UCMA Steps to create Trusted Application - ucma

What are the steps to create a trusted server application and then deploying it on the lync server?
I am new to lync server application development.

Finally got thorught the problem,
This can be helpful.
But in simple terms,
Step 1 : Create an Applicationpool by using Powershell Cmd New-CsTrustedApplicationPool
<>Syntax: New-CsTrustedApplicationPool -Identity -Registrar -Site -ComputerFqdn -RequiresReplication
-Identity : this should be unique like MyApplicationPool.mycomputer.fqdn
-Registrar : can get it by using Powershell Cmd Get-CsService -Registrar
-Site : can get it by using Powershell Cmd Get-CsSite
-ComputerFqdn : fully qualified computer name
-RequiresReplication: this can either be $True or $False
Step 2: Run Cmd : Enable-CsTopology, this will enable your application pool, now you can verify it by running the command Get-CsTrustedApplicationPool.
Step 3: Create a trusted application by using the Cmd New-CsTrustedApplication
Syntax : New-CsTrustedApplication -ApplicationId - TrustedApplicationPoolFqdn - Port
-ApplicationId : Unique Application Id with Fqdn
-TrustedApplicationPoolFqdn : -Identity parameter which we gave while creating the trusted application pool
-Port : Unique to your application, can be used in manual provisioning, used as a method parameter
Now follow Step 2.
Step 4: Create a Trusted Application Endpoint if required by you, using Cmd New-CsTrustedApplicationEndpoint
Syntax : New-CsTrustedApplicationEndpoint -ApplicationId -TrustedApplicationPoolFqdn -SipAddress -DisplayName
-ApplicationId : -Identity parameter which we gave while creating the trusted application
-TrustedApplicationPoolFqdn : -Identity parameter which we gave while creating the trusted application pool
-SipAddress : sip:user#host which is unique for your application endpoint
-DisplayName : Display Name like "Help Desk Contact"
Now follow Step 2.
In this way, you have now Created a new trusted Applicationpool, trusted server application, trusted application endpoint

1: Download SDK
2: Read the documentation

Related

Connect to SLDAP server V3 by using DirectoryServices.AccountManagement.PrincipalContext

I have one issue when trying to connect to the LDAP server through code. It works fine when I use admin tool to connect to it.
it works fine when using this admin tool to connect to it.
it doesn't work when I use this code to connect to it, it says
The server could not be contacted. ---> System.DirectoryServices.Protocols.LdapException: The LDAP server is unavailable.
My code:
Using context As DirectoryServices.AccountManagement.PrincipalContext = New DirectoryServices.AccountManagement.PrincipalContext(DirectoryServices.AccountManagement.ContextType.Domain, SingleSignOn.ADDomain, SingleSignOn.ADSecurityGroup, DirectoryServices.AccountManagement.ContextOptions.SecureSocketLayer Or DirectoryServices.AccountManagement.ContextOptions.Negotiate, UserName, Password)
Using foundUser = DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(context, UserName)
Return foundUser IsNot Nothing
End Using
End Using
My question is:
how to set up the code to use version 3?
Thank you in advance for your help/ideas.
Windows needs to trust the SSL certificate, otherwise the connection will fail. Unfortunately the error message doesn't tell you that.
You have a couple options:
Change the certificate being used on the server to a certificate from a trusted root authority. This is the best way to do it, especially if this is a production server.
Tell Windows to trust the self-signed cert. This would have to be done on every computer that will connect. To do this, use the PowerShell script in this answer to download the certificate (change the URL to match your server). This will give you a .cer file. Then follow the instructions here to import it on the computer that you are running this code on. In that article, start at the heading "To start the certificate import process through Microsoft Management Console (MMC)". In step 4, you have the option to import it for the current user only, or for the whole computer (which requires local admin rights).

cannot register my app to MFP remove server

I am having an issue deploying my app to a remote server. This is the error I get when trying run the cli add command:
mfpdev server add myqaserver --url https://mbmfp.mycompany.com --login admin --password aaaa --setdefault
Error: URL 'https://mbmfp.mycompany.com' is not valid. The URL must have the following format 'protocol://host:port'. Run 'mfpdev help server add' for more information.
My hostname name https://mbmfp.mycompany.com contains the port. So adding the port again will cause an issue
Initially, I tried the register command and was prompt to used the add command
mfpdev app register https://mbmfp.mycompany.com mfp
How do I fix this issue?
INFO
IBM MFP version 8.0.0-2016121916
Thanks
Doesn't look like you're executing the commands correctly...
Here's an example:
mfpdev server add
? Enter the name of the new server definition: mydevserver
? Enter the fully qualified URL of this server: http://mydevserver.example.com:9080
? Enter the MobileFirst Server administrator login ID: admin
? Enter the MobileFirst Server administrator password: admin
? Save the admin password for this server?: Yes
? Enter the context root of the MobileFirst administration services: mfpadmin
? Enter the MobileFirst Server connection timeout in seconds: 30
Verifying server configuration...
The following runtimes are currently installed on this server: mfp
Server profile 'mydevserver' added successfully.
Then, navigate to the root folder of the application and:
mfpdev app register mydevserver
Learn more here: https://mobilefirstplatform.ibmcloud.com/tutorials/en/foundation/8.0/application-development/using-mobilefirst-cli-to-manage-mobilefirst-artifacts/#add-a-new-server-instance

