Wrong cert on reverse proxy setup for exchange

Similar Messages

• Reverse Proxy Planning for Exchange 2013

  Hi,
  We are planning Exchange 2010 to Exchange 2013 datacentre migration for 18000 users and all the Exchange planning is done. Now we are looking at planning of Reverse Proxy solution. We will be publishing different URLs for OWA, ActiveSync and Outlook Anywhere.
  UAG has been finalized by the organization. I don't find any document or links which suggests the planning of Reverse proxy for Exchange. Can you please let us know the sizing of UAG with respect to Exchange 2013. Thanks.

  Hi 
  Sizing as far i know there is no sizing document for UAG 
  But Minimum you need to have UAG 2010 SP3 to work with Exchange 2013
  You can see the support boundaries for UAG below technet
  http://technet.microsoft.com/en-us/library/ee522953.aspx
  Note : UAG requires each user to have a CAL
  You can also try 2012 R2 web application proxy . This does reverse proxy without the need of CAL's.
  You can give it a try if you wish to go with web app proxy and you can see below 
  http://technet.microsoft.com/en-us/library/dn383650.aspx
  Remember to mark as helpful if you find my contribution useful or as an answer if it does answer your question.That will encourage me - and others - to take time out to help you Check out my latest blog posts on http://exchangequery.com Thanks Sathish
  (MVP)

• Reverse proxy setup for EBS R12.1.1

  We have an external DMZ server configured for oracle ebs r12.1.1. The URL is http://testerp.mydomain.com:8003.
  Can you please provide a link that shows step by step setup of Reverse proxy for the above URL to access the application.
  I already have the metalink notes that says about DMZ setup for oracle ebs. I actually am looking for step by step setup for the reverse proxy using oracle application server 10g. Please help. Thanks.

  Roy, I have already gone through that document, it is actually showing how to install and configure webcache 10g for oracle ebs r12.
  It also says the features that oracle applicaiton server web cache provides like,
  •Load Balance
  •Reverse Proxy
  •Failover and Surge Protection to minimize downtime
  •Personalize Attributes for Caching
  BUT IT IS NOT MENTIONING HOW TO CONFIGURE THE 'REVERSE PROXY' FOR THE ORACLE EBS EXTERNAL APPLICATION SERVER ON DMZ.

• Reverse Proxy setup for Mobility HTTP 80 configuration not working

  http://technet.microsoft.com/en-us/library/hh690011(v=ocs.14).aspx
  I'm trying to use the Port 80 ->8080 setup to avoid putting lyncdiscover.sipdomain.com for every additional sip domain that we want to include.
  I have followed the instructions per the above link, yet when I try to log in with a user with one of those additional SIP's, I cannot log in to a mobile device.
  For example,
  our main sip is "contoso.com", so
  [email protected] can log into her mobile device.
  but user [email protected] cannot log in via mobile device.
  Is there anything else that needs to be done to ensure that
  [email protected] can login via a mobile device?
  Auto login?
  Josh
  Here is the testexchangeconnectivity.com
  When I run the Lync Mobile Test, I get this, almost like the http rule is useless, still requiring the need for the additional lyncdiscover.sipdomain.com .
  [email protected]
  Testing connectivity to the Lync Autodiscover Web Service server for a secure connection on port 443 to obtain the root token.
    Connectivity to the Lync Autodiscover Web Service test failed.
   Test Steps
   Attempting to test Autodiscover Web Service URL https://lyncdiscover.fabrikam.com/Autodiscover/AutodiscoverService.svc/root.
    Autodiscover Web Service URL can't be contacted due to failure of the following tests:
   Test Steps
   Attempting to resolve the host name lyncdiscover.fabrikam.com in DNS.
    The host name resolved successfully.
   Additional Details
   Testing TCP port 443 on host lyncdiscover.fabrikam.com to ensure it's listening and open.
    The port was opened successfully.
   Testing the SSL certificate to make sure it's valid.
    The SSL certificate failed one or more certificate validation checks.
   Test Steps
   ExRCA is attempting to obtain the SSL certificate from remote server lyncdiscover.fabrikam.com on port 443.
    ExRCA successfully obtained the remote SSL certificate.
   Additional Details
   Validating the certificate name.
    Certificate name validation failed.
     Tell me more about this issue and how to resolve it
   Additional Details
    Host name lyncdiscover.fabrikam.com doesn't match any name found on the server certificate CN=lncpool01.contoso.com, OU=Domain Control Validated.

