Quantcast
Channel: Network Infrastructure Servers forum
Viewing all 5877 articles
Browse latest View live

Server 2012 r2 DNS, clients are not dynamically updating DNS when I use a secure only connection.

July 23, 2015, 3:36 pm
$
0
0

I recently set up a Server 2012 r2 Active Directory with DNS.  None of my member servers (all Server 2012 r2, same subnet) are able to do a "Secure registration" in DNS.  All member servers are domain joined to the same domain as the DNS server.  The DNS Server is also the Domain Controller.

Landscape:

-POCDOM001 - Forest Root Domain Controller, DNS.

Domain name is abclab.internal

-ABCPOCSQL001 - SQL Server and Remote Desktop

-ABCPOCDSP001 - Application server running IIS.

DNS is AD Integrated.  All IPs are DHCP from a non-Microsoft DHCP server.

IPCONFIG /registerdns doesn't fix anything.

Has anyone else run into this?  Any suggestions on resolution?


This is the error in the Windows Event Log.

Log Name:      System
Source:        Microsoft-Windows-DNS-Client
Date:          7/23/2015 10:05:07 PM
Event ID:      8020
Task Category: (1028)
Level:         Warning
Keywords:      
User:          NETWORK SERVICE
Computer:      ABCPOCDSP001.poclab.internal
Description:
The system failed to register host (A or AAAA) resource records (RRs) for network adapter
with settings:

           Adapter Name : {E2ACAB24-2C72-40EE-875B-4DDA6CB99999}
           Host Name : ABCPOCDSP001
           Primary Domain Suffix : poclab.internal
           DNS server list :
              10.0.0.90
           Sent update to server : <?>
           IP Address(es) :
             10.0.0.226

The reason the system could not register these RRs during the update request was because of a system problem. You can manually retry DNS registration of the network adapter and its settings by typing 'ipconfig /registerdns' at the command prompt. If problems still persist, contact your DNS server or network systems administrator. See event details for specific error code information.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-DNS-Client" Guid="{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}" />
    <EventID>8020</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>1028</Task>
    <Opcode>0</Opcode>
    <Keywords>0x4000000000000000</Keywords>
    <TimeCreated SystemTime="2015-07-23T22:05:07.581689100Z" />
    <EventRecordID>47832</EventRecordID>
    <Correlation />
    <Execution ProcessID="756" ThreadID="1060" />
    <Channel>System</Channel>
    <Computer>ABCPOCDSP001.poclab.internal</Computer>
    <Security UserID="S-1-5-20" />
  </System>
  <EventData>
    <Data Name="AdapterName">{E2ACAB24-2C72-40EE-875B-4DDA6CB88004}</Data>
    <Data Name="HostName">ABCPOCDSP001</Data>
    <Data Name="AdapterSuffixName">poclab.internal</Data>
    <Data Name="DnsServerList">10.0.0.90</Data>
    <Data Name="Sent UpdateServer">&lt;?&gt;</Data>
    <Data Name="Ipaddress">10.0.0.226</Data>
    <Data Name="ErrorCode">4294967295</Data>
  </EventData>
</Event>

Search

How to make EAP-TLS use TLS 1.2 in Windows server 2008 R2?

April 19, 2010, 12:40 am
$
0
0

Hi,

I have NPS configured for EAP-TLS.  Is there a way to make EAP-TLS use TLS 1.2 similar to how IIS can be?  I added 'DisabledByDefault'DWORD with value 0x0 under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server\).  IIS started supporting TLS 1.2 but EAP-TLS was still using TLS 1.0.  What would make EAP-TLS use TLS 1.2 on the Windows server 2008 R2?

Thanks,

Dnyanesh

Reverse Lookup for Conditional Forwarder

August 6, 2015, 7:37 am
$
0
0

I know there's been lots of discussions on the topic, but I'm still not crystal clear on the solution.

I have abc.com domain which currently has a conditional forwarder for def.com domain.  

I ping server1.def.com from my machine, which is on abc.com, and get a valid reply 10.10.10.11 (as an example).

I do an nslookup to 10.10.10.11 and get abcdns.com 10.11.11.11, abcdns.com can't find 10.10.10.11: Non-existent domain.

People have stated you need to create a reverse lookup conditional forwarder, but don't make it clear how.  If I go to my conditional forwarder entry for def.com, go to properties, edit, I have my defdns.com server entered which shows as "validated", if I enter the reverse zone information here  11.10.10.10.in-addr.arpa, it shows as "no such host is known, "no IPV4 IPV6 was found for the DNS name entered."

So a little clarification would be appreciated.

Thanks,

Daniel

Error while connecting IKEv2

August 7, 2015, 1:16 am
$
0
0

Hello,

I am having problem while connecting from IKEv2 Windows 7 Client to my server 2012 R2 VPN server. On windows 7 client the client got stuck at verifiying username and password and then I have to restart the computer in the logs it says the APP crashed.When I try to dial in from windows 8 client it gives me the error "IKE authentication credentials are unacceptable". My server certificate is correctly placed in personal store with proper EKU feilds of server and client authentication, when I connect from IKE to my Server 2008 R2 VPN server It connects like a charm. Only server 2012 is having issues connecting IKEV2 only all other protocols work fine. I have public IPs on the interfaces of the VPN Server . I got this error when trying to connect using IKEv2 vpn on server 2012 Server in the server logs

"CoId={E55464F8-CEDA-8735-27E5-1F3C23F67132}: The following error occurred in the Point to Point Protocol module on port: VPN2-127, UserName: <Unauthenticated User>. Negotiation timed out"

Please assist..


DHCP Leasing issues

August 6, 2015, 9:27 am
$
0
0

Hello!

I'm the network tech at a technical school, and we're trying to fire up a new building.  While connecting our Avaya VoIPs, the phones are timing out while contacting the DHCP server, and no IP is every released to make the phone operational.  The phones have joined an existing VLAN, that has sufficient IPs available for lease to the new phones, but doesn't do so.  Does anyone have any advice in order for me to get these phones online ASAP...................as this is the new administrative building for the campus?  

Thank you in advance!

Eric

Problem RAS Ikev2

August 6, 2015, 11:57 am
$
0
0

Hi,

I have a problem to connect to a RAS server from the Internet using IKev2.

When I connect to that server by using client certificates it works fine. I know that I have to specify both the common name and the DNS name in the certificate and use the external FQDNS of the NAT device, the same name which I specified as the servername on the client VPN connection.

While it works fine on the LAN, I get error 13819 "invalid certiticate type" when trying to connect over the WAN. Since the certificate is ok, it must have something to do with the NATing.

The server is a IPV4 2012 R2 Ras server behind a IPv4 NAT router.

Any idea how this could be resolved?

many thanks

Chris

Setting up Windows Server 2008 R2 as a VPN Host

August 6, 2015, 1:51 pm
$
0
0

I've used Server Manager to install and configure RRAS on a Windows Server 2008 R2 machine, and it appears to be running. I'm intending to use it as an L2TP/IPSec PSK host. However, VPN clients are unable to connect. I've ensured that Routing and Remote Access is checked on the Exceptions tab of Windows Firewall, but when I use PortQryV2 from another computer on the LAN on the same side of the perimeter hardware firewall as the server to send an L2TP query to UDP port 1701, I get a FILTERED response. In short, it looks like it's running, but it acts like it's not.

Have I missed something?

RRAS + IPSec - Routed traffic not having IPSec Policy applied.

August 7, 2015, 3:19 am
$
0
0

Hello,

I have an RRAS server with two interface and LAN routing enables. I have a Connection Security Rule configured and all traffic sent from the RRAS to the private subnet (which happens to be in AWS) works fine. What doesn't work is routed traffic. Monitoring the traffic on our edge of network firewall, I see the source address of our internal subnet and the destination of the private subnet in AWS, this suggest the IPSec poilcy is not applying as the traffic leave the RRAS box. 

Does anyone have any idea???

James Lodge

Search

how L2TP VPN uses Pre-Shared Keys.

August 9, 2015, 11:03 am
$
0
0

Hello,

Can anybody suggest me good articles on working of pre shared key with L2TP VPN, or in a precise manner explain me the working of pre- shared keys in L2TP VPN

Thanks.

VPN configuration in Server 2012 R2

August 9, 2015, 12:07 pm
$
0
0

hello,

I have installed server 2012 R2 on my server for the RRAS role. When I configure L2TP Protocol with Pre-shared Key(under custom ) instead of machine certificate authentication the IKEv2 VPN stops working for clients ending up in hanging pn Windows 7 and showing error IKE auth credentials are unacceptable in Windows 8, In order to let IKEV2 VPN work I deselect the "Allow custom IPSEC policy for L2tP/IKE2" connections. This type of behaviour is not seen in Windows Server 2008 R2 why this is happening in server 2012 R2

Please assist.

allow custom ipsec policy for l2tp/ikev2 connection

August 9, 2015, 12:33 pm
$
0
0

Hello,

I want to know what is the purpose of this option in terms of IKEv2 as it doesn't uses pre-shared key mechanisms then why in the options of RRAS security tab in this option its written /IKEV2..??

Thanks

DNS server event log messages can't load

September 27, 2014, 10:52 am
$
0
0

I'm running a new domain controller with a DNS server on it. The event log entries for the"Microsoft-Windows-DNS-Server-Service" all fail to load. I look at the "DNS Events" item in the "Global Logs" section of the DNS server in the DNS manager tool and every entry there has the generic "cannot be found" message.

How can I repair the event log messages for the Microsoft-Windows-DNS-Server-Service?



Event Type:    Information
Event Source:    Microsoft-Windows-DNS-Server-Service
Event Category:    None
Event ID:    4
Date:        9/21/2014
Time:        15:02:03
User:        NT AUTHORITY\SYSTEM
Computer:    server.domain.corp
Description:
The description for Event ID ( 4 ) in Source ( Microsoft-Windows-DNS-Server-Service ) cannot be found. Either the component that raises this event is not installed on your local computer, or the installation is corrupted. You can install or repair the component on the local computer, or contact the component manufacturer for a newer version.

If the event was saved from another computer or forwarded from a remote computer, you might have to include display information with the events when saving them or when setting up the forwarding s .



netlogon error 5774

August 10, 2015, 6:22 am
$
0
0
The dynamic registration of the DNS record '_kerberos._tcp.brandzstorm.local. 600 IN SRV 0 100 88 DATASERVER.brandzstorm.local.' failed on the following DNS server:  

DNS server IP address: :: 
Returned Response Code (RCODE): 0 
Returned Status Code: 0  

For computers and users to locate this domain controller, this record must be registered in DNS.  

USER ACTION  
Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain  controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service. 
  Or, you can manually add this record to DNS, but it is not recommended.  

ADDITIONAL DATA 
Error Value: Bad DNS packet.

Turn of Multicast Name Resolution with Group Policy

August 10, 2015, 10:56 am
$
0
0

So we are trying to disable Multicast Name resolution on our domain using Group Policy. First of all I am pretty familiar with Group Policy and make changes all the time.

I went in to Group Policy and under Computer Configuration\Administrative Templates\Network\DNS Client\Turn off Multicast Name Resolution and I enabled it as according to the knowledge base enabling this GP will disable the protocol

I put a few test machines in a AD container and forced a gpupdate on them. All the changes I made took effect except this one which seems to remain in an unconfigured state on the client machine?

Is there some magic trick to get this to function?


Access Denied on RAS VPN Connection

August 10, 2015, 11:24 am
$
0
0

I can't browse file shares through a VPN connection

I have a Windows Server 2012 (Hosted online)

I have a Windows 7 Client, that is part of another domain.

I have setup a RAS VPN, and can connect to other services on the Machine.  SQL Server Management Console connects to the database services on the MachineName, and I can see the list of shares. So I know:

* The VPN is working
* There's no problem with networking or DNS or machine names or anything similar.
* The firewall is working correctly.  (Allow Any on the VPN IP Range)  
* File and Printer Sharing is working

I can view the list of Shares, but can't connect.  When I try to browse the shares I get an Error: Access is Denied.

I'm a member of the Administrators Group, and have permissions to the Shares and the File System.  

Just in case there was something weird with which user account was connecting, I made sure I explicitly stated it.  
net use \\Machine\Share /USER:MachineName\Username

Local Policies allow access from the network.  There are no "Deny" settings in User Rights Assignments.

I'm not that experienced at setting up RAS VPN's so might have missed something...



Search

creating VPN Connection using l2tp

August 3, 2015, 9:10 am
$
0
0

hi all

i have configured a VPN connection to my server using L2tp with a preshared key. it worked as desired.

but when i try to change it to using certificate it give me 810 error.

please tell me steps required to this configuration.

thanks in advanced.

clients unable to connect with network

August 10, 2015, 8:10 am
$
0
0

Hello All:

I am running windows server 2008 R2. When I try to connect a client to the network I get the following error message:

Note: This information is intended for a network administrator.  If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt.

The domain name "stone-and-stone" might be a NetBIOS domain name.  If this is the case, verify that the domain name is properly registered with WINS.

If you are certain that the name is not a NetBIOS domain name, then the following information can help you troubleshoot your DNS configuration.

The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "stone-and-stone":

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.stone-and-stone

Common causes of this error include the following:

- The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:

24.92.226.12
24.92.226.11

- One or more of the following zones do not include delegation to its child zone:

stone-and-stone
. (the root zone)

BTW, when I look at the DNS section of Server manager, I see that the computer name is there (aestone), however, when I look at the wins service it tells me that it cannot be located.

 Can someone please tell me what I need to do to correct this error, thanks, Allen

Delete all MAC Address' in DHCP V4 filter Deny list at once

August 3, 2015, 2:33 am
$
0
0

Hi,

Running Windows Server 2012 R2

Is there a way to delete all the MAC Address' in the DHCP V4 deny list using one Powershell command or NetSH command? I know I could do this via the GUI, but I am running a powershell script which adds a list of MAC address' from a CSV file. However as the list changes regularly, I need to remove all the deny list entries before add the MAC Address'

I've checked for some time but can only find a command to remove a specific MAC. 

Any help will be appreciated.

TIA

tools to generate a report about all shared folders and associated permissions

January 19, 2012, 10:40 am
$
0
0

hi friends

i have a win 2008 R2 file server.

is there any tools in win 2008 R2 SP1 , in order to obtain a report that shows a list of share folders that exist in this server and also the users which have permissions on each shared folder?

if win doesn't have such tools, is there any third-party app ?

Domain SID Inconsistent

August 12, 2015, 7:14 am
$
0
0
We have an existing network where we noticed that three of our servers have the same SID. One of the servers is the Domain controller the other two are file and application member servers. We are having an issue where we cannot connect to the file server (member server) via IP address and domain credentials (EventID 4625). Strangely, we can connect via NetBIOS name and domain credentials. We can also connect with IP and local machine account credentials. We are looking to disjoin the file server, run sysprep and then rejoin to the domain. What impact will this have on our existing data, shares and permissions? Or, is there an alternative path we can take so that we can connect by IP and domain credentials.
Viewing all 5877 articles
Browse latest View live
Search