Search Results

Search found 18235 results on 730 pages for 'ad certificate services'.

Page 75/730 | < Previous Page | 71 72 73 74 75 76 77 78 79 80 81 82 | Next Page >

Amazon EC2 - HTTPS - Certificate body is invalid. The body must not contain a private key

- by Tam Minh

I'm very new to Amazon EC2. I am trying to setup https for my website, I follow the offical instruction from amazon doc: http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/configuring-https.html When I Upload a Signed Certificate using AWS command aws iam upload-server-certificate --server-certificate-name dichcumga --certificate-body file://mycert.pem --private-key file://signedkey.pem --certificate-chain file://mychain.pem And I got error A client error (MalformedCertificate) occurred when calling the UploadServerCert ificate operation: Certificate body is invalid. The body must not contain a private key. mycert.pem is a combination of private.pem and signedkey.pem (which return by VeriSign) copy private.pem+signedkey.pem mycert.pem Please help to shed a light. Thank you in advance.

Read the article
Repeated Reporting Services Login issue when deploying through BIDS to a remote server

- by Richard Edwards

We are having a problem deploying a reporting services report to a sql reporting services computer that is configured in SharePoint Integrated mode. I can successfully deploy to the SharePoint document libraries set up for reports and data connections if I do it locally from the box that SharePoint and Reporting Services are deployed on. If I try and do the same thing with the exact same deployment properties from a remote box, I constantly get a Reporting Services Login dialog popping up and no combination of domain\username and password will work. I've even tried the machines local admin account and still nothing. Any ideas where to start looking?

Read the article
ADSIEdit freezes gettings properties of a group with hundred of thousands members

- by ixe013

Doing performance testing on an AD-LDS (Server 2008 R2 64 bits), we created a milion user in a single OU. We also created a single group object and made those milion users member of that group. When we try to list the milion of users ADSIEdit times out with an error message saying it cannot display that many users. Fine. But if we open the properties for the group, ADSIEdit freezes, eating up all available memory and CPU trashing (nearly 60M page faults in under an hour). AD-LDS (running on another computer) is barely hitting the 1% CPU mark, servicing other ldap requests as if nothing were. We can throw more memory at the problem, but more users will have to be managed one day and we will be back at square one. Is there a way to set a limit in ADSIEdit so that it will not hang the computer when retreving a very large multi-value object ?

Read the article
SSL cert issued to and SAN attribute

- by Jai

I have added a cert to my application cacerts file. The new cert is issued to one DNS(abc.com) and they have added few other DNS(XYZ.com, TEST.com) to the SAN attribute while creating. I tried accessing one of the DNS(XYZ.com) given in SAN attribute, it throws me the below mentioned error. <Certificate chain received from XYZ.com failed hostname verification check. Certificate contained abc.com but check expected XYZ.com> If we have more DNS for an application, Do we need to generate cert for every single DNS?

Read the article
EC2 EBS AMI Instance stopping/restarting doesn't start services

- by tgm

I've recently been moving our instances to EBS instances (CentOS) and still have a bit of confusion on what's happening when I "stop" and instance. I have some of my services with runlevels 345 on but when I start a stopped instance the services don't start. What's actually happening when I issue a stop command to the instance, and how do I get my services to start automatically when I start the instance up again?

Read the article
Setup NTPD in Ubuntu to sync Windows AD

- by David

I am setting up my Ubuntu 10.0.4 server to sync clock with a Windows 2008 AD. As none of the "remote" has a "*" in front (worst it had a blank space in front), does it mean no time sync source is selected? The offset just keep increasing. I tried ntpdate to the same server it worked OK. remote refid st t when poll reach delay offset jitter ============================================================================== 172.18.133.201 .LOCL. 1 u 38 64 377 0.827 277.677 58.375 Any help to fix this? Here is my ntp.conf (with all comments removed) driftfile /var/lib/ntp/ntp.drift statistics loopstats peerstats clockstats filegen loopstats file loopstats type day enable filegen peerstats file peerstats type day enable filegen clockstats file clockstats type day enable restrict -4 default kod notrap nomodify nopeer noquery restrict -6 default kod notrap nomodify nopeer noquery restrict 127.0.0.1 restrict ::1 server 172.18.133.201 iburst

Read the article
Blocking password policy (expiry) for a particular OU in AD

- by Kip

Hey SF Folks, Situation is this: I need to have a particular container in my AD environment which blocks password expiry policy, but accepts all other policies. Is this something that would work by simply adding in a GPO at the sub-ou level (the ou in question is a child of ou's where GPO's including password stuff is set). These accounts (and this ou) already exist and will have the default domain policy as well as other policies applied and they should continue to receive policy settings as per those GPO's, with the exception of the Password Expiry. We have tried the password do not expire tickbox and that seems not to have worked. Thanks in advance. Kip

