Can you help me to disable Validate Server Certificate option in Local Area Network Properties
Authentication Tab .I want to disable validate server certificate check with the help of batch file.
thanks
Umair
What you're asking for requires a hotfix from Microsoft for Win7/Win2008 systems:
http://support.microsoft.com/kb/2493933
Hotfixes can be scripted, usually by following them with a /s or /q for "silent" or "quiet", or both.
Related
While trying to install on other machines I get the following exceptions:
[12:22:33] Shekhar Pandey: Name: OutlookAddIn1
From: https://www.emailcipher.com/outlook/OutlookAddIn1.vsto
Exception Text
System.Security.SecurityException: Customized functionality in this application will not work because the certificate used to sign the deployment manifest for OutlookAddIn1 or its location is not trusted. Contact your administrator for further assistance.
at Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInTrustEvaluator.VerifyTrustPromptKeyInternal(ClickOnceTrustPromptKeyValue promptKeyValue, DeploymentSignatureInformation signatureInformation, String productName)
at Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInTrustEvaluator.VerifyTrustUsingPromptKey(Uri manifest, DeploymentSignatureInformation signatureInformation, String productName)
at Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInDeploymentManager.VerifySecurity(ActivationContext context, Uri manifest, AddInInstallationStatus installState)
at Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInDeploymentManager.InstallAddIn()
The Zone of the assembly that failed was: MyComputer
[12:22:48] Shekhar Pandey:
Exception Text
System.Security.SecurityException: Customized functionality in this application will not work because the certificate used to sign the deployment manifest for OutlookAddIn1 or its location is not trusted. Contact your administrator for further assistance.
at Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInTrustEvaluator.VerifyTrustPromptKeyInternal(ClickOnceTrustPromptKeyValue promptKeyValue, DeploymentSignatureInformation signatureInformation, String productName)
at Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInTrustEvaluator.VerifyTrustUsingPromptKey(Uri manifest, DeploymentSignatureInformation signatureInformation, String productName)
at Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInDeploymentManager.VerifySecurity(ActivationContext context, Uri manifest, AddInInstallationStatus installState)
at Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInDeploymentManager.InstallAddIn()
The Zone of the assembly that failed was: MyComputer
The URL of the deployment manifest is: https://www.emailcipher.com/outlook/OutlookAddIn1.vsto
How can I enable the deployment of my VSTO Addin?
By looking at your deployment manifest I assume that your certificate with the identity CN=Abc\Dell is not signed with Authenticode and that you use the posted URL to deploy it to the other machines. (But I'm not 100% sure about the latter because you say ftp in the title but https in the posted URL.)
First you have to add your URL on the client machines to the Trusted sites list using the options here. You can check this by opening your .vsto in Internet Explorer and looking at the page properties. Zone should now be Trusted sites and not Internet. If you cannot change the Trusted sites list you can alternatively add your URL to the Local intranet zone as well.
If it still fails with the same error message you have to add your certificate to the Trusted Publishers on the client machine using the commands here. If you don't want to use the command line you can do the same in the GUI using the Certificates snap-in in the MMC or using the method here. If you don't have the permission to add a certificate to the Trusted Publishers because a Group Policy of the client domain is restricting the access then you also have to check the Group Policy settings here.
If your client is using a Windows Server OS you may also have to deactivate the Internet Explorer Enhanced Security Configuration (IEESC) using the settings here. (At least for the duration of the deployment.)
At last you can also check the registry for the settings of the Inclusion Lists using the registry keys here.
I guess that adding your URL to the Trusted sites should be enough to make your VSTO deployment work. If it isn't, adding your certificate to the Trusted Publishers will most likely do the trick.
I need to set up Kerberos authentication for TFS 2013. Is there any document that gives me steps to configure it? I have looked at the below mentioned links
http://blogs.like10.com/2012/05/09/using-friendly-dns-names-in-your-tfs-environment-with-kerberos-authentication-part-1/
http://blogs.like10.com/2012/06/21/using-friendly-dns-names-in-your-tfs-environment-with-kerberos-authentication-part-2/
My TFS still takes NTLM auth type every time. I would really appreciate if someone could send me links on how to configure Kerberos on Windows 7
Kerberos is not a TFS capability but one of active directory. If you are able to get a nervous token on the TFS accounts with the delegated URL so in your SPN, then you only need to switch TFS over.
You might find the option in the console but i am getting that It is a setup option.
Run "tfsconfig.exe setup /uninstall:all" to undo your current configuration. Then when configuring select "advanced" and you should get an option for ntlm/kerberos.
I am using Windows 2012 R2 VM machine in Azure. I have read multiple article to setup Filezilla server in this environment. However, I am not successful. Any one faced this issue? Any solution will be greatly appreciated.
Just remember to add Filezilla to Windows Firewall :-)
I'm dealing with the same thing right now. locally the FTP serv works great. remote I cannot establish a passive connection. Based on my research this is because Azure is not set up for Passive-FTP. I am uncertain if we can get FileZilla to operate in a active-FTP mode. Will post back if I ever get to the bottom of it. Mine currently connects and authenticates but 'cannot retrieve directory listing' when it tries to kick over to passive (transfer) mode.
In addition to checking the Virtual Machine endpoints are open, be sure to also add the appropriate Windows Firewall rules if you have Windows Firewall enabled on your Windows VM.
Yes, We can connect to Azure server via FileZilla Client.
Steps:
Login to Azure portal: https://portal.azure.com
Click on App Services.
Select the Site and then click on Get publish profile.
Save the file and open it in notepad.exe.
The file contains 2 <publishProfile> sections. One is for Web Deploy and another for FTP.
Under the <publishProfile> section for FTP make a note of the following values:
publishUrl (hostname only)
userName --------------------------> This is the information you are looking for
userPWD
Add the PublishUrl to Hostname, Username and password in their respective fields.
Connected.
The link will give the detailed description of the steps flow with images.
Here is the link.
Thanks
I installed WebSphere 7.0 and RAD 7.5. Updated WAS to fix pack 11 and update RAD. 7.5.5. latest updates..etc...
I create a server profile.
I start the server.
I turn on global security and use LDAP. (something I have done a billion times)
I don't even attempt to publish an application.
The server constantly debugs out this message every two minutes.
How do you make it stop? I have tried making new keys doesn't work, I blow away the profile and make a new one. Nothing works. Nothing. The server is running at 400 MB without an application installed. Is this supposed to be normal? 400 MB with no app published?
The server profile creation wizard forces this SSL nonsense into the config.
What's really going on here?
I would love to utilize the latest server technology IBM has to offer but it seems to be broken right out of the box, out of the gate. 5 fix packs later and it's still broken.
[8/25/10 8:12:44:896 CDT] 0000000b SSLHandshakeE E SSLC0008E: Unable to initialize SSL connection. Unauthorized access was denied or security settings have expired. Exception is javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
at com.ibm.jsse2.b.a(b.java:34)
at com.ibm.jsse2.pc.a(pc.java:155)
at com.ibm.jsse2.pc.unwrap(pc.java:104)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:17)
at com.ibm.ws.ssl.channel.impl.SSLConnectionLink.readyInbound(SSLConnectionLink.java:531)
at com.ibm.ws.ssl.channel.impl.SSLConnectionLink.ready(SSLConnectionLink.java:291)
at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:214)
at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:113)
at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:165)
at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)
at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775)
at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1550)
I was wrong. Creating it from either way causes the issue. (running the pmt.bat or through the rad tool).
The real issue was not copying the global security stuff as a security domain. Basically you go to Security > Security Domains > then click the Copy from Global Security option.
This is just crazy. Why not simply have the goofy wizard ask if you would like this to happen also??? IBM infuriates me.
I solve this issue by enabling security in the server screen.
Open the Servers view, double click on the server, expand security, enable "Security is enabled in this server" and provide a user ID + password. After this the problem went away.
For some reason it was disabled even though I enabled it through the admin console.
Its too late but may be it helps others like me :)
Agree with Peter above, its IDE which checks status from server..
You need to add the certificate 'X' i.e. exportedCertificate.cer to JRE keystore. To do this, run this command in a Windows CMD window:
$ keytool -import -file exportedCertificate.cer -storepass changeit -keystore %JAVA_HOME%/jre/lib/security/cacerts -alias myAlias
Certificate 'X' is the default certificate in your Websphere server. You can find and export it through IBM console. Alternative is to hit HTTPS url at browser and export it from browser in DER format.
I found that this solution worked best for me.
http://wiing.fr/websphere-application-server-ssl-error/
The way to fix it is to connect to the administration console,
navigate to: Security > SSL certificate and key
management > Key stores and certificates >
NodeDefaultKeyStore > Personal certificates
Select the default alias and click on renew. Restart WAS.
