Hallo
im in the middle of changing (not upgrading) my AD servers from 2008 to 2012 R2
i installed new server with new IP and name as AD , installed and configured my DNS
now i think it is working just right but i keep getting the above error when bpa runs every time
on the current situation i got 2 new AD 2012 R2 , replicating and resolving and everything seems to be fine
but the above error
any help would do
thanks
Hi, I've done a fair bit of reading and cbt videos, and have experimented for quite a bit in test environments, and I haven't come up with a best path for what I want to do. If someone could put me on the path to accomplish my goal, I would appreciate
it greatly.
I'm operating in an active directory environment at the 2008R2 functional level. I have a member server processing sensitive data which it receives from clients. My goal is to have all traffic between the member server and its clients encrypted with IPSEC, but can't quite find what I'm looking for after spending a fairly embarrassing bit of time looking. Do I want:
If someone could point me to some documentation on the simplest way to do this, I would appreciate it greatly!!
Thanks,
Kevin
We run a DHCP server on a virtual Windows Server 2008 R2 on VMware.
The DHCP scope consists of 150 adresses, the expiration period is set to 8 hours. Statistics show me, that currently 143 IP adresses are in use, but when I count the machines in DHCP leases I only count 105 . So where are the other 38 leases?
Also to mention: RRAS is disabled on this server. I am monitoring this issue for 2 weeks now, no changes. Solarwind IP Address Tracker shows me, that the 38 adresses are free and available.
I appreciate any help on this...
Thanks, Jan
The DNS server was unable to open Active Directory. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code. Error 4000
This just started happening yesterday. Also File service and print server is unable to contact because of this error. I have no lookup zones. When I try and go to the DNS server I get a message The server VETSALDC could be contacted The error was Access Denied. Would you like to add it anyway?
PLEASE HELP
Hi,
I have the following situation. I have two dhcp servers if failover relationship. One is main and other is hot standby. Lets imagine that I have only one scope configured for failover. My scope is configured in following way:
I assign IP addresses only by using reservations. So I have exclusion set for all of the scope range and I have a lot of reservations.
My question would be - what would be the recommendations for MCLT and State Switchover Interval times? Now I've set 5 and 30 minutes for these options. Addresses reserved for standby server are set to 0%.
I sniffed network and saw the following behavior:
When main server went offline, stanby server changed to communication interrupted state. Client renewed lease and lease duration was equal to MCLT time. After 30 minutes standby server went to partner down state. Client renewed lease and its time was MCLT time. Is it expected thing? Did I understand right that standby server can issue leases which times are equal only to MCLT time and not for the full lease time?
L.S.
I've got 2 2012 DHCP servers configured as load-balance-failover. These two servers serve about 30 different VLAN's (though IP-Helper addresses in our routers).
On one of these servers, one scope deactivates itself spontanious. How do I troubleshoot this. That should I look for in eventlog / dhcp logfiles.
(The main problem is that failover only works if one or more of the following conditions is met (as far as I know):
- One servers know's the other is down
- The DHCP-Client uses the secs-field in the DHCP-discover request with real data, and not just 0, although this is allowed per RFC.
Of cause, I have Accesspoints that just put 0 in the secs field, ......
Thomas Roes
I've been having problems for about 2 weeks now.
The DNS server seems to drop all interfaces after a few hours of uptime. When I say drops all interfaces I mean it stops sending responses out and when I go to the DNS snap-in, the interfaces tab is blank, nothing listed, nothing I can check. The server itself still seems to have internet connectivity, as in I can ping google.com using google's IP address. Also, DHCP still continues operating. The server can also still be reached using both it's internal and public interface IP addresses.
The only way to resolve this is to restart the DNS service. That in itself is fine but I'm having to do this every 3-4 hours. Any ideas?
Owner, Quilnet Solutions
hi friends
i have configured WinRM on 2 system & it works fine.
but one problem is, i execute the following command to open an application on the remote system (in my LAN & in my subnet)
nothing happens & cursor continue blinking at cmd windows
C:\winRS -r:http://10.1.1.3:5985 -u:administrator -p:P@ssw0rd mspaint
is it possible to open an application on another system ?
thanks in aadvanced
I have a 2012 R2 Dual Role DA and VPN server that is working great for internal connectivity, but we have some users that travel overseas that want to be able to use the VPN to access the web as if they were in our country.
The server is configured two NICs, one is on our internal LAN with address:
IP: 192.168.20.95
Subnet 255.255.254.0
DNS using internal DNS servers
the other NIC is in our DMZ with address:
10.50.10.100
Subnet 255.255.255.0
Default Gateway: 10.50.10.1
DNS using external DNS servers
We have a Router/Firewall/NAT device doing a 1 - 1 NAT of an external IP we'll call 1.1.1.1 to the DMZ interface of the RRAS/DA server and allowing through PPTP/GRE for VPN and HTTPS for DA.