  Hi,
  Please verify DNS record for Lyncdiscover.fabrikam.com can be resolved.
  Please make sure the web publishing rule for port 80 has been configured correcltly. The lyncdiscover.<sipdomain> entry must to be included in rule. Verify that port 8080 was typed in "Redirect requests to HTTP port" and Redirect
  requests to SSL port is not selected.
  Kent Huang
  TechNet Community Support

• Sun One Application Server 7 SSL Reverse Proxy Setup?

  Hi,
  I've made a similiar post on the Web Server forum,
  http://forum.sun.com/jive/thread.jspa?threadID=95666&tstart=0
  I've noticed there's a reverse proxy plug in setup for Web Server,
  as well as a AddOn package for Application Server.
  I've so far successfully installed the reverse proxy plugin for
  the Web Server and it manage to passthrough the jsp contents
  to the Application Server.
  There's a file in our application server, Step2Cert.jsp in the
  appserver that requires to be viewed/accessed in https mode
  and I'm guessing the Web Server to Application Server communication
  should be in https?
  Anywhere I can find references on how this can be done?
  My two references:
  Web Server Reverse Proxy Plug-in
  http://docs.sun.com/source/819-0902-05/rpp61.html
  Web Server and Application Server setup for passthrough
  http://docs.sun.com/source/819-2783/agplugin.html
  I've not installed the AddOn package for the Appserver yet. But
  I figured I should, right? I'm rather confused about the two
  package.
  Thanks,
  Mac.

  Hi,
  I've made a similiar post on the Web Server forum,
  http://forum.sun.com/jive/thread.jspa?threadID=95666&tstart=0
  I've noticed there's a reverse proxy plug in setup for Web Server,
  as well as a AddOn package for Application Server.
  I've so far successfully installed the reverse proxy plugin for
  the Web Server and it manage to passthrough the jsp contents
  to the Application Server.
  There's a file in our application server, Step2Cert.jsp in the
  appserver that requires to be viewed/accessed in https mode
  and I'm guessing the Web Server to Application Server communication
  should be in https?
  Anywhere I can find references on how this can be done?
  My two references:
  Web Server Reverse Proxy Plug-in
  http://docs.sun.com/source/819-0902-05/rpp61.html
  Web Server and Application Server setup for passthrough
  http://docs.sun.com/source/819-2783/agplugin.html
  I've not installed the AddOn package for the Appserver yet. But
  I figured I should, right? I'm rather confused about the two
  package.
  Thanks,
  Mac.

• Reverse proxy setup problems

  I am trying to setup a reverse proxy using iPlanet Web Proxy Server 3.6. I have followed the instructions in the manual which seems pretty straight forward but nothing is happening. I am getting no traffic at all between any of the boxes involved. I have been using apache before without any problems but wanted to move to something more scaleable as I would like to have multiple reverse proxys. Can anyone give any suggestions as to what might be wrong. Thanks.

  Have you tried thius technote ===>
  http://knowledgebase.iplanet.com/ikb/kb/articles/1173.html
  The reverse proxy setup requires regular mappings and reverse mappings. Regular mappings re-map the requested URL to the actual origin
  server. The reverse mappings re-map Location: headers coming back in 3xx redirections.
  In some cases, customers have sent technical support obj.conf files with the mapping entries in the wrong order. All of the
  "reverse-map" functions should be placed before the "map" functions.
  There maybe two causes:
  1.Hand editing of the obj.conf files
  Use the admin interface to create reverse proxy map entires.
  2.Old versions of Admin Server
  There may have been problems with creating reverse proxy maps in Proxy 2.x, which used Admin Server 2.x. This problem doee not
  occur with Admin 3.5.
  Example:
  NameTrans fn="reverse-map" from="http://www.news.com"
  to="http://kwikimart.mcom.com:8080/news"
  NameTrans fn="map" from="http://kwikimart.mcom.com:8080/news"
  to="http://www.news.com"
  NameTrans fn="map" from="/news" to="http://www.news.com"
  Note the "reverse-map" function appears before the "map" functions.

