Hi,
I am using Windows Server 2008 as a Primary domain Controller(ADDS, DNS and DHCP installed and configured) and windows Server 2016 as secondary Domain Controller(ADDS and DNS installed and Configured as a BackUP AD) . But i need to configure Failover DHCP. So that my WS 2016 acts as a complete failover Server.
We can easily configure Failover on WS 2012 but what is the process of configuration of DHCP failover on WS 2008.
Thanks,
Roshan
Hi all,
Having a real tough time getting Windows 7 machines connect to my Draytek Vigor 3900 VPN.
I know it's not an issue with blocked ports or firewall issues as all of the computers using W10 connect to the VPN no problem however W7 machines can never connect.
I connect by using the Draytek Smart VPN client which also does the registry changes. It hangs on dialing for about 60 seconds then just says 'Unknown Error'
If I try to use the inbuilt W7 VPN, I have no luck at all and get given error 809
I can use the exact same config and same user on a W7 machine and it just wont connect at all
I have added/modified the 'AssumeUDPEncapsulationOnSendRule', 'ProhibitpSec' and 'AllowL2TPWeakCrypto' registries.
I have made sure the 'IKE and AuthIP Keying Modules', 'IPsec Policy agent', 'Remote access auto connection manager', 'remote access connection manager', 'Routing and remote access' and 'Secure socket tunneling protocol service' services are all set to automatic start up and are running.
The last 2 days every bit of help I've seen points to the AssumeUDPEncapsulation.... reg edit but that hasn't fixed my problem.
Has anyone had this issue before? I am trying to connect on a Toshiba Tecra but I don't think the laptop is the issue as the W10 Tecra's connect with no problem. I do not have the Intel Proset wifi management software installed.
Thanks in advance.
Hello,
We are having an issue where DHCP addresses are no longer being handed out and the DHCP error 20287 is logged. Here is the error we get:
DHCP client request from 08000FB342BE was dropped since the applicable IP address ranges in scope/superscope SCOPENAME Scope are out of available IP addresses. This could be because of IP address ranges of a policy being out of available IP addresses.
I expanded the scope (although it wasn't out at the time) and currently have about 60 addresses available.
What is very strange is that the only devices not getting DHCP from this scope are VoIP phones. As in both MiTel and Yealink phones sit at "Waiting for IP address". All other devices (Apple, Linux, IPhones, Android devices) get a proper DHCP.
I ran a wireshark from the DHCP server as well as the phone. I confirmed that the DHCP server gets the discovery packet, but as that 20287 states, it never sends ACK or an offer to the phones.
I simplified the setup as much as possible so the server is directly plugged in to the same switch (unmanaged) as the phones. No VLANs are in place.
I also tried deactivating the scope on one Server 2012R2 installation and installing a new role on another server as well as another scope, still the same result.
If I change the DHCP server to no longer be on the Windows server and instead be on my Router, it works fine.
Any clue as to why only my phones won't pull DHCP?
ICS
I have a problem that is beginning to drive me crazy, any help is much appreciated.
We have a RRAS Windows 2016 Server running in our DMZ. All our laptops are Windows 10 1607 or 1703. We are using IKEv2 Protocol which uses a computer certificate for authentication.
A number of laptops repeatedly disconnect from Always on VPN but on the other hand some remain connected just fine. This morning for example myself and three other colleagues were connected to the same Wi-Fi Access Point, three of us were working fine and remained connected but my other colleague continuously kept getting disconnected. We are seeing this happen a lot and I really need to find the root cause of this problem. It's been tried and tested on numerous Wireless networks (In a few of our offices and many user's home networks and mobile hotspots).
What I've tried and found so far;
- Updated wireless drivers on laptops and updated BIOS
- Installed latest Windows updates on laptops and RRAS Server
- Re-install Always On VPN Profile
- 'Forget' wireless networks on the laptops
- Even though we use IKEv2 I found a few forums posts that mention issues when the VPN is behind a NAT, and so I modified the registry on a couple of affected laptops as follows;
create a new DWORD value called "AssumeUDPEncapsulationContextOnSendRule" under "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent" and set it to "2"
What I have noticed is a reoccurring log in event viewer both on the client and server.
On the clients I see: The user dialed a connection named "" which has been terminated. The reason code return on termination is 829. A Google search of this returned that 829 is an (ERROR_LINK_FAILURE). I'm almost certain it's not the wireless connection as we have laptops connected to the same wireless network in the same small room, and some get the problem and some not.
On the server side I've found something that I think may be related but I don't understand the log well enough. If possible could someone shed some light on what the following means? It's in the RASTAPI.LOG which can be found in C:\Windows\Tracing.
07-11 10:57:34:438: RasTapiCallback: lineDropped. port VPN2-449, id=0xffffffffIn particular why is it changing state? What do the state numbers 1,2,4 & 5 mean? What does DisconnectReason=2 mean?
