I have a customer who has allowed me access to Unity over the internet thru the firewall. When I go to the address I get a www authentication error. The laptop I'm logging in with has an account on Unity that matches my laptop account, so that when I'm on site I can plug into their network and get to the SA with my browser. Why wont it work over the internet? Is it seeing the account I used to log into my ISP? How do I set up in Internet Explorer so I can login thru the fire wall using my ISP? Thanks in advance.<br>David Borden<br><br>
Hi David. Are you getting an authentication error or is it not finding the web page itself? When coming in from the outside (i.e. youre not authenticated on their domain yet as you are when you attach your laptop locally and log in) you should get a challenge and response login to enter an account name and password. It doesnt sound like youre even getting that far. If you are getting that far, be sure to fill in the login name with the domain as well (i.e. login with "DOMAINNAME\Jsmith" instead of just jsmith that sometimes trips people up).
I suspect, however, that the problem is they dont have access through the firewall to the web server on our box setup properly. You can verify that by connecting to one of the generic web pages on the IIS server on our box. For instance my text box that has Unity installed on it is called JeffsTest and I can surf to http://jeffstest/samples/sampsite/default.htm . This takes me to the sample coffee house web page installed by IIS. Im guessing you wont be able to connect to that site as well.
Setting up web access to work through a fire wall in general (this has nothing to do with Unity specifically) can be tricky stuff. In the release notes for Unity on your CD youll find some general information about this and some references to Microsoft documentation for more specifics in Appendix B.
Jeff Lindborg Unity Product Architect Active Voice Corp firstname.lastname@example.org
I have this same problem. It only seems to be with the Unity user and administration interfaces. I have OWA on the same Exchange box and running through the same Proxy with the same permissions and pointer on the Proxy, but for some reason I can't get to the Unity pages.
I sort of gave up and I VPN in, but I would like to get this to work.
OK spent some time doing a little checking on this with the SA folks today since a few folks have been asking about this.
For some folks in the field this works ok and for others the login dialog wont accept their domain\login and PW (i.e. it just keeps popping back up on you). In all the cases Ive looked at (where it wasnt a fire wall issue) there was a proxy server involved somewhere between the client trying to log into the SA or AA and the Unity server itself.
NTs Challenge and Response protocol (CHAPS) apparently does have known problems where it will fail to work properly with proxy servers. Heres a link to a knowledge base article discussing the problem:
Also, it does look like our SA connection does check to be sure CHAPS is on (NT challenge and response) and will not allow clear text authentication even if you've gone into your IIS server and enabled that option for the SAWEB page. This was done to prevent a problem when anonymous access was enabled which caused us a lot of grief. We did have some sites that wanted to go clear text such that they could connect. In 2.4.0 build 105 and earlier, this wont be possible. Ive asked for this to be changed to allow clear text authentication (even though I think thats a really bad idea) if the customer really wants to enable it in 2.4.5.
The fact that you have OWA enabled on our box and youre connecting to us and it works ok but SAWeb access is denied is pretty confusing... I don't suppose you're forcing clear text? We're not doing anything fancy with our connection protocol other than making sure it was CHAPS. Once it's authenticated via NT we move on to check and see that youre a Unity user that has rights to gain access to the SA and or AA. If youre getting a specific error message on the SA (or better, in your event log) that means the NT authentication is cool but were failing to allow access, most likely based on your COS setting. Im assuming thats not the case since itll say explicitly Your COS does not allow this operation type thing.
You can test this real quick by just requiring CHAPS (be sure to uncheck both anonymous access and clear text options) for one of the default web pages created when you install IIS on our box and trying to connect to that remotely. If it goes through, we have something very weird going on. If not, Im betting its CHAPs failing due to your proxy.
The short answer is that you don't.... That isn't entirely true while at
the same time it kind of is, but for the most part you don't configure
the softkeys. You enable or disable them via TCL. Here is the long
answer. Be sure to read the whole thing or e...
Topology: IP Phone > Switches > Microsoft NPS setup to forward 802.1x
proxy to > ISE 2.1 patch 3 Authentication: EAP-TLS using Cisco MIC SANs
Phone Models 802.1X support? 802.1x flavor Addtl Comment EAP-MD5 EAP-TLS
Cisco 3905 Y Y N Cisco 6911 Y Y N Cisco ...
This document describe how DST changes and how time changes are
implemented in DST. Daylight Saving Time (DST) is the practice of
setting the clocks forward 1 hour from standard time during the summer
months, and back again in the fall, in order to make b...