TFS 2015 SSL certificate could not be checked for revocation

I am using TFS 2015, I have a Release definition created for my test environment. A task for "PowerShell on Target Machines" has been added. The values are all entered correctly for this such as Machines, Admin Login, Password. HTTPS is the protocol, The Test Certificate checkbox is checked. WinRM listener is already setup on the remote server and working. When I run this task it shows as Rejected.
The error is below:
[error]Connecting to remote server myserver.example.com failed with the following error message : The server certificate on the destination computer (myserver.example.com:5986) has the following errors:
[error]The SSL certificate could not be checked for revocation. The server used to check for revocation might be unreachable. For more information, see the about_Remote_Troubleshooting Help topic.
The TFS agent I am using does not have internet capability. I tried this from another TFS agent that HAS internet capability and it worked.
Does anyone know if the TFS Agent must have internet capability?
Is there a way to skip the revocation checking from the User Interface?
Try to solution here to create and pass a new PSSessionOption object that specifies that all certificate checks should be bypassed.
$sessionOption = New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck
$session = New-PSSession -ConnectionUri $yourUrl -Credential $credential -Authentication Basic -AllowRedirection -SessionOption $sessionOption
Import-PSSession $session

Unable to access WebSphere Integrated Solutions Console after deleting self-signed certs

I am new to WebSphere (as you can tell by my dated username) and I have made a mistake. While trying to address security concerns in my organization I deleted the self-signed certificates in WebSphere. This seems to have caused the Integrated Solutions Console to break. Our application hosted in WebSphere is still working fine.
Is there a way to use a Jython or Jacl script to recreate these certs and configure them properly? Or is there perhaps another way to get access to the Console?
The web browser (IE) complains about TLS errors when trying to load the Console page.
You can create a new certificate using the createSelfSignedCertificate command from wsadmin. You'll have to run wsadmin unconnected to the server.
So roughly
start wsadmin eg.
wsadmin -conntype none
Then run the createSelfSignedCertificate task. The keystore is likely NodeDefaultKeyStore if you are on a stand alone app server or CellDefaultKeyStore if you are on a ND environment. You have to provide a management scope if running unconnected. You can get the list or management scope with the listManagementScopes command. Fill in your hostname for the certificateCommonName parameter.
eg.
to get the list of management scopes
wsadmin> AdminTask.listManagementScopes()
to create a self-signed certificate
AdminTask.createSelfSignedCertificate('[-keyStoreName -keyStoreScope -certificateAlias -certificateCommonName -certificateOrganization ibm -certificateState us ]')
to save the changes
AdminConfig.save()
If you just need to get into the console you can disable security in /config/cells/../security.xml
Just set "enabled=false" and restart the server. Using the console to create a new certificate should be easier than using wsadmin

How to Test DataSource connection in JBoss EAP 6.2 Managed Domain

I am trying to port an application from WebLogic to JBoss EAP 6.2.
When running the standalone server in JBoss, in the admin console there is a button and in the command line interface there is a command line option to check the data source connection.
/subsystem=datasources/data-source=myds:test-connection-in-pool
These options do not appear to exist in either place when running the "domain" server. Am I missing something? Is there some further setting I must make to enable it? I tried a technique which is sometimes an analog in the domain server and it doesn't work here.
/profile=full/subsystem=datasources/data-source=myds:test-connection-in-pool
JBoss docs are much weaker for "domain" model than for "standalone".
You are absolutely correct that while running the standalone server in JBoss, in the admin console there is a button and in the command line interface there is a command line option to check the data source connection butThese options do not appear to exist in either place when running the "domain" server.
You still can use the command line of jboss-eap-6.x to test the configured data source connection in domain server. You need to navigate to $JBOSS_HOME/bin/ and execute script: jboss-cli.sh
Connect to the domain server controller with: connect :PORT_NO and execute the following commands:
For XA-DataSource:
/host=$Host_Controller_Name/server=$Server_Name/subsystem=datasources/xa-data-source=DataSource_JNDI_Name:test-connection-in-pool
For Non-XA-DataSource:
/host=$Host_Controller_Name/server=$Server_Name/subsystem=datasources/data-source=DataSource_JNDI_Name:test-connection-in-pool