Read the article
gpupdate failing when using Samba 4 AD DC

- by darthfoolish

I have a Samba 4 AD domain running with 2 DCs on Centos 6.5, with a named DNS backend. I have multiple Windows 7 machines joined to this domain, which is fine. However, I can't get GPOs to apply. When running gpupdate, I get the following output The processing of Group Policy failed. Windows attempted to read the file \\sysvol\\Policies{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini Obviously, you don't normally see what it's trying to connect to when it's successful, but I would have thought the first place shows up, I should be seeing So, what governs what data gets put in between those angle brackets? If it is just supposed to be the domain, then what else could be going wrong? Thanks in advance for any help.

Read the article
voice transmission using Wi-Fi in Ad hoc networking mode

- by iam0hot

We are looking to create Inter Vehicle communication system. So, a couple of vehicles should get connected automatically and could be able to share voice.. We decided to implement ad-hoc networking using Wi-Fi.. we are expecting it to cover a radius of 100 mts. If we could create a system like this.. and one of the user sends a voice information, does all people in the network get that ? What are the things we require to get this project done ?

Read the article
Generating SSL certificates

- by user73483

Hi, I was wondering if anyone has any idea in how to generate a signed CA cert and key using openssl? I have found this website (http://dev.mysql.com/doc/refman/5.1/en/secure-create-certs.html) to generate the client and server certs for mysql server but the example is a self-signed certificate. I use the following command for running the server and client using openssl and the generated certs and keys: openssl s_server -accept 6502 -cert server-cert.pem -key server-key.pem -CAfile ca-cert.pem -www openssl s_client -connect 192.168.1.92:6502 -cert client-cert.pem -key client-key.pem -CAfile ca-cert.pem The error output I get is "Verify return code: 18 (self signed certificate)". Paul

Read the article
unable to get local issuer certificate - Ubuntu 11.04

- by user1443867

I'm facing a strange issue. My vps from Linode has no issue connecting to apple push server with following command. openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert Test_dev_apns_cert.pem -key Test_dev_apns_key.pem However, I was using the same pem files with above command testing from my another low budget vps and I'm getting this: Verify return code: 20 (unable to get local issuer certificate) Both are running Ubuntu 11.04 and installed LAMP as usual. No special configuration is done to both servers for SSL. Am I missing something here?

Read the article
Windows AD, bulk user creation, homedrv creation via commandline

- by Neil

I am Bulk creating AD users from the commandline (dsadd) and whilst doing so am setting the homedir and homedrv to a DFS location. I observe when I create the user with all these settings via the GUI (dsa.msc) that the homedrv gets created on the DFS share with all the permissions set correctly. But when using dsadd, the folder is not created. How can I replicate this GUI behaviour via the commandline when creating the user? I don't really want to rely on logon scripts to set it up. Do I have to use mkdir and cacls and something else to give the user Ownership? Or maybe I am missing something easy. Any help much appreciated!

Read the article
Authenticating Linux users against AD without Likewise Open

- by Graeme Donaldson

Has anyone got their Linux systems authenticating against Active Directory without using Likewise Open? We are close to implementing Likewise Open, but first we need to rename roughly 70 of 110 Linux servers so that their hostnames are not longer than 15 characters. This is required because Likewise Open actually joins the Linux computer to the domain, and it fails to do so if the hostname is too long due to some legacy NetBIOS naming limitation. Is there a way to authenticate via AD, using only LDAP perhaps? What are the advantages/disadvantages over doing it like that vs just using Likewise?

Read the article
Help me set up ssl.conf for multiple domains (name-based vhosts in ssl.conf?)

- by mmattax

In my httpd.conf: If I have my virtual host configured as: NameVirtualHost *:80 <VirtualHost *:80 ServerName foo.com ServerAlias www.foo.com Include conf.d/foo.conf </VirtualHost <VirtualHost *:80 ServerName bar.com ServerAlias www.bar.com Include conf.d/bar.conf </VirtualHost Can I get by with a single domain SSL certificate or must I purchase a wildcard SSL certificate to handle the www subdomain? I am now trying to configure the ssl.conf file, can I use name-based vhosts in my ssl.conf file like this: NameVirtualHost *:443 <VirtualHost *:443 ServerName foo.com ServerAlias www.foo.com ... Include conf.d/foo.conf </VirtualHost <VirtualHost *:443 ServerName bar.com ServerAlias www.bar.com ... Include conf.d/bar.conf </VirtualHost or do I need IP based vhosts? If this is possible, what kind of cert would I need in order to do this?

