Indexing remote SharePoint documents (O365) using WebDAV

I need a solution

Folks,

Good afternoon. Does anyone know how to format Sharepoint URL online (O365) for DLP indexing (IDM) use?

I know and I already use Sharepoint on-premise WebDAV, but I can not do the same with O365 Sharepoint. I’ve read that Sharepoint’s O365 also uses WebDAV for drive mapping.

Has anyone done anything similar that might help?

Thanks!

0

Related:

  • No Related Posts

Favorite Folders and Files

To add a folder or file to your favorites, click the Star icon to the left of the folder or file name.

To view all of your Favorite Folders, click on the Favorites tab in the left navigation menu.

Items in this list can be organized by selecting the gray grips along the right edge of the row. Click and hold to drag to move the file or folder up or down.

Limitations

  • You cannot add a SharePoint folder that is a sub-site (ReadOnly) within your SharePoint Connectors menu.

Related:

  • No Related Posts

ASG | Maximum concurrent client connection limit of 2500 reached

I need a solution

Dear All,

  My customer have ASG S200-30-U500 and they use proxy type Explicit.

We found issue about sometime client access to internet slowly. after i have check eventlog we found message as below,

after i have check this message concern about license for client connection for U500 it have limit 2500

if reached 2500 Proxy will take queue for client access internet because customer config it.

and then i have check why client connection more than ever. We found they  have implement Office 365 OneDrive for Business.

please see Report from Reporter

before have request OneDrive

after implementation OneDrive

for imformation above it make client connection reached limit sizing of device.

My customer have question before extend about license.

They would like to know device can control usage of OneDrive & SharePoint by limited concurrent usage of it either connection or bandwidth.

Please  recommend

Best Regards,

Chakuttha R.

0

Related:

  • No Related Posts

Citrix Content Collaboration Connector SSO for Network Shares and SharePoint on‐prem

Summary of items

  1. SharePoint Configuration
  2. NetScaler (internal load balancer) Configuration
  3. Configure SplitDNS
  4. Configure Citrix Storage Zone
  5. AD Delegation
  6. Browsers

SharePoint Configuration

Set the SPN for the SharePoint service account

Note:

This is a standard SharePoint requirement which references the service account used during the installation of SharePoint itself). The service account used below is usually the one that SharePoint has been initially installed with.

  1. From any server, open CMD (elevate with account with the appropriate SharePoint rights)
  2. Type the following:

SetSPN -S HTTP/SharePoint domainserviceaccountname

SetSPN -S HTTP/SharePoint.domain.com domainserviceaccountname


Note:

KCD work is not required for the Network Connectors, this will be using NTLM.

SharePoint Configuration

  1. On the Central Administration page, under Quick Launch, click Security, and in the General Security section click Specify authentication providers.
  2. On the Authentication Providers page, select the zone for which you want to change authentication settings.
  3. On the Edit Authentication page, and in the Authentication Type section ensure this is set to Windows (selected by default).
  4. In the IIS Authentication Settings section, select Negotiate (Kerberos). Note: If you select Negotiate (Kerberos) you must perform additional steps to configure authentication (below).
  5. Click Save.

NetScaler (internal Load balancer) Configuration

The reason for this configuration is to split the to split the External and Internal traffic. Where AAA authentication is being used for external user authentication to Connectors, AAA is not a necessity for Internal use, especially where Web Access to Network shares/SharePoint SSO are required via web browsers.

Note:

AAA requires a NetScaler Enterprise and above license to use.

If the NetScaler wizard has been used to configure a storage zone, then you would typically see LBVIPs bound to a Content Switch, such as:

_SF_CS_ShareFile = External Content Switch

The External config would typically have:

  • 1 x Content Switch, with Policies, Responders, Callouts.
  • 3 x LBVIP’s
    • ShareFile Data LBVIP
    • Connectors LBVIP with AAA enabled
    • OPTIONS LBVIP.


Note:

If Web Access to Connectors are required then additional configuration is needed in addition to the wizard, which adds the OPTIONS LBVIP to the Content Switch. Please see this article in section “
Configure NetScaler for restricted zones or web access to Connectors ”.

Now we would need an additional configuration to route the internal traffic. This would typically be a Load Balancing virtual server (LBVIP) rather than a Content Switch. In this instruction we are going to:

  • Create the Server(s) – create a connection to all the storage zone controllers within a single Zone.
  • Create a Service Group – group the servers into a group
  • Create an LBVIP – create the Load Balancing virtual server

Create the Server(s)

  1. Log into the NetScaler and browse to:
  1. Click Add.
  2. Create a name eg SZ_Server.
  3. Input the IP Address of the Citrix storage zone controller
  4. Click Create.
  1. Repeat for all storage zone controllers.

Create a Service Group

  1. Log into the NetScaler and browse to:
  1. Click Add.
  2. Create a name eg SZ_Service_Group.
  3. Protocol: SSL
  4. Click OK.
  1. Click on Service Group Members.
  2. Select Server Based option then click on Select Server.
  1. Click the checkboxes on each of the storage zone controller servers and then click Select
  2. Enter Port*: 443.
  1. Click Create.
  2. Click OK to continue
  3. Click Done.

Create an LBVIP

  1. Log into the NetScaler and browse to:
  1. Click Add to create the storage zone LBVIP:
Name: SZ_LB_INTERNAL

Protocol: SSL

IP Address Type: IP Address (this should be internally accessible)
  1. Click OK.
  1. Under Services and Service Groups, click the Virtual Server Service Group Binding option
  2. Select the Service Group created earlier and click Bind.
  1. Click OK.
  2. Attach wildcard certificate.
  1. Click Bind.
  2. Click OK and Done.

Configure SplitDNS

Configure SplitDNS to resolve to the new Internal LBVIP (ie SZ_LB_INTERNAL), which is important as you need to direct traffic internally to the internal load balancing vserver created in the previous step. If this is done via Active Directory in your environment, here are some example below.

Configure DNS in AD

  1. Log into the Domain Controller and open dsa.msc.
  2. Browse to Forward Lookup Zones to find the one which correlates to the StorageZone FQDN (sz.company.com)
  3. Add a New Host (A or AAAA)… and enter the FQDN for the StorageZone.
  4. Enter the IP, this should be the one of the Internal LBVIP (i.e. SZ_LB_INTERNAL) created in the previous section
  5. To test, open CMD from another desktop/server, run ipconfig/flushdns and ping the StorageZone FQDN. Does it resolve to the correct IP?

Configure Citrix Storage Zone

StorageZone Controller IIS changes

Network Connectors only:

  1. Log onto the StorageZone Controller(s) and open IIS.
  2. Click on the Default web site then to the CIFS virtual directory.
  3. Click on Authentication, then ensure Anonymous and Windows Authentication are Enabled.
  4. Right-click on the Windows Authentication option and select Providers.
  5. Highlight NTLM and Move Up to the top of the list. Click OK.
  6. Ensure Basic Authentication is set to Disabled.

SharePoint KCD only or either with Network Connectors:

  1. Click on the CIFS virtual directory, then on Authentication.
  2. Ensure Anonymous and Windows Authentication are Enabled.
  3. Right-click on the Windows Authentication option and select Providers.
  4. Highlight Negotiate and Move Up to the top of the list. Click OK.
  5. Repeat for the SP virtual directory.
  6. Ensure Basic Authentication are Disabled on both.

If using port 80 on your StorageZone Controller for Load Balancing communication, refer to the AD Delegation section.

  1. If using port 443, then on the StorageZone Controller, then right-click the Default Web Site and select Edit Bindings.
  2. Add a new binding on port 443, assign the IP address, and insert a host header (just the first part of your storage zone FQDN, i.e. where FQDN=sz.company.com, then input only sz in the hostheader).

AD Delegation

Changes might need to be actioned on the SZC AD object(s), and all the servers used for Network Shares and SharePoint need to be added.

Example:

Note:

Ensure that any File servers hosting any Network Shares, are added to the delegation as CIFS.

Ensure any SharePoint servers that need to be accessed, are also entered as HTTP.