I will be grateful of any help please.
Hi there,
I'm trying to setup RRAS on Windows Server 2012 R2 server in Azure to support inbound VPN connections from internet machines using SSTP.
I've setup the RRAS service, and am able to successfully VPN into the host from a guest machine, and can establish connectivity to the RRAS server using ICMP etc. However, I cannot connect to any other VMs in the same subnet as the RRAS server... no matter what I do. My connection is just limited to the RRAS machine.
My environment is as follows
RRAS server - single interface.
I have configured a static route on another server in tenant (10.50.0.11) that points all traffic to the static address pool via the RRAS server (route add 172.16.10.0 mask 255.255.255.0 10.50.0.12 -p)
I can successfully connect from my client machine, and establish connecting and ping the RRAS server on 10.50.0.12.
However, I cannot ping anything else, including the secondary VM that I put the static route on (10.50.0.11). I've tried disabling the Windows firewall on all machines... no difference.
Can anyone point me in the right direction as to what might be wrong?
Regards, James
James Frost
We have created a new child domain under the same forest.
Eg: Root domain = Costoso.com Child Domain = child.local
Exchange and SharePoint getting weird authentication errors when using AD users from the new domain.
For example, adding child.local user to a Site Collection ACL was successful but we got authentication error as follow:
No Authority could be contacted for authentication
Looks like the DC in parent domain do have have authority to authenticate users from Child domain.
Any idea?
Hi,
We have a few Network conditions under the network poilcy and one of them called NAS Identifier.
The field of NAS Identifier is full so that I cannot add more network devices to be authenticated by this policy anymore. Can i add one more NAS identifier in the same network policy or i have to create another network policy which is the same policy but for other devices in the future?
I added 2nd NAS Identifier but it seems not working. Please see below:
Thank you.
I created a new Always on VPN connection for group of users in a department. This VPN is setup with force tunneling, always on set to true and trusted Network detection.
The issue users are experiencing is when they bring their laptops to work and connect to the internal network the VPN will not disconnect. Below is a view of the network connections on one of the laptops. Ethernet 3 is the NIC that is connected to the local network. The status show as unauthenticated but if I disable the wireless connection the user is able to connect and the status show as contoso.com.
We are not experiencing this problem with users who have split tunneling enabled.
Hi everyone, I'm running into a weird problem with RRAS/NAT on my Windows Server 2012 machine for my home lab. In my lab I have a private 10.0.0.x network that are hosted VMs. My hypervisor is running RRAS and NAT and is configured with one physical nic and 1 virtual Internal nic. The physical nic connects to my router that goes to the internet(192.168.1.0/24 subnet) and the internal nic connects to my private network.
In the RRAS management tool I use a custom config and select only NAT and LAN Routing. Now at this point NAT is not configured since I haven't assigned the internal and external interfaces. So from here I'm able to ping the 10.0.0.x machines from the 192.168.1.x network and vice versa. After I configure NAT with the external and internal interfaces, I am no longer to ping the 10.0.0.x machines from the 192.168.1.x subnet. However, I can successfully ping from the 10.0.0.x machines to the 192.168.1.x network.
I've also setup a rule on the internet router to route all 10.0.0.0 traffic to the physical nic of the hypervisor. Here's my current layout.
Internet
|
Router 192.168.1.1
|
Hypervisor - Physical nic 192.168.1.100 DG 192.168.1.1
- Virtual Internal nic 10.0.0.1 No DG assigned
|
VM Client - 10.0.0.4 DG 10.0.0.1
Any ideas as to why I can ping both ways when NAT is disabled but not when it is enabled? I'd like to keep NAT on that way my clients can connect to the internet for updates, but also accessible for remote login from the 192.168 subnet.
Attempting to replace existing Winidows 2003 RADIUS server with new 2012 R2 NPS/RADIUS Server. RADIUS server used for 2nd Factor SafeWord authentication. All policies and settings replicated to new NPS server. NPS server has been registered w/ AD (child.domain.com).
When testing w/ NTRadPing Utility, continually get response: Access-Reject. Event ID 4402 "There is no domain controller for the domain domain.com" logged in System Log on NPS server.
Unable to locate any reference to issue w/ child domains. Not sure if this error is perhaps a red herring of some sort.
Dear All Experts,
Can someone advice how should I achieve the following objectives for my home lab (see setup diagram:
https://drive.google.com/open?id=17ssUcXqJ9ZJwe0w8pYHaYcW1F8kUNybQ
)
The purpose of such setup in my home lab is because I trying to create a server farm that would be become my psedo "Production" environment that I will then replicate to the cloud using Azure Site Recover (ASR).
At the current setup stage, the objective I would try to reached is (1) to enable to all the nested VMs, including the VM1 and VM2 to have internet access; (2) bidirectional Ping communication - the nested VMs in VM1 able to ping VM2 and vice versa (i.e. VM2 able to ping the nested VMs)
In my RRAS configuration, I enable both NAT and LAN Routing under "Custom Configuration". This allow me to achieve the objective (1) which is all the nested VMs have internet access; at the same time, part of the objective (2) which is the nested VMs able to ping the VM2 and the External Virtual Switch in VM1. However, the VM2 is unable to ping the nested VMs.
If I would to remove the NAT, objective (2) immediately achieved. However, the nested VMs would lost the internet connection.
Really appreciate if someone could advise me on this. Thanks in advance.
i aslo have cyberoam connection and i am using public ip to connect cyberoam remotely
Please help
I have a server with two NIC one directly to the internet and one to the internal network and I've managed the port 22 (SSH) to the External NIC to accept connections and using Private IP: 10.0.0.14.
If I show the mappings I get this result
Protocol,Direction, Private address,Private port,Public Address,Public Port,Remote Address,Remote Port,Idle time
TCP,Inbound,
10.0.0.14,22, 212.*.*.*,22, 85.*.*.*,52 541, 1
But the ssh klient says "timed out", it works within the private network but not from the external one.
Any ideas?
looking for the info on Fault bucket 1888767104558711641.
Have a very troublesome machine and this is happening every minute.
Windows 8 machine
Ethernet adapter Local AreaConnection 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection #
2
Physical Address. . . . . . . . . : 00-50-56-B3-22-34
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 82.179.190.12(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.128
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 127.0.0.1
Primary WINS Server . . . . . . . : 127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled
---------
The problem is that my static IP is constantly replacing with "autoconfiguration". Ipconfig output says "Autoconfiguration Enabled . . . . : Yes"
Question: How do I disable, turn off the "Autoconfiguration" ?
ps. IP address is statically configured.
Hi all,
I have a strange problem and was unable to find a solution on the web.
Setup:
Windows domain: mydomain.local
Windows server 2008 R2 (domain fonctional level is windows 2003)
DNS set setup correctly. Name resolution working properly as I can ping all my machines (includinf DCs) with netbios name (DNS search suffix is configured on all machines) and FQDN name.
Problem: On my workstations (and DCs for that matter), when I type \\mydomain I get an error saying the path connot be found. If I enter \\mydomain.local , I have access to the netlogon share.
I cannot seem to resolve the netbios name of my domain. I've double checked my DNS config and all seems well.
Any advice?
Jestmat.
I forgot to mention, there is no WINS server in my environment.
Just a thought, is this normal behavior in a Windows 2008 environment (forced to use the FQDN name)?
HI to All,
it's my pleasure to have connected since many years with such forum and it helps me a lot in my carrier. there is lot of people who help and support each other which is great achievement by creating such site.
My Question : i have DHCP server with scope 192.168.10.1 - 192.168.12.254 with Subnet 255.255.254.0, now the issue is that dhcp server made it superscope One : 192.168.10.1 - 192.168.11.254 and Second 192.168.12.1-254 but DHCP assigning the lease addresses with Scope One and with Second its not leasing.
our IP addresses are saturated i need more than 512 IP's, i dont have any firewall but Cisco router which is default gateway to connect other branches (other branches has their own DHCP servers)
is there anything iam missing or going in wrong way, kindly help me in this regards.
thanks for your precious time and efforts for my query.
I am having a problem with my organizations' Domain Controllers and my question concerns the failover of one DC to another. I have a mixed environment as I am slowly bringing the enterprise to Server 2016. The current environment: I have 2 physical DC's that are Server 2012 R2 and on virtual DC that is Server 2016.
I was doing some work on the network and one of the physical DC's named (DC1) was offline and while it was offline, the network came to a standstill. Users were immediately calling saying that they couldn't get out to the internet or access network resources (file server, printing). I was able to get the server back online, but it makes question whether the setup of the DC's are correct.
I have been researching and found info that tells me to set up Zone Transfers and yet other research says that I don't need to set that up. How do I enable failover from one Domain Controller to another? I am looking for resilency and thought I was protected by having 3 DC's on my network; only to find out that this isn't the case. The 2 physical DC's have their ip addresses entered in all static nics, yet my PC (has a static IP) didn't even move to the 2nd DC. Any information passed on, would be greatly appreciated.
Thanks.
Hi
I'm looking for the powershell cmdlet equivilant to right clicking a zone in MMC and selecting Reload.
It looks like this is either Restore-DNSServerPrimaryZone or Restore-DNSServerSecondaryZone, depending on the zone type.
Could someone please confirm if I've got the right cmdlet here? I'm slightly wary due to the cmdlet being called "restore" but the MMC function being called "Reload".