Hi I know that there is a lot this could be. I have a Windows 2008 Enterprise server with Hyper-V with 2 servers, one is DHCP the other is DNS and AD. I have a 2821 Cisco router that on one side is my LAN the other my WAN with a DSL router
from Verizon. The 2821 does not have DNS or DHCP enabled on the router. just "ip route 10.10.10. 255.255.255.0 192.168.1.1" and the port configs, I do have port G0/0 the WAN port configured as a DHCP client. From the router console I can ping
any ip address or .com on the internet and get a reply. The story is different from within my LAN, I can ping my gateway 10.10.10.1 and the WAN port 192.168.1.45....that's it. I can ping the servers and they can ping the same as above .
↧
Cant access the internet from lab network
↧
DirectAccess error: Windows is unable to resolve DNS names for probes
Hello,
we have a Direct Access Server installed as edge server.
So we have 2 NICs one internal one external. About 2 days ago DirectAccess stopped working.
When I collect logs on a client it shows: "Windows is unable to resolve DNS names for probes"
Interestingly if I use nslookup I am able to resolve internal servernames:
Here also the netsh effectivepolicy:
Could someone lead me in the right direction to solving this issue?
Thanks in advance
Paul
↧
↧
Web Application proxy applicationcookies issue
Hello,
We have a setup where we want to publish domino webmail through the WAP service.
When we use Apache reverse proxy al works correct. user goes to mail.domain.com then adfs kicks in sets the cookie user gets redirected to mail.domain.com and then to their home server. mail1.domain.com or mail2.domain.com the Domino application sets a cookie .domain.com so thats ok and can be used by al servers.
but if we publish it throuhg WAP. WAP changes the domain of the cookie. it sets it to mail.domain.com so when users gets redirected to their home server mail1.domain.com or mail2.domain.com it gives an error. becasue the domino ltpa token cookie is not server for that domain.
If I edit the cookie back to .domain.com in Chrome it works fine.
How to prevent WAP from changing the cookie domain ?
Thanks in advance
↧
Just FYI, new blog post on 802.1X / PEAP-MS-CHAP v2 Wireless Networking Deployment Guide for Windows Server 2016
Just FYI, new blog post on 802.1X / PEAP-MS-CHAP v2 Wireless Networking Deployment Guide for Windows Server 2016 athttps://aka.ms/p1hmc6
James McIllece
↧
I have DHCP update DNS. So is it normal to see Event ID 8018 (failed to register) on Win 10 System event log?
I followed this thread but this is a new issue:
https://social.technet.microsoft.com/Forums/office/en-US/37b8b6b3-6cb1-496c-8492-09ded13bab18/dns-problem?forum=winserverNIS
I'm not seeing this on Windows 7 client machines. We have Win 7 or Win 10 deployed. Mostly 7 at this point, but almost all laptops are 10 (thanks for including Bitlocker in Win 10 Pro!).
On the Win 10 machines I get Event ID 8018 from DNS Client Events in the SYSTEM event log that is repeated for each network interface on the machine (2 if there is a wired and wireless for example). Basically says
The system failed to register host (A or AAAA) resource records (RRs) for network adapter with settings:
Adapter name: {GUID}
Host name: computername
Primary Domain Suffix: domainname.com
DNS Server list:
10.1.1.1, 10.1.1.2, 10.30.1.1
Sent update to server: <?>
IP Address(es):
10.5.3.4
The reason the system could not register these RRs was because the DNS server contacted refused the update request.
But if I ping the PC by name from another machine or do an nslookup, or heck even check the DNS RSAT tool, I get a valid and correct name to IP mapping. Since DHCP has a user account setup that updates DNS, name resolution is working. So is this just a benign thing and I can just ignore it?
10.1.1.1 (2012 R2 DC, DNS, DHCP)
10.1.1.2 (2008 R2 DC, DNS, DHCP) - slated to be replaced with 2012 R2 DC, DNS, DHCP this weekend)
10.30.1.1 (2008 R2 DC, DNS) - slated to be replaced with 2012 R2 DC, DNS in the next 60 days).