DHCP is being provided by our internal DHCP server which is on the 192.168.20.0 subnet.
Client connect to the VPN fine and can browse our internal resources as expected, but are unable to use our internet. I enabled routing and NAT on the RRAS server with the DMZ interface set as the NAT internet interface and configured the internal LAN interface as the internal interface in the NAT settings menu.
When I show mappings on the NAT interface, I see the VPN client getting mapped to the DMZ interface of the RRAS server as expected, for example 192.168.20.207 is mapped to 10.50.10.100 and both incoming and outbound packets are being translated, but the client isn't receiving the packets.
Could it be a firewall policy on the VPN server? Or is it the double NAT of the DMZ interface on the RRAS server being translated to the external ip of 1.1.1.1 ?
I'd like to leave my RRAS server with the dual NIC set up and allow my clients to access the web through the DMZ.
Hi There,
We seem to be seeing the following error intermittently come up across our Windows 2003 server fleet:
Event Type: Warning
Event Source: W32Time
Event Category: None
Event ID: 50
Date: 11/12/2014
Time: 1:15:13 PM
User: N/A
Computer: Computer-Name
Description:
The time service detected a time difference of greater than 5000 milliseconds for 900 seconds. The time difference might be caused by synchronization with low-accuracy time sources or by suboptimal network conditions. The time service is no longer
synchronized and cannot provide the time to other clients or update the system clock. When a valid time stamp is received from a time service provider, the time service will correct itself.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
One of the servers in question is a virtual running Windows Server 2003 R2 Standard Edition.
The time-source inside the network is our primary domain controller which is a Windows Server 2008 R2 virtual machine.
In order to rectify this, I've attempted as follows, which fixes the problem. as far as I can see, however I see things re-occur just the next day.
1) Open command prompt.
2) Type in w32tm /resync /rediscover /nowait.
3) Restart the time service.
4) Type in 'net time' to ensure the source has changed to our site's primary domain controller.
Is there any alternate way you can suggest to resolve this so we don't have to go through and manually do this on all of our Windows 2003 servers?
SB.
My ISP is running NAT and DHCP service so it dynamically assigns IP's to clients and gives one public IP to thousands of users through the internet, so I have to turn on my NAT service in my router so it translates my 192.168.x.x to a public IP given to me by my ISP which is given to many many clients at the same time but their port are different for sure because when I want to open a website ISP server forwards my packet with source and port to destination ip address which is 80 for example and send me back the request from webserver to my isp then forwarding it to me, now what?!!!
How can I determine my public ip address port assigned to me dynamically by ISP dhcp server? and if I find out about that can I do port forwarding on my router for the port number of my public ip that I know temporarily because it changes by dhcp and can I connect to it by remote desktop following a column with port number of my ip?
We have installed windows 2003 R2 SP2 in one of our server and installed ISA 2006 role in that server. Which is working properly now. since Microsoft was stopped security patches for windows 2003 we may need to go with windows 2008 or 2012.
Please any body help me to migrate the OS with affecting our the ISA 2006 configurations.
awaiting for your valuable reply.
Jags
I have a conditional forwarder set up in Domain A to go to the DNS servers for Domain B. This works fine as standard conditional forwarders, but if I change them to AD integrated they stop working! I then have to remove the conditional forwarders and configure as standard again. If I just remove the check from the 'Store this conditional forwarder in Active Directory and replicate it as follows:' box it doesn't return to working, I need to completely remove the conditional forwarders and recreate from scratch.
Has anyone else seen this and know how to resolve?
Hi everybody,
I am unable to find Network drivers for Intel® I217LM Gigabit Network adapter for Windows Server 2008 Standard (32-bit). I have found the drivers for Windows Server 2008 R2 but that being 64-bit do not work.Kindly help me in sorting out this problem as I am stuck need to install the drivers.
Thanks in advance.
SHOAIB
When installing NPS/Radius, is installing AD directory services required?
When looking at the how-to blogs/or sites, I can see that directory services was installed as I review the screenshots. Is this just a by product of using a single server in a lab environment where the posters already have AD installed?
Basically, is AD directory services required to be on the same server for NPS/Radius to be installed?
Thanks
Ron
I can not get workstation to access the internet or pass traffic
I have set up Routing and Remote access (vpn pptp site to site) on and answer server and a calling server.