I recently got that error because the certificate’s beginning date was
set to a date in the future, could not understand what happened to my
configuration…
Your app server is trying to establish a ssl connection on a port that is not ssl. An easy way to see it live is trying to access the admin console using http but using the ssl port.
If you use the standard ports you can try this:
http://localhost:9043/ibm/console/
This error may be caused by your IDE (let it be Rational Application Developer RAD, Rational Software Architect RSA or plain Eclipse), which is trying to update the server status in the "Servers View".
As somebody here already said, the IDE's call to WebSphere Application Server's console fails, because it's malformed:
Unrecognized SSL message, plaintext connection?
Since your IDE tries to update the status regularly, the server prints this error message as often.
What worked in my case, was to remove the server from the "Servers View" (Right click - delete) and add a new one (Right click - new).
In my case, my IDE is not run with IBM's JRE. Since it's eclipse. so i update the eclipse.ini to include
-vm
E:/IBM/WebSphere/AppServer/java/bin/javaw
In most cases, this is due to expired SSL Certificate. Go to:
C:\Program Files (x86)\IBM\WebSphere\AppServer\profiles\AppSrv01\config\cells\XXXXXXNode01Cell\nodes\XXXXXXXXNode01
and see key.p12 and trust.p12 files. Check the created/modified date. It will typically be more than 1 year older. This means it's expired as typically above files are valid for 1 year only.
Solution
Delete entire websphere server profile (which will delete everything under C:\Program Files (x86)\IBM\WebSphere\AppServer\profiles\AppSrv01 and create a new. this will wipe out key.p12 and trust.p12 files along with other files and create a new key.p12 and trust.p12 files when you create new profile.
Copy key.p12 and trust.p12 from your colleague's machine whose key files(key.p12 and trust.p12) are not expired. You can also use iKeyman tool to renew key.p12.
I also faced this issue . finally sorted out this issue. Below are the steps may helpful.
delete the profiles which you have created earlier.
to view all profiles: IBM/AppServer/bin/manageprofiles.bat -listProfiles
deletion of profiles: IBM/AppServer/bin/manageprofiles.bat -delete ProfileName
Windows-->Start-->Services find any IBM WebSphere servers are running background. try to stop them and restart the server.
Modify your eclipse.ini to explicitly use the IBM JRE as follows:
-vm C:/Program Files (x86)/IBM/WebSphere/AppServer/java_1.7_64/jre/bin/javaw.exe
--launcher.appendVmargs
-vmargs
-Dosgi.requiredJavaVersion=1.7
-Xms512m
-Xmx6144m
Restart Eclipse and Restart your IBM Websphere Application Server to fix the issue.
I have just installed Windows Server 2003 Standard Edition and therefore IIS6 (comes as standard). I have also install the windows component that enable the administration of IIS from the browser (https://server:8098/). The problem I have is that I have to log-in to this tool but the Server Administrator u/name and p/word does not let me in.
The Windows documentation on this tool (http://support.microsoft.com/kb/324282) says "You are prompted for a user name and password that exist on the Web Server" but none of the standard user acounts on the server let me in.
Thanks,
Here are a couple ideas:
Take a look at the security log on the server for clues.
Look at the "Directory Security" tab on the properties of the admin site and ensure "Enable anonymous access" is unchecked. You will need to use "Integrated Windows authentication" or "Basic authentication". If you use Basic auth then the password is sent across then network base64 encoded - you will want to use SSL to encrypt it.
Is there a specific requirement to use the web tools? You can download Internet Information Services (IIS) 6.0 Manager for Windows XP from Microsoft and run it from a client.
I'm not so sure now, haven't set up a Win 2003 box in a while but as far as I remember you have to activate remote desktop first and then you can use a RDP client to access the server. I recommend that over the ActiveX RDP client.
Is the server part of a domain? It may be defaulting to a domain username/password combo rather than a local username/password.
Try "server.domain.local\administrator" or "administrator#server.domain.local".
I would check the permissions on that site in IIS - make sure you are using an account that is a member of a group specifically assigned permissions. I understand that the builtin admin account is not working but its possible the site permissions have changed removing that account or group. - hope that makes some sort of sense
This might be unlikely, but are you trying to use a username that has a blank password? Windows restricts remote access when using those accounts.
If that's the case, you can check the Group Policy (gpedit.msc for local computer, or the one for domains if it's in a domain.):
Computer Configuration
Windows Settings
Security Settings
Local Policies
Accounts: Limit local account use of blank passwords to console logon only