• Reverse Proxy Setup

  I have a 10.5 server running as a webserver with a single static IP address. I have a second machine running FileMaker Server that is also a webserver. I have two different domain names ( example.com and fmexample.com) that both point to the same static IP.
  I would like all traffic coming to example.com to pull data from the 10.5 Webserver and I would like all traffic coming to fmexample.com to pull data from the FileMaker Server.
  In researching this it seems like adding fmexample.com to the Sites list in 10.5 server and then adding a reverse proxy to the FileMaker server should accomplish what I am trying to do. However, even with the reverse proxy setup both domain names still pull data from the 10.5 server.
  On the 10.5 server in the Sites Menu these are my settings for the fmexample.com site.
  General Tab
  Domain Name: fmexample.com
  IP Address: 10.0.1.10 (IP address of the 10.5 server)
  Proxy Tab
  Enable Reverse Proxy "Checked"
  Proxy Path: /
  Balancer Members:
  Worker URL: http://10.0.1.100:80/ (IP address of the FileMaker Server)
  Route: "Blank"
  Load Factor: 100
  Any help would be appreciated.

  The reverse proxy is in the loop because I have multiple servers sitting behind a single public static IP address. When external calls (users outside of my local network) are made to the public IP for fmexample.com the reverse proxy server sends them to the 10.0.1.100 server on my local network.
  This worked fine for standard web serving. The problem came in with FileMaker's IWP engine. It was reading the incoming host header not as the original domain name (fmexample.com) but as the domain name or IP Address that I was assigning in the reverse proxy (ie fmexample.local, or 10.0.1.100)
  So when IWP would issue a redirect it would return a URL to the external user specifying an internal address. For example if a specify http://10.0.1.100/ as the URL in the reverse proxy IWP would issue a redirect and return a URL that looked like http://10.0.1.100/fmi/iwp....
  That internal address would not work outside of the network.
  By adding adding a DNS record internally that routes all fmexample.com traffic to 10.0.1.100, I was able to set the reverse proxy in essence to point to itself but since the reverse proxy looking at my local DNS server it would route back to the local IP address.
  Since I could now set the reverse proxy to use fmexample.com as the worker URL, IWP now could see a host header of "fmexample.com" and when it issues a redirect to the external user it shows the proper URL (ie http://fmexample.com/fmi/iwp)
  Circumstances Affecting my thought process:
  1) I can't just route all incoming traffic to my public IP to 10.0.1.100 because I have a couple of other domains that route to different servers so I still need the reverse proxy to play traffic cop.
  2) I also didn't have any idea how to modify IWP to force it to return a specific domain and I couldn't find any clear information on how to modify IWP. I decided to leave IWP working as it was designed and come up with a way to feed it the host header that I wanted.
  I admit it does seem a bit convoluted but the important thing is that it works, both internally and externally.
  Message was edited by: Patrick Cranston

• Is Reverse Proxy required for Hybrid deployment

  Hi everyone,
  We plan to deploy a new infrastructure on prem attached to O365.
  The aim of this deployment is to create lync meeting on the on prem FE server which will be accessible by O365 Lync users. (FI: these meetings will be created on prem because the customer wants to cascade Lync conference with his Polycom video conferencing
  infrastructure).
  Some users are homed on-premises and some users are homed online, but the all users share the same SIP domain. Is Reverse Proxy on prem will be required for O365 users to join meetings created on the on-premise FE or the O365 architecture
  can handle it?
  The only functionality needed is meeting (not mobility). I saw this (https://social.technet.microsoft.com/Forums/en-US/cf4f63f9-355f-475b-8148-608633adfe86/is-reverse-proxy-necessary-for-lync-hybrid-deployment?forum=lyncdeploy) but the functionality asked
  are different.
  Many thanks for your help.
  Thomas

  You'll need a reverse proxy on premises to publish the external web services FQDN of your on-premises front end pool.  Meet will use this behind the scenes regardless of where it's pointing.  If you're hybrid, the DNS URLs should typically point
  to your on-premises deployment however anyway:
  https://technet.microsoft.com/en-us/library/jj205403%28v=ocs.15%29.aspx?f=255&MSPPError=-2147217396
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
  SWC Unified Communications
  This forum post is based upon my personal experience and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Reverse Proxy Filter for EP7?

  Hi! on
  https://websmp208.sap-ag.de/nw-ep-how-to,
  we notice an article called:
  "How to… Configure the Reverse Proxy Filter for SAP Enterprise Portal 6.0 SP2"
  Did anyone use the method there to resolve their problems?
  If so, would you please share your experience?
  We have a question about what code should be put in the web.xml.
  Points guaranteed. Thanks!

  It appears that the Light Portal Framework in EP 7.0 uses FQDN in the anchors (<A>) on the pages it sends back to the Client Browser (not relative URI's).
  This could be a configuration setting somewhere that I missed, however, I would expect the Light Framework to be the best at making sure links are relative.
  I would like to explore all options, from making our Reverse Proxy Server handle the filtering to making sure Portal sends back a valid link.
  If the Reverse Proxy Filter is not available in EP 7.0, what can I do to replace it's functionality?
  Mike

• SJSWS 7 u4 reverse proxy setup with client ip forwarding

  Hi,
  I am trying to set up a reverse proxy to glassfish enterprise 2.1 so that it will pass on the client ip address.
  I have added this line to my obj.conf file:
  ObjectType fn="forward-ip" hdr="Client-ip"
  Entire obj.conf below:
  <Object name="default">
  AuthTrans fn="match-browser" browser="*MSIE*" ssl-unclean-shutdown="true"
  NameTrans fn="ntrans-j2ee" name="j2ee"
  NameTrans fn="pfx2dir" from="/mc-icons" dir="/usr/webserver7/lib/icons" name="es-internal"
  NameTrans fn="map" from="/" name="reverse-proxy-/" to="http:/"
  PathCheck fn="uri-clean"
  PathCheck fn="check-acl" acl="default"
  PathCheck fn="find-pathinfo"
  PathCheck fn="find-index-j2ee"
  PathCheck fn="find-index" index-names="index.html,home.html,index.jsp"
  ObjectType fn="forward-ip" hdr="Client-ip"
  ObjectType fn="type-j2ee"
  ObjectType fn="type-by-extension"
  ObjectType fn="force-type" type="text/plain"
  Service method="(GET|HEAD)" type="magnus-internal/directory" fn="index-common"
  Service method="(GET|HEAD|POST)" type="*~magnus-internal/*" fn="send-file"
  Service method="TRACE" fn="service-trace"
  Error fn="error-j2ee"
  AddLog fn="flex-log"
  </Object>
  <Object name="j2ee">
  Service fn="service-j2ee" method="*"
  </Object>
  <Object name="es-internal">
  PathCheck fn="check-acl" acl="es-internal"
  </Object>And have added this property to the both of the glassfish http-listeners:
  authPassthroughEnabled=true
  However the when I use this piece of code:
  System.out.println(FacesContext.getCurrentInstance().getExternalContext().getRequest().getRemoteAddr())I see this in my glassfish logs
  [#|2009-03-26T17:32:47.457+1300|WARNING|sun-appserver2.1|org.apache.coyote.tomcat5.CoyoteRequest|_ThreadID=21;_ThreadName
  =httpSSLWorkerThread-8181-2;_RequestID=11ab6ecf-254c-4255-98d3-48856ab99b61;|PWC4013: Unable to determine client remote a
  ddress from proxy (returns null)|#]
  [#|2009-03-26T17:32:47.457+1300|INFO|sun-appserver2.1|javax.enterprise.system.stream.out|_ThreadID=21;_ThreadName=httpSSL
  WorkerThread-8181-2;|
  127.0.1.1 ip address|#]
  There are no messages in the webserver logs
  Can anybody see something that I am doing wrong?
  Thanks in advance for your help,
  Gareth

  If Admin server shows its enabled, then it is enabled.
  You can add forward-ip line in obj.conf manually and restart the server just to be sure.
  Look at [http://forums.sun.com/thread.jspa?threadID=5344683|http://forums.sun.com/thread.jspa?threadID=5344683]. It says (in glassfish)
  "Add this property to all <http-listener> elements in your domain.xml:
  {code}<property name="authPassthroughEnabled" value="true"/>"                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               

• Receivemail setup for Exchange server

  Hi all,
  I have been trying to setup my process to listen to an Exchange server without any luck. When I test the connection I get the following error:
  Test Clicked
  Parameters:
  filterSubject:
  filterFrom: null
  folder: null
  deleteAfterProcessing: false
  attachmentMimeFilterList: null
  useConfigurationOptions: false
  receiveHost: mail.dafolo.dk
  receivePort: 143
  receiveUsername: username
  receivePassword: myPassword
  receiveProtocol: imap
  Type: class java.lang.String
  receiveTransportSecurity: None
  testData:
  About to invoke...
  java.io.InvalidClassException: javax.mail.MessagingException; local class incompatible: stream classdesc serialVersionUID = -6388198985190878204, local class serialVersionUID = -7569192289819959253
  And in the server.log I get this as the cause:
  Caused by: javax.mail.MessagingException: Connection timed out: connect;
  nested exception is:
  java.net.ConnectException: Connection timed out: connect
  at com.sun.mail.imap.IMAPStore.protocolConnect(IMAPStore.java:335)
  at javax.mail.Service.connect(Service.java:233)
  at javax.mail.Service.connect(Service.java:134)
  at com.adobe.idp.dsc.email.MailReader.retrieveMessages(MailReader.java:87)
  at com.adobe.idp.dsc.email.EmailServiceImpl.receive(EmailServiceImpl.java:240)
  I believe I have set up the service correctly to the Exchange server - but I am not so experienced with Exchange so I don't really know how to connect to it correctly.
  Thanks in advance
  Sincerely
  Kim

  PS This, from the Javamail FAQ, may also help...
  Q: I'm having trouble logging into my Microsoft Exchange server, even though I'm sure I'm using the correct username and password, what could I be doing wrong?
  A: When logging in to Exchange you need to use a username that's more than your simple login name. For example, if your email address is "[email protected]", your Windows NT login name is "juser", your NT domain name is "dom", and your Exchange mailbox name is "Joe User", then you would need to use a username of "dom\juser\J.User" when logging in using JavaMail.
  Howard
  http://www.avoka.com

• Apache reverse proxy setting for access to Backend

  Hi experts,
  we have set up apache reverse proxy to make available our NW portal (and SRM functions)over the internet.
  Our settings look something like this:
  ProxyRequests Off
  <VirtualHost *:80>
       ServerName myportal.portalhosto.com
       ProxyPreserveHost On
       ProxyPass /irj/ http://myportal.portalhost.com:53200/irj/
       ProxyPass /webdynpro/ http://myportal.postalhost.com:53200/webdynpro/
       ProxyPassReverse /irj/  http://myportal.portalhost.com:53200/irj/
       ProxyPassReverse /webdynpro/  http://myportal.portalhost.com:53200/webdynpro/
       ErrorLog logs/myportal.portalhost.com-error.log
       CustomLog logs/myportal.portalhost.com-custom.log combined
  RewriteEngine On
       RewriteRule ^/sap/(.*)$ http://mybackend.backendhost.com:8020/sap/$1 [P,NC]
  </VirtualHost>
  Problem:
  when we access the portal from the internal network(either by using the internal URL or external URL) things work fine.
  But we access the portal from internet, we are able to login to the portal and acess all webdynpro Java related applications.But when we try to acess the BSP/WD abap application running on a backend SRM system, we get 'host not found' message with the INTERNAL url of the SRM backend application displayed.
  Do we need to expose the SRM backend to the outside world via reverse proxy as well?If yes,how?Do we need to change the system definitions in portal for that?
  Any help in resolving this would be greatly appreciated.
  regards,
  Kiran