Domain Functional Level: 2008 R2 until the last two DC's can be replaced (on our timeline).
↧
↧
How to ensure the most recent IP address a client has is the one listed in DNS?
We have Domain Controllers that also handle DNS and DHCP.
We have systems that move around to different subnets frequently, but DNS entries do not keep up with the changes.
To fix this, we delete the old DNS record, then do to the problem system and run ipconfig /regosterdns and then run ipconfig /flush dns on the system we are try to connect from and then the name resolves until the system gets another new IP address.
What are the best ways to make sure DNS automatically updates immediately after the clients gets new IP addresses?
Should the local clients be registering the changes directly to the DNS servers whenever they get a new IP address?
↧
Adding forwarders or stubs to X.X.X.X for reverse zones
Hi folks,
Can I adding forwarders or stubs to some IP X.X.X.X :: (example: 10.100.0.2) for the following reverse zones ?
y.y.in-addr.arpa :: (96.10.in-addr.arpa)
z.z.in-add.arpa :: (97.10.in-addr.arpa)
a.a.in-add.arpa :: (98.10.in-addr.arpa)
@818moncho
↧
Unable Register DNS eventid 8018
I saw another thread with people trying all sorts of things to solve the dreaded EventID 8018 (Unable to register your DNS record.)
Of course, there were various recommendations (ipconfig /registerdns to see if it was just a one-time fluke. Running "netsh winsock reset" and rebooting, verifying your Domain and Forest levels,etc...)
My environment that had this issue:
Win2012 R2 Server gets the 8018 event.
Win2012 R2 DC's with DNS
Domain and Forest levels at 2008.
Solution:
Goto first DNS server and delete the record (and the PTR record).
↧
DNS Scavenging - How to Avoid Disaster?
Hello,
I have a single domain with 2 DCs, both Server 2008 (not R2). One of my DCs is DHCP server (the only DHCP server in my domain). DHCP is configured to register DNS records on behalf of clients. I've enabled scavenging but am concerned as I've heard of cases where valid DNS records and service folders (i.e. _msdcs) have disappeared completely when enabled.
I've made the following changes to my DHCP and DNS environment:
DNS
- No refresh interval = 3 days
- Refresh interval = 3 days
- scavenging = 7 days
- scavenging enabled on zone and server
DHCP
- DHCP lease = 7 days
- DNS service now runs under a standard account using domain user credentials
- DC is not a member of the DNSUpdateProxyGroup (I've only got a single DHCP server)
I have a couple of questions:
1. How can I be sure that valid records will not be delted by scavenging? Is there a way to predict which records will be deleted by looking at 2501/2502 events?
2. If the DHCP server was using local system to register DNS records and it's not using set credentials does that mean that previously registered records will not be refreshed/renewed/deleted by the DHCP server as the record owner and security was set to the local system account of dhcpserver1 rather than the DHCP user account credentials?
Thanks
I have a single domain with 2 DCs, both Server 2008 (not R2). One of my DCs is DHCP server (the only DHCP server in my domain). DHCP is configured to register DNS records on behalf of clients. I've enabled scavenging but am concerned as I've heard of cases where valid DNS records and service folders (i.e. _msdcs) have disappeared completely when enabled.
I've made the following changes to my DHCP and DNS environment:
DNS
- No refresh interval = 3 days
- Refresh interval = 3 days
- scavenging = 7 days
- scavenging enabled on zone and server
DHCP
- DHCP lease = 7 days
- DNS service now runs under a standard account using domain user credentials
- DC is not a member of the DNSUpdateProxyGroup (I've only got a single DHCP server)
I have a couple of questions:
1. How can I be sure that valid records will not be delted by scavenging? Is there a way to predict which records will be deleted by looking at 2501/2502 events?
2. If the DHCP server was using local system to register DNS records and it's not using set credentials does that mean that previously registered records will not be refreshed/renewed/deleted by the DHCP server as the record owner and security was set to the local system account of dhcpserver1 rather than the DHCP user account credentials?
Thanks
IT Support/Everything
↧
↧
windows phone
Apps won't download why
↧
DNS daily route
Hello
Is there any daily/nightly script or tools that everyone runs to verify the health of DNS?
↧
Secondary domain controller not working when primary domain controller going offline
Hi Everyone,
I have two server both are windows 2012. One of primary domain controller and another one is additional domain controller. When I have created any group policy from primary server as well as policy replicated secondary server. Even when I'm create any group policy from secondary server policy also replicated at primary server. But when PDC going offline I cannot open group policy management from secondary domain controller. Error is below:
The error was:
The specified domain either doses not exist or could not be contacted.
Information is noted there have no DHCP services running from both servers.
↧
Using subinacl.exe /service "DHCPServer" to grant GLOBAL GROUP, full control of a service
Using subinacl.exe /service "DHCPServer" to grant GLOBAL GROUP, full control of a service
I see a lot of people asking how to grant non-admins users the right to start or stop services but i need to grant a regular global group.
It is possible?
I´m trying, but it´s not working
subinacl.exe /service "DHCPServer" grant="DOMAIN\GG_Group"====================
+Service DHCPServer
====================
/control=0x0
/owner =system
/primary group =system
/audit ace count =1
/aace =everyone SYSTEM_AUDIT_ACE_TYPE-0x2
FAILED_ACCESS_ACE_FLAG-0x80 FAILED_ACCESS_ACE_FLAG-0x0x80
SERVICE_ALL_ACCESS
/perm. ace count =4
/pace =DOMAIN\dhcp users ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2 OBJECT_INHERIT_ACE-0x1
SERVICE_QUERY_CONFIG-0x1 SERVICE_QUERY_STATUS-0x4 SERVICE_ENUMERATE_DEPEND-0x8
SERVICE_INTERROGATE-0x80 READ_CONTROL-0x20000
/pace =DOMAIN\dhcp administrators ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2 OBJECT_INHERIT_ACE-0x1
SERVICE_QUERY_CONFIG-0x1 SERVICE_QUERY_STATUS-0x4 SERVICE_ENUMERATE_DEPEND-0x8
SERVICE_START-0x10 SERVICE_STOP-0x20 SERVICE_PAUSE_CONTINUE-0x40 SERVICE_INTERROGATE-0x80
READ_CONTROL-0x20000 SERVICE_USER_DEFINED_CONTROL-0x0100
/pace =builtin\administrators ACCESS_ALLOWED_ACE_TYPE-0x0
CONTAINER_INHERIT_ACE-0x2 OBJECT_INHERIT_ACE-0x1
SERVICE_ALL_ACCESS
/pace =dhcpserver ACCESS_ALLOWED_ACE_TYPE-0x0
SERVICE_QUERY_CONFIG-0x1 SERVICE_QUERY_STATUS-0x4 SERVICE_ENUMERATE_DEPEND-0x8
SERVICE_START-0x10 SERVICE_STOP-0x20 SERVICE_PAUSE_CONTINUE-0x40 SERVICE_INTERROGATE-0x80
READ_CONTROL-0x20000 SERVICE_USER_DEFINED_CONTROL-0x0100
Elapsed Time: 00 00:00:00
Done: 1, Modified 0, Failed 0, Syntax errors 0
Last Done : DHCPServer
Looks ok, but when i query the service, the results was the same, the same set of users/groups as previoulsy listed, the access is not granted
↧
↧
Web Server + ARR (Architecture)
Hello everybody,
I am developing a Windows Server 2012 R2 architecture (Virtualized all servers as Virtual Machines - VMs).
The architecture foresees some application with WebServer IIS.
The architecture foresees 2 Web Servers in NLB configuration.
REQUIREMENTS:
Reverse Proxy
It is request the use of proxy server. MS ARR is under consideration.