The vpn connects but I can not get the workstations on the calling side (remote office) to see past the calling server or get to the internet. Here is my setup both servers are Win server 2003
calling server 2 nics 1st nic internal - 192.168.211.1 255.255.255.0 0.0.0.0 2nd nic to the internet router 192.168.113.51 255.255.0.0 192.168.113.1
with 2 route added: 192.168.111.0 255.255.255.0 192.168.113.1
192.168.112.0 255.255.255.0 192.168.113.1
Answering server: 2 nics 1st nic (internal Net) 10.10.12.3 255.255.255.0 10.10.12.1 dns 172.16.8.7 2nd nic to internet router 192.168.112.3 255.255.0.0 192.168.112.1
with 2 route added: 192.168.111.0 255.255.255.0 192.168.112.1
192.168.113.0 255.255.255.0 192.168.112.1
once I connect the vpn on the calling machine I can ping the following:
from answering server I can ping: 192.168.211.1, 192.168.113.51 and 192.168.113.1 and the workstation 192.168.211.7
from the calling server I can ping 10.10.12.3, 192.168.112.3 and 192.168.112.1 and 192.168.111.13 (another Inet site) but I can not ping the 10.10.12.1 gateway
What am i missing
I have 2 domain controllers, both have DNS role installed, both seem to be working correctly (i.e. client records are added and are replicated to both servers.) I have 1 zone, it is active directory-integrated primary. Both servers are set to not zone transfer (per technet.microsoft.com/en-us/library/cc781340(v=ws.10).aspx ) and neither have any secondary servers defined.
Domain controller 1 = Elrond (10.36.0.6), 2008R2
Domain Controller 2 = Thorin (10.36.0.38), 2012
Despite no actual difficulties with clients, I suspect I have a problem because of 2 things:
1) BPA on Thorin (but not on Elrond) shows "Warning DNS: Zone TrustAnchors secondary server 10.36.0.6 should respond to queries for this zone"
2) While doing some testing, I ran across the recommendation to try nslookup. When I ran it in an elevated prompt from Thorin I received:
C:\Windows\system32>nslookup
Default Server: elrond.lynden.k12.wa.us
Address: 10.36.0.6
> server elrond
Default Server: elrond.lynden.k12.wa.us
Address: 10.36.0.6
> ls lynden.k12.wa.us
[elrond.lynden.k12.wa.us]
*** Can't list domain lynden.k12.wa.us: Query refused
The DNS server refused to transfer the zone lynden.k12.wa.us to your computer. I
f this
is incorrect, check the zone transfer security settings for lynden.k12.wa.us on
the DNS
server at IP address 10.36.0.6.
And when run from Elrond, I get the same message about Thorin refusing:
C:\Windows\system32>nslookup
Default Server: thorin.lynden.k12.wa.us
Address: 10.36.0.38
> server thorin
Default Server: thorin.lynden.k12.wa.us
Address: 10.36.0.38
> ls lynden.k12.wa.us
[thorin.lynden.k12.wa.us]
*** Can't list domain lynden.k12.wa.us: Query refused
The DNS server refused to transfer the zone lynden.k12.wa.us to your co
f this
is incorrect, check the zone transfer security settings for lynden.k12.
the DNS
server at IP address 10.36.0.38
My reading from the TechNet article is that zone transfers should not be enabled since AD already handles that functionality. Does that mean this error is really ok? it seems strange.
Hi, we have DirectAccess 2012 setup for multisite with a default site with 2 DA servers with load balancing in Sweden, one DA server in Phoenix (US) and one in Romania. For the US one i had to change the entrypointDC after i had added it since otherwise
i could not use the RemoteAccess management console.. everything just hung when it could not load the configuration.. i guessing it timed out.. getting the config from the US AD server and that broke everything (hmmm...)
I am now trying to add another entry point in the US (not the same site) but cant get past "adding an entry point... Please wait while the configuration is applied.." i have waited a couple of days.. it dos not get past that.
I wanted to try the powershell command for adding a entry point to but i cant find any info on how to specify the different GPO:s correctly.. i have Windows 7 computer to so i need a server GPO , a client GPO and a windows 7 group.. and i have not been able to figure out how to do that..
Or if its possible to change a entrypointDC while adding the entrypoint.. so it wont time out.
Anyone have any smart tips ?
BR
Daniel
Hi all,
I have a customer who want's to have a computer authentication against RADIUS (allow only school devices to connect through SSID). As I am a network engineer I am struggling with NPS settings and machine certificates.
I have lab settings in our office where I am using Windows Server 2012 and configured domain certificates using the links below
https://4sysops.com/archives/how-to-deploy-certificates-with-group-policy-part-2-configuration/#creating-the-certificates
http://www.petenetlive.com/KB/Article/0000919.htm
Under NPS I have two policies, one for domain devices and one for non-domain devices
Domain_devices policy:
Conditions - NAS Port Type - Wireless-Other OT Wireless - IEEE 802.11
Machine groups - domain\Domain devices - PC added to that group
Constraints - Auth. method - Microsoft Smart Card or other certificate
Domain_devices policy:
Conditions - NAS Port Type - Wireless-Other OT Wireless - IEEE 802.11
Constraints - Auth. method - Microsoft Protected EAP (PEAP)
When tested with iPad this was able to connect fine but when testing with domain laptop NPS is returning Event ID 6273 Reason code 16
Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.
password is correct as I am using same one for iPad as well as computer login
Anybody with an idea why it's not working?
Thanks