  Hi,
  Do we need to expose the SRM backend to the outside world via reverse proxy as well?If yes,how?Do we need to change the system definitions in portal for that?
  Yes , you have to expose your backend system using reverse proxy ...
  When user access the portal and when he clicks on BSP/WD , the URL get re-directed to backend system.
  But , as your backend system is not expose on internet , you get an error as host not found.
  So, to solve your problem you have to expose your backend system on internet. It is in general pratice to expose on internet.
  Thanks
  Anil

• Proxy setup for OBIEE

  I'm getting the following message from the OBIEE Presentation Layer when I select 'Act As' from the 'Settings' drop down selection box.
  "This functionality has not been enabled by your administrator.
  The account entered does not exist or you do not have permission to view this account."
  Anyone have insights on what I'm missing? I followed the documentation and set up the
  1) Init Block with PROXY and PROXYLEVEL variables (which appear to be proper one I log in)
  2) changed the instance config to include appropriate setting
  3) created a custom message file
  I'm not sure on #3 - what the file should be called.
  Thanks

  Following is the setup details
  We have OC4J 10.1.2 running B2B(Business to Business) server with in intranet.
  We have Oracle standalone HTTP listener (OHS) running in DMZ .
  Our B2B in intranet receives the business messages from outside world and B2B also sends the messages to outsdie world .
  So now we want to route all the requests and responses through OHS reverse proxy
  We want to configure OHS as reverse proxy.
  Thanks
  -Praveen

• Having issues emailing photos. an active exchange account is already setup. however when i click on a photo in my library and try to email, it prompts me to email account setup screen. my default account is setup for exchange.

  Exchange account setup on ipaf. When trying to send photos from my library I'm prompt to setul email accounts all over. When I try to setup the exchange account it tells me the account already exist. The default account is my exchange account, ehat is goi
  ng on?

  Very good.  I am glad it got solved.  Sorry for all the confusion and frustration.
  -------------How do I give Kudos? | How do I mark a post as Solved? --------------------------------------------------------

• Uwc behind a reverse proxy asks for internal urls

  Hi,
  I have an uwc on the msg store. I try to access it through a web reverse proxy, but after the login page which appeared allright, the url is transformed to a internal url which is invalid from the normal outside scope.
  Is this setting a possible one, as advertised or not at all. And what would be the workaround, if any.
  Thanks
  Fran�ois

  Dear Expert,
  Can i know how do you config the reserve proxy to work with the uwc?
  my network topology is:
  machine A: uwc (https://port:443) and MEM (https://port 80) (both are running SSL)
  machine B: Messaging Server (MTA and store)
  machine C: ldap and Identity server
  the login page is https://commexp/uwc , after login, it divide to two main session.
  Mail tab - https://commexp:80
  Other tab - https://commexp/uwc
  How can i set the reverse proxy for this configuration?
  And which proxy are you using?
  Thanks a lot!
  Regards,
  Angus
  had the same problem, fix was -
  >
  >
  in Uwcauth.properties changes
  uwcauth.identity.login.url=http://bason.blah.com:81/am
  server/UI/Login
  AMconfig.properties changes
  com.sun.identity.server.fqdnMap[bason.blah.com]=bason.
  blah.com
  with the hostname (bason.blah.com) being the *uwc
  server* with reverse proxy on it
  for some fun have a look at the url you are directed
  too - in particular the parameters on the url...
  can anyone say "SECURITY HOLE"?