(I am not expert in Reverse Proxy and therefore I am asking your help)
QUESTION:
1) Does MS ARR have to installed in different server from the NLB web Server farm?
Or it is possible to install it on the 2 Web Server (as configured in NLB)
(By using additional servers, this lead to increase the number of VMs and licensing costs)
2) IS Windows NLB required? or it is MS ARR to provide NLB functions?
3) Is MS ARR a good tools to build Proxy server functions ? or third-parties software should be taken into consideration?
Please
Could you help in addressing this requirement?
Thanks
↧
DNS
We have a Virtual Machine Server in our Hyper-V, we change the name of the Server but later on we notice that the old Server Name still pinging.
I ping the old Server host name >> reply with the IP
I ping the old Server FQDN name>> no ping result
I ping –a IP Address >> replay with the new Server Name Host Name
I nslookup the old Host Name >> no result
I nslookup the new Host Name >> replay Domain Name & IP Address
Can you help me please?
Regards
↧
Can't see computers on remote network
We have 3 separate physical networks that are connected by site to site vpn connections. They are all part of the same domain. I have a domain controller at each location. In the past we have been able to browse the "network" list and see the workstations and servers in all 3 locations but for some reason today I can only see the workstations and servers at my location. Can someone tell me where to start troubleshooting this? thanks
↧
DHCP Admins cannot stop, start or restart DHCP Server service
Some users are "DHCP Users" and "DHCP Admins", non-administrator users
I´ve download a tool called ServiceSecurityEditor.exe, that shows that these group can stop, start and restart the DHCP Server service (and the SDDL language shows that too)
But the user really cannot, nor usign the DNS manager nor the services.msc tool
What i need: Make sure regular user ("DHCP Users" and "DHCP Admins") can stop, start and restart service
↧
↧
Direct Access and VPN ports
Hello
I have DirectAccess and VPN role installed in test environment on Win2012 R2 server, I have only one public IP address, both network adapters has internal IP addresses, is there any specific ports that I could forward from router to my server, to access VPN from external network?
Shota Tadumadze
↧
Website redirect internal network.
Hi
I have a website www.something.com hosted on godaddy. I forwarded it to www.something.org hosted with some other vendor.
The forwarding is working fine outside of our internal network.
Internally, our domain is named as something.com. All DNS entries for computers etc have something.com behind them.
e.g.wk-05.something.com
There is a DNS entry with host name www. FQDN as www.something.com going to IP address of www.something.com hosted on godaddy. It does not forward to www.something.org. It gives a page saying 'Account has been suspended'.
How can I make the forwarding work internally as well? Thank you.
I have a website www.something.com hosted on godaddy. I forwarded it to www.something.org hosted with some other vendor.
The forwarding is working fine outside of our internal network.
Internally, our domain is named as something.com. All DNS entries for computers etc have something.com behind them.
e.g.wk-05.something.com
There is a DNS entry with host name www. FQDN as www.something.com going to IP address of www.something.com hosted on godaddy. It does not forward to www.something.org. It gives a page saying 'Account has been suspended'.
How can I make the forwarding work internally as well? Thank you.
↧
NPS public cert using GoDaddy
Hi,
I am having heck of time figuring how to use a public cert and nps. in the forums on this subject I found an solution that points to this link:
https://support.microsoft.com/en-us/kb/321051
I updated the file to include name of our nps server. Our internal domain is an extension of our public domain if that matters. example: www.example.com is our public name. Our internal name is .schooldistrict.example.com in the request.inf I put the nps.schooldistrict.example.com and changed the line from 1024 to 2048 bits.
I submit the CSR to godaddy and installed the certificate and the intermittent. I assigned it and I get this on a windows 7 machine:
Reason Code:265Reason: The certificate chain was issued by an authority that is not trusted.
On my iPhone it says the certificate is Not Trusted. I have heard this comment about just set a group policy to valid the certificate the problem is for your BYOD and telling people to turn off certificate validation would be a pain.
Allen Armstrong
↧