Browsers

Internet Explorer

  1. Open Internet Options, Security, Local Intranet, Sites, Advanced then enter the following:
Citrix Content Collaboration URL – e.g.: subdomain.sharefile.com

FQDN StorageZone – e.g.: sz.company.com

FQDN of AAAVIP – e.g.: aaavip.company.com

Note: If this is locked down, configure via GPO which will be actioned on the User Configuration.
  1. Open GPMC and select the GPO controlling the behaviour of IE.
  2. Browse to Computer Configuration/Administrative Templates/System/Group Policy and Enabled the policy Configure user group policy loopback processing mode and select Replace.
  3. Then browse to User Configuration/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page and edit the Site to Zone Assignment List as follows:
Note: The number in the Value field denotes the number of the zone. MS breaks them down as follows:

1 – Intranet zone – sites on your local network.

2 – Trusted Sites zone – sites that have been added to your trusted sites.

3 – Internet zone – sites that are on the Internet.

4 – Restricted Sites zone – sites that have been specifically added to your restricted sites.
  1. For external IE browsers, extra configuration is required as follows:
Click on the Internet/Custom Level and ensure that:
  • Miscellaneous/Access data sources across domains is Enabled.
  • User Authentication/Log on/Prompt for Username and Password is selected.
  1. Click OK twice.

Firefox

  1. Launch Firefox. In the Address Bar, instead of typing a URL, enter: about:config
This opens the configuration interface. You may need to agree to a security warning in order to proceed.
  1. Double-click the line labelled automatic-ntlm-auth.trusted-uris and enter the following:
ShareFile site – subdomain.sharefile.com

FQDN StorageZone – sz.company.com

FQDN of AAAVIP – aaavip.company.com

Note: Separate individual URLs with commas, but do not put spaces between them, for example:

subdomain.sharefile.com, sz.company.com

  1. Click OK when you’re finished.
  2. Double-click the line labelled negotiate-auth.trusted-uris.
  3. Enter the same information you entered in step 2 with the URLs separated by commas and with no spaces.
  4. Click OK.

Chrome

This should work. CORS should be enabled by default on Chrome but you can add the plugin to Chrome here .

Related:

  • No Related Posts

7021430: Preventing Character Loss When Using Barcode Scanners

Background

Microsoft Windows sends input gathered from a barcode scanner as individual keystrokes. These keystrokes are sent at a much faster rate than a human can produce. Subsequently, when Reflection 2014 attempts to handle the rapid arrival of keystrokes, the extra processing required can result in character loss because Windows blocks keyboard input when an application is busy.

Automatic Device Recognition

Reflection 2014 R1 SP1 (and later) automatically recognizes certain USB barcode scanners and card readers, and captures their input directly to avoid any character loss. To view the list of supported scanners, open the InputDeviceCapture.settings file located in Reflection’s AppData directory: %AppData%AttachmateReflectionWorkspaceR2014_R1. When a device is successfully detected, a log entry is written to the event log. Please see KB 7021466 for details on controlling Reflection Event Logging.

Manually Configuring Reflection to Recognize Your Device

If your input device is not automatically recognized, you can add its hardware device identifier as a Custom Workspace Setting:

  1. Open the Windows Device Manager and find the Human Interface Device section as illustrated below. (Make sure you are viewing devices in the Human Interface Device section and not the Keyboards section.)


Figure 1. Device Manager with Human Interface Devices selected

  1. Find your scanning device by examining the properties listed in the Details tab of each USB device.

It can be difficult to distinguish the scanner from other devices (such as your keyboard), but the “Bus reported device description” (if present) often displays the device information. You may need to unplug the input device, refresh, and then plug the device back in to reveal which entry corresponds to the device in question.

  1. After you have identified the scanner, open the USB Input Device Properties dialog box and copy the listed value of the Hardware Id to the clipboard:


Figure 2. Copy of Hardware Id in USB Input Device Properties
  1. On the Reflection menu, choose Workspace Settings. Then on the Reflection Workspace Settings breadcrumb, select Custom settings.


Figure 3. Reflection Workspace Settings with Custom Settings selected
  1. Manually add a Custom Workspace Setting named InputDevices and paste the Hardware Id as its value. (If you have more than one device, you can enter a list of the Hardware Ids separated by commas as the InputDevices value.)


