  --- End of inner exception stack trace ---
  at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
  at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.BeginGetScope(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
  at Microsoft.IdentityModel.SecurityTokenService.SecurityTokenService.BeginIssue(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.DispatchRequestAsyncResult..ctor(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginDispatchRequest(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.ProcessCoreAsyncResult..ctor(WSTrustServiceContract contract, DispatchContext dispatchContext, MessageVersion messageVersion, WSTrustResponseSerializer responseSerializer, WSTrustSerializationContext
  serializationContext, AsyncCallback asyncCallback, Object asyncState)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginProcessCore(Message requestMessage, WSTrustRequestSerializer requestSerializer, WSTrustResponseSerializer responseSerializer, String requestAction, String responseAction, String
  trustNamespace, AsyncCallback callback, Object state)
  System.IdentityModel.Tokens.SecurityTokenValidationException: ID4070: The X.509 certificate 'CN=Me, OU=People, O=acme., C=com' chain building
  failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. 'A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider.
  at Microsoft.IdentityModel.X509CertificateChain.Build(X509Certificate2 certificate)
  at Microsoft.IdentityModel.Tokens.X509NTAuthChainTrustValidator.Validate(X509Certificate2 certificate)
  at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token)
  at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()
  at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
  thx
  Stef71

  This is perfectly correct on my case I was not adding the root properly you must add the CA and the ADFS as well, which is twice you can see below my results.
  on my case was :
  PS C:\Users\administrator.domain> $root = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\
  cer\SP2K10\ad0001.cer")
  PS C:\Users\administrator.domain> New-SPTrustedRootAuthority -Name "domain.ad0001" -Certificate $root
  Certificate                 : [Subject]
                                  CN=domain.AD0001CA, DC=domain, DC=com
                                [Issuer]
                                  CN=domain.AD0001CA, DC=portal, DC=com
                                [Serial Number]
                                  blablabla
                                [Not Before]
                                  22/07/2014 11:32:05
                                [Not After]
                                  22/07/2024 11:42:00
                                [Thumbprint]
                                  blablabla
  Name                        : domain.ad0001
  TypeName                    : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
  DisplayName                 : domain.ad0001
  Id                          : blablabla
  Status                      : Online
  Parent                      : SPTrustedRootAuthorityManager
  Version                     : 17164
  Properties                  : {}
  Farm                        : SPFarm Name=SharePoint_Config
  UpgradedPersistedProperties : {}
  PS C:\Users\administrator.domain> $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\
  cer\SP2K10\ADFS_Signing.cer")
  PS C:\Users\administrator.domain> New-SPTrustedRootAuthority -Name "Token Signing Cert" -Certificate $cert
  Certificate                 : [Subject]
                                  CN=ADFS Signing - adfs.domain
                                [Issuer]
                                  CN=ADFS Signing - adfs.domain
                                [Serial Number]
                                  blablabla
                                [Not Before]
                                  23/07/2014 07:14:03
                                [Not After]
                                  23/07/2015 07:14:03
                                [Thumbprint]
                                  blablabla
  Name                        : Token Signing Cert
  TypeName                    : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
  DisplayName                 : Token Signing Cert
  Id                          : blablabla
  Status                      : Online
  Parent                      : SPTrustedRootAuthorityManager
  Version                     : 17184
  Properties                  : {}
  Farm                        : SPFarm Name=SharePoint_Config
  UpgradedPersistedProperties : {}
  PS C:\Users\administrator.PORTAL>

• Access Denied Web Application with Claims authentication NTLM only when using secondary URL

