Cisco Data Center Network Manager JBoss EAP Unauthorized Access Vulnerability

A vulnerability in the application environment of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to gain unauthorized access to the JBoss Enterprise Application Platform (JBoss EAP) on an affected device.

The vulnerability is due to an incorrect configuration of the authentication settings on the JBoss EAP. An attacker could exploit this vulnerability by authenticating with a specific low-privilege account. A successful exploit could allow the attacker to gain unauthorized access to the JBoss EAP, which should be limited to internal system accounts.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

Security Impact Rating: Medium

CVE: CVE-2019-15999


  • No Related Posts

'404 Not Found' when trying to browse a newly published Managed Path in SharePoint when accessed using Storage Zones Controller SharePoint Connector

After publishing a new Managed Path in SharePoint, you may find that attempts to access this resource by using Storage Zones Controller SharePoint Connector fail. Upon closer inspection, the Storage Zone Controller log files may contain error messages similar to the following:

ERROR GetParent:: Exception thrown Message(The remote server returned an error: (404) Not Found.) StackTrace( at System.Net.HttpWebRequest.GetResponse()

at Microsoft.SharePoint.Client.SPWebRequestExecutor.Execute()

at Microsoft.SharePoint.Client.ClientContext.GetFormDigestInfoPrivate()

at Microsoft.SharePoint.Client.ClientContext.EnsureFormDigest()

at Microsoft.SharePoint.Client.ClientContext.ExecuteQuery()

at SharePointConnector*Util.SharePointUtility.GetParent(ClientObject spItem))


  • No Related Posts

Indexing remote SharePoint documents (O365) using WebDAV

I need a solution


Good afternoon. Does anyone know how to format Sharepoint URL online (O365) for DLP indexing (IDM) use?

I know and I already use Sharepoint on-premise WebDAV, but I can not do the same with O365 Sharepoint. I’ve read that Sharepoint’s O365 also uses WebDAV for drive mapping.

Has anyone done anything similar that might help?




  • No Related Posts

ASG | Maximum concurrent client connection limit of 2500 reached

I need a solution

Dear All,

  My customer have ASG S200-30-U500 and they use proxy type Explicit.

We found issue about sometime client access to internet slowly. after i have check eventlog we found message as below,

after i have check this message concern about license for client connection for U500 it have limit 2500

if reached 2500 Proxy will take queue for client access internet because customer config it.

and then i have check why client connection more than ever. We found they  have implement Office 365 OneDrive for Business.

please see Report from Reporter

before have request OneDrive

after implementation OneDrive

for imformation above it make client connection reached limit sizing of device.

My customer have question before extend about license.

They would like to know device can control usage of OneDrive & SharePoint by limited concurrent usage of it either connection or bandwidth.

Please  recommend

Best Regards,

Chakuttha R.



  • No Related Posts

Citrix Content Collaboration Connector SSO for Network Shares and SharePoint on‐prem

Summary of items

  1. SharePoint Configuration
  2. NetScaler (internal load balancer) Configuration
  3. Configure SplitDNS
  4. Configure Citrix Storage Zone
  5. AD Delegation
  6. Browsers

SharePoint Configuration

Set the SPN for the SharePoint service account


This is a standard SharePoint requirement which references the service account used during the installation of SharePoint itself). The service account used below is usually the one that SharePoint has been initially installed with.

  1. From any server, open CMD (elevate with account with the appropriate SharePoint rights)
  2. Type the following:

SetSPN -S HTTP/SharePoint domainserviceaccountname

SetSPN -S HTTP/ domainserviceaccountname


KCD work is not required for the Network Connectors, this will be using NTLM.

SharePoint Configuration

  1. On the Central Administration page, under Quick Launch, click Security, and in the General Security section click Specify authentication providers.
  2. On the Authentication Providers page, select the zone for which you want to change authentication settings.
  3. On the Edit Authentication page, and in the Authentication Type section ensure this is set to Windows (selected by default).
  4. In the IIS Authentication Settings section, select Negotiate (Kerberos). Note: If you select Negotiate (Kerberos) you must perform additional steps to configure authentication (below).
  5. Click Save.

NetScaler (internal Load balancer) Configuration

The reason for this configuration is to split the to split the External and Internal traffic. Where AAA authentication is being used for external user authentication to Connectors, AAA is not a necessity for Internal use, especially where Web Access to Network shares/SharePoint SSO are required via web browsers.


AAA requires a NetScaler Enterprise and above license to use.

If the NetScaler wizard has been used to configure a storage zone, then you would typically see LBVIPs bound to a Content Switch, such as:

_SF_CS_ShareFile = External Content Switch

The External config would typically have:

  • 1 x Content Switch, with Policies, Responders, Callouts.
  • 3 x LBVIP’s
    • ShareFile Data LBVIP
    • Connectors LBVIP with AAA enabled


If Web Access to Connectors are required then additional configuration is needed in addition to the wizard, which adds the OPTIONS LBVIP to the Content Switch. Please see this article in section “
Configure NetScaler for restricted zones or web access to Connectors ”.