Read the article
Wildcard SSL Certificates with Exchange 2010?

- by Hutch

Is anyone using a Wildcard Cert with Exchange 2010 please? We currently have a bunch of individual whatever.domain.com SSL certificates and as several are expiring soon it would be an ideal opportunity to move to a wildcard certificate. At some point though we will be moving from Exchange 2003 to Exchange 2010, and I've read conflicting reports over whether wildcard certs work with Exchange 2010 as many guides seem to recommend a UCC/SAN certificate. Our internal DNS domain name is the same as our external domain name. Godaddy look like good VFM given they allow use on unlimited physical servers. Thanks in advance.

Read the article
What Defines an AD Object as "Inactive"

- by Malnizzle

I am going to be using some DSQUERY/DSMOVE scripts to clean up my AD Domin. One option is to move inactive objects to a OU that has restrictive GPOs applied to it. Something like: DSQUERY computer -inactive 10 | DSMOVE -newparent <distinguished name of target OU> My question is what value defines an object, both user and computer, as "inactive" for a period of time? Is it the last time a computer was logged on to for computer accounts, and for users is it the last time that the user account logged on to a computer? But what if, say for example, I had a web server that wasn't rebooted and or logged into for a couple of months but remain powered on and functioning as normal, would it be defined as "inactive" where as technically it's still serving web pages and so on? Thanks for the help!

Read the article
Export SSL Cert from IIS and import into GlassFish keystore

- by Tim H

What I need: I have an existing SSL certificate installed on IIS 6. On the same machine, I have GlassFish installed and would like to share the same certificate since they both share the same hostname, and they use different ports: IIS uses 443 and GlassFish uses 8181. Why I need it: Reuse existing SSL certs from IIS to GlassFish. I imagine that this is possible. I am able to install an SSL cert into GlassFish's keystore, and then import the same exact cert into IIS. I just want to go the other way - imagine having an SSL cert on IIS being used for months, and now I want to enable SSL on GlassFish. What I have done: Created a keystore with an alias: server.hostname.com Imported intermediate CA certs associated with the existing SSL Cert Imported the existing SSL cert with the same alias: server.hostname.com, but the keytool won’t allow this, as it is not associated: keytool error: java.lang.Exception: Public keys in reply and keystore don't match Why? Using a different alias causes the cert to not be trusted in the CA chain.

Read the article
squid3 auth thru samba using ntlm to AD doesn't work

- by derty

some users here are spending to much time exploring the WWW. So big boss whats to get this under control. We use a squid3 just for some security reason and chace benefits. and now i'm trying to set up a new proxy on a different server (Debian 6) Permissions are defined in AC and the squid3 should get the auth thru samba/winbind by using the ntlm protocol. but i'll get all the time Access, denited. it only works by using LDAP but thats not the way i need it. here some log and confs squid access.log 1326878095.784 1 192.168.15.27 TCP_DENIED/407 4049 GET http://at.msn.com/? -NONE/- text/html 1326878095.791 1 192.168.15.27 TCP_DENIED/407 4294 GET http://at.msn.com/? - NONE/- text/html 1326878095.803 9 192.168.15.27 TCP_DENIED/403 4028 GET http://at.msn.com/? kavan NONE/- text/html 1326878095.848 0 192.168.15.27 TCP_DENIED/403 3881 GET http://www.squid-cache.org/Artwork/SN.png kavan NONE/- text/html 1326878100.279 0 192.168.15.27 TCP_DENIED/403 3735 GET http://www.google.at/ kavan NONE/- text/html 1326878100.296 0 192.168.15.27 TCP_DENIED/403 3870 GET http://www.squid-cache.org/Artwork/SN.png kavan NONE/- text/html 1326878155.700 0 192.168.15.27 TCP_DENIED/407 4072 GET http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml - NONE/- text/html 1326878155.705 2 192.168.15.27 TCP_DENIED/407 4317 GET http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml - NONE/- text/html 1326878155.709 3 192.168.15.27 TCP_DENIED/403 4026 GET http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml kavan NONE/- text/html squid chace 2012/01/18 10:12:49| Creating Swap Directories 2012/01/18 10:12:49| Starting Squid Cache version 3.1.6 for x86_64-pc-linux-gnu... 2012/01/18 10:12:49| Process ID 17236 2012/01/18 10:12:49| With 65535 file descriptors available 2012/01/18 10:12:49| Initializing IP Cache... 2012/01/18 10:12:49| DNS Socket created at [::], FD 7 2012/01/18 10:12:49| DNS Socket created at 0.0.0.0, FD 8 2012/01/18 10:12:49| Adding nameserver 192.168.15.2 from /etc/resolv.conf 2012/01/18 10:12:49| Adding nameserver 192.168.15.19 from /etc/resolv.conf 2012/01/18 10:12:49| Adding nameserver 192.168.15.1 from /etc/resolv.conf 2012/01/18 10:12:49| Adding domain schoenbrunn.local from /etc/resolv.conf 2012/01/18 10:12:49| helperOpenServers: Starting 5/5 'squid_ldap_auth' processes 2012/01/18 10:12:49| helperOpenServers: Starting 10/10 'ntlm_auth' processes 2012/01/18 10:12:49| helperOpenServers: Starting 10/10 'squid_kerb_auth' processes 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| helperOpenServers: Starting 5/5 'squid_ldap_group' processes 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| squid_kerb_auth: INFO: Starting version 1.0.5 2012/01/18 10:12:49| Unlinkd pipe opened on FD 73 2012/01/18 10:12:49| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2012/01/18 10:12:49| Store logging disabled 2012/01/18 10:12:49| Swap maxSize 0 + 262144 KB, estimated 20164 objects 2012/01/18 10:12:49| Target number of buckets: 1008 2012/01/18 10:12:49| Using 8192 Store buckets 2012/01/18 10:12:49| Max Mem size: 262144 KB 2012/01/18 10:12:49| Max Swap size: 0 KB 2012/01/18 10:12:49| Using Least Load store dir selection 2012/01/18 10:12:49| Set Current Directory to /var/spool/squid3 2012/01/18 10:12:49| Loaded Icons. 2012/01/18 10:12:49| Accepting HTTP connections at [::]:3128, FD 74. 2012/01/18 10:12:49| HTCP Disabled. 2012/01/18 10:12:49| Squid modules loaded: 0 2012/01/18 10:12:49| Adaptation support is off. 2012/01/18 10:12:49| Ready to serve requests. 2012/01/18 10:12:50| storeLateRelease: released 0 objects smb.conf # Domain Authntication Settings workgroup = <WORKGROUP> security = ads password server = <DOMAINNAME>.LOCAL realm = <DOMAINNAME>.LOCAL ldap ssl = no # logging log level = 5 max log size = 50 # logs split per machine log file = /var/log/samba/%m.log # max 50KB per log file, then rotate ; max log size = 50 # User settings username map = /etc/samba/smbusers idmap uid = 10000-20000000 idmap gid = 10000-20000000 idmap backend = ad ; template primary group = <ad group> template shell = /sbin/nologin # Winbind Settings winbind separator = + winbind enum users = Yes winbind enum groups = Yes winbind netsted groups = Yes winbind nested groups = Yes winbind cache time = 10 winbind use default domain = Yes #Other Globals unix charset = LOCALE server string = <SERVERNAME> load printers = no printing = cups cups options = raw ; printcap name = /etc/printcap #obtain list of printers automatically on SystemV ; printcap name = lpstat ; printing = cups squid.conf auth_param ntlm program /usr/bin/ntlm_auth --require-membership-of=<DOMAINNAME>\\INTERNETZ --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 10 auth_param basic program /usr/lib/squid3/squid_ldap_auth -R -b "dc=<dcname>,dc=local" -D "cn=administrator,cn=Users,dc=<domainname>,dc=local" -w "******" -f sAMAccountName=%s -h 192.168.15.19:3268 auth_param basic realm "Proxy Authentifizierung. Bitte geben Sie Ihren Benutzername und Ihr Passwort ein!" #means insert you PW in an other language - # external_acl_type InetGroup %LOGIN /usr/lib/squid3/squid_ldap_group -R -b "dc=<domainname>,dc=local" -D "cn=administrator,cn=Users,dc=<domainname>,dc=local" -w "******" -f "(&(objectclass=person)(sAMAccountName=%v) (memberof=cn=%a,cn=internetz,dc=<domainname>,dc=local))" -h 192.168.15.19:3268 auth_param negotiate program /usr/lib/squid3/squid_kerb_auth -d auth_param negotiate children 10 auth_param negotiate keep_alive on acl localnet proxy_auth REQUIRED acl InetAccess external InetGroup Internetz http_access allow InetAccess http_access deny all acl auth proxy_auth REQUIRED http_access allow auth and a very suspicious is that by adding the proxy server to the Domain i see 2 new entries in the PC one with the original computer-name leopoldine and one with leopoldine CNF:f8efa4c4-ff0e-4217-939d-f1523b43464d ?!? I tried a lot, really... but i stuck on this problem... i actually i even reinstalled all dependent programs and reconfigured them from default. Group exists and has me in it. Firefox running on the old proxy and i use IE for testing the new one. But i'll get all the time Access-Denited and to be honest i'm quite a beginner, so please don't be to prude. I'll interested in improving, i'll get the information we need to fix this but i started working 2 month ago and got only 1 1/2 year's training and not a single sec. in linux ;)

Read the article
Can't find Role Services in Windows 7

- by Pete Alvin

I'm trying to install PHP on Windows 7 Home Premium using these instructions: Using FastCGI to Host PHP Applications on IIS 7 and a 1/3 of the way down on the page I have to do this: Server Manager -> Roles -> Add Role Services and just cannot find Roles or Role Services. Any ideas? PHP is giving me a 500 error and I'm wondering if it's because I haven't done this role services thing.

Read the article
Which web services should be integrated?

- by Adam Matan

Mail + Social networking? One identity for all sites? Integration between all social networks and IM services? Which web services should be integrated in the future, and why? Edit: Clarification: By "integrating", I mean that two or more services should be seamlessly connected, and that connection would benefit the user. Foe example, I would really like to have an IM application that would support many accounts on many IM providers (And IMHO, Pidgin's not ready yet).

Read the article
Specify Credentials to run Powershell Script to Query AD

- by Ben

I want to run a powershell script to query AD from a machine that is NOT on the domain. Basically I want to query to see if there is computer account already on the domain for this machine and create it if there is not. Because this has to happen before the machine joins the domain I assume I will need to specify some credentials to enable it to run. (I'm pretty new to Powershell, so apologies if this is a newbie question!) The script I am using to check the account is below, and then once this has run it will join the domain using the computername specified. Can you tell me how to specify some domain credentials to run this section of the script as? Cheers, Ben $found=$false $thisComputer = <SERVICE TAG FROM BIOS> $ou = [ADSI]"LDAP://OU=My Computer OU,DC=myDomain,DC=com" foreach ($child in $ou.psbase.Children ) { if ($child.ObjectCategory -like '*computer*') { If ($child.Name -eq $thisComputer) { $found=$true } } } If ($found) { <DELETE THE EXISTING ACCOUNT> }

Read the article
SBS 2008 - Add user not seeing AD users (reconnecting or creating new mailbox)

- by Robert

Using SBS 2008 - completely updated. I was originally trying to create a spam mailbox for quarantine purposes, and when I bring up the "select an existing user" it does not display any of the domain users (other than QB database user accounts installed on their server). I have tried changing the scope and still nothing. Searching reveals nothing either. Then later I noticed that we had (1) disconnected mailbox, and I tried to reconnect it to the AD user - and I got the same results. Help would be much appreciated.

Read the article
Printer monitor software across multiple workstations (AD integrated)

- by HannesFostie

I was asked to see if there is any kind of (free) software that allows multiple people in an office that use the same printer to see what jobs have finished recently, which are queued and which is printing. Main reason is that sometimes multiple people have the same task where they need to print some kind of form, and they are unsure whether or not their colleague has already printed the file. Because the printer is AD integrated, they only see a short message when printing, but they do not see a proper printer queue. A simple tray icon/tool would be perfect, no real graphical user interface is required. If this turns out to be too hard to find, I will attempt to write a simple application or script for the job, but since this is a low priority job I decided to ask here first before I start messing around with scripting which isn't my forte. Thanks

Read the article
Apache not using the right SSL certificate [on hold]

- by user2420318

In my apache2 setup, I have one VirtualHost for my main site, and another for a static content site, like downloads, css, etc. I have ssl certificates for both, and the static content one is under a subdomain of the main site. I have configured the four virtualhosts altogether, as both sites need SSL ones as well. When I only had 1 SSL site, everything was OK, but now with the second, the first site uses the second site's certificate, even though it is told specifically to use its own in the VirtualHost section. I honestly have no idea why apache would do this. Any ideas? I have a feeling there may be some default/global setting or something that are set for some odd reason. I am using different IPs for the Virtual hosts.

Read the article
Create private key with CSR

- by Daniel Schlieckmann

I have a CSR file (as a text file) and the corresponding P7B certificate. My problem is that I have to create a P12 file on a machine where I do not have created the CSR. I have created the CSR in Firefox Key Manager. Before, I imported the P7B file into certificate store in msc, then exported a CER-file, imported it in Key Manager and then exported the P12 file. This doesn't work anymore because I have another machine now. If I try to import the CER file created by msc, Key Manager says that there is no private key. Is there a possibility to create a private key?

Read the article

< Previous Page | 71 72 73 74 75 76 77 78 79 80 81 82 | Next Page >