  I have a SharePoint 2010 server farm with 2 web front ends, an application server and a database server.  Both front ends are internal to
  our network and are not behind a load balancer.
  NOTE THAT I HAD TO SUBSTITUTE hzzp with hzzp so that I had no links in the body of this post since I am not verified
  I setup a new web application called "SharePoint 41171" with:
  Public URL:
  hzzp://testserver1:41171
  Claims authentication
  NTLM only: no forms auth
  No SSL
  New web site "SharePoint 41171"
  New app pool
  New content database
  I create a top level site collection and name mydomain\myusername as the primary site collection admin
  I am able to access this site as expected at
  hzzp://testserver1:41171 with the aforementioned site collection owner id: mydomain\myusername
  I add an alternate access mapping for a secondary URL for this web application in the Intranet zone:
  hzzp://iwatest.mydomain.com
  So my AAMs for the site read as:
  hzzp://testserver1:41171    
  Default     hzzp://testserver1:41171
  hzzp://iwatest.mydomain.com    
  Intranet     hzzp://iwatest.mydomain.com
  When I attempt to log on to
  hzzp://iwatest.mydomain.com with the same user name and password, I get "access denied".
  I can access this site using
  hzzp://iwatest.mydomain.com if I log in as the farm account.  This is the only account that seems to work.
  Side Note: If I create a separate web application without claims - just NTLM and create the same AAMs, I can login fine with the same secondary
  URL and the same user name
  IP address properly maps to this machine.
  I reviewed the ULS logs and find the following:
  10/30/2012 16:20:23.45              w3wp.exe (0x0E78)                      
                  0x1724       SharePoint Foundation              Monitoring                   
                  nasq                        Medium    Entering
  monitored scope (Request (GET:hzzp://iwatest.mydomain.com:80/_layouts/AccessDenied.aspx?Source=hzzp%3A%2F%2Fiwatest%2Emydomain%2Ecom))                
  10/30/2012 16:20:23.45              w3wp.exe (0x0E78)                      
                  0x1724       SharePoint Foundation              Logging Correlation Data     
        xmnv                        Medium    Name=Request (GET:hzzp://iwatest. mydomain.com:80/_layouts/AccessDenied.aspx?Source=hzzp%3A%2F%2Fiwatest%2Emydomain%2Ecom)      
  8f313b5e-8476-4dd4-9abe-0cb6dbe024b6
  10/30/2012 16:20:23.45              w3wp.exe (0x0E78)                      
                  0x1724       SharePoint Foundation              Logging Correlation Data     
        xmnv                        Medium    Site=/          8f313b5e-8476-4dd4-9abe-0cb6dbe024b6
  10/30/2012 16:20:23.45              w3wp.exe (0x0E78)                      
                  0x1724       SharePoint Foundation              General                      
                     8e2s                        Medium 
    Unknown SPRequest error occurred. More information: 0x80070005       8f313b5e-8476-4dd4-9abe-0cb6dbe024b6
  10/30/2012 16:20:23.45              w3wp.exe (0x0E78)                      
                  0x1724       SharePoint Foundation              Monitoring                   
                  b4ly                        Medium    Leaving
  Monitored Scope (Request (GET:hzzp://iwatest.mydomain.com:80/_layouts/AccessDenied.aspx?Source=hzzp%3A%2F%2Fiwatest%2Emydomain%2Ecom)). Execution Time=8.66003919492561   8f313b5e-8476-4dd4-9abe-0cb6dbe024b6
  Basically it tells me that access is denied.  I didnt see anything that stood out here.
  I found this article:
  hzzp://social.technet.microsoft.com/Forums/en-US/sharepointadminprevious/thread/ded9188b-ee03-4ef0-bb50-3ad138110e0c, which pointed me in the direction of ensuring that the portal
  super user and portal reader accounts were properly added to my web application.  I followed the every popular article on doing this:
  hzzp://technet.microsoft.com/en-us/library/ff758656.aspx, but still no luck.  As per the thread, I added the 2 domain accounts to the user policy with appropriate privilege
  and then set them as the super user and super reader accounts via powershell, and yes I did prefix those names with "i:0#.w|mydomain\".  To be exta sure, I repeated this for all web applications on this server with slightly different powershell steps
  depending on wether or not claims was enabled on the web application.
  The Claims to Windows Token Service is running.
  I saw some mention of ensuring that the secure token service is running with a proper application pool account, but we are not running that service
  and I cant imagine what that would have to do with my situation.
  I have deleted and readded the web application and repeated these steps to no better effect.
  I gave the mydomain\myusername full control for the web application through the user policy, ensured that it was indeed the primary site collection
  owner and added it to the default site owners group.  None of this helped.
  I changed the application pool account to the farm account.  No change in behavior.
  Rebooted IIS and the machines many times along the way.
  Further, when I attempt to sign in as a different user after being denied, I get "an unexpected error has occured message.  I found the following
  in ULS:
  10/30/2012 11:19:03.71 w3wp.exe (0x182C)                      
  0x1210  SharePoint Foundation                 Logging Correlation Data                     
  xmnv     Medium               Name=Request (GET:hzzp://iwatest.mydomain.com:80/_layouts/accessdenied.aspx?loginasanotheruser=true&Source=hzzp%3A%2F%2Fiwatest%2Emydomain%2Ecom)
  cc409ec2-4889-42fa-aa7d-9cc4535e4f0e
  10/30/2012 11:19:03.71 w3wp.exe (0x182C)                      
  0x1210  SharePoint Foundation                 Logging Correlation Data                     
  xmnv     Medium               Site=/    cc409ec2-4889-42fa-aa7d-9cc4535e4f0e
  10/30/2012 11:19:03.72 w3wp.exe (0x182C)                      
  0x1210  SharePoint Foundation                 General                      
           8e2s                Medium               Unknown SPRequest error occurred.
  More information: 0x80070005      cc409ec2-4889-42fa-aa7d-9cc4535e4f0e
  10/30/2012 11:19:03.72 w3wp.exe (0x182C)                      
  0x1210  SharePoint Foundation                 Runtime                      
          tkau                Unexpected       System.NullReferenceException: Object reference not set to an instance
  of an object.    at Microsoft.SharePoint.ApplicationPages.AccessDeniedPage.LogInAsAnotherUser()     at Microsoft.SharePoint.ApplicationPages.AccessDeniedPage.OnLoad(EventArgs e)     at System.Web.UI.Control.LoadRecursive()    
  at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)            cc409ec2-4889-42fa-aa7d-9cc4535e4f0e
  10/30/2012 11:19:03.74 w3wp.exe (0x182C)                      
  0x1210  SharePoint Foundation                 Monitoring                        
  b4ly                Medium               Leaving Monitored Scope (Request (GET:hzzp://iwatest.mydomain.com:80/_layouts/accessdenied.aspx?loginasanotheruser=true&Source=hzzp%3A%2F%2Fiwatest%2Emydomain%2Ecom)).
  Execution Time=22.5439266722447           cc409ec2-4889-42fa-aa7d-9cc4535e4f0e
  By the way, this occurs for the farm account also after a successful login and an attempt to sign in as a different user.
  Any help would be greatly appreciated

  Thanks spadminspadmin:
  I have, though I am not sure that what I've added there is correct:
  The URL that I am trying to use to access the web application's IIS site is hxxp://iwatest.mydomain.com.  I added a binding to the IIS site as follows:
  Type    Host name                      port        IP address
  http     iwatest.mydomain.com     41171     *
  Is that correct?

• Error with integrated authentication (sql server)

  Hi,
  I need to connect Lumira 1.23 with sql server instances (of sql 2008 and 2012). In this case I need to use windows users and it seems there is a problem with the integrated authentication.
  In some blogs and articles I have seen that the sqljdbc_auth.dll file has to be copied in one or more folder but I haven't clear this point.
  Can anybody help to fix the problem?
  Thanks in advance.
  Regards.

  I am very new to SQL Server and I am trying to access sql server from my .net web application. The environment is Windows 8 and SQL Server  2012 
  I have tried some of the blog solutions but could not open SQL Server Configuration tool in windows 8.
  Hi Sraven,
  According to your description, SQL Server Configuration Manager is a snap-in for the Microsoft Management Console program and not a stand-alone program, SQL Server Configuration Manager not does not appear as an application when running Windows
  8. To open SQL Server Configuration Manager, in the Search charm, under
  Apps, type SQLServerManager11.msc (for SQL Server 2012) or
  SQLServerManager10.msc for (SQL Server 2008), and then press Enter.
  In addition, there is a similar issue about connect .NET4.0 C# application to SQL Server 2012 database, you can review the following article.
  http://visualstudiomagazine.com/articles/2013/11/01/hooking-aspnet-apps-into-sql-server-2012.aspx
  Regards,
  Sofiya Li
  If you have any feedback on our support, please click here.
  Sofiya Li
  TechNet Community Support

• Remote users cannot log on to a computer that is using cached credentials following password policy expiration

  Hi, we are currently having issues with remote users when their AD account flags that their password needs to be changed.
  This happens when GPO enforces the user to change their password whilst they are not connected via a 3rd party VPN (OVPN Connect) which relies upon LDAP Authentication. When they next login, LDAP authentication knows that the password should have been changed
  and therefore will not allow users to connect securely. Because they cannot connect, they cannot get the Windows prompt to tell them that they need to change their password.
  Bit of a vicious circle. Can anyone suggest a work around or tweak for this?
  Thanks in advance
  I did come across an article but it applies to Windows 2000 http://support.microsoft.com/kb/818088/en-gb any updated versions of this for Windows 7?

  > they are not connected via a 3rd party VPN (OVPN Connect) which relies
  > upon LDAP Authentication. When they next login, LDAP authentication
  > knows that the password should have been changed and therefore will not
  You need to use a solution that can handle this situation within the VPN
  client (wich yours seemingly cannot)...
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• HELP! Slow logon with Cached Credentials off domain. Have xperf files.

  Having issues when you take a corporate laptop off domain and log in using cached credentials. Login times range from 2-4 minutes. This is with SSD. No problem logging in on network. Only way to speed up login off network is disable wireless. I ran
  xperf both on network and off network. I have xperf files that can be emailed. Anybody got an idea?

  When trying to log in with domain credential offsite, your laptop is trying to contact DC from public Internet before using cached credentials. Without network, it will try cached credentials directly. According with my knowledge, you can't force cached
  credentials, the process is Automatic.
  Therefore, the only solution is disconnecting the network cable or using a local user instead.
  And this tool in the following link can help you findout exactly what is holding up the login process. You can check the result by youself.
  http://blogs.technet.com/b/askpfeplat/archive/2012/06/09/slow-boot-slow-logon-sbsl-a-tool-called-xperf-and-links-you-need-to-read.aspx

• Cached credentials are not working on the lock screen (Windows 7)

  Hello all,
  We are having a difficult time trying to troubleshoot a problem with credential caching seemingly not working on the lock screen for our laptop users. Users are instructed to logon to the laptop while connected to the domain to cache their credentials. The
  user then leaves the network, and is able to log in to the laptop using cached credentials. The laptop locks either due to a manual lock, or due to an inactivity timer. The user tries to relog and is presented with the error “no logon servers available to
  service the request.” Users are reporting the problem from both home and public networks. We have been able to recreate the issue by logging on the laptop while in the office and setting our internal wireless network to manually connect, and then simply clicking
  start > shutdown arrow > lock. Many users have reported that they were able to get back into the laptop after a hard shut down, but would be unable to log in again if they returned to the lock screen. One user has reported that selecting other credentials
  > switch user > other user while on the lock screen and then entering in his DC credentials would allow him to get back into the laptop. I was unable to recreate this workaround on our test machine. I also tried to logon using the switch user account
  with the “.\username” method to see if that would look for cached credentials. One user has reported that he was unable to hard shut down the computer to get back in. He also reported that he tried to pull the battery and give it time before trying again.
  We have set the value for “Interactive logon: Number of previous logons to cache” to 50. The status of “Interactive Logon: Require Domain Controller to unlock workstation” is disabled. We have tried to turn the Wi-Fi switch off and then back on while on
  the lock screen. Error logs that we think are related to the problem include – Event ID:5719, NETLOGON and Event ID:4343, NlaSvc error 0x4C6 and error 0x51
  I have a slightly sinking feeling it has something to do with NLA thinking that they are connected to a domain while on the lock screen, but this is pure speculation. Thanks for reading my post and any potential solutions are greatly appreciated! 

  I'd try them over here.
  Windows IT Pro forums on TechNet
  Regards, Dave Patrick ....
  Microsoft Certified Professional
  Microsoft MVP [Windows]
  Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

• Easy cost planning with integrated planning

  Hi All,
  I am testing easy cost planning and I see that to use easy cost planning, I have to unmark the flag for "Integrated PLanning", this leeds to no creation of line items in planification. Does anyone know if there is a way to use easy cost planning with integrated planning?
  Thanks a lot in advance.

  it may be with reference to the Versions.

• IE Integrated authentication not working with Windows 2003 clients

  Hi,
  I have a website on a windows 2008 R2 server on IIS. It is accessible through the Windows 7/windows 2008 internet explorers with integrated authentication. when the same user logged in a windows 2003 server and try to open this site, popping up the username/password
  prompt. Even if giving the right username/pw, it doesnt accept.
  IE integrated authentication is enabled in the client. Is there any restriction in windows 2003/xp clients to use integrated authentication on a site published in IIS7 over a windows 2008?
  Thanks for any help.

  This may help
  http://forums.iis.net/t/1167697.aspx?Making+Windows+Authentication+work+on+IIS7+it+worked+on+IIS6
  Generally www.iis.net is a good place for solving similar task and problems.
  Regards
  Milos

• Windows 7 802.1x wifi profile issue with cached credentials

  We have a wireless network that is setup as WPA2-Enterprise AES using 802.1x. We have a user that is constantly having his account locked out. When we trace where it's coming from, it's from our
  radius server (which is only used for this one wireless network). We have already deleted the profile and recreated it. If we uncheck the option to remember the username/password, and enter that manually at prompt, it connects fine. As soon as we check that
  option back, it fails and will keep failing and eventually lock out his acocunt. We have recreated his user profile and the wifi profile with no luck. I've done the following http://security.stackexchange.com/questions/15574/how-do-i-clear-cached-credentials-from-my-windows-profile
  but to no avail. There are no credentials listed when I go this route. Can someone shed light as to where it is hiding these credentials?

  Hi
  Maybe change settings on RADIUS server to allow more than 5 successive login attempts.
  If you look at the windows security log on the radius server can you see if it giving errors of bad username or password?
  Hope this helps. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Authenicated with Cached Credentials

  I have 2 identical Mac Book Pro laptops (I use one as a backup). I do a full backup of the production Mac using SuperDuper and install it on the other to use as a replacement if needed. They are never on the network (Windows 2003/AD) at the same time. When logging into the network on the backup laptop a message pops up saying Authenicated with Cached Credentials. After several times of logging in you are no longer able to log in at all. Is there something I need to clear that I am missing?

  Hi beachbum 2013, and a warm welcome to the forums!
  Hmmm, might see if this is of any help...
  http://www.scribd.com/doc/6075527/Group-Policies-for-Mac-OS-X
  Next time it won't login, try logging out, then logon to your Mac, click the Other... button on the logon screen and use domain/username as your logon information.

• When I login to my bank, I get the message: 403 - Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied. Have new MacBook Air with Yosemite. How to solve this problem?

  When I try to login to the website of my bank, I get the following error message:
  403 - Forbidden: Access is denied.
  You do not have permission to view this directory or page using the credentials that you supplied.
  I have a new MacBook Air with OS Yosemite installed.
  What is the problem and how can I solve it?

  Some websites require a special client certficate for access. If you don't have that certficate, you'll have to contact the site operator to find out how to get one.
  Sometimes the problem is caused by a web server that is configured to request an optional client certificate. Safari treats the request as mandatory. In that case, other browsers such as Firefox and Chrome may be able to connect to the site, because they ignore the request.
  The first time you were prompted for a certificate, you may have clicked through a dialog that requested access to the Apple certificate in your keychain that is used to secure the iMessage service. In that case, you may be able to regain access to the site in Safari by doing as follows.
  Back up all data.
  Double-click anywhere in the line below on this page to select it:
  com.apple.idms.appleid.prd
  Copy the selected text to the Clipboard by pressing the key combination command-C.
  Launch the Keychain Access application in any of the following ways:
  ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
  ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
  ☞ Open LaunchPad. Click Utilities, then Keychain Access in the icon grid.
  Paste into the search field in the Keychain Access window by clicking in it and pressing the key combination command-V. An item may appear in the list of keychain items. The Name will begin with string you searched for, and the Kind will be "certificate."
  Delete the item by selecting it and pressing the delete key. It will be recreated automatically the next time you launch the Messages or FaceTime application.
  The next time you visit a site that prompts for an optional client certificate, cancel out of the prompt. You may have to do this several times before the server stops asking.
  Credit for this idea to Christian Braukmueller of SAP.

• The disk drive in my iMac 8,1 has stopped working, so I now use an LG 8x Slim Portable that works.  However, every time I use the LG drive, I lose contact with my Time Machine back-up drive that has to be deleted and reinstalled.  Help!

  The disk drive in my iMac 8,1 has stopped working, so I now use an LG 8x Slim Portable that works.  However, every time I use the LG drive, I lose contact with my Time Machine back-up drive that has to be deleted and reinstalled.  Help!

  It's not Logic that can't find them, it's your Komplete apps, though if you did exaclty as you say I can see no reason why they can't.
  Do you know where the apps installed them in the first place? I chose a non-standard locarion for mine, but I'm sure it installs sounds to your documents folder/native instruments/name of app.
  Go into the prefs of each app and choose the library location button on the library tab and point it to the relevant folder in documents/native instruments and see if that works
  jake

• I am using a Seagate backup plus portable drive on my iMac 7 with OSX 10.9.2.  At startup up I always get a popup window stating "The disk you inserted is not readable by this computer.  I click ignore and everything seems OK. Is it?

  I am using a Seagate backup plus portable drive as my time machine backup on my iMac 7 with OSX 10.9.2 Mavericks.  At startup I always get popup window stating "The disk you inserted is not readable by this computer..?   I click ignore and everything seems to be OK.   Time machine seems to be backuping up to the seagate.   I can open time machine and see the history of backups.    Why does this message come up at startup of computer????

  If you installed the Seagate software, remove it according to the manufacturer's instructions.