Hey guys,

Ive been looking through the forum for some answers regarding the next setup;

Host with 2VM'S; DC and TMG

Internal range is 192.168.100.x/24

Host02 with 2 VM'S;  DC02 and TMG02

Internal range is 192.168.200.x/24

Now im looking to expand DC02 as that is my DHCP. (TMG is the Gateway)

However, there is a site-to-site between both TMG server.

What is best practice in this situation and how should I go about this..?

Any thoughts upon this?

With kind regards, René de Meijer. MIEGroup.

Hi,

I'm trying to setup Direct access on a Windows Server 2012 r2 Standard server. The installation goes ok but the operational status of the DNS is not ok.

Error message: None of the enterprise DNS servers DC2,DC1 used by DirectAccess clients for name resolution are responding. This might affect DirectAccess client connectivity to corporate resources.

Some info:

* Our DCs are Windows Server 2008 r2.

* We use a third party certificate to the domain da.company.com.

* The DNS servers are online and responding. I can ping them from the DA server, I can make a nslookup from tha DA server.

* Server is updated with the latest windows Updates.

* The infrastructure is IPv4 only e.g I have not implemented IPv6.

I have goolged for hours and hours and I have not found anyting that could help.

Any help is much apprechiated!

I'm running a new domain controller with a DNS server on it. The event log entries for the"Microsoft-Windows-DNS-Server-Service" all fail to load. I look at the "DNS Events" item in the "Global Logs" section of the DNS server in the DNS manager tool and every entry there has the generic "cannot be found" message.

How can I repair the event log messages for the Microsoft-Windows-DNS-Server-Service?

Event Type:    Information
Event Source:    Microsoft-Windows-DNS-Server-Service
Event Category:    None
Event ID:    4
Date:        9/21/2014
Time:        15:02:03
User:        NT AUTHORITY\SYSTEM
Computer:    server.domain.corp
Description:
The description for Event ID ( 4 ) in Source ( Microsoft-Windows-DNS-Server-Service ) cannot be found. Either the component that raises this event is not installed on your local computer, or the installation is corrupted. You can install or repair the component on the local computer, or contact the component manufacturer for a newer version.

If the event was saved from another computer or forwarded from a remote computer, you might have to include display information with the events when saving them or when setting up the forwarding s .

I have 2 DCs in my network. One is a Server 2003 and the other is a Server 2012 R2. They are co-domain controllers. I want to demote the 2003 Server from the DC role and then to remove from my network. 

Steps Taken so Far: I checked and found out that the Server 2012 R2 is the PDC. 

Can you please give me the correct steps and [checks I have to make before] to demote the Server 2003 from a DC first? Then I will remove this server from the network.

Thanks for you help.

Hello,

currently we are using two W2K12R2 DHCP server configured in "load balance Mode". On DHCP1 the IP-scope with failover partnership to DHCP2 is deactivated. DHCP2 is working fine. Now we register that 50 percent of our clients (W2K8R2 application server) losing the network connectivity for 3 sec. after rereleasing they IP-Address. On DHCP2 servers eventlog we receive a lot ofBINDING ACK reject events 20291 and 20292 for these IP addresses entries.These 3 sec. of loosing they Network connectivity is our big Problem because the Client application (W2K8R2 application server) cannot handle these timeout. It looks like aDISCOVER-OFFER-REQUEST-NAK cycle that are described here: http://blogs.technet.com/b/teamdhcp/archive/2014/02/26/dhcp-failover-patch-to-address-a-reservation-issue-and-another-issue-related-to-failover-partner-not-accepting-state-transition-from-bad-address-gt-active-has-been-released.aspx#pi47623=2

there is a solution to prevent the 3 sec network failure?

Rgds

We have two 2008 R2 DHCP servers (which also run AD/DNS). I've noticed that any new device I put on the network has a tendency to lose it's DNS registration in the forward look-up zone (or possibly they never had one). I can successfully register it with 'ipconfig /registerdns', after which time it will "stick" and never have a problem again. However, I'm staring at several machines, some of which are newly provisioned servers, which have a DHCP lease and no record in DNS (they aren't the kind of servers that need a static address). We also have hundreds of workstations I know are missing from DNS (though this is less of an issue).  They DO have a PTR record, which is always updated properly - it's just the A record that doesn't get updated unless you manually register. I understand that in Windows 2000+, the client should update the A record and the DHCP server updates the PTR in the default configuration, so only the latter appears to be working.

The DNS zone is set to "secure only" updates. Scavenging period 9 hours with 12hour no-refresh+12hour refresh. We have DHCP set to "dynamically update A and PTR records only if requested by the DHCP clients" and discard when lease is deleted. Name protection is not enabled. We use a shared service account for DNS Dynamic updates.

I've checked the workstation in question to make sure they aren't getting any weird GPO that would influence this behavior (they aren't, from what I can tell). The only DNS/DHCP-related policy they receive is a 60-minute refresh interval for DHCP. The option to "register this connection's address in DNS" is checked - everything is pretty vanilla on the workstations, nothing odd there that I can see (and we have this issue for all flavors of Windows as well as non-Windows devices like iDrac cards).

Paul Hite - MCSE, MCITP

Hey guys,

i have an Setup with ADFS 3.0, WAP, Ex 2013, PKI! All works fine. certificates passed, hostname passed, Exchange works very fine!  OWA / ECP Auth = ADFS :)

I can connect intern via Firefox and IE, logged on automatically. Extern I can connect via Firefox and logged on to OWA / ECP. Via Internet Explorer from Extern no way to logged on and no errors in logs ..:( 

Only failure after login occurs, but only external from IE:

Activity ID: 5dd55aa3-44ed-0000-6860-d55ded44d001

• Error time: Tue, 10 Feb 2015 13:48:40 GMT
• Cookie: enabled
• User agent string: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)

Any idea?  

Ich bin x500, Ich darf das :)

Hello,

We recently upgraded our domain controllers to Windows Server 2012 R2 from Windows Server 2003. The migration process went well with minimal issues. However I have another Windows 2003 Server I'm running RRAS on. Most clients are about to VPN w/out issue but a few have encountered the following issue when they try access certain network computers:

System error 1311 has occurred.

There are currently no logon servers available to service the logon request.

I'm sure this is related to the migration to the 2012 DCs. From the 2003 VPN server I'm able to access the entire network and all of its resources without a problem. DNS seems to function just fine as well. Its an issue with a few of my VPN clients. Even using the pure IP of the network resource isn't helping. Any ideas here?

Thanks,
Craig

I have 2 DCs in my network. One is a Server 2003 and the other is a Server 2012 R2. They are co-domain controllers. I want to demote the 2003 Server from the DC role and then to remove from my network. 

Steps Taken so Far: I checked and found out that the Server 2012 R2 is the PDC. 

Can you please give me the correct steps and [checks I have to make before] to demote the Server 2003 from a DC first? Then I will remove this server from the network.

Thanks for you help.

Hi

I install a LoopBack Adapter on Windows 2008r2 and trafic are not going out from the server.

It seems to be block by something.

I enter ipv4 IP adress and subnet 255.255.255.255. 

It seems that somes older key form my first installation of loopback adapter is still there ....

Any idea ?

Best regards

Hi all,

Can DirectAccess still be made to work somehow if one or more domain controllers are permanently offline (and it's impossible to turn them back on)?

I see a red cross in the dashboard for Domain Controller and it says the servers are not available, this is the case and will continue to be the case so I wondered if there is a way of excluding them somehow.

thanks.

I have a series of 4 VMs running server 2012 r2;

dc- my domain and wsus server

rds- my remote desktop server for remoteapps, RRAS for connecting to VPN

sql- sql server for database needed for one of the apps published

av- hosts kaspersky and manages backups

So, I have a VPN set up through RRAS and am connecting with it and all is well.  I can ping every computer on the network EXCEPT the rds server.  I can ping from the rds server to the vpn client.

I am trying to use a remote app over the vpn but the remote app is unable to reach the rds server. 

Does something have to be setup manually to loopback traffic to the rds server when it is coming in on the same server through RRAS?

Any insight would be appreciated!

Matt

Hi

I am following a few different guides on setting up SSTP (CBTnuggets to name one)

I have the following setup now:

the DMZ RRAS Server has 2 NIC's.

One is on the DMZ LAN and one on the LIVE LAN.

VPN Traffic is forwarded to the DMZ LAN and then forwarded to LIVE-NPS for Authentication.

I also have a CA on the LIVE network

Now i have VPN Access working if i use PPTP, but cant get SSTP working.

I have been following the steps, configured a CA, did a self sign then request a cert.

Installed the Cert in Personal on the computer

BUT when i come to the next step - on DMZ-RRAS right click the Server - Properties - Security - then select the cert which i did earlier.

I see no certificates there, this is probably because the DMZ server is not in the domain and is in a WORKGROUP.

Can someone assist me on this please?

hi , i have been searching for an appropriate forum to ask networking questions ,  and i think i am in the appropriate place now ?

i have 3 virtual machines ,

1- win server 2008 .               - ip is 10.10.10.1

2- win 7 ( pc1) .                      - ip is 10.10.10.2

3- win 7 (pc2 ) .                      - ip is 172.16.1.1

the task is : i want pc1 controls pc2 ( like team viewer ) .

- solution i tried :

i installed the " routing and remote access " service , and i did a custom configuration to it , then chose " VPN " ,

i added 2 new protocols to ipv4 which are ( NAT AND RIP ) .

- created a new user " ali " with a complex password , and put it in the administrator group .

- right-clicked " ali " > properties > dial-in tab > allow access > assigned a static ip which is 172.16.1.2 .

- created a VPN  connection on pc1 .

but i believe there is something i miss , because i can not log in to the server or pc2 with this \\ip

- please guide me to the appropriate forums for asking networking questions .

i think i should ask in win 7 and win server forums ? right ?

I use a Pre-shared key on the VPN Server and I can Connect to in LAN environment using the Local IP but I cannot Use the WAN IP internally nor externally, and I have 1701, 4500 and 500 ports forwarded, I even tried putting the server in DMZ buy didn't help.

On the Other hand the PPTP works flawless as it did on my previous Windows server 2003.

What would be wrong here,

Also I am trying to have SSTP Connections fixed up after L2TP is resolved.

Thank you

Hi,

I have log time DHCP server on W2K8 R2 for 3000 wireless users. Now i have problem with this server - log contained many same DHCP renew requests (about 250 per second):

11,03/17/11,15:05:41,Renew,172.18.161.221,Monca-PC.eduroam,0025D38240E4,,1784160628,0,,,
11,03/17/11,15:05:41,Renew,172.18.161.221,Monca-PC.eduroam,0025D38240E4,,1784160628,0,,,
11,03/17/11,15:05:41,Renew,172.18.161.221,Monca-PC.eduroam,0025D38240E4,,1784160628,0,,,
11,03/17/11,15:05:41,Renew,172.18.161.221,Monca-PC.eduroam,0025D38240E4,,1784160628,0,,,
11,03/17/11,15:05:41,Renew,172.18.161.221,Monca-PC.eduroam,0025D38240E4,,1784160628,0,,,
11,03/17/11,15:05:41,Renew,172.18.161.221,Monca-PC.eduroam,0025D38240E4,,1784160628,0,,,
11,03/17/11,15:05:41,Renew,172.18.161.221,Monca-PC.eduroam,0025D38240E4,,1784160628,0,,,
11,03/17/11,15:05:41,Renew,172.18.161.221,Monca-PC.eduroam,0025D38240E4,,1784160628,0,,,
11,03/17/11,15:05:41,Renew,172.18.161.221,Monca-PC.eduroam,0025D38240E4,,1784160628,0,,,
11,03/17/11,15:05:41,Renew,172.18.161.221,Monca-PC.eduroam,0025D38240E4,,1784160628,0,,,
11,03/17/11,15:05:41,Renew,172.18.161.221,Monca-PC.eduroam,0025D38240E4,,1784160628,0,,,
11,03/17/11,15:05:41,Renew,172.18.161.221,Monca-PC.eduroam,0025D38240E4,,1784160628,0,,,
11,03/17/11,15:05:41,Renew,172.18.161.221,Monca-PC.eduroam,0025D38240E4,,1784160628,0,,,
11,03/17/11,15:05:41,Renew,172.18.161.221,Monca-PC.eduroam,0025D38240E4,,1784160628,0,,,
11,03/17/11,15:05:41,Renew,172.18.161.221,Monca-PC.eduroam,0025D38240E4,,1784160628,0,,,
11,03/17/11,15:05:41,Renew,172.18.161.221,Monca-PC.eduroam,0025D38240E4,,1784160628,0,,,
11,03/17/11,15:05:41,Renew,172.18.161.221,Monca-PC.eduroam,0025D38240E4,,1784160628,0,,,
11,03/17/11,15:05:41,Renew,172.18.161.221,Monca-PC.eduroam,0025D38240E4,,1784160628,0,,,
11,03/17/11,15:05:41,Renew,172.18.161.221,Monca-PC.eduroam,0025D38240E4,,1784160628,0,,,
11,03/17/11,15:05:41,Renew,172.18.161.221,Monca-PC.eduroam,0025D38240E4,,1784160628,0,,,
11,03/17/11,15:05:41,Renew,172.18.161.221,Monca-PC.eduroam,0025D38240E4,,1784160628,0,,,
11,03/17/11,15:05:41,Renew,172.18.161.221,Monca-PC.eduroam,0025D38240E4,,1784160628,0,,,
11,03/17/11,15:05:41,Renew,172.18.161.221,Monca-PC.eduroam,0025D38240E4,,1784160628,0,,,
11,03/17/11,15:05:41,Renew,172.18.161.221,Monca-PC.eduroam,0025D38240E4,,1784160628,0,,,
11,03/17/11,15:05:41,Renew,172.18.161.221,Monca-PC.eduroam,0025D38240E4,,1784160628,0,,,
11,03/17/11,15:05:41,Renew,172.18.161.221,Monca-PC.eduroam,0025D38240E4,,1784160628,0,,,
11,03/17/11,15:05:41,Renew,172.18.161.221,Monca-PC.eduroam,0025D38240E4,,1784160628,0,,,
11,03/17/11,15:05:41,Renew,172.18.161.221,Monca-PC.eduroam,0025D38240E4,,1784160628,0,,,
11,03/17/11,15:05:41,Renew,172.18.161.221,Monca-PC.eduroam,0025D38240E4,,1784160628,0,,,
11,03/17/11,15:05:41,Renew,172.18.161.221,Monca-PC.eduroam,0025D38240E4,,1784160628,0,,,
11,03/17/11,15:05:41,Renew,172.18.161.221,Monca-PC.eduroam,0025D38240E4,,1784160628,0,,,
11,03/17/11,15:05:41,Renew,172.18.161.221,Monca-PC.eduroam,0025D38240E4,,1784160628,0,,,
02,03/17/11,15:05:41,Audit Log Paused,,,,,0,6,,,

and server not respond for any other user.

How resolve this problem ?

Thanks,

Ladislav

I've gone through all of the step-by-step examples for publishing applications with the Web App Proxy and I'm getting HTTP 400 when I try to publish an IIS Kerberos application. I'm using ADFS pre-authentication.

The application is SharePoint but I CAN NOT change the authentication method to claims based auth...it has to be windows integrated. I've double checked all of the SPN's and delegation. I get the 400 returned once the user has been authenticated and is forwarded to the app url with the AUTHTOKEN?=blahblahblah query string. I've installed the ADFS certificate on the proxy and set it to be the external SSL certificate for the application.

PLEASE DONT JUST TELL ME TO POST THIS IN THE GENEVA FORUM FOR ADFS.

The event log has an exception that looks like this:

Web Application Proxy received a nonvalid edge token signature.
Error: Edge Token signature mismatch. edgeTokenHelper.ValidateTokenSignature failed: Verifying token with signature public key failed
Received token: eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IkY4NmgzYlFJbEk0NzZ5Y25HNlBHb1NSNDJ4byJ9.eyJhdWQiOiJ1cm46QXBwUHJveHk6Y29tIiwiaXNzIjoiaHR0cDovL3N0cy5zb3N3ZWV0c29zb2Z0LmNvbS9hZGZzL3NlcnZpY2VzL3RydXN0IiwiaWF0IjoxMzk2NDY2NDQ2LCJleHAiOjEzOTY0NzAwNDYsInJlbHlpbmdwYXJ0eXRydXN0aWQiOiI3N2Y3OTQzYi1kOGI4LWUzMTEtODBiYy0wMDE1NWQ1MWY0OWMiLCJ1cG4iOiJqdGFkbWluQHNvc3dlZXRzb3NvZnQuY29tIiwiY2xpZW50cmVxaWQiOiJlZTA1MDU3ZS00ZTliLTAwMDAtZDkwNS0wNWVlOWI0ZWNmMDEiLCJhdXRoX3RpbWUiOiIyMDE0LTA0LTAyVDE5OjEwOjM2Ljc1NVoiLCJhdXRobWV0aG9kIjoidXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNzZXM6UGFzc3dvcmRQcm90ZWN0ZWRUcmFuc3BvcnQiLCJ2ZXIiOiIxLjAifQ.E1SqDU1Q2qh00Bt1n1UsBHJrf2kxWh8mN0j03QJTGPQ6vtrkncun017idy2BgB8NzQBVhPQAhfQb3F_lRAAWnpHjwaCuTjeL-pi1-ntVax37TQqQxqg0PVND8OpWxd7rTECObp6KnHBSkgHdaC6ntJ4WzE-QV6afUOyKQrIXil9qF_ybX8IOvMorvGllQB4enR3ZD6KMZBZwzLSl0iueKvZC8TqacRL_Kdvhn2AmutqFVw4wbZILhTsQFRSl86tEp-PCSJ_yLHcxTgqmKWVpEVC0Jo00hJe1MH7P1QMoJISdFY3-4tkuUykpgSNSSlEqZ9EwVdN--4aGE3QlqdL1vA

Details:
Transaction ID: {ee05057e-4e9b-0000-da05-05ee9b4ecf01}
Session ID: {ee05057e-4e9b-0000-d905-05ee9b4ecf01}
Published Application Name: FIM Portal
Published Application ID: 48db8de3-96e7-18b6-06d8-5cb6df999b6c
Published Application External URL: https://portal.sosweetsosoft.com/IdentityManagement/
Published Backend URL: https://portal.sosweetsosoft.com/IdentityManagement/
User: <Unknown>
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
Device ID: <Not Applicable>
Token State: Invalid
Cookie State: NotFound
Client Request URL: https://portal.sosweetsosoft.com/identitymanagement?authToken=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IkY4NmgzYlFJbEk0NzZ5Y25HNlBHb1NSNDJ4byJ9.eyJhdWQiOiJ1cm46QXBwUHJveHk6Y29tIiwiaXNzIjoiaHR0cDovL3N0cy5zb3N3ZWV0c29zb2Z0LmNvbS9hZGZzL3NlcnZpY2VzL3RydXN0IiwiaWF0IjoxMzk2NDY2NDQ2LCJleHAiOjEzOTY0NzAwNDYsInJlbHlpbmdwYXJ0eXRydXN0aWQiOiI3N2Y3OTQzYi1kOGI4LWUzMTEtODBiYy0wMDE1NWQ1MWY0OWMiLCJ1cG4iOiJqdGFkbWluQHNvc3dlZXRzb3NvZnQuY29tIiwiY2xpZW50cmVxaWQiOiJlZTA1MDU3ZS00ZTliLTAwMDAtZDkwNS0wNWVlOWI0ZWNmMDEiLCJhdXRoX3RpbWUiOiIyMDE0LTA0LTAyVDE5OjEwOjM2Ljc1NVoiLCJhdXRobWV0aG9kIjoidXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNzZXM6UGFzc3dvcmRQcm90ZWN0ZWRUcmFuc3BvcnQiLCJ2ZXIiOiIxLjAifQ.E1SqDU1Q2qh00Bt1n1UsBHJrf2kxWh8mN0j03QJTGPQ6vtrkncun017idy2BgB8NzQBVhPQAhfQb3F_lRAAWnpHjwaCuTjeL-pi1-ntVax37TQqQxqg0PVND8OpWxd7rTECObp6KnHBSkgHdaC6ntJ4WzE-QV6afUOyKQrIXil9qF_ybX8IOvMorvGllQB4enR3ZD6KMZBZwzLSl0iueKvZC8TqacRL_Kdvhn2AmutqFVw4wbZILhTsQFRSl86tEp-PCSJ_yLHcxTgqmKWVpEVC0Jo00hJe1MH7P1QMoJISdFY3-4tkuUykpgSNSSlEqZ9EwVdN--4aGE3QlqdL1vA&client-request-id=ee05057e-4e9b-0000-d905-05ee9b4ecf01
Backend Request URL: <Not Applicable>
Preauthentication Flow: PreAuthBrowser
Backend Server Authentication Mode:
State Machine State: Idle
Response Code to Client: <Not Applicable>
Response Message to Client: <Not Applicable>
Client Certificate Issuer: <Not Found>

Hi Smart people,

Any tips or advise how to Build Windows Server R2 2012 as a jump Boxes in the DMZ and to connect to internal company networks for external vendors ....any recommendations or help much appreciated.

M