Now we would need an additional configuration to route the internal traffic. This would typically be a Load Balancing virtual server (LBVIP) rather than a Content Switch. In this instruction we are going to:

  • Create the Server(s) – create a connection to all the storage zone controllers within a single Zone.
  • Create a Service Group – group the servers into a group
  • Create an LBVIP – create the Load Balancing virtual server

Create the Server(s)

  1. Log into the NetScaler and browse to:
  1. Click Add.
  2. Create a name eg SZ_Server.
  3. Input the IP Address of the Citrix storage zone controller
  4. Click Create.
  1. Repeat for all storage zone controllers.

Create a Service Group

  1. Log into the NetScaler and browse to:
  1. Click Add.
  2. Create a name eg SZ_Service_Group.
  3. Protocol: SSL
  4. Click OK.
  1. Click on Service Group Members.
  2. Select Server Based option then click on Select Server.
  1. Click the checkboxes on each of the storage zone controller servers and then click Select
  2. Enter Port*: 443.
  1. Click Create.
  2. Click OK to continue
  3. Click Done.

Create an LBVIP

  1. Log into the NetScaler and browse to:
  1. Click Add to create the storage zone LBVIP:

Protocol: SSL

IP Address Type: IP Address (this should be internally accessible)
  1. Click OK.
  1. Under Services and Service Groups, click the Virtual Server Service Group Binding option
  2. Select the Service Group created earlier and click Bind.
  1. Click OK.
  2. Attach wildcard certificate.
  1. Click Bind.
  2. Click OK and Done.

Configure SplitDNS

Configure SplitDNS to resolve to the new Internal LBVIP (ie SZ_LB_INTERNAL), which is important as you need to direct traffic internally to the internal load balancing vserver created in the previous step. If this is done via Active Directory in your environment, here are some example below.

Configure DNS in AD

  1. Log into the Domain Controller and open dsa.msc.
  2. Browse to Forward Lookup Zones to find the one which correlates to the StorageZone FQDN (
  3. Add a New Host (A or AAAA)… and enter the FQDN for the StorageZone.
  4. Enter the IP, this should be the one of the Internal LBVIP (i.e. SZ_LB_INTERNAL) created in the previous section
  5. To test, open CMD from another desktop/server, run ipconfig/flushdns and ping the StorageZone FQDN. Does it resolve to the correct IP?

Configure Citrix Storage Zone

StorageZone Controller IIS changes

Network Connectors only:

  1. Log onto the StorageZone Controller(s) and open IIS.
  2. Click on the Default web site then to the CIFS virtual directory.
  3. Click on Authentication, then ensure Anonymous and Windows Authentication are Enabled.
  4. Right-click on the Windows Authentication option and select Providers.
  5. Highlight NTLM and Move Up to the top of the list. Click OK.
  6. Ensure Basic Authentication is set to Disabled.

SharePoint KCD only or either with Network Connectors:

  1. Click on the CIFS virtual directory, then on Authentication.
  2. Ensure Anonymous and Windows Authentication are Enabled.
  3. Right-click on the Windows Authentication option and select Providers.
  4. Highlight Negotiate and Move Up to the top of the list. Click OK.
  5. Repeat for the SP virtual directory.
  6. Ensure Basic Authentication are Disabled on both.

If using port 80 on your StorageZone Controller for Load Balancing communication, refer to the AD Delegation section.

  1. If using port 443, then on the StorageZone Controller, then right-click the Default Web Site and select Edit Bindings.
  2. Add a new binding on port 443, assign the IP address, and insert a host header (just the first part of your storage zone FQDN, i.e. where, then input only sz in the hostheader).

AD Delegation

Changes might need to be actioned on the SZC AD object(s), and all the servers used for Network Shares and SharePoint need to be added.



Ensure that any File servers hosting any Network Shares, are added to the delegation as CIFS.

Ensure any SharePoint servers that need to be accessed, are also entered as HTTP.


Internet Explorer

  1. Open Internet Options, Security, Local Intranet, Sites, Advanced then enter the following:
Citrix Content Collaboration URL – e.g.:

FQDN StorageZone – e.g.:

FQDN of AAAVIP – e.g.:

Note: If this is locked down, configure via GPO which will be actioned on the User Configuration.
  1. Open GPMC and select the GPO controlling the behaviour of IE.
  2. Browse to Computer Configuration/Administrative Templates/System/Group Policy and Enabled the policy Configure user group policy loopback processing mode and select Replace.
  3. Then browse to User Configuration/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page and edit the Site to Zone Assignment List as follows:
Note: The number in the Value field denotes the number of the zone. MS breaks them down as follows:

1 – Intranet zone – sites on your local network.

2 – Trusted Sites zone – sites that have been added to your trusted sites.

3 – Internet zone – sites that are on the Internet.

4 – Restricted Sites zone – sites that have been specifically added to your restricted sites.
  1. For external IE browsers, extra configuration is required as follows:
Click on the Internet/Custom Level and ensure that:
  • Miscellaneous/Access data sources across domains is Enabled.
  • User Authentication/Log on/Prompt for Username and Password is selected.
  1. Click OK twice.


  1. Launch Firefox. In the Address Bar, instead of typing a URL, enter: about:config
This opens the configuration interface. You may need to agree to a security warning in order to proceed.
  1. Double-click the line labelled automatic-ntlm-auth.trusted-uris and enter the following:
ShareFile site –

FQDN StorageZone –


Note: Separate individual URLs with commas, but do not put spaces between them, for example:,

  1. Click OK when you’re finished.
  2. Double-click the line labelled negotiate-auth.trusted-uris.
  3. Enter the same information you entered in step 2 with the URLs separated by commas and with no spaces.
  4. Click OK.


This should work. CORS should be enabled by default on Chrome but you can add the plugin to Chrome here .


  • No Related Posts

Intranet-unable to access Intranet (

I need a solution

Hi Team , 

There is an issue in which user is trying to access sharepoint (intranet) but got ther error that ” Paged can not be displayed” .  URL -=

URL is allowed in acess policy , user has been add this site in IE for trusted website still user is facing an issue. When user connect to VPN it is not working but when they try this URL without VPN it is working.

Kindly help in this query.



  • No Related Posts

SharePoint Online Data Protection: Why It’s Needed Now

EMC logo

Your SharePoint Online data is at risk, despite Microsoft being secure, reliable, and providing a robust uptime SLA.

Microsoft protects against data loss due to infrastructure failures or malicious actions on their side, however, Microsoft cannot adequately protect you against human error or malicious acts on your side. [Read Part 1 and Part 2 of this series for more background.]

The same risks for data loss due to accidental or malicious deletions apply to SharePoint Online content associated in Sites, OneDrive, Groups, and Teams. The native protections Microsoft offers don’t meet the need for fast, accurate recovery in those scenarios, as you’ll learn in part 3 of our Office 365 Data Protection series.

SharePoint Default Retention Times

As we saw in Part 1, folders for email default retention times can be perilously short. Likewise in SharePoint Online, OneDrive and other services that rely on SharePoint as a file store, the length of time that a deleted item is retained can vary based on several factors, but is never longer than 93 days.

When an item is deleted in SharePoint Online it is retained in the first stage recycle bin for 30 days. After 30 days, or after a user deletes the item from the first stage recycle bin, it moves to the Site Collection Recycle Bin where it sits for no more than 63 more days for a total of 93 days. If the user has the rights, they can also purge the item from the Second Stage Recycle bin effectively permanently deleting the item before the 93 days has elapsed.

Online Litigation Hold and In-Place Hold

eDiscovery and Litigation holds for data recovery are not the best approach. (Further, In-Place Hold is not currently available for Office 365.) Remember that litigation holds are part of a larger compliance policy and legal retention strategy for the enterprise. Litigation Hold is a business process. The business, with input from the legal team, should define the policy for legal holds.

If every item in a Site Collection is on hold, retention policies will not work on the schedules defined by the business. This could add new risks, because content that should have been destroyed on schedule will be discoverable in legal proceedings. Even if you use these features to preserve your organization’s data, it’s unlikely you’ll be able to rapidly and efficiently restore your data, which is the entire point of having a solid backup AND restore solution.

Use the Right Tool

Backup software for SharePoint Online meets different use cases than Litigation Hold or archive software. Backup software automatically makes a copy of SharePoint data and ensures it’s available so data can be rapidly returned to production in the event of data loss. Litigation Hold is a business process, and using it broadly or improperly for your Site Collections will add legal risk. Archive software provides long-term data retention for data that is no longer actively used.

When planning to rapidly recover from data loss due to accident or malicious acts, SharePoint admins should choose the right tool for the job — third-party backup and recovery software. The advantages are:

  • Backup data is stored in a different, secure location. Although Microsoft’s own data storage is secure, it’s a best practice to distribute risk by distributing the physical location of data stored in a backup. Ideally, the solution will ensure that data is protected at rest with 256-bit AES object-level encryption and in transit is with Secure Socket Layer (SSL) encryption.
  • Recovery is fast and easy. Compared to In-Place and Litigation Hold data recovery, a third-party backup tool automates much of the restore process. When business continuity is at stake, being able to recover lost data in minutes or hours is a much better option than needing days or weeks for recovery.
  • Site structure is preserved and can be recovered. Not all third-party backup and restore software can do this, but it’s vital to reduce recovery time for SharePoint Online admins.
  • A better approach to insider threats. If a malicious insider were to delete key elements of a Site Collection, or even an entire site, how long would it take you to recover? The manual effort needed when using Litigation Hold or archive tools for recovery make purpose-built backup and recovery software is a better approach.

Don’t wait until you experience data loss in SharePoint Online. Prepare now to rapidly restore content associated with Sites, OneDrive, Groups, and Teams  — see how much easier it can be when using Spanning Backup for Office 365.

Learn More About Spanning Backup for Office 365

Update your feed preferences





submit to reddit


  • No Related Posts