Quantcast
Channel: Network Infrastructure Servers forum
Viewing all 5877 articles
Browse latest View live

Network policy using radius vendor-specific attribute as a condition

February 3, 2016, 1:40 pm
$
0
0

Windows 2008 R2 NPS

I have difficulty setting up a network policy to use radius vendor-specific attribute as a condition for processing a VPN radius authentication request from a cisco asa firewall. On the firewall, "debug radius all" is on and the firewall debug info indicates vendor type 146 and type 150 data are sent upstream to nps, along with other standard radius attributes. From the hex dump info, Cisco vendor attributes appear to conform to rfc. From the nps log (xml format) on the windows server, it also confirms receiving the two vendor specific data in data_type 2, and the hex strings are the same as displayed by the cisco firewall.

I read a post about how to use the setting portion of the NPS GUI to create a vendor specific data string.  After creating the settings, use the command "netsh nps sh np" to display the string and then setup the condition for the policy with the command,

netsh nps set np name = "policy 2" state="enable"
 conditionid = "0x1a" conditiondata = "0100000C049208Policy"
 other conditions omitted....

At this point this policy is not working because NPS decides the incoming cisco radius request is not a match for the policy conditions. The event log authentication event shows the policy is a match when the 1A condition is removed, but will use the next policy in line when the 1A condition is present. Any idea on how the condition data should look like to match the tunnel name "Policy"? Thanks in advance.

Search

DNS conditional Forwarders Queries

February 3, 2016, 1:22 pm
$
0
0

Hi All,

I have a Query about conditional Forwarders, even i read more article, but still need to understand better of Conditional Forwarders scenario which i recently faced in current experience,

We have two different forests, one is X.local and other is y.loc and trusted as "Extrenal" Non-Transitive trust methodology

On Forest x.local, we have conditional forwarder routing as "(Standard)" type to accept the DNS request from Y.loc (Primary and Secondary DNS servers) and from Y.loc is all Windows Server 2003 Forest and hence it would have Forwarders of X.local (Primary & Secondary DNS servers) and it was working few days back normally.

Recently we had changed this conditional forwarders from X.local forest and in DNS of conditional forwarder change the Option from Standard to "Store this conditional forwarders in Active directory and replicate to all dns servers in this forest" and after that this DNS resolution of "Y.loc" results to failure by name resolution.

Kindly provide any reason of this behaviour. Thanks

DHCP server 2012 r2 and subnet scope

February 3, 2016, 1:31 am
$
0
0

HI

i migrated my server DHCp from 2008 to 2012 r2 and all work fine.

My network is class C :

172.16.0.0 

255.255.0.0

/16

and i have a dhcp scope 

172.16.8.1/254 and work fine

But now i have a problem.. the scope is almost full and I have to add IP phones on this network.

If try to add scope , for example, 172.16.10.X --> 172.16.10.254 i can't because caused the conflict with the scope 172.16.8.X

From what i understand, there are two solutions:

Solutions 1

Resubnetting my network ,for example to 

172.16.0.0 

255.255.240.0

/20

change the subnet on my devices (grr... more more devices) 

change the subnet on the actuall scope (172.16.8.x from 255.255.0.0 to 255.255.240.0)

create another scope in my dhcp server 172.16.16.X 255.255.240.0 

all things should work

Solutions 2:

use another dhcp server.. for example the gateway dhcp.. with macaddress reservation.

Please can you help me in this problem?

thanks 

oasis in my heart

Web Application Proxy username format for Kerberos delegation

January 27, 2016, 11:10 am
$
0
0
I'm having an issue with Kerberos authentication behaving differently for external Web Application Proxy users than for internal Internet Explorer users.

I have a third-party web application (non-claims-aware) that runs in IIS using Windows Authentication. The only authentication provider enabled in IIS is "Negotiate." IIS box is Server 2012 R2.

Internal domain clients access the IIS box directly from Internet Explorer (automatic signin). External clients access it via Web Application Proxy with Kerberos delegation (after signing in to ADFS).

In both cases, users get authenticated properly. But the application ends up seeing a different username depending on which method the user came in on.

For internal users, the application sees the username as being just the bare username with no prefix or suffix (e.g. "someguy"). For external users, the application sees the username as being the full UPN (e.g. "someguy@example.com"). Unfortunately, this results in the application's internal logic treating each scenario as a separate user. The third-party developer does not want to change their application. They insist that they just take whatever username string IIS provides them.

How can I configure Web Application Proxy so that it provides the username to the application in the same format that internal IE clients do? (Alternatively: how can I configure IE clients to provide the username in the same format that Web Application Proxy does?)

Migration DHCP from windows 2003 to Windows 2008R2 error

February 4, 2016, 7:02 am
$
0
0

Good day ,

I m trying to migrate DHCP from windows 2003 (frensh) service Pack2 to windows 2008R2 (english) I did the following :

On windows 2003:

1-I export the database of DHCP from 2003  "netsh dhcp server export C:\dhcp.txt all"

2-I stoped DHCP service "net stop dhcp server"

On windows 2008R2:

1-I import the databse to DHCP server 2008R2 "netsh dhcp server import c:\dhcp.txt all"

 so I receive an error message :
Error while importing class "Default Routing and Remote Access Class."
This class conflicts with the existing class "Classe de routage et d'accès distant par défaut." An internal error occurred.
Can you please help me will be thankful .

Regards

e

Windows Server 2012 R2, any role or feature instal fails

November 3, 2015, 7:25 am
$
0
0

Hi MS Experts,

Current environment : Windows Server 2008 R2

I am in the process of migrating to Windows Server 2012 R2. I installed Windows Server 2012 R2 on HP DL380p G8 server. Now, when I go to add a any role or features I am getting the following error. 


Failed to open runspace pool. The Server Manager WinRM plug-in might be corrupt or missing
a. disabled the firewall
b.Add "127.0.0.1" and "::1" to the IP listen list
c. winrm qc shows

winrm service is already running on this machine.
winrm is already setup for remote management on this computer
d. Granted the  “Validated Write to Service Principal Name” permission to the NETWORK SERVICE using theADSIEDIT.msc. 
Error logs:
Event ID 10154

The WinrRM failed to create the following SPNs:WSMAN/xxx.abc.com:WSMAN/xxx
Application and services log
Event ID 142

WSMAN Operation CreateShell failed, error code 2150858811
This is stopping my plan from moving forward. I googled but nothing seems to work.

Appreciate for your help

Thanks

VPN client can't see network

February 4, 2016, 10:13 am
$
0
0

Okay, I've spent 3 weeks reading every blog post and followed all instructions to the letter. I still can't see my network. 

Windows Server 2012 R2 - New installation - RAS installed for VPN only. 
Router is a Nighthawk R7000

I can gain access into the server via VPN. I can ping the machines on the network. I just can't see the network through VPN. When I'm on my local network, everything worls fine. 

I've set up static routes on IPv4 separate from the DHCP routes, I've downloaded OpenVPN on my client, Access privildges are set. I'm at a loss! 

Any Ideas! 

what is 0.0.0.0 and 127.0.0.0 addresses

February 3, 2016, 9:39 pm
$
0
0
what is 0.0.0.0 and 127.0.0.0 addresses?

Paramesh KA

Search

server help

February 4, 2016, 5:32 pm
$
0
0
 I am not part of a domain and have DHCP SERVER? HELP PLEASE

question about authenticating a users on different forest domain.

February 4, 2016, 1:26 am
$
0
0

Hi All

I have a network setup as below :

if we want to authenticate the users from adatum.com on VPN1, what should you do?

first of all, i configured NPS1 as nps server and VPN as Client server .. computers from internet where able to connect to 192.168.1.10 ,

then

I configured nps2, as vpn and as RADIUS client

i tried to create a network connection policy on NPS1 , in the condition part i didn't know what to do ... could you please show me in steps what  i need to do and why we do these ...

my purpose is learning

many thanks.

regards


server help

February 4, 2016, 5:24 pm
$
0
0
 I think I have a problem  with my server /IP address, can you help me fix it?

Domain Controller with two Network adapter

February 6, 2016, 4:17 pm
$
0
0

I have a Windows Server 2012 R2 with Domain Controller and DNS server role and it have two net adapter.

Even the DNS is not listening on the public adapter and the adapter have no registration of DNS setup, when I use Get-NetConnectionProfile to check the profile it returns:

Name             : mydomain.com
InterfaceAlias   : Public
InterfaceIndex   : 13
NetworkCategory  : DomainAuthenticated
IPv4Connectivity : Internet
IPv6Connectivity : LocalNetwork

Name             : mydomain.com
InterfaceAlias   : Private
InterfaceIndex   : 14
NetworkCategory  : DomainAuthenticated
IPv4Connectivity : Internet
IPv6Connectivity : LocalNetwork

The problem is that I need to set the interface index 13 to NetworkCategory Public and not DomainAuthenticated.

I have already tried to Google it but no way to find a solution.


Giuseppe

Internal and External domain names are the same. The internal users can’t access the website.

November 4, 2014, 6:05 am
$
0
0

Hi,

Help, please.

Our internal clients can’t reach our company’s website on Internet.

Our internal and external domains are the same: company.com. In other words:

Our company URL is: www.company.com and my computer is called PCIT01.company.com

PCIT01.company.com can’t browse www.company.com.

How can I fix it?

Thanks in advanced. 


what is the diffence between NAP and VPN?

February 7, 2016, 1:11 am
$
0
0

HI All

I'm studying NPs, NAP And VPN ...

during my study i realize that

VPN is use to connect any remote computers personal or domain computer ...

NAP is use to connect remote computers which are already joined to domain  only

Direct Access also use to connect domain joined computers remotely only.

is this correct ?

please correct me if I'm wrong.

regards

question about configuring NAP with DHCP server in server 2012?

February 7, 2016, 5:08 am
$
0
0

Hi

i have a DHCP server with a scope range 192.168.1.100 to 192.168.1.200

i have also NAP configured on this server .

now i want the noncompliant computers get different IP address, how I do this?

can some one explain it with screen shoots and steps.

many thanks.

regards

Search

DNS Scavenging Not Scavenging New SEtup

February 8, 2016, 1:21 am
$
0
0

Hi All,

I set up scavenging Friday Monday @ 1 am and doesn't seem to working if I look at the event logs. It's on one of my dc/dns (2012) servers (no refresh interval = 3 days, refresh interval = 3 days). i waited 3 days and nothing. Did I miss anything? Any comments will be greatly appreciated! 

batch file to Automatically logoff and Auto Login to windows

February 5, 2012, 2:12 am
$
0
0

hi all

in win 2008 R2 , is there any method to create a batch file that when we run it , we be loged off from windows and immediately be Automatically Logged in to windows with the user account and password which we have written in that batch file ?

( for example that's useful when we need to logoff one time for refreshing group policy and we don't want to type in username and password manually )    :-)   nice ?

thanks in advance

DNS loses all interfaces

June 28, 2012, 6:16 am
$
0
0

I've been having problems for about 2 weeks now.

The DNS server seems to drop all interfaces after a few hours of uptime. When I say drops all interfaces I mean it stops sending responses out and when I go to the DNS snap-in, the interfaces tab is blank, nothing listed, nothing I can check. The server itself still seems to have internet connectivity, as in I can ping google.com using google's IP address. Also, DHCP still continues operating. The server can also still be reached using both it's internal and public interface IP addresses.

The only way to resolve this is to restart the DNS service. That in itself is fine but I'm having to do this every 3-4 hours. Any ideas?

Owner, Quilnet Solutions

Cannot download "Deploying VPN Connections by Using Windows Powershell and Group Policy"

February 2, 2016, 7:09 pm
$
0
0

Hi,

I can no longer download "Deploying VPN Connections by Using Windows Powershell and Group Policy"  http://www.microsoft.com/en-us/download/confirmation.aspx?id=2555

It is just giving page not found. Is there any where else this can be downloaded from?

Thanks,
Todd

How DNS and DHCP work together

May 20, 2010, 4:13 am
$
0
0
can any tell me how DNS and DHCP work together?
Viewing all 5877 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>