cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

"Add Server to Intranet Zone" isn't big enough for us.

Brian_Day
Level 6

‎03-05-2008 09:42 AM

Ut oh.

It looks like "Add Server to Intranet Zone" only accepts 255 characters. We have 10 EV servers with 38 characters in their name when you include the http:// and FQDN as have have to in our multi-domain environment.

10 x 38 = We're Screwed.

Unfortunately I don't think we'll be allowed to do a http://*.f.q.d.n as there are many other servers in the same domain which are not required to be in the Intranet Zone.

Does anyone know if the following are valid formats for Intranet Sites?

http://evserver-???.fully.qualified.domain.name
http://evserver-*.fully.qualified.domain.name


...if you can use ??? and/or * to represent a wildcard in the server name to be replaced with 001, 002, 003, 004, if our naming convention was evserver-001, evserver-002 in our organization?

I can't have the * treated as "and anything to the left of me is ok too." in this case. Does that make sense? I'd rather use the EV client instead of a GPO if I can to set this.

Message Edited by Brian Day on 03-05-2008 12:44 PM
0 Kudos
9 REPLIES 9

bobby_hilliard
Level 5

‎03-05-2008 10:21 AM

Thinking out loud...
 
The "*" wildcard is supported in IE, not sure about the "?".
 
Could you not use http://*.yourdomain.com which would cover not only the EV servers but also other "sites" on your local intranet?
 
 
0 Kudos

Brian_Day
Level 6

‎03-05-2008 10:26 AM


@Bobby hilliard wrote:
Could you not use http://*.yourdomain.com which would cover not only the EV servers but also other "sites" on your local intranet?
 
 




No can do as of now, too much of a shot gun when only a needle is needed approach. :)
0 Kudos

bobby_hilliard
Level 5

‎03-05-2008 10:34 AM

Well, I just experimented with my test environ using http://ev*.domain.com in Intranet Zone on a client.
 
Then was able to go to evalias.domain.com/enterprisevault page as well as reports.
 
Just passing it along.
 
Footnote: Archive Explorer via Outlook worked just fine also...but I'm not sure if that's pertinent.


Message Edited by bobby hilliard on 03-05-2008 01:35 PM
0 Kudos

Brian_Day
Level 6

‎03-05-2008 10:37 AM

@Bobby hilliard wrote:
Well, I just experimented with my test environ using http://ev*.domain.com in Intranet Zone on a client.
 
Then was able to go to evalias.domain.com/enterprisevault page as well as reports.
 
Just passing it along.
 
Footnote: Archive Explorer via Outlook worked just fine also...but I'm not sure if that's pertinent.


Message Edited by bobby hilliard on 03-05-2008 01:35 PM



Thank you. Do you have any non ev*.domain.com boxes in .domain.com with IIS running you can hit to see if they still get labled as Internet?

Message Edited by Brian Day on 03-05-2008 01:38 PM
0 Kudos

bobby_hilliard
Level 5

‎03-05-2008 10:44 AM

The only other IIS-ish thing I have in the test environ is OWA. The machine name doesn't start with EV.
 
Using either the fully- or non-fully- qualified URL opens OWA just fine in the INTRANET zone.
 
I assume you're in a prod environ. Is there a client that you could experiment with before committing?
 
Hope this helps.
 
0 Kudos

Brian_Day
Level 6

‎03-05-2008 10:57 AM

I just tested with myself.

http://evms-*.one.domain.com/enterprisevault

Did not work, I was prompted for credentials and the security zone says "Internet"

http://evms-???.one.domain.com/enterprisevault

Did not work, I was prompted for credentials and the security zone says "Internet". Interestingly enough the entry in the list of intranet sites only says "http://evms-" and cuts off everything including the first ? and afterwards.

http://evms-001.one.domain.com/enterprisevault

Did work, pass-through auth worked fine and I got the EV page, security zone says "Local Intranet".

http://*.one.domain.com/enterprisevault

Did work, pass-through auth worked fine and I got the EV page, security zone says "Local Intranet".



My client lives in two.domain.com, our EV servers live in a domain used for enterprise-wide services with other things like Exchange, Oracle, SQL, etc...
0 Kudos

MichelZ
Level 6
Partner Accredited Certified

‎03-05-2008 12:18 PM

Brian

According to this:
http://support.microsoft.com/kb/184456

Only * can be used, and only as Protocol Wildcard (*://host.domain.com) or as a host/subdomain Wildcard (http://*.domain.com http://*.subdomain.domain.com etc.)

I'd suggest that you use your last URL (http://*.one.domain.com)

This shouldn't pose a security risk, as those are all "trusted" hosts on your local network.

Cheers
Michel

cloudficient - EV Migration, creators of EVComplete.
0 Kudos

Brian_Day
Level 6

‎03-05-2008 12:41 PM


@MichelZ wrote:
I'd suggest that you use your last URL (http://*.one.domain.com)

This shouldn't pose a security risk, as those are all "trusted" hosts on your local network.

Cheers
Michel




With all due respect it isn't easy to assume that. I wish it were. The domain hosts many applications for many customers on many servers. Some of the customers trust each other, some do not so we have to treat it accordingly.

We may still end up having to do the * if there is no other workaround besides a GPO.
0 Kudos

MichelZ
Level 6
Partner Accredited Certified

‎03-05-2008 12:52 PM

Brian

Sorry, didn't know it's an outsourcing company or something the like.
In a conventional company it would work, but I agree that it's difficult in such a situation.

I got another suggestion for you.
I think the 255 Chars Limit is an EV issue (Table "SettingType", Column "settingBounds" -> nvarchar(255))
If you deploy the Intranet Zone sites e.g. via Group Policy, you should be able to use way more than 255 Chars...

Cheers
Michel

cloudficient - EV Migration, creators of EVComplete.
0 Kudos