We’re trying to use the MFA Extension with our NPS server. However, when we try to connect through the NPS server with a radius client we receive no response and in the NPS server where the MFA Extension is installed the following event is generated:

Network Policy Server discarded the request for a user.

Contact the Network Policy Server administrator for more information.

User:

                Security ID:                                            NULL SID

                Account Name:                                    test@axtion.nl

                Account Domain:                                 -

                Fully Qualified Account Name:          -

Client Machine:

                Security ID:                                            NULL SID

                Account Name:                                     -

                Fully Qualified Account Name:          -

                OS-Version:                                           -

                Called Station Identifier:                      -

                Calling Station Identifier:                     -

NAS:

                NAS IPv4 Address:                                192.168.0.232

                NAS IPv6 Address:                                -

                NAS Identifier:                                      -

                NAS Port-Type:                                     -

                NAS Port:                                               -

RADIUS Client:

                Client Friendly Name:                           Luuk PC

                Client IP Address:                                  192.168.0.232

Authentication Details:

                Connection Request Policy Name:     MFA Server Request Forward

                Network Policy Name:                         -

                Authentication Provider:                    <none>

                Authentication Server:                         NPS-ARBO01.ad.extra

                Authentication Type:                           -

                EAP Type:                                               -

                Account Session Identifier:                 -

                Reason Code:                                        9

                Reason:                                                  The request was discarded by a third-party extension DLL file.

Any idea what is happening here?

I understand basic concepts of DNS but have never configured it myself. I have a home lab and have setup up a Server 2016 domain controller and also installed a DNS server. I have a couple machines configured on the domain but am confused on how to set up DNS properly. On one of the test machines I manually set static IP and set the DNS server address properly. I can ping the domain and other domain joined machines but I can't get out to the internet.

If I set my home router gateway as a secondary DNS address I can ping internet resources but not local domain anymore.  Is there a way I can someone how add my local home router gateway as a DNS source on my DNS server?

Hi There,

I have a new new Server 2016 / W10 1809 Always On VPN Setup:

- Server 2016 Routing and Remote Access Server providing IKEv2 (Device Tunnel) and SSTP (User Tunnel)
- Windows 10 1809 Clients with Device and User Certificates from internal AD integrated PKI

The Problems are:
1. GPUPDATE is not working if the User Tunnel is connected (SYSVOL is not accessible). Accessing SYSVOL in explorer prompts for a user and password, any other share in the domain is working fine, it's just not working with DFS Shares.
But if I disconnect the User Tunnel and let only the Device Tunnel opened, GPUPDATE and DFS is working fine.
Booth tunnels are having the same DNS / Remote Address Ranges Config and no Traffic Filters are configured.
I have no idea how to fix this, the only workaround is enabling the Network access: Do not allow storage of passwords and credentials for network authenticationbut the drawbacks with this GPO Security Setting enabled are to big.

2. All Remote Clients are registering their VPN IP in the DNS, which is desired, but further more they are registering the IP of the WiFi Adapter too, which makes manage-out quite unreliable.
The only Workaround I've figured out is, unchecking the "register this connection's Addresses in the DNS" in the advanced settings of the WiFi Adapter, but rolling this out to a few hundred clients is a quite difficult.

Is anyone else having these problems and have found a solution for it?

Thanks in advance

Malte

Hi,

I have a question, I'm a bit new on the networking area. I got the task to build a NLB, for a soon to be deployed web app.

I searched thru the internet and found a guide to follow, I'll paste the link at the end.

When I did a browsing test from another server, it worked fine. I got directed thru server A or server B using the Cluster IP (10.240.195.58 / 23)

I did as well a ping test to the 2 servers and the cluster IP and it worked out.

I tried to do the test of ping and web browsing from a different subnet, but none responded.  Just to clarify even when they are different subnets, they can communicate freely, no firewall permissions are needed, because any internal communication will not go thru the firewall. The routers/Switches already allows communication between every vlan, even when a brand new server/PC connects to the network.

So I got something like the picture added.  Now the configuration I did for the NLB was this
Name        NIC IP        NIC Name  

-----------------------------------------

Server A   10.240.194.223    Management

Server A   10.240.195.204    NLB

Server B   10.240.194.249    Management

Server B   10.240.195.224    NLB

Cluster IP 10.240.195.58

Subnet Mask: 255.255.254.0  (applies for all nics/cluster)

So as you can see both NICs, for both servers and cluster IP configuration is on the same VLAN.

PCs from same vlan can ping both nic on both server and cluster

PCs from another vlan can ping both nic on both server but cannot ping the cluster

Can anyone point me out what I'm doing wrong. The servers are virtualized and the vSwitch (vmware) can only point one Vlan which is the 10.240.194.0/23.

http://www.serverlab.ca/tutorials/windows/web-servers/load-balancing-web-servers-with-windows-server-2012-r2/

Hi,

Im dealing with a very odd situation regarding our wireless access and was hoping someone might have some insight.

The infrastructure:

Ruckus APs with virtual smart zone controller

WLAN with 802.1x authentication, NPS as proxy using RADIUS

Two NPS servers in the domain, one on site, and the other sitting in Azure

The two NPS are also configured with ADFS

Virtual endpoint / ADFS Farm is named access.our-public-domain.com for which we have a certificate that is loaded in the NPS as the PEAP certificate and its root CA cert is installed on all clients

System was working just fine until the other day when the certificate expired. For whatever reason the notification of expiration wasnt getting to us (story for another day)

The expired certificate is with a company we no longer use for certs. I went through the correct procedure to CSR a new certificate compatible with NPS through our current certificate provider, and installed onto the NPS. The root for the new provider is also already on all clients 

Most everything immediately came back online, and here lies the problem - MOST EVERYTHING

We have a mixed infrastructure of 7, 8, and 10 clients, and there doesn't seem to be any rhyme or reason as to which ones are now unable to connect

We also have an internal PKI, so I spun up a sandbox NPS using the internal CA, no extras like ADFS or anything, set up a test 802.1 SSID pointing to the sandbox as proxy.

Using both the access certificate and the CA issued certificate, the NPS doesnt log any audits trying to sign on from an affected machine/user. If I use our public wildcard, it logs a reason 22 - EAP type server unable to process, which I suppose is understandable for the wildcard as it was never setup for RAS/IAS

Im just at a loss as to why a simple certificate change would alter our wireless infrastructure from completely working 100% to mostly working 70% 

Hi all,

I installed RRAS on a VM (Hyper-V) server, in a network in which all computers belong to the same Windows Domain. I only installed VPN - not Dialup or Direct Access. Another VM on the same machine, the PDC, is running the DHCP.

When the RRAS service is started, I see that the DHCP does not allocate the expected 10 addresses. In the Remote Access Management Console, "VPN Addressing" has a red X next to it, and its "operations state" is "DHCP Address Assignment".
Of course, any client trying to connect fails, and the RRAS server shows in its log that there are no IP addresses available to allocate.

The details show:

ERROR: The VPN server cannot obtain IP addresses for VPN clients from the DHCP server
CAUSES: The VPN server cannot obtain IP addresses for VPN clients from the DHCP server.
RESOLUTION:
1. Check network connectivity of the VPN server.
2. Verify DHCP settings.

I tried installing RRAS on 2 other VM on the same Hyper-V box, and sometimes they work, and sometimes they don't.

All hosts can ping each other. If I assign the problematic servers' NICs to get an address from DHCP, they successfully get the address. I assume this proves that there is no problem getting addresses in general.

I also tried shutting down all servers except the DHCP, and then starting the others - but it still didn't help.

I would appreciate it if someone could please help me out here.

TIA,
mlavie58

hi,

Event log message: 

Currently piloting AOVPN W10 Ent. 1803 devices with Machine tunnel. Seems to be working nicely - tunnel formed before logon so all drives present at logon works fine from home over Wi-Fi and I believe 4g sims ok

Problem is that our Head of service wants to connect from everywhere specifically Hotels and Mcdonalds !!

I have a feeling because the VPN is set up with IKEV2 the issue is at their end but how can I be sure of this and report back - he just wants it to work !!. I saw some error codes in event viewer but not listed in the (thin) Microsoft documentation

By the way some of our team consider this VPN not to be 2 factor authentication. We have a Bitlocker pin at startup plus normal NT logon - is this considered secure enough - Personally, I think it is and of course the users would hate more security

Ian Burnell, London (UK)

Hi there,

the absence of a topic about Microsoft-Windows-DHCP Server Events/Debug (at least I haven’t found one) makes me think I am going to ask a question which might result in a very obvious answer….

After enabling the Debug log in Eventviewer and stopping it after some time, it is still empty. All other logs, even the Audit, if I enable it for test purpose, have advanced. While I can enable old style debug log files, which will fill up, I would like to have the Debug Event log at hand and do some tests with it.

My environment: DHCP on Windows Server 2016, approx. 1500 clients active per day.

Kind regards!

Hi All,

First let me explain our network setup

Datacentre - 192.168.1.0/24

Branch 1 - 192.168.2.0/24
Branch 2 - 192.168.3.0/24
Branch 3 - 192.168.4.0/24
Branch 4 - 192.168.5.0/24
Branch 5 - 192.168.6.0/24
Branch 6 - 192.168.7.0/24
Branch 7 - 192.168.8.0/24
Branch 8 - 192.168.9.0/24
Branch 9 - 192.168.10.0/24
Branch 10 - 192.168.11.0/24
Branch 11 - 192.168.12.0/24
Branch 12 - 192.168.13.0/24
Branch 13 - 192.168.14.0/24
Branch 14 - 192.168.15.0/24

Main Site - 192.168.16.0/23 (due to larger number of client devices at site)

At each "site" including the Datacentre there are 2 x DCs which are also acting as file Servers / DFS. These are on 192.168.x.1 / 192.168.x.2

We have a DFS Namespace of \\domain.local\data with every DC being a Name Space Server. All Name Space Server have been set with the option "Override referral ordering" with the 1st DC at each site set to "First among targets of equal cost" and the 2nd DC at each site set to "Last among targets of equal cost"

The same settings apply to Name Space Folders like \\domain.local\data\Finance etc, "Override referral ordering" is enabled with the 1st DC set to "First among targets of equal cost" and the 2nd DC at each site set to "Last among targets of equal cost"

The Branch Sites only have routing to the Datacentre and the Main Site and cannot communicate with each other.

In Active Directory Sites and Services all sites have been added, and the corresponding subnets.

Active Directory Site Links with Costs

Datacentre-Branch1 (Cost 100)
Datacentre-Branch2 (Cost 100)
Datacentre-Branch3 (Cost 100)
Datacentre-Branch4 (Cost 100)
Datacentre-Branch5 (Cost 100)
Datacentre-Branch6 (Cost 100)
Datacentre-Branch7 (Cost 100)
Datacentre-Branch8 (Cost 100)
Datacentre-Branch9 (Cost 100)
Datacentre-Branch10 (Cost 100)
Datacentre-Branch11 (Cost 100)
Datacentre-Branch12 (Cost 100)
Datacentre-Branch13 (Cost 100)
Datacentre-Branch14 (Cost 100)
Datacentre-MainSite (Cost 50)

MainSite-Branch1 (Cost 60)
MainSite-Branch2 (Cost 60)
MainSite-Branch3 (Cost 60)
MainSite-Branch4 (Cost 60)
MainSite-Branch5 (Cost 60)
MainSite-Branch6 (Cost 60)
MainSite-Branch7 (Cost 60)
MainSite-Branch8 (Cost 60)
MainSite-Branch9 (Cost 60)
MainSite-Branch10 (Cost 60)
MainSite-Branch11 (Cost 60)
MainSite-Branch12 (Cost 60)
MainSite-Branch13 (Cost 60)
Mainsite-Branch14 (Cost 60)

On a PC or Server in any site, if you run the command NLTEST /dsgetsite you get the correct site name returned

The problem we are having is if you access \\domain.local\data\shared.data or any other "Folder" (they are all setup the same way) as some sites it takes a few seconds to open.

On the client PCs we have run the following command dfsutil /pktinfo and get the following results

As you can see it has picked the "correct" ACTIVE DFS Target, but is has TARGETSET next to the wrong servers, most of which it does not even have routing to.

After doing a lot of research online I have tried the following:
> Disabled IPv6 on All Servers + Clients using the registry key

> Rebooted clients and run the command dfsutil /pktflush

These have had no effect. I then went to run the command on the 1st DC at BRANCH14 and got the exact same results using dfsutil /pktinfo. It picked the correct Server as "ACTIVE" but then randomly has Target set with other servers which it has no routing to.

Sorry for the long post :) Has anyone got any ideas ?

Cheers, Scott

Hi guys, 

pls, can someone help me, how can i connect virtual network to physical? 

Physical router basic TP-LINK is a gateway to internet. And LAN network is 192.168.1.0/24

First server: is running Hyper-V where are all virtual machines getting from IP from DHCP physical router. So for example 192.168.1.100.

Second server is running too Hyper-V, but there, i want make a second network like 10.1.1.0/24 for example. But i want to make visible both sites. It means, i wanna lets say from virtual IP 10.1.1.100 connect to my VM with IP 192.168.1.100 from first server and from IP 192... to IP 10... 

If I build a virtual router in Windows Server 2012R2 on second Hyper-V server, I can connect from virtual network 10.x.y.z. to 192.168.1.x, but I cannot connect from 192.168.1.x to 10.x.y.z because of NAT... How can i connect this two site? 

Both Hyper-V servers are connect to TP-Link...  

If I chooses bad category/forum, I'm sorry... 

We have a 2012Rs Server that is dual homed (2 network interfaces)

Lets say

NIC-A has IP address  192.168.1.1/24

NIC-B has IP address  192.168.2.1/24

Both interfaces connect to a the same router (CISCO) on different interfaces in the router

so the router has

INTERFACE Gi0/1   192.168.1.96/24

INTERFACE Gi0/2   192.168.2.96/24

We have an application running on the server that can only support 1 interface (it is configured to use NIC-B) and have need for workstations on 192.168.1.0/24 to access the application, but they must do it by connecting to 192.168.2.1.

This appears to not work (we have the application on a Server 2008R2 and it is working, but want to upgrade off 2008R2)

This seems to be a reverse path issue, and we had the same scenario when we upgraded our CENTOS servers from 5.x to 7.x.

The solution in CENTOS is edit /etc/sysctl.conf and change

set    net.ipv4.conf.all.rp_filter = 0

Is there a way to do the same thing on a Windows Server 2012R2 and beyond?

hi,

How is named-trigger works?  is it any connection with Alwayson VPN?

I am using RRAS server and i only configure standard vpn settings. I open split tunneling and i configured vpn connection trigger for notepad exe and ortacdemirel.com suffix name.



nothing happens when i open notepad or enter my domain name.

Hello, 

We are working on implementing Always On VPN.  Everything seems to be working EXCEPT, clients are npot getting the proper DNS server setting for the VPN Virtual NIC.

The VPN Server is in the DMZ, with an NPS server on the intranet. So far what's happening is the VPN Client is getting the DNS Server IP configured on the VPN Server NIC, and therefore, can't find the internal DNS Server, and hence resources. 

Here's the XML:

I know that's a bit ugly and I did open the underacted file on Visual studio code, and it is formatted correctly as far as I can see. 

Does anyone have any ideas why the configured DNS server address (172.23.2.1) is not being assigned to clients?

Thanks, 

Doug

Hi

We've had a request from our web developers to add several host entries into DNS (W2003) but for a domain which is not hosted on the internal DNS servers. The IP addresses of the hosts will be internal addresses. I don't know why this is needed - just been asked to do it.

e.g. Internal domain name (in DNS) - domain1.com

Host records required - host1.domain2.com, host2.domain2.com, host3.domain.com ....

Unfortunately domain2.com is a valid domain name and I believe adding this in as a new zone may/will affect services such as Exchange and possibly others which may need to resolve addresses in domain2.com

Can anyone advise ?

Thanks

Hi,

I have built a Win based VPN server in GCP cloud, DHCP service is not allowed and I am not able to configure classless static routes.

When I connect using VPN client, I can connect to office network just fine but loses local internet, even when "use gateway on remote network" is unchecked on client machine..

how else can I distribute subnets? network policy server?

Please suggest..

I have a new client that I will be adding a second DC to their domain.  They are currently running 2003 functional level with a single server 2008 R2 DC.  I will be adding a second domain controller running server 2008 sp2 but before I do I have cleaned up old metadata from old improperly removed DC's and removed several old DNS records as well.  

My question is this, when I run dcdiag /test:dns /v I receive the following errors:  

Error:
                     Missing SRV record at DNS server 192.168.50.101:
                     _ldap._tcp.68f495a1-7552-4ddf-8d91-42effff06952.domains._ms
dcs.removedforanonymity.com
                     [Error details: 9003 (Type: Win32 - Description: DNS name d
oes not exist.)]

I'm not sure how to resolve this.  I have tried restarting netlogon service from services and I have also tried:

net stop netlogon

renamed C:\Windows\System32\config\netlogon.dnb

renamed C:\Windows\System32\config\netlogon.dns

net start netlogon

ipconfig /registerdns

Then ran dcdiag /test:dns /v again but still get same error.

Here is a copy of ipconfig /all

C:\Users\administrator.removedforanony>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : TE-SERVER-ARCGIS
   Primary Dns Suffix  . . . . . . . : removedforanonymity.com
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : removedforanonymity.com

Ethernet adapter Local Area Connection 2:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom BCM5716C NetXtreme II GigE (NDIS
 VBD Client) #41
   Physical Address. . . . . . . . . : 78-2B-CB-6C-C3-4C
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.50.101(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.50.1
   DNS Servers . . . . . . . . . . . : 192.168.50.101
   Primary WINS Server . . . . . . . : 127.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

My DNS forward lookup zones are:

_msdcs.removedforanonymity.com

removedforanonymity.com

Here is a copy of my  dcdiag /test:dns /v

C:\Users\administrator.removedforanony>dcdiag /test:dns /v

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   * Verifying that the local machine TE-SERVER-ARCGIS, is a Directory Server.
   Home Server = TE-SERVER-ARCGIS
   * Connecting to directory service on server TE-SERVER-ARCGIS.
   * Identified AD Forest.
   Collecting AD specific global data
   * Collecting site info.
   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=removedforanonymity,DC=com,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
   The previous call succeeded
   Iterating through the sites
   Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name
,CN=Sites,CN=Configuration,DC=removedforanony,DC=com
   Getting ISTG and options for the site
   * Identifying all servers.
   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=removedforanonymity,DC=com,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
   The previous call succeeded....
   The previous call succeeded
   Iterating through the list of servers
   Getting information for the server CN=NTDS Settings,CN=TE-SERVER-ARCGI,CN=Ser
vers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=removedforanony
,DC=com
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   * Identifying all NC cross-refs.
   * Found 1 DC(s). Testing 1 of them.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\TE-SERVER-ARCGI
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         Determining IP4 connectivity
         * Active Directory RPC Services Check
         ......................... TE-SERVER-ARCGI passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\TE-SERVER-ARCGI
      Test omitted by user request: Advertising
      Test omitted by user request: CheckSecurityError
      Test omitted by user request: CutoffServers
      Test omitted by user request: FrsEvent
      Test omitted by user request: DFSREvent
      Test omitted by user request: SysVolCheck
      Test omitted by user request: KccEvent
      Test omitted by user request: KnowsOfRoleHolders
      Test omitted by user request: MachineAccount
      Test omitted by user request: NCSecDesc
      Test omitted by user request: NetLogons
      Test omitted by user request: ObjectsReplicated
      Test omitted by user request: OutboundSecureChannels
      Test omitted by user request: Replications
      Test omitted by user request: RidManager
      Test omitted by user request: Services
      Test omitted by user request: SystemLog
      Test omitted by user request: Topology
      Test omitted by user request: VerifyEnterpriseReferences
      Test omitted by user request: VerifyReferences
      Test omitted by user request: VerifyReplicas

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         See DNS test in enterprise tests section for results
         ......................... TE-SERVER-ARCGI passed test DNS

   Running partition tests on : ForestDnsZones
      Test omitted by user request: CheckSDRefDom
      Test omitted by user request: CrossRefValidation

   Running partition tests on : DomainDnsZones
      Test omitted by user request: CheckSDRefDom
      Test omitted by user request: CrossRefValidation

   Running partition tests on : Schema
      Test omitted by user request: CheckSDRefDom
      Test omitted by user request: CrossRefValidation

   Running partition tests on : Configuration
      Test omitted by user request: CheckSDRefDom
      Test omitted by user request: CrossRefValidation

   Running partition tests on : removedforanonymity
      Test omitted by user request: CheckSDRefDom
      Test omitted by user request: CrossRefValidation

   Running enterprise tests on : removedforanonymity.com
      Starting test: DNS
         Test results for domain controllers:

            DC: TE-SERVER-ARCGIS.removedforanonymity.com
            Domain: removedforanonymity.com


               TEST: Authentication (Auth)
                  Authentication test: Successfully completed

               TEST: Basic (Basc)
                  The OS
                  Microsoft Windows Server 2008 R2 Standard  (Service Pack level
: 1.0)
                  is supported.
                  NETLOGON service is running
                  kdc service is running
                  DNSCACHE service is running
                  DNS service is running
                  DC is a DNS server
                  Network adapters information:
                  Adapter
                  [00000008] Broadcom BCM5716C NetXtreme II GigE (NDIS VBD Clien
t):

                     MAC address is 78:2B:CB:6C:C3:4C
                     IP Address is static
                     IP address: 192.168.50.101
                     DNS servers:
                        192.168.50.101 (TE-SERVER-ARCGI) [Valid]
                  The A host record(s) for this DC was found
                  The SOA record for the Active Directory zone was found
                  The Active Directory zone on this DC/DNS server was found prim
ary
                  Root zone on this DC/DNS server was not found

               TEST: Forwarders/Root hints (Forw)
                  Recursion is enabled
                  Forwarders Information:
                     205.152.132.23 (<name unavailable>) [Valid]
                     205.152.37.23 (<name unavailable>) [Valid]

               TEST: Delegations (Del)
                  No delegations were found in this zone on this DNS server

               TEST: Dynamic update (Dyn)
                  Test record dcdiag-test-record added successfully in zone removedforanonymity.com
                  Test record dcdiag-test-record deleted successfully in zone removedforanonymity.com

               TEST: Records registration (RReg)
                  Network Adapter
                  [00000008] Broadcom BCM5716C NetXtreme II GigE (NDIS VBD Clien
t):

                     Matching CNAME record found at DNS server 192.168.50.101:
                     033af388-8783-4714-ad6b-691fed2eaf75._msdcs.removedforanonymity.com

                     Matching A record found at DNS server 192.168.50.101:
                     TE-SERVER-ARCGIS.removedforanonymity.com

                     Matching  SRV record found at DNS server 192.168.50.101:
                     _ldap._tcp.removedforanonymity.com

                     Error:
                     Missing SRV record at DNS server 192.168.50.101:
                     _ldap._tcp.68f495a1-7552-4ddf-8d91-42effff06952.domains._ms
dcs.removedforanonymity.com
                     [Error details: 9003 (Type: Win32 - Description: DNS name d
oes not exist.)]

                     Matching  SRV record found at DNS server 192.168.50.101:
                     _kerberos._tcp.dc._msdcs.removedforanonymity.com

                     Matching  SRV record found at DNS server 192.168.50.101:
                     _ldap._tcp.dc._msdcs.removedforanonymity.com

                     Matching  SRV record found at DNS server 192.168.50.101:
                     _kerberos._tcp.removedforanonymity.com

                     Matching  SRV record found at DNS server 192.168.50.101:
                     _kerberos._udp.removedforanonymity.com

                     Matching  SRV record found at DNS server 192.168.50.101:
                     _kpasswd._tcp.removedforanonymity.com

                     Matching  SRV record found at DNS server 192.168.50.101:
                     _ldap._tcp.Default-First-Site-Name._sites.removedforanonymity.com

                     Matching  SRV record found at DNS server 192.168.50.101:
                     _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.removedforanonymity.com

                     Matching  SRV record found at DNS server 192.168.50.101:
                     _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.removedforanonymity.com

                     Matching  SRV record found at DNS server 192.168.50.101:
                     _kerberos._tcp.Default-First-Site-Name._sites.removedforanonymity.com

                     Matching  SRV record found at DNS server 192.168.50.101:
                     _ldap._tcp.gc._msdcs.removedforanonymity.com

                     Matching A record found at DNS server 192.168.50.101:
                     gc._msdcs.removedforanonymity.com

                     Matching  SRV record found at DNS server 192.168.50.101:
                     _gc._tcp.Default-First-Site-Name._sites.removedforanonymity.com

                     Matching  SRV record found at DNS server 192.168.50.101:
                     _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.removedforanonymity.com

                     Matching  SRV record found at DNS server 192.168.50.101:
                     _ldap._tcp.pdc._msdcs.removedforanonymity.com

               Warning: Record Registrations not found in some network adapters

         Summary of test results for DNS servers used by the above domain
         controllers:

            DNS server: 192.168.50.101 (TE-SERVER-ARCGI)
               All tests passed on this DNS server
               Name resolution is functional._ldap._tcp SRV record for the fores
t root domain is registered

            DNS server: 205.152.132.23 (<name unavailable>)
               All tests passed on this DNS server

            DNS server: 205.152.37.23 (<name unavailable>)
               All tests passed on this DNