Hello Experts,
I planning a DNS design in which I have Windows DNS Server and Bind server on the same physical server and I want to configure the bind server as in the forwarders of Windows DNS Server.
Can Anybody assist me in doing this, by the way this design is for implementing DNSSEC.
Thanks
TechSpec90
Hi Guys,
The have a need to prevent some of our Perimeter Sites DNS Servers from being listed in the DNS zone name server list.
I understand this is probably not best practice but this need has come about because we have VPNs and AD Trusts setup with other companies who’s perimeter sites IP address ranges clashes with our perimeter sites IP address ranges.
As a result when they do a nslookup for our domain it returns all IP addresses of all DNS Servers, half of which are inaccessible. This also means that we have problems trying to validate the AD Trust because if it picks an ip address of a DNS Server it can’t contact it just fails.
If there is a better option also I would be happy to look into it.
Any help would be greatly appreciated.
Already looked into this article
https://technet.microsoft.com/en-us/library/cc749944.aspx#XSLTsection126121120120
Helo,
I have DC/DNS on Windows Server 2012 (not R2) and some clients with OS Windows 7 and some 8.1.
All Windows 8.1 clients not registerd to DNS with DNS Client Events ID 8018 ?
Window 7 clients registered to DNS OK.
I must have DC on Windows Server 2012 R2 ?
Event details:
The system failed to register host (A or AAAA) resource records (RRs) for network adapter
with settings:
Adapter Name : {DF71F97C-9B9D-4DA4-8209-0C02978E8D3D}
Host Name : PC02
Primary Domain Suffix : faf.cuni.cz
DNS server list :
2001:718:1201:100::1, 2001:718:1201:100::17, 172.18.100.1, 172.18.100.17
Sent update to server :<?>
IP Address(es) :
2001:718:1201:128:44f0:a314:f663:373a, 172.18.152.7
The reason the system could not register these RRs was because the DNS server contacted refused the update request. The reasons for this might be (a) you are not allowed to update the specified DNS domain name, or (b) because the DNS server authoritative for this name does not support the DNS dynamic update protocol.
To register the DNS host (A or AAAA) resource records using the specific DNS domain name and IP addresses for this adapter, contact your DNS server or network systems administrator.
Thanks,
Snake AG
Hello Experts,
I have configured Windows Server 2012 R2 as DNSSec recursive resolver. Now I want my other dnsservers to query my Server 2012 DNSSec recursive resolver. So any one help me in that how to configure the my other dns servers to query my DNSSec 2012 R2 resolver server.
Thanks
Greetings:
I installed IPAM in the environment 8 to 10 months ago. I have not had a chance to take advantage of the tools as yet. Part of the problem is that 2 of my servers have a status of Blocked. The first is just a DHCP server. It shows the Audit share access and RPC status as blocked. I have temporarily disabled the Windows firewall on that target dhcp server. I have followed articles that discuss share permissions by adding the IPAMUG group to the share and adding the IPAM computer name to the domain admin group. The second server is DC,DNS and DHCP (No active scopes). It show the DHCP RPC access status blocked.
Thank you, I look forward to your responses.
Today we lost one of our DHCP servers (a 2003 box - maybe a sign). It only had one scope on it but we didn't have a backup for it.
We promptly setup a new 2012 R2 server with the same scope and we started seeing activity almost right away. One thing we're trying to deal with now is that the new DHCP server is giving out ip numbers that are already assigned to clients from the old DHCP server and those numbers are showing up in DHCP as BAD_ADDRESS.
What is the best way to deal with this on the clients? Reboots? I'd rather not have to ipconfig / release and renew on everyone.
Orange County District Attorney
We are troubleshooting a DNS related issue and it is specific to a internet domain (electionsmunicipales.gouv.qc.ca). I run NSLOOKUP electionsmunicipales.gouv.qc.ca and it returned DNS request timed out error. But it was able to resolve it if I set default server to google DNS server(8.8.4.4) . I found our DNS server cached a list of NS records (name servers )for this domain. Then I picked up one of the name server in list (ns-1640.awsdns-13.co.uk) run NSLOOKUP D2 against electionsmunicipales.gouv.qc.ca and it returned following results (truncated answer,connect failed: Result too large ,SendRequest failed). Can anyone tell what the results means and how to fix it or further troubleshooting?
Thanks in advance !
Default Server: ns-1640.awsdns-13.co.uk
Address: 205.251.198.104
> electionsmunicipales.gouv.qc.ca
Server: ns-1640.awsdns-13.co.uk
Address: 205.251.198.104
------------
SendRequest(), len 65
HEADER:
opcode = QUERY, id = 35, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
electionsmunicipales.gouv.qc.ca.xxx.com, type = A, class = IN
------------
------------
Got answer (65 bytes):
HEADER:
opcode = QUERY, id = 35, rcode = REFUSED
header flags: response, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
electionsmunicipales.gouv.qc.ca.XXX.com, type = A, class = IN
------------
------------
SendRequest(), len 65
HEADER:
opcode = QUERY, id = 36, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
electionsmunicipales.gouv.qc.ca.XXX.com, type = AAAA, class = IN
------------
------------
Got answer (65 bytes):
HEADER:
opcode = QUERY, id = 36, rcode = REFUSED
header flags: response, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
electionsmunicipales.gouv.qc.ca.XXX.com, type = AAAA, class = IN
------------
------------
SendRequest(), len 49
HEADER:
opcode = QUERY, id = 37, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
electionsmunicipales.gouv.qc.ca, type = A, class = IN
------------
truncated answer
connect failed: Result too large
SendRequest failed
------------
SendRequest(), len 49
HEADER:
opcode = QUERY, id = 38, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
electionsmunicipales.gouv.qc.ca, type = AAAA, class = IN
------------
------------
Got answer (136 bytes):
HEADER:
opcode = QUERY, id = 38, rcode = NOERROR
header flags: response, auth. answer, want recursion
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
electionsmunicipales.gouv.qc.ca, type = AAAA, class = IN
AUTHORITY RECORDS:
-> electionsmunicipales.gouv.qc.ca
type = SOA, class = IN, dlen = 75
ttl = 900 (15 mins)
primary name server = ns-1640.awsdns-13.co.uk
responsible mail addr = awsdns-hostmaster.amazon.com
serial = 1
refresh = 7200 (2 hours)
retry = 900 (15 mins)
expire = 1209600 (14 days)
default TTL = 86400 (1 day)
------------
*** ns-1640.awsdns-13.co.uk can't find electionsmunicipales.gouv.qc.ca: Unspecified error
>
This posting is provided AS-IS with no warranties/guarantees and confers no rights.
Hello!
This is driving me batty - I just set up a Windows Server 2008 (SBS) R2 VPN. I can sign into the network through the VPN on a Windows 7 Pro workstation through the Internet. I can access RDP - I can get the desktop. I can ping the server. But, I cannot access the network shares - the workstation just will not see them. I have researched this exhaustively and just do not know what the problem is. Here is some more info:
1) I CAN access a different Windows Server 2008 R2 network shares that I set up and it works - so I know it is not the workstation.
2) The error I get is 0x80004005 - diagnosis states "file and print sharing resource is online but isn't responding to connection attempts"
So far I modified Group Policy to treat anonymous connections as everyone but that did not help. I would greatly appreciate some help - perhaps you had this issue and found the fix; could share it here? Thank you!!
Dave
Hi,
Running Windows Server 2012 R2
Is there a way to delete all the MAC Address' in the DHCP V4 deny list using one Powershell command or NetSH command? I know I could do this via the GUI, but I am running a powershell script which adds a list of MAC address' from a CSV file. However as the list changes regularly, I need to remove all the deny list entries before add the MAC Address'
I've checked for some time but can only find a command to remove a specific MAC.
Any help will be appreciated.
TIA
Hi all,
I have two domain controllers in our network. The primary one is a 2008r2 DC with all the FSMO roles. The second is a server 2012r2 running on as a VM in hyper-v. I had migrated a server 2003 DC to a server 2008 DC but found I no longer needed it so I demoted it to just a member server and then physically removed it. I have since tested my existing 2008r2 DC and 2012r2 DC by running repadmin /replsum, repadmin /showrepl, repadmin /bridgeheads, and then running dcdiag /v. All tests have passed. I also used adsiedit.msc to make sure there were no domain controllers left in the metadata.
I am ready to raise both the domain and functional levels to server 2008r2 but still have some trepidation because I use NTLM authentication. I am also concerned because we use .net 3.5 and apparently there is a known problem after raising the domain level.
The requested mode is invalid" error message when you run a managed application that uses the .NET Framework 3.5 SP1 or an earlier version to access a Windows Server 2008 R2 domain or forest Note This issue occurs only when the application uses the .NET Framework 3.5 Service Pack 1 (SP1) or an earlier version.
So I have three questions.
1) What do your raise first? Domain or Forest level?
2) Will NTLM authentication have problems after raising the levels to server 2008 r2
3) This is a production environment so what measures should I take ( I do have full backups of both domain controllers) as a disaster recovery process (For example, I read that you should take on domain controller off-line in case there are problems).
Sorry to be so verbose but I wanted to give you as much info as I could.
Thanks,
FD
Bob Andres
hi all
i have configured a VPN connection to my server using L2tp with a preshared key. it worked as desired.
but when i try to change it to using certificate it give me 810 error.
please tell me steps required to this configuration.
thanks in advanced.
I'm trying to configure an L2TP VPN connection on my testlab environment but I'm not able to. I was able to configure PPTP and SSTP.
here the config:
RRAS SERVER: gate.mydoamin.local
-NIC 1
IP 192.168.0.3/255.255.255.0
-NIC 2
IP 192.168.1.1/255.255.255.0
Domain controller: dc.mydomain.local IP 192.168.1.2/255.255.255.0
Client IP 192.168.0.10
client host file pointing vpn.mydomain.com to 192.168.0.3
---------------------------------------------------------------------------
RRAS config
General tab: set as NAT+VPN
security: EAP, MS-CHAP-v2, ikev2. NPS is installed so other settings not here
IPv4: DHCP
--------------------
NPS config:
first tab: Allow access
second tab:
tunnel type: L2TP
NAS port: virtual or wireless
EAP allowed:
"Microsoft Smartcard or..."
"Microsoft "PEAP..." both options (smart card and password)
third tab:
Auth methods:
Microsoft smart card (set with certificate for vpn.mydoamin.com)
microsoft PEAP:
smart card or other certificate (set with vpn.mydomain.com)
password (EAP-MS-CHAP-V2)
fourth tab:
radius standard:
PPP framed
network protection: allow full access
encription: 128 but
IP settings: DHCP
-------
server: firewall
opened ports:
UDP 500
UDP 4500
UDP 1701
protocol: 50 allowed
----------------------------------------------
Certificates:
server has 3 certificates in personal/computer folder:
-gate.mydomain.local
client auth, server auth standard AD certificate
-sstp-mydomain.com
server auth certificate used for sstp connections
-vpn.mydoamin.com
server auth, smart card access, IKE IP security mediatorissued to deal with L2TP and ike vpn
Client has standard AD certificate for client auth and server auth
------------------------------------------------------------------------------------
Client config:
Address: vpn.mydoamin.com
Kind: L2TP or IKEv2
security settings: I tried all possible configurations
check server certificate disabled
-----------------------------------------------------------------------------------
result: it does not work.
If I set L2TP, I keep getting error 789 on the client, and on the server in the event viewer i can see one error ID 4652 and many error 4653 following
If I try IKEv2 instead, I get error 13806
Hello,
I have been facing issues with my server network where my users are complaining about server hangs after accessing shared files from the folders. I saw my server and utilization of network ,RAM and CPU is average 15-30% and seems everything normal but I am not able to find what is the cause of this.
When I ping my server it shows lots of traffic . For example time= 57ms ,time=124ms,time=17ms
I dont know how to resolve this and it would be really great if you could help me in this matter.
Thanks in advance.
Hello,
I'm using a 2008R2 Domain controller for DHCP and DNS. The DNS zone is AD integrated. Printers that are obtaining IP addresses through DHCP are not getting their names registered in DNS. XP and Win7 workstations are.
DHCP has only one zone. Its options point to the DC's IP for DNS and have the correct FQDN for their suffix.
DHCP DNS tab has Enable DNS dynamic... checked and Always dynamically update DNS A and PTR records selected. Discar A and PTR... is checked as is Dynamically update DNS A and PTR records for DHCP clients that do not request...
DNS has Dynamic Updates set to Nonsecure and Secure.
Printers are obtaining addresses when their restarted but not being registered in DNS. Their names do not exist in DNS but show up in DHCP.
No events are being logged in the DNS log on the server.
Printers can be pinged by their NETBIOS name but not FQDN.
Help, please.
Greetings,
Basically after creating this child domain (orlando.example.local) under the main domain example.local, When you look into the users and computers, the child domain itself only shows the users and computers of the parent domain. Then when I right click and try and change the domain, it shows me the child domain under the parent, but when I choose it, I receive an error window: "The domain orlando.example.local could not be found because the specified domain either does not exist or could not be contacted"
I've been trying to figure our the problem for a couple of weeks. Is there a fix to this other than starting all over again?
Note: This is a Windows Server 2012 that was already configured as a stand alone domain, I demoted and uninstall the services, then promoted again as a child domain.
Note 2: At first it wouldn't let me promote as a child domain because the parent domain was in a different forest functional level (win svr std r2- win svr std). So I use power shell to take down the parent to match the forest functional level of the child domain.
Sir,
We are facing difficulties to access some of websites from our Private Network(Inside Network Connected through SonicWALL 8500).
We have raised a complaint to SonicWALL. They told that, There is problem with DNS Server. But, I am not able confirm and conclude that, whether it is DNS Problem. Because, All other Website's are opening fine. No issue with that.
This is our Scenario. We are having Two ISP's. We have connected these two ISP Links to SonicWALL 8500. These two ISP are configured in Load balancing Method in SonicWALL. We are having 4 DNS Server's in Public IP's and Two DNS Server's in our Local Network for Local Users.
We are facing this issue in our Local Network only(Which is connected to the Internet through SonicWALL ). We have checked these Sites from our both ISP IP's directly. It is working fine.
What are the steps to identify whether it is DNS Problem? Also, From SonicWALL side they asked us to add our Outside DNS IP address in our Local DNS(Inside DNS). Is it required?
In my point of view, Without this IP entry all other websites are working fine. Is it required?
Please help us to resolve this issue.
Thavamani Shanmugam
Hello guys, Please I need help.
I know that you must always put servers (FTP, WEB, MAIL,...) in DMZ Farm / Server Farm, if/or not they must be accessed from outside.
Looking at that picturehere (http://francisnd.fr.gd/galerie-photo.htm), I can see servers in the DMZ, but not Win Server???
So my concern is more about Microsoft Windows Server AD (Active Directory) for users account management,
where exactly I'm supposed to put it??? In DMZ or somewhere else???
Hello Experts,
I am having a weird problem regarding NPS Server when I upgraded my vpn servers from server 2008 R2 to Server 2012 R2. Actually in my infrasturcture I have a Windows 2008 R2 based AD and in its domain I have an NPS server joined as member server. This NPS server is based on server 2012 R2, when I upgraded my VPN servers from server 2008 R2 to server 2012 R2 the IKEv2 stops working every other protocols works on windows 7 when I try to connect using IKEv2 it hangs at verifying username and password nad when I tested IKEv2 in Win 8 it says IKE authentication credentials are unacceptable, inspite that my server certificate is valid EKU compatible. When I connected IKEv2 via my other server whose server 2008 R2 based VPN Server The IKEv2 works like a charm without any issues successfully authenticating. The problem seems to be with Server 2012 R2 based RRAS VPN Server.On my both server 2012 VPN and server 2008 R2 VPN servers the NPS server is added in the Radius Authentication. With options of MS-CHAPv2 and EAP selected in authentication options.
I try to connect to the VPN server from Windows 8 "13801: IKE authentication credentials are unacceptable." When I try to connect via Win 7 Client the session hangs at verifying username and password. In the event logs I see this error.. after this error the session just hangs at verifying username and password.....
Any Ideas...????
When I run the Best Practice Analyzer for Routing and Remote Access Services (RRAS) on the server I received two highlighted warning regarding server certificates. Any clues whats the problem with IKEv2....
Please help me in this regards....this problem is driving me nuts...!!!
Thanks