Windows AD and Trusted Authentication

Do you have to use IIS as the webserver when installing on a Windows platform and trying to implement SSO?  Unfortunately, using standard AD and Kerberos is NOT an option.  Without having to implement extra coding out of the box, can you implement SSO with trusted authentication using Windows AD accounts to be passed to the CMS and using Apache/Tomcat as the Web and app server?

OK.  IF I can use Tomcat as web and app server in the WIndows Server environment, What retrieval method would you recommend (ie. Remote_user, Query_String, etc).  I have successfully tested query string, however, that would require a way to capture the AD account of every user.  This is where I have not found documentation or examples without IIS being utilized.

Similar Messages

  • How do we use SSO for both Windows AD and Trusted authentication?

    We want to have the majority of our users access the BO 4 BI Launchpad using SSO with Windows AD authentication.  We have set this up and it's working ok.  We also have a subset of external users and need to configure SSO with Trusted authentication for their Enterprise accounts.  Support says we can only have SSO for one authentication type.  I'm assuming we can work around this by installing a 2nd Tomcat instance on our Linux server.  Has anyone done this type of config successfully?  Any other ideas would be greatly appreciated.  Thanks!

    Hi Collins,
    BOE's CMS can be accessed from multiple application servers.
    Please have a look on this new article [here|http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/00240702-8343-2f10-ed9a-85ece14c93db] .
    You may use this method for other application servers(not only NW) but just dont add the file "web-j2ee-engine.xml" as its not  needed.
    regarding sections 4.2.4 on the document, On one application server just set "authentication.default" property under the file BIlaunchpad.properties, to "secWinAD"(for win AD). and on the other set it to "secEnterprise".
    please report any problems you may encounter,
    thanks,
    Idan

  • Cluster and trusted authentication

    I am using trusted authentication to log into BO server. Everything is set up correctly and working fine even with BO cluster.
    Recently, we created another cluster with separate set of servers. When try to connect to this cluster (using the cluster name) very weird thing is happening.
    When I try to log in using token - first attempt succeeds, second attempt fails, third succeeds, fourth fails..and so on.
    My doubt is that somehow two servers on the cluster are not communicating properly. So, if a token was generated for one server, it doesn't connect to another server. Has anyone seen anything like this before?  Where should I start looking in the cluster setup?

    Tokens aren't cluster member specific.
    You've mentioned Trusted Authentication and tokens, but token generation is separate from authentication, so what's the exact workflow going from Trusted Auth to token generation to token use?
    Sincerely,
    Ted Ueda

  • Windows AD and SAP Authentication

    I require the functionality of the BW Publisher, i.e. Hierarchy Node Variables and Dynamic List of Values for Crystal Reports. I can only get this to work if I log on using SAP Authentication. Is there a way that we can log on using Windows AD Authentication and still get the benefits of BW Publisher with Crystal Reports?

    Hi Seb,
    Thankyou for responding. In our system I have a user set up with Windows AD Authentication and in BOE I have the secWinAD account set up as an alias in the user properties. In addition, I have the same user set up in BW with exactly the same user ID and in the user properties in BOE I select "Assign Alias" and choose the BW account so the user has two aliases, one for secWinAD and one for secSAPR3:BWD (our BW system).
    I log on to InfoView using the Win AD authentication and when I select my Crystal Report I see my BW hierarchy node variable as a flat list. When I log on to InfoView using SAP authentication I see my BW hierarchy node variable as a hierarchy. I want to be able to log on using Win AD authentication and see the BW hierarchy node variable as a hierarchy.
    What am I missing? Thankyou so much for your help.
    regards,
    John

  • MOBI SSO with trusted authentication and form based authentication

    Dear All,
    I am trying to configure Trusted authentication based SSO FOR MOBI, here are the details:
    - SAP BI 4.1 SP04
    - Trusted authentication with HTTP header configurred for BI Launchpad and working fine.
    Now to have SSO from Mobile, I plan to leverage the existing configuration of BI Launchpad and at Mobile level, I want to use authentication type as TRUSTED_AUTH_FORM, instead of TRUSTED_AUTH_BASIC, with the approach: Trusted authentication with HTTP header.
    And
    Provide our app users their X502 certs.
    1. Will the above approach work ??
    2. As per SAP NOTE: 2038165 - SSO using form based trusted auth gives with the SAP BI app for iOS gives error MOB00920 this does not work and is still under investigation from July last year ? So for any community member, has this been found working ??
    I would appreciate your valuable inputs.
    Regards,
    Sarvjot Singh

    Hi,
    According to your post, my understanding is that you want to know the difference of the SharePoint three type user authentications.
    Windows claims-based authentication uses your existing Windows authentication provider (Active Directory Domain Services [AD DS]) to validate the credentials of connecting clients. Use this authentication to allow AD DS-based accounts access to SharePoint
    resources. Authentication methods include NTLM, Kerberos, and Basic.
    Forms-based authentication can be used against credentials that are stored in an authentication provider that is available through the ASP.NET interface
    SAML token-based authentication in SharePoint 2013 requires coordination with administrators of a claims-based environment, whether it is your own internal environment or a partner environment.
    There is a good article contains all the SharePoint Authentications, including how they work and how to configure.
    http://sp77.blogspot.com/2014/02/authentication-in-sharepoint-2013_5.html#.VFcyQ_mUfkJ
    Thanks & Regards,
    Jason
    Jason Guo
    TechNet Community Support

  • WIndows 7 and Windows 2008 authentication failed in Windows 2003 Domain

    Hi,
    We have Domain with Windows 2003 and recently Windows 2008 Doamin controllers also added.
    We are facing authentication failure for Windows 7 and Windows 2008 Domain members when user is trying to login.
    Schema Master is on Windows 2003 and remaining roles on Windows 2008 Domain controller.
    Windows XP clients login is working fine.
    Problem si for Windows 7 and Windows 2008 Domain members login.
    Any hint/solution will be really great help.
    Pls share if you have any solutions.
    Regards:Mahesh

    Hi,
    I found some more details about issue
    Below are the events getting generated. It looks like due to encryption mismatch with Windows 2003 Domain and Windows7 and Windows 2008 clients. However i am looking for solution if someone tested this case.
    Event Type:        Error
    Event Source:    KDC
    Event Category:                None
    Event ID:              26
    Date:                     08/06/2014
    Time:                     9:41:04 AM
    User:                     N/A
    Computer:          AAAAAA
    Description:
    While processing an AS request for target service krbtgt, the account ADDADA$ did not  have a suitable key for generating a Kerberos ticket (the missing key has an ID of 2). The requested etypes were 17.  The accounts
    available etypes were 23  -133  -128  3  -140.
    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp.
    Event Type:        Error
    Event Source:    Kerberos
    Event Category:                None
    Event ID:              4
    Date:                     08/06/2014
    Time:                     9:34:17 AM
    User:                     N/A
    Computer:          AAAAAA
    Description:
    The kerberos client received a KRB_AP_ERR_MODIFIED error from the server ADADDFHDHDH$.  The target name used was . This indicates that the password used to encrypt the kerberos service ticket is different than that on the
    target server. Commonly, this is due to identically named  machine accounts in the target realm (DOMAINNAME.COM), and the client realm.   Please contact your system administrator.
    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp.
    Regards:Mahesh

  • Weird case involving NTLM, Windows XP and the portal

    I have a very peculiar case here for a few users.
    The users have in common that they are all using windows xp (and just migrated), though most other person (even ones using windows XP do not have the problem).
    We have implemented SSO to the portal, and done this using IIS on the portal servers. In front of that we are using IBM edge loadbalancers.
    From a troubled user perspective, when the he opens the browser against the portal, he gets the portal logon page with a message saying user authentication failed.
    I've found out what happens behind the scene and why the portal fails, but I can't explain it thoroughly.
    The user's browser reaches the portal.company.com address. IIS requests NTLM login and after a few packets, the browser sends the user's userprincipalname ([email protected]) via the NTLM login (i've documented this in the network traces from ethereal). That the browser sends the userprincipalname is the core of the problems, all other user's send the SAMaccountname. The portal reads the NTLM information and parses the userinformation (here the userprincipalname) However, we have configured our portal to use the SAMaccountname when authentication against AD, and therefore the login fails.
    If I use an DNS alias for the portal.company.com addresse, say aliasportal.company.com (actually portal.company.com is an alias for aliasportal.company.com, but don't let that confuse you), the same client that sent userprincipalname earlier, now sends the SAMaccountname and therefore gets SSO (and goes through the loadbalancer). And if I try to access one of the portal servers directly (without going through the load balancer), it also sends SAMaccountname. So basically, there has to be something with the address portal.company.com that makes the user's browser to send the userprincipalname.
    Also, this problem is not tied to the user's profile, because if he uses another pc, it works like a charm.
    <b>If you have any idea at all what could have caused this, please do contribute.. No answers are stupid (in this case). I am especially looking for details to what causes IE to send userprincipalnames, and what causes it to send SAMaccountname.</b>
    Network sniffing(some minor changes to hide information):
    This is the NTLM packet which "wrongly" contains the userprincipalname.
    No.     Time        Source                Destination           Protocol Info
         17 0.107258    xxxxx        xxxxxx        HTTP     GET /irj/servlet/prt/portal/prtroot/com.sap.portal.navigation.portallauncher.default HTTP/1.1, NTLMSSP_AUTH
    Frame 17 (792 bytes on wire, 792 bytes captured)
    Ethernet II, Src: 00:11:43:7d:52:94, Dst: 00:d0:05:04:8f:fc
    Internet Protocol, Src Addr: xxxxxxxxx , Dst Addr: xxxxxxx
    Transmission Control Protocol, Src Port: 2201 (2201), Dst Port: http (80), Seq: 403, Ack: 741, Len: 738
    Hypertext Transfer Protocol
        GET /irj/servlet/prt/portal/prtroot/com.sap.portal.navigation.portallauncher.default HTTP/1.1\r\n
        Accept: /\r\n
        Accept-Language: da\r\n
        Accept-Encoding: gzip, deflate\r\n
        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)\r\n
        Host: portal.company.com\r\n
        Connection: Keep-Alive\r\n
        Authorization: NTLM TlRMTVNTUAADAAAAGAAYAHoAAACkAKQAkgAAAAAAAABIAAAAIAAgAEgAAAASABIAaAAAAAAAAAA2AQAABYKIogUBKAoAAAAPZABqAHcAbABAAHMAdABhAHQAbwBpAGwALgBjAG8AbQBQAEMALQAzADkAMwA3ADEANAAjkf2i0gE5YfLWa6LaFWq/QOJVBMBK+X/0eZk41NRM7wDew37l6/jmAQE
            NTLMSSP
                NTLMSSP identifier: NTLMSSP
                NTLM Message Type: NTLMSSP_AUTH (0x00000003)
                Lan Manager Response: 2391FDA2D2013961F2D66BA2DA156ABF40E25504C04AF97F
                NTLM Response: F4799938D4D44CEF00DEC37EE5EBF8E60101000000000000...
                Domain name: NULL
                User name: [email protected]
                Host name: PC-393714
                Session Key: Empty
                Flags: 0xa2888205
        \r\n
    And this is the packet against the dns alias which works
    No.     Time        Source                Destination           Protocol Info
         17 0.103528    xxxxx          xxxxx         HTTP     GET /irj/servlet/prt/portal/prtroot/com.sap.portal.navigation.portallauncher.default HTTP/1.1, NTLMSSP_AUTH
    Frame 17 (788 bytes on wire, 788 bytes captured)
    Ethernet II, Src: 00:11:43:7d:52:94, Dst: 00:d0:05:04:8f:fc
    Internet Protocol, Src Addr: xxxx, Dst Addr: xxxx
    Transmission Control Protocol, Src Port: 1825 (1825), Dst Port: http (80), Seq: 403, Ack: 741, Len: 734
    Hypertext Transfer Protocol
        GET /irj/servlet/prt/portal/prtroot/com.sap.portal.navigation.portallauncher.default HTTP/1.1\r\n
        Accept: /\r\n
        Accept-Language: da\r\n
        Accept-Encoding: gzip, deflate\r\n
        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)\r\n
        Host: aliasportal.company.com\r\n
        Connection: Keep-Alive\r\n
        Authorization: NTLM TlRMTVNTUAADAAAAGAAYAHgAAACkAKQAkAAAABYAFgBIAAAACAAIAF4AAAASABIAZgAAAAAAAAA0AQAABYKIogUBKAoAAAAPUwBUAEEAVABPAEkATAAtAE4ARQBUAEQASgBXAEwAUABDAC0AMwA5ADMANwAxADQAyhO3U1uCz0jn55samc+TUJmnyefvp0tXQN0VMytYEG3YDADHwRicxwEBAAA
            NTLMSSP
                NTLMSSP identifier: NTLMSSP
                NTLM Message Type: NTLMSSP_AUTH (0x00000003)
                Lan Manager Response: CA13B7535B82CF48E7E79B1A99CF935099A7C9E7EFA74B57
                NTLM Response: 40DD15332B58106DD80C00C7C1189CC70101000000000000...
                Domain name: COMPANY-NET
                User name: DAPA
                Host name: PC-393714
                Session Key: Empty
                Flags: 0xa2888205
        \r\n
    I'll be truely impressed if anyone solves this one!

    Hi Dagfinn,
    There are a few things I would check in the Internet explorer settings on the client, namely :
    -The security zones (which addresses are in Intranet, Trusted sites, etc.)
    -Check in the security settings if automatic logon with current username is enabled.
    -Look if "Enable integrated Windows authentication" is enabled in the advanced settings.
    Are you using Kerberos authentication? There's a long article on Microsoft's website about troubleshooting Kerberos errors which might give a few clues :
    http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/tkerberr.mspx

  • XI 3.0 Trusted Authentication

    When setting up for Trusted Authentication, the TrustedPrincipal.conf file needs to be added to the BO install.  The documentation (Admin Guide) says that it needs to go to <drive>:\Program Files\Files\Business Objects\
    BusinessObjects Enterprise
    12.0\win32_x86\plugins\auth\secEnterprise. However, this folder no longer exists.  I've tried creating the folder and putting the file there.  I've also tried putting the file in just win32_x86.
    Where is this file supposed to go with the new version?
    Thanks!
    -Dell

    It should go in the <install>\BusinessObjects Enterprise 12.0\win32_x86 if on Windows.
    You can set the Java System property 'bobj.trustedauth.home' to specify a different folder.
    A good tool to determine where the Java Web App process is looking for the file is [Filemon|http://technet.microsoft.com/en-us/sysinternals/bb896642.aspx].
    Sincerely,
    Ted Ueda

  • Sharing Windows 7 and SL Files

    I know that there are a number of threads touching on this subject but nothing has helped me so far.
    I have a MBP and iMac both running 10.6.6. I have Win 7 installed on both in Bootcamp. I have never been able to share files between Win 7 and the Mac OS between the MBP and the iMac. I have followed various instructions on setting the sharing, netwrok and account prefs on the Macs and the Win 7 permissions settings. I have even followed the guidance on changing the security encryption settings on Wind 7. I am sure that I have in the past been able to access the Win 7 shares from the Macs but never the Mac shares from the Win 7...........but I admit that I am now so confused that I could be imagining this.
    Can anyone make some suggestions/point me in the direction of some decent guidance/confirm that it is a myth that you can share files across these 2 systems/recommend that I contact the tooth fairy as he is the only one able to grant my wishes!

    This isn't really an area of expertise, but I do seem to recall that with Windows you needed to designate a shared folder in order to share the files, but that was probably way back with XP. I don't know if that's still an issue with Win 7. Here are a couple of other things I found that may help:
    iFelix Technical Support Pages
    Simple guide to Leopard/Windows Home Networking
    Written by Intercepter121 and originally posted on the Apple Discussions here.
    If your network complies to the minimum requirements described below you should be able to share resources without any need to enter commands in the terminal to modify configuration files in your mac.
    Requirements
    1. A decent router
    2. Mac Os x 10.5.1 installed on your macs
    3. Windows XP or Vista
    4. Number of network devices <10
    5. Some network printers or drives (NAS)
    6. A decent ISP offering a good DNS service
    General Settings
    If your router offers DHCP and any of the device has power saving features there is a risk that the IP addresses are renewed. This can be problematic as the devices keep changing IP addresses. As this is your network is strongly recommended to reserve IP addresses to the MAC (Machine Address Code) of the various devices so that they can power on and off and still keep the same IP.This simple suggestion will greatly improve the browsing of the local network.
    Accessing Windows Resources from Leopard with no authentication
    Windows
    1. Check the settings of the PC and ensure the IP addresses on the local LAN are trusted
    2. Activate sharing on the desired devices ensuring the shares are read and write. If you use Vista ensure password protected sharing is disabled.
    3. Try to access the windows share from another windows computer if available to confirm no authentication is required
    MAC
    1. Go into system preferences->security-Firewall check that the setting is not on allow only essential services. Recommended settings is allow access to specific
    2. Go back into system preferences network. On the tab location click edit locations. Duplicate Automatic and call the new location Home. Now select the Home location and go into Advanced-WINS. In the workgroup field enter the same value that is on the other windows computers for example HOME. Now press enter then go back to the main screen. Select Edit locations and delete the location automatic. Now edit your location Home and rename it Automatic. This workaround is a leopard bug described here.
    3. Give 5 minutes to allow all the other machines to broadcast their IP address and the other computers should appear on the left side of your finder window. You can now select the shares you want to connect. As no authentication is active if you are prompted with a user name just press OK.
    The procedure to access a NAS is the same as above, just ensure permissions are set to files are read/write for anyone to avoid confusion.
    NOTE: There is no need to activate SMB sharing if you don't want to allow the PC to read folders on your MAC
    Troubleshooting
    After you have followed all the steps you don't see any windows PC.
    Identify the IP address of the machine you want to connect. In finder select Option+K and enter SMB://IPADDRESS. If you can connect you have a name resolution problem. Go into your router configuration and ensure that the option DNS assigned by ISP is selected and you don't have services like Open DNS in use and fixed IP addresses in that field. Apply the changes and reboot the router. You should start seeing windows PC in finder shortly after.
    Your ISP DNS service is poor and you must use Open DNS or similar
    If you are forced to use services like open dns you have the risk that the router propagates the DNS servers to your machines. As the implementation of SAMBA in Leopard effectively blocks the MAC to be a master browser for performance reasons you end in a situation in which tiger machines connect and leopard ones don't see a single share. Let's fix it.
    1. Go into System Preferences->Network then advanced DNS if you see here the IP addresses of the open dns servers this is the case. Unfortunately you will be forced to change the hosts file.
    2.Ensure you have reserved IP addresses to all your machines so that they always get the same IP.
    3. Now login into your mac as administrator and go into utilities=>terminal.
    4. Issue the following command sudo pico /etc/hosts
    5. Now scroll down and enter all the IP addresses and computer names of any device you want to browse
    6. Reboot your MAC
    The windows devices will now appear in finder and you will be able to connect with Option+K.
    You cannot access shares even entering the IP address
    You have not reserved IP addresses to each machine. Go into your router LAN set up and make sure that is the case.
    Accessing Leopard resources from Windows
    1. Go into system preferences->security-Firewall check that the setting is not on allow only essential services. Recommended settings is allow access to specific
    2. Go into System preferences->accounts and click on Guest flag the option Enable guest account to access shared folders
    3. Now into System preferences->sharing select file sharing and then options here flag SMB and select the user that has to be logged into the computer when the share has to be accessed. Ensure that the folder you want to share has read/write or whatever permissions you like it to have set for Everyone
    You should now be able to see your MAC in the windows network resources and access the shared folder with a double click without any password request.
    Troubleshooting
    You don't see any MACs from Windows
    Check the firewall settings at the start of this post. Then go back to the Network configuration hit advanced and then TCPIP check is using DHCP and not a fixed address. Then check the sharing is set as above with SMB clicked. If SMB is not set you won't even see your mac from windows.
    You see the MAC and the shared folders but you can't read or write on it
    Ensure you have set the guest account to access shared folders. Then check on the sharing preferences that there is at least one folder with read permission for everyone. The classic case here is Dropbox that leopard sets as read and write for the user of the MAC but no access for other users. You try to click on drop box and receive an error but when you actually try to write a file you can do it. Check the permissions on the subfolders of the share as those permissions will prevail on the home shared folders
    FAQ
    You may want to do more complicated things, but first ensure you can actually share files without security in place so you can identify the root cause of your possible problems
    I want to password protect my windows shares: once you have done the relative set up in windows vista and ensured you can connect from another windows machine you will need to use user name and password of the Vista user to connect.
    I want to password protect my MAC shared folders: Go into user account and disable guest access to shared folders is no shared folder has to be accessed without password otherwise leave it checked. Create a new user for sharing (better than giving away your password) so that this user only accesses the folders you want to share. In System preferences network select file sharing SMB and flag only the new user you have defined. Then go back to the folder section and set the permissions you like on the folder you want to share for this newly defined user.
    Good Luck
    Message was edited by: Kappy

  • Domains and Trust

    So I got in this morning to start working with AD (prep for the move to Office365) tried to launch domains and trust and I receive the following error: "The configuration information describing this enterprise is not available. The target principal name is incorrect. I believe the secure connection is broken. At present, I cannot log on to the PDC emulator. I have 3 DC in total and its the PDC that's giving me problems. I believe this is stemming from a Kerberos error event id 5. Authentication against the PDC is still good however I cannot do anything with domains and trust.
    I have read several posts about stopping KDC and resetting the password but I cannot gain access to the PDC. 
    This topic first appeared in the Spiceworks Community

    Also what's the operation system of the affected servers in those two domains?
    And what's the error message?
    Whatever, it seems like a cross domain sharing issue and admin share is involved.
    Please first see if this is the cause:
    Error message when you try to access an administrative share on a Windows Vista-based computer from another Windows Vista-based computer that is a member of a workgroup: "Logon unsuccessful: Windows is unable to log you on"
    http://support.microsoft.com/kb/947232
    Please check if local account is actually using when accessing the admin share. Try with different domain account to see the result. Make sure the account does have permission to access.
    If you have any feedback on our support, please send to [email protected]

  • Trusted Authentication XI 3.1

    HI,
    We have configured Trusted Authentication with IIS-Jakarta on XI 3.1.Ocassionally, once in a week we have a issue where the users are prompted for the windows NT logon box.Afer restarting the IIS and tomcat services the issue is resolved temporarily.We have two IIS and two tomcat servers clustered.
    Please suggest.
    Thanks.

    Symptom
    slowness reported at peak times
    Reproducing the Issue
    This issue could exist on all XIR2 SP1 MHF1 and later systems that are using IIS > Jakarta > tomcat > trusted authentication
    Cause
    When setting up trusted auth,
    windows integrated authentication in IIS is set at the default web site level (propogating to all web sites).
    This causes IIS to authenticate all directories in the java deployment. When the server has many users logged in this can overwhelm the IIS server(s) and cause intermittent problems
    In really heavy loaded environments even consistant problems. The problems do tend to vary with each environment often coming and going based on server load.
    Resolution
    Trusted Authentication Performance enhancing  solution is to enable Integrated Windows Authentication on the /businessobjects/enterprise115/desktoplaunch/InfoView/logon folder only, and leave every other resource unprotected (anonymous access). Steps for directory creation...
    1.     If you used the .exe to install Jakarta, it should have created a virtual directory called "Jakarta" by default. You must not change them otherwise the redirector may not work. By default both "anonymous access" and "integrated Windows authentication" are enabled. If the following steps change this, then make sure you check them both when finished.
    2.     Ensure the Directory Security for the "Default web site" is left at "anonymous access" enabled only and ("Integrated Windows authentication" is disabled)
    3.     The only folder that we want to protect is the "/logon" folder under "/businessobjects/enterprise115/desktoplaunch/InfoView/". Since IIS is redirecting to tomcat there are no virtual directories set by default so we will create them.
    Before we create them in IIS they should exist on the hard drive. In the root of C: create a directory structure beginning with businessobjects which contains enterprise115 which contains desktoplaunch which contains InfoView which contains logon.
    Steps for virtual directory creation...
    1.     Create a new virtual directory for #businessobjects# under the #Default web site" by right-mouse-clicking on #Default Web Site# then #New# > #Virtual Directory", Name it #businessobjects#
    2.     Point it to the directory of the same name on the hard drive (see pic above),
    3.     Ensure it has at least both  #Read# and #Execute# permissions.
    4.     Ensure the Directory Security is left at #anonymous access# enabled only (#Integrated Windows authentication# must be disabled)
    Repeat the above steps for  #desktoplaunch# under the #enterprise115# and #InfoView# under the #desktoplaunch# virtual directories
    5.     Then create one more virtual directory for #logon# under the #InfoView# virtual directory But this time,
    6.     Uncheck #anonymous access#
    7.     Enable #Integrated Windows Authentication#
    At this point you can perform an iisreset -restart at the command line or restart IIS by right clicking on your server name - all tasks - restart IIS
    Now IIS should only be authenticating when users logon improving IIS performance up to 90%.
    See Also
    See existing trusted auth document in the Admin guides or references section of this note
    Keywords
    enhance logon performance
    Header Data
    Released on      21.01.2009 14:59:52
    Current Release Status      Released to Customer
    Target Release Status      Released to Customer
    Category      Problem
    Application Area      BOJ-BIP-AUT
    Product Version      BOBJ ENTERPRISE XI R2

  • I install window 8 and Unfortunatly all drive format. And all drive mix, now i have only 1 DRIVE C. I want Bit locker Drive's data Back

    Last sunday i install a window 8 and this window format my all drive & make it 1 drive (DRIVE C). Before all of this i have 5 drive in different size with 1 Bitlocker protect drive.
    So i try data recovery software to recover my data. i got back all my data without that ( bitlocker ) protected drive.
    so please guys help me how can i get back data from bitlocker protected drives.
    please please help me.

    Hi,
    I sorry for your experience, but there is no way to recovery the data encryped by BitLocker untill now.
    BitLocker is designed to make the encrypted drive unrecoverable without the required authentication. When in recovery mode, the user needs the recovery password or recovery key to unlock the encrypted drive. Therefore, we highly recommend
    that you store the recovery information in AD DS or in another safe location.
    Please refer to the link below for the statement:
    http://technet.microsoft.com/de-de/library/ee449438(v=ws.10).aspx#BKMK_RecoveryInfo
    Roger Lu
    TechNet Community Support

  • Portal Drive Single Sign On and Kerberos Authentication

    Hi,
    We are using NW2004s SP10 Portal and we have successfully configured Kerberos authentication with Windows Active Directory 2003. To access the KM Content in windows explorer format, we are using Portal Drive but Portal Drive still asks for authentication i.e. SSO is not working for Portal Drive. I have understood from the forums and sap help site that SSO from portal drive will work only for NTLM authentication and client certificates. Can you please help regarding below questions.
    1. Can Kerberos and NTLM authentication be configured together.
    2. If yes, what are the steps to configure NTLM authentication for NW2004s SAP Portal and Active Directory 2003.
    3. Any other approach to make Portal Drive SSO work.
    Helpful answers will be rewarded.
    Regards,
    Chandra

    Hi Gregor,
    I did two things:
    first i made a change in the portalapp.xml in the PAR file "com.sap.km.cm.par". In the section authentication scheme for "docs" I changed the authentication scheme to "default" to make sure that documents are opened using the default authentication scheme (SPNego) instead of basic authentication
    second, I used the SPNego wizard to configure SPNego. So I didn't adjust anything in the Visual Admin or the authentication template apart from adding the Template to the Ticket policy configuration.
    Again, this only worked after installing the latest vesion.
    Hope this helps
    Marcel

  • Open document SSO using trusted authentication.

    Hi ,
    I have a issue,
    We configured trusted authentication with SSO and it is working fine.
    Now we want to configure open document SSO for trusted authentication.
    We are using Remote _ user method for trusted authentication.
    Any one please help me on this.
    Thanks for your help advance.
    Thanks & Regards,
    Collin.

    The same settings in the infoviewapp web.xml must be applied on the opendocument web.xml. Also you must be on XI 3.1 FP1 or higher. There is currently an Edge issue being investigated.
    Regards,
    Tim

  • Windows 7 and iTunes 9 - problem connecting to Airtunes to stream music

    I have a new laptop with Windows 7 and iTunes 9. iTunes recognizes my Airport Express (AE green light lit, and shows up in lower right of iTunes when choosing which speakers to play), but I cannot connect - just hangs on "Connecting to User's Wireless Music Airport Express" (name of the Airport Express network added to my existing Wireless network). No error message. Thus, unable to listen to my music through my hi-fi stereo. It's killing me!
    Tried a few things: disabling firewall, unplugging, resetting AND reconfiguring the AE, no luck.
    Anyone else having this problem? Any suggestions? Thanks

    Figured it out - just needed to add iTunes to 'trusted applications' in Kaspersky Antivirus/Firewall..
    Simply launch Kaspersky > Settings > Threats and exclusions > Exclusions Settings > Trusted applications > Add > "C:\Program Files\iTunes\iTunes.exe > select all exclusions > OK.
    Also added Airfoil and now able to stream Pandora through my stereo!

Maybe you are looking for