Figure 4. Paste of Hardware Id as InputDevices value in Custom Workspace Setting
  1. Restart the Workspace to apply the new settings.
  2. Start a session, and then check the Reflection event log to make sure your device has been recognized properly.

Disabling Input Device Capture

If you experience any problems with how the Input Device Capture feature captures the input, you can disable this feature to send the input key-by-key instead of as one block.

To disable Reflection’s Input Device Capture feature:

  1. Add the InputDeviceCapture value to the Reflection Workspace Custom Settings table.
  2. Set it to False.

Handling Unrecognized (non-USB) Input Devices

If you are using a non-USB scanner (one connected to the PC via a serial RS232 COM port, keyboard wedge, or some other method), Reflection 2014 cannot capture the input directly. For these types of devices, use the following approaches to eliminate character loss.

Disable Productivity Features

When Reflection Productivity features are enabled, the extra processing required to handle the keystrokes can result in character loss because Windows blocks keyboard input when an application is busy. Therefore, Productivity features such as Recent Typing, Auto Complete, Auto Expand, and Spell Check should be disabled when using an unrecognized input device.



Figure 5. Configure Productivity Defaults menu with features deselected

Adjust Intercharacter Delay

If disabling the Productivity Features does not address character loss, a possible solution is to adjust the intercharacter delay. Most scanners include an option to add (or increase) delay between each character sent. A delay of 20 to 40 milliseconds is often enough to eliminate character loss.

Scanners are often controlled by barcodes that are scanned to change the settings, though some require a configuration program to be executed to change the delay settings. Consult your scanner’s hardware manual or vendor’s website for instructions on how to set the intercharacter delay for your specific device.

Related:

  • No Related Posts

Data Protection Advisor (DPA) authentication for the web published scheduled reports is disabled[1]

Article Number: 502581 Article Version: 4 Article Type: Break Fix



Data Protection Advisor,Data Protection Advisor Family

Data Protection Advisor (DPA) authentication for the web published scheduled reports has been disabled.

Some customers have a need to access DPA reports via a Web style interface. In DPA 5 a Web Server, acting as Report Portal was available,and could be accessed without a password.

This functionally has been removed from DPA 6. The Web Server component is a security vulnerability that requires near constant patching, fixing newly developed exploitation approaches. In addition, the strategic role of DPA is not to be the Report Portal, rather to publish reports to destinations, such as other portals, as required. For these reasons the portal was removed from the DPA.

Reports produced by DPA can continue to be accessed via a web server, if a web server is configured correctly. This would be the customer’s responsibility.

In DPA 6 functionality was added to publish to Microsoft Sharepoint 2013. This purpose of this was to eliminate the need for a web server. This would be a better option to consider. Details on publishing to MS Sharepoint can be found in the DPA internal help and DPA Installation and Administration Guide. Please contact EMC Technical Support for further details or information.

Please contact Dell EMC Technical Support for further details or information.

Related:

SourceOne: Random warnings from EMC SourceOne for Storage Management / RBS informing that the required permissions are not required

Article Number: 487941 Article Version: 3 Article Type: Break Fix



SourceOne for Microsoft SharePoint Storage Management 7.2 SP3,SourceOne for Microsoft SharePoint Storage Management 7.2,SourceOne for Microsoft SharePoint Storage Management 7.1 SP3,SourceOne for Microsoft SharePoint Storage Management 7.1 SP2

The following warning may be generated in the Web Frontend servers Application log:

The RBS configured credential is NOT used, please make sure the account: ‘<Account>’ has required permissions to access the RBS storage path: ‘<RBS Storage Location>’

Other than the warning, all other RBS functionality is operational.

This is a warning generated by the EMC SourceOne RBS code, due to a Microsoft bug. Periodically when Microsoft RBS tries to store the blob into file share, SharePoint does not use the credential passed in the Store configuration, instead it uses the service account, which is the account runs the IIS web site.

Verify the account running the web application has the proper credentials (Full Access) to the file share.

No other action is required.

Related: