We're in the midst of relocating our RADIUS role from a 2003 DC to a 2008 R2 member server.

The following features have been installed and configured:

• Network Policy Server
• Routing and Remote Access Services
• Remote Access Service
• Routing

All policies have been recreated identically to the previous ones and the server has been registered in AD DS.

When attempting to connect to the RADIUS server I receive the following event:

Network Policy Server denied access to a user.

Contact the Network Policy Server administrator for more information.

User:
 Security ID:   NULL SID
 Account Name:   test
 Account Domain:   DOMAIN
 Fully Qualified Account Name: DOMAIN\test

Client Machine:
 Security ID:   NULL SID
 Account Name:   -
 Fully Qualified Account Name: -
 OS-Version:   -
 Called Station Identifier:  -
 Calling Station Identifier:  -

NAS:
 NAS IPv4 Address:  x.x.x.x
 NAS IPv6 Address:  -
 NAS Identifier:   
 NAS Port-Type:   -
 NAS Port:   1

RADIUS Client:
 Client Friendly Name:  server.fqdn
 Client IP Address:  x.x.x.x

Authentication Details:
 Connection Request Policy Name: Use Windows authentication for all users
 Network Policy Name:  -
 Authentication Provider:  Windows
 Authentication Server:  server.fqdn
 Authentication Type:  PAP
 EAP Type:   -
 Account Session Identifier: -
 Logging Results:  Accounting information was written to the local log file.
 Reason Code:   16
 Reason:    Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.

All credentials, shared secrets and authentication methods are correct. I have also checked Dial-Up properties in AD DS. Has anyone else experienced this issue?

Regards,

Ryan.

Is it possible to add a second domain to a windows dns server that is simply an alias for another domain?

For example, if our windows domain is mydomain.com, but we also own myother.net.  I want any dns requests for *.myother.net to be aliased to *.mydomain.com

I tried a wildcard cname, but that didn't work. Should this work, or am I doing something wrong?

We're trying to get users in the habit of using the myother.net domain for everything, and have even added it as an alternate UPN.  As users get in that habit though, they try to use the new domain to get to internal resources, such as browsing to intranet.myother.net instead of intranet.mydomain.com.  I can create duplicate entries for all servers in the new zone if necessary, but that seems like a lot of extra work and long term upkeep compared to creating an alias for the entire domain.

Our VPN uses NAP. The boss is very reluctant to disable NAP on this connection. We also have several Windows 10 clients.

When you upgrade from Windows 7 or Windows 8.1 with a VPN configured for NAP, that VPN continues to exist along with its NAP configuration and there is no issue. Unfortunately for machines that have not been upgraded, or where the VPN has been removed due to the ridiculous proximity of the Remove button and Disconnectbutton, or anywhere where a new VPN connection is required it appears impossible to create a VPN connection with NAP.

So my question is, what do I do about it?

• Make the case to my boss again that NAP must be disabled.
• Use some workaround I have not yet discovered to configure the Windows 10 systems with NAP.
• Create a new VPN configuration that satisfies my bosses requirements for security
  Note: We evaluated DirectAccess for our needs and chose not to go with it a few years ago, I'd need a pretty compelling reason to suggest it again.
• I'm hoping there are other alternatives I haven't thought of.

Hi,

I added a couple of non-admin user to the Built-in DnsAdmins groups, but the group name is quite misleading as the group members aren¡t DNS Admins at all.

We want that users to manage all the DNS zones, those AD integrated and the other ones.

Is there any way to achieve this kind of delegation?

Thank you.

Hello everybody

I have a quick question I hope somebody could answer. I have assigned two IP-adresses to the external NIC. Lets call them 10.10.10.1 (main) and 10.10.10.2. What I would like to accomplish is to forward all traffic that goes to address 10.10.10.2 to the internal IP 192.168.1.10 (example).

I know this can be done on port level with RRAS, but I cannot find how to do it on address level.

Hi,

I have a 2012 r2 dns/dhcp member server that does not have either KB2975719 and KB2995388 installed and the DNS event viewer is registering the following event every 4-5 minutes very similar to the discussion in this forum. The server is functioning properly in every other aspect.It is also a DHCP server.

"The description for Event ID (3150) in Source (Microsoft-Windows-DNS-Server-Service) cannot be found. Either the component that raises this event is not installed on your computer or the installation is corrupted. You can install or repair the component on the local computer or contact the component manufacturer for a newer version.

If the event was saved from another computer or forwarded from a remote computer you might have to include display information with the events when saving them or when setting up the forwarding s 711 domain.local, domain .local.dns."

Having a problem with the Remote Access Management console. It gives an error that the settings cannot be retrieved, you do not have permissions to access GPO guid.

I need to know what the what the client is checking to figure out what's wrong.  Direct access itself is still working, and clients are still connecting.  New machines are being added, but I can't monitor it because the console is confused.

What permissions does it think it is supposed to have?

Hello,

I have a test environment that simulates a load balancing between 2 Web Servers running in IIS.

I have created a cluster with the 2 Web Servers participating in the cluster using their secondary IP. 

Web Server 1 - Management IP (10.2.3.14), Cluster IP (10.2.4.10), Dedicated IP (10.2.4.11)

Web Server 2 - Management IP (10.2.3.15), Cluster IP (10.2.4.10), Dedicated IP (10.2.4.12)

the cluster is used to forward port 80 traffic only.

I created an AAAA Record for the ELSAL-NLBCLUSTER.

and the Webservers Binding are also setup to accept this name.

I can tell that IIS is working because when i visit elsal-nlb1.itfella.com and elsal-nlb2.itfella.com in IE they both display the IIS webpage. However when i type http://elsal-nlbcluster.itfella.com i dont get an IIS page.

Any ideas?

For God, and Country.

It appears I have a DNS issue on my network. Previous location it work fine but I have relocated and new ISP and something appears to be broken. I have a Windows Server 2003, DNS running both DC & AD. NSLOOKUP for my server is failing as well as at the client as it's unable to determine the default server. I did have a hard time in configuring the workstations to browse the internet. Moved from Time-Warner to Charter for internet service. Also unable to find out where the "Carolina.rr.com" references are coming from.

Client NSLOOKUP response

Default Server:  UnKnown
Address:  2606:a000:1209:405a:22aa:4bff:fe72:ad91

Server NSLOOKUP response

Default Server:  rns01.charter.com
Address:  71.10.216.1

Workstation IP Config

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Anthony-HPWin7
   Primary Dns Suffix  . . . . . . . : XXXXXXX.Charlotte.XXXXXXX.Com
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : XXXXXXX.Charlotte.XXXXXXX.Com
                                       carolina.rr.com

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : carolina.rr.com
   Description . . . . . . . . . . . : NVIDIA nForce 10/100/1000 Mbps Ethernet
   Physical Address. . . . . . . . . : 00-23-7D-C5-EA-A2
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::c577:7fd8:973d:fb7b%29(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.2.112(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, February 19, 2016 6:19:36 PM
   Lease Expires . . . . . . . . . . : Wednesday, February 24, 2016 12:13:04 AM
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.1
   DHCPv6 IAID . . . . . . . . . . . : 536879997
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-04-47-39-00-23-7D-C5-EA-A2
   DNS Servers . . . . . . . . . . . : 2606:a000:1209:405a:22aa:4bff:fe72:ad91
                                       192.168.2.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
   Connection-specific DNS Suffix Search List :
                                       carolina.rr.com

Server IP Config

Windows IP Configuration

   Host Name . . . . . . . . . . . . : XXXXXXX
   Primary Dns Suffix  . . . . . . . : XXXXXXX.Charlotte.XXXXXXX.Com
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : XXXXXXX.Charlotte.XXXXXXX.Com
                                       Charlotte.XXXXXXX.Com
                                       XXXXXXX.Com

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
   Physical Address. . . . . . . . . : 00-18-8B-29-56-88
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.2.107
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.2.1
   DNS Servers . . . . . . . . . . . : 71.10.216.1
                                               71.10.216.2

chuck

Hi all,

We are trying to connect our local Oracle Virtual Machine (VM) SharePoint Sites with Client Database (DB) using VPN.

In our local VM, our SharePoint sites are working fine with data being fetched from local DB (Normal working scenario).

But when we are trying to connect to VPN in VM, the SharePoint web application app pool stops and we get error “503: Service Unavailable”.

We have also tried making changes in HOSTS file with new assigned DNS IP and also tried browsing our SharePoint sites with IP but with no success.

Has anyone faced such issue in their project where the VM local SharePoint sites should work with client VPN? Or if someone can suggest some generic settings which we can try on our VM to get it working.

Br,

Hi

Kinda new to the whole NPS and CA side of things so apologies if the question comes across stupid or my replies do :)

We've got a meru wifi solution that uses a two 2008R2 radius servers to authenticate the domained laptops. Yesterday the laptops stopped connecting to the SSID using radius.

I've checked the security event logs on one of the radius servers and seems to have problems with the EAP?

I've checked all the network polices we have and under the constraints tab i can't seem to edit the EAP Type: (Microsoft: Protected EAP (PEAP)). I get the message "A certicate could not be found that can be used with this Extensible Authentication Protocol"

I've checked the cert with have on the NPS and it looks to have expired last month. But when i try to renew the cert with same key its saying the permissions on the CA does not allow the current user to enroll for certificates. I've checked the permissions on the CA template we are using and both account and server have enrol and auto enrol. The server is part of the RAS and IAS server group. I've even added the server directly to the Cert template and given both account and server full control but still no joy.

Any help would be appreciated. Like i said at the top this is the first time dealing with NPS and CAs so learning at the same time.

Cheers

J

I have a Windows Server 2012 R2 with Domain Controller and DNS server role and it have two net adapter.

Even the DNS is not listening on the public adapter and the adapter have no registration of DNS setup, when I use Get-NetConnectionProfile to check the profile it returns:

Name             : mydomain.com
InterfaceAlias   : Public
InterfaceIndex   : 13
NetworkCategory  : DomainAuthenticated
IPv4Connectivity : Internet
IPv6Connectivity : LocalNetwork

Name             : mydomain.com
InterfaceAlias   : Private
InterfaceIndex   : 14
NetworkCategory  : DomainAuthenticated
IPv4Connectivity : Internet
IPv6Connectivity : LocalNetwork

The problem is that I need to set the interface index 13 to NetworkCategory Public and not DomainAuthenticated.

I have already tried to Google it but no way to find a solution.

Giuseppe

There has been posted a similar issue here:
https://social.technet.microsoft.com/Forums/office/en-US/bcf9dff8-dbc2-48de-85ad-0101ae3159cd/dhcp-server-log-reporting-dns-update-failed?forum=winserverNIS

We had a printer in zoneA (172.16.240.0/24) on the evening of 23th of February. You can see the device being renamed from NPI54B55D to PRZHS002. The printer has been moved to zoneB (172.16.248.0/24) the next morning. It was plugged in at 07:30 o'clock.
Problem now is, the A entry on the DNS server seems to hop between the two IP's 172.16.240.110 and 172.16.248.239. Some clients could resolve the printer, and some couldn't. Just depended on when they tried to resolve the record.

Log from the day the printer was setup in zoneA

18,02/23/16,10:18:47,Expired,172.16.240.110,,,,0,6,,,,,,,,,0
30,02/23/16,13:18:50,DNS Update Request,172.16.240.110,NBINF013.merbag.local,,,0,6,,,,,,,,,0
31,02/23/16,14:18:50,DNS Update Failed,172.16.240.110,NBINF013.merbag.local,,,0,6,,,,,,,,,2
30,02/23/16,14:18:50,DNS Update Request,172.16.240.110,NBINF013.merbag.local,,,0,6,,,,,,,,,0
17,02/23/16,14:18:50,DNS record not deleted,172.16.240.110,,,,0,6,,,,,,,,,0
30,02/23/16,16:23:30,DNS Update Request,172.16.240.110,NPI54B55D.merbag.local,,,0,6,,,,,,,,,0
10,02/23/16,16:23:30,Assign,172.16.240.110,NPI54B55D.merbag.local,FC3FDB54B55D,,1440707597,0,,,,0x4865776C6574742D5061636B617264204A6574446972656374,Hewlett-Packard JetDirect,0x2B4D66673D48503B5479703D556E6B6E6F776E3B4D6F643D556E6B6E6F776E3B5365723D556E6B6E6F776E3B,+Mfg=HP;Typ=Unknown;Mod=Unknown;Ser=Unknown;,,0
30,02/23/16,16:23:30,DNS Update Request,172.16.240.110,NPI54B55D.merbag.local,,,0,6,,,,,,,,,0
11,02/23/16,16:23:30,Renew,172.16.240.110,NPI54B55D.merbag.local,FC3FDB54B55D,,1440707597,0,,,,0x4865776C6574742D5061636B617264204A6574446972656374,Hewlett-Packard JetDirect,0x2B4D66673D48503B5479703D556E6B6E6F776E3B4D6F643D556E6B6E6F776E3B5365723D556E6B6E6F776E3B,+Mfg=HP;Typ=Unknown;Mod=Unknown;Ser=Unknown;,,0
31,02/23/16,16:23:30,DNS Update Failed,172.16.240.110,NPI54B55D.merbag.local,,,0,6,,,,,,,,,9005
30,02/23/16,16:59:20,DNS Update Request,172.16.240.110,PRZHS002.merbag.local,,,0,6,,,,,,,,,0
11,02/23/16,16:59:20,Renew,172.16.240.110,PRZHS002.merbag.local,FC3FDB54B55D,,3889591309,0,,,,0x4865776C6574742D5061636B617264204A6574446972656374,Hewlett-Packard JetDirect,0x424D66673D48503B5479703D4D46503B4D6F643D485020436F6C6F72204C617365724A657420466C6F77204D4650204D3638303B5365723D4A5044564A32473039463B,BMfg=HP;Typ=MFP;Mod=HP Color LaserJet Flow MFP M680;Ser=JPDVJ2G09F;,,0
31,02/23/16,16:59:20,DNS Update Failed,172.16.240.110,PRZHS002.merbag.local,,,0,6,,,,,,,,,2
30,02/23/16,16:59:20,DNS Update Request,172.16.240.110,PRZHS002.merbag.local,,,0,6,,,,,,,,,0
11,02/23/16,16:59:20,Renew,172.16.240.110,PRZHS002.merbag.local,FC3FDB54B55D,,3889591309,0,,,,0x4865776C6574742D5061636B617264204A6574446972656374,Hewlett-Packard JetDirect,0x424D66673D48503B5479703D4D46503B4D6F643D485020436F6C6F72204C617365724A657420466C6F77204D4650204D3638303B5365723D4A5044564A32473039463B,BMfg=HP;Typ=MFP;Mod=HP Color LaserJet Flow MFP M680;Ser=JPDVJ2G09F;,,0
32,02/23/16,16:59:20,DNS Update Successful,172.16.240.110,NPI54B55D.merbag.local,,,0,6,,,,,,,,,0
31,02/23/16,16:59:20,DNS Update Failed,172.16.240.110,PRZHS002.merbag.local,,,0,6,,,,,,,,,9005
30,02/23/16,17:18:52,DNS Update Request,172.16.240.110,PRZHS002.merbag.local,,,0,6,,,,,,,,,0
31,02/23/16,17:18:54,DNS Update Failed,172.16.240.110,PRZHS002.merbag.local,,,0,6,,,,,,,,,9005

Log from the day the printer was delivered to zoneB

30,02/24/16,00:00:34,DNS Update Request,172.16.240.110,PRZHS002.merbag.local,,,0,6,,,,,,,,,0
31,02/24/16,00:00:35,DNS Update Failed,172.16.240.110,PRZHS002.merbag.local,,,0,6,,,,,,,,,9005
30,02/24/16,00:18:57,DNS Update Request,172.16.240.110,PRZHS002.merbag.local,,,0,6,,,,,,,,,0
31,02/24/16,00:18:58,DNS Update Failed,172.16.240.110,PRZHS002.merbag.local,,,0,6,,,,,,,,,9005
30,02/24/16,01:18:58,DNS Update Request,172.16.240.110,PRZHS002.merbag.local,,,0,6,,,,,,,,,0
31,02/24/16,01:18:59,DNS Update Failed,172.16.240.110,PRZHS002.merbag.local,,,0,6,,,,,,,,,9005
30,02/24/16,02:18:58,DNS Update Request,172.16.240.110,PRZHS002.merbag.local,,,0,6,,,,,,,,,0
31,02/24/16,02:19:00,DNS Update Failed,172.16.240.110,PRZHS002.merbag.local,,,0,6,,,,,,,,,9005
30,02/24/16,03:18:59,DNS Update Request,172.16.240.110,PRZHS002.merbag.local,,,0,6,,,,,,,,,0
31,02/24/16,03:19:00,DNS Update Failed,172.16.240.110,PRZHS002.merbag.local,,,0,6,,,,,,,,,9005
30,02/24/16,04:19:00,DNS Update Request,172.16.240.110,PRZHS002.merbag.local,,,0,6,,,,,,,,,0
31,02/24/16,04:19:01,DNS Update Failed,172.16.240.110,PRZHS002.merbag.local,,,0,6,,,,,,,,,9005
30,02/24/16,05:19:00,DNS Update Request,172.16.240.110,PRZHS002.merbag.local,,,0,6,,,,,,,,,0
31,02/24/16,05:19:02,DNS Update Failed,172.16.240.110,PRZHS002.merbag.local,,,0,6,,,,,,,,,9005
30,02/24/16,06:19:01,DNS Update Request,172.16.240.110,PRZHS002.merbag.local,,,0,6,,,,,,,,,0
31,02/24/16,06:19:02,DNS Update Failed,172.16.240.110,PRZHS002.merbag.local,,,0,6,,,,,,,,,9005
30,02/24/16,07:19:02,DNS Update Request,172.16.240.110,PRZHS002.merbag.local,,,0,6,,,,,,,,,0
31,02/24/16,07:19:04,DNS Update Failed,172.16.240.110,PRZHS002.merbag.local,,,0,6,,,,,,,,,9005
30,02/24/16,07:30:19,DNS Update Request,172.16.248.239,PRZHS002.merbag.local,,,0,6,,,,,,,,,0
10,02/24/16,07:30:19,Assign,172.16.248.239,PRZHS002.merbag.local,FC3FDB54B55D,,588674061,0,,,,0x4865776C6574742D5061636B617264204A6574446972656374,Hewlett-Packard JetDirect,0x424D66673D48503B5479703D4D46503B4D6F643D485020436F6C6F72204C617365724A657420466C6F77204D4650204D3638303B5365723D4A5044564A32473039463B,BMfg=HP;Typ=MFP;Mod=HP Color LaserJet Flow MFP M680;Ser=JPDVJ2G09F;,,0
32,02/24/16,07:30:19,DNS Update Successful,172.16.248.239,PRZHS002.merbag.local,,,0,6,,,,,,,,,0
30,02/24/16,08:19:02,DNS Update Request,172.16.240.110,PRZHS002.merbag.local,,,0,6,,,,,,,,,0
31,02/24/16,08:19:05,DNS Update Failed,172.16.240.110,PRZHS002.merbag.local,,,0,6,,,,,,,,,9005
30,02/24/16,08:26:09,DNS Update Request,172.16.248.239,PRZHS002.merbag.local,,,0,6,,,,,,,,,0
11,02/24/16,08:26:09,Renew,172.16.248.239,PRZHS002.merbag.local,FC3FDB54B55D,,588674061,0,,,,0x4865776C6574742D5061636B617264204A6574446972656374,Hewlett-Packard JetDirect,0x424D66673D48503B5479703D4D46503B4D6F643D485020436F6C6F72204C617365724A657420466C6F77204D4650204D3638303B5365723D4A5044564A32473039463B,BMfg=HP;Typ=MFP;Mod=HP Color LaserJet Flow MFP M680;Ser=JPDVJ2G09F;,,0
32,02/24/16,08:26:09,DNS Update Successful,172.16.248.239,PRZHS002.merbag.local,,,0,6,,,,,,,,,0
30,02/24/16,09:19:03,DNS Update Request,172.16.240.110,PRZHS002.merbag.local,,,0,6,,,,,,,,,0
31,02/24/16,09:19:05,DNS Update Failed,172.16.240.110,PRZHS002.merbag.local,,,0,6,,,,,,,,,9005
30,02/24/16,10:19:04,DNS Update Request,172.16.240.110,PRZHS002.merbag.local,,,0,6,,,,,,,,,0
31,02/24/16,10:19:06,DNS Update Failed,172.16.240.110,PRZHS002.merbag.local,,,0,6,,,,,,,,,9005
30,02/24/16,10:21:26,DNS Update Request,172.16.248.239,PRZHS002.merbag.local,,,0,6,,,,,,,,,0
11,02/24/16,10:21:26,Renew,172.16.248.239,PRZHS002.merbag.local,FC3FDB54B55D,,588674061,0,,,,0x4865776C6574742D5061636B617264204A6574446972656374,Hewlett-Packard JetDirect,0x424D66673D48503B5479703D4D46503B4D6F643D485020436F6C6F72204C617365724A657420466C6F77204D4650204D3638303B5365723D4A5044564A32473039463B,BMfg=HP;Typ=MFP;Mod=HP Color LaserJet Flow MFP M680;Ser=JPDVJ2G09F;,,0
32,02/24/16,10:21:26,DNS Update Successful,172.16.248.239,PRZHS002.merbag.local,,,0,6,,,,,,,,,0
30,02/24/16,11:19:04,DNS Update Request,172.16.240.110,PRZHS002.merbag.local,,,0,6,,,,,,,,,0
31,02/24/16,11:19:06,DNS Update Failed,172.16.240.110,PRZHS002.merbag.local,,,0,6,,,,,,,,,9005
30,02/24/16,12:19:05,DNS Update Request,172.16.240.110,PRZHS002.merbag.local,,,0,6,,,,,,,,,0
31,02/24/16,12:19:07,DNS Update Failed,172.16.240.110,PRZHS002.merbag.local,,,0,6,,,,,,,,,9005
30,02/24/16,13:19:06,DNS Update Request,172.16.240.110,PRZHS002.merbag.local,,,0,6,,,,,,,,,0
31,02/24/16,13:19:08,DNS Update Failed,172.16.240.110,PRZHS002.merbag.local,,,0,6,,,,,,,,,9005

When we had a look into it, the DNS server had an A record resolving PRZHS002 to 172.16.240.110 and a pointer record in the reverse lookup zone, resolving 172.16.248.239 to PRZHS002.merbag.local
My question now is: why is the DHCP server still trying to update the old record stored in zoneA if the printer has been moved to zoneB already? The DHCP Server seems to update every hour 19min.
And the bonus question of course is: Why are so many DNS updates failing on the DHCP Server? We do see lots of them in the DHCP log, not only for this device.

Some information about our environment:

We don't have debug logging enabled on the DNS server. But we can see DNS related records in the security log. But everytime we see a "DNS Update Failed" message on the DHCP server, there is nothing related to that in the DNS log. It is like the request from the DHCP server cant even reach the DNS server.
DHCP lease time ist 4 days. All servers are 2012 R2. We have increased the value of DynamicDNSQueueLength already.
We use an AD service account to add entries to DNS. This account has been added to the DNSUpdateProxy group. Only secure updates in DNS are allowed.
DHCP is setup to always dynamically update DNS records. It discards A and PTR records when leases are deleted. There is no problem with the AD service account, because only some updates do fail.
The DHCP server has no failover or cluster or anything. It works on its own and is the owner of all entries in DNS. Best practice analyzer on DHCP server only complains about a zone we have disabled because it is for testing purposes.

We have our 2 server Server 2008 spit-scope DHCP configured to register DNS using a domain user account.  This generally works except for when a DHCP client renews its DHCP lease from the other server, gets a new IP from the the other server's lease range and the DNS doesn't get updated to reflect the new IP because the old host entry is already there.  The old entry doesn't get removed until scavenging time or manual deletion. 

Sometimes to get around this issue, we manually delete the host entries from DNS and then run ipconfig /registerdns on the client and then ipconfig /flushdns on the system trying to access the client.

This has been working OK until recently.  Now we have a new problem of multiple clients failing to register DNS themselves.

Windows System event logs on several different clients have errors that say the name could not be registered on the interface because another computer would not allow the name to claimed by the computer.

Hi,

I am facing very strange issue, i am not able to join the server to domain and getting below error..

"Network Path Not Found"

Below troubleshooting done so far.

1. Disabled IPv6

2. Disabled Second LAN Card

3. Enabled NetBIOS over TCP/IP

4. Enabled all required ports on Firewall.

5. Disabled Windows Firewall.

6. Able to resolve Domain FQDN from command prompt.

7. Able to resolve DNS server name or any other server name.

8. Rebooted server multiple times.

9. All DC's are DNS servers, checked other DNS IP's same issue. 

10. Got below error in NetSetup Log..

11. Tried Net View Test.com, got below error

12. Tried to access \\MyTest.Test.com, got Network Path Not Found Error.

13. Even i enter wrong password during domain join i am getting the same error.

MCP, MCTS

Hi there,

I'm trying to setup RRAS on Windows Server 2012 R2 server in Azure to support inbound VPN connections from internet machines using SSTP.

I've setup the RRAS service, and am able to successfully VPN into the host from a guest machine, and can establish connectivity to the RRAS server using ICMP etc. However, I cannot connect to any other VMs in the same subnet as the RRAS server... no matter what I do. My connection is just limited to the RRAS machine.

My environment is as follows

RRAS server - single interface.

• IP address of 10.50.0.12
• Configured as a VPN service (SSTP with public wildcard certificate)
• RRAS configured with a static address pool of 172.16.10.10 - 172.16.10.254 

I have configured a static route on another server in tenant (10.50.0.11) that points all traffic to the static address pool via the RRAS server (route add 172.16.10.0 mask 255.255.255.0 10.50.0.12 -p)

I can successfully connect from my client machine, and establish connecting and ping the RRAS server on 10.50.0.12. 

However, I cannot ping anything else, including the secondary VM that I put the static route on (10.50.0.11). I've tried disabling the Windows firewall on all machines... no difference.

Can anyone point me in the right direction as to what might be wrong?

Regards, James

James Frost

Hello,

We have an issue with our vpn solotuion for remote clients. Some clients can't connect to Windows Server using rasdial (ikev2, IPSec).

Troubleshooting shows the problem appears when packets come from one ISP but sent to another one. We have BGP with 3 ISPs and load balancing outbound traffic over 3 bgp-neighbours. So we can manage outbound traffice, but can't do it with inbound, we recieve only default routes from bgp-neighbours.

Is this a normal behavior of rasdial connection? If "yes", could somebody explain why client can't connect and which processes influence for it. If "no", what wrong with our clients, configurations and etc. 

Our another vpn solutions (dmvpn, l2tp, for example) work well with this network topology.

Thanks in advance.

Using Server 2012 R2, I am able to successfully VPN and access network resources (Windows 8.1). A friend of mine, using Windows 10, can also VPN but cannot access any network resources. My server is RRAS and everything else. The server isn't joined to a domain. My server can ping my IP, but not my friend's. RRAS hands out the addresses (doesn't use DHCP).

I used to let RRAS allow DHCP, but strangely it started sucking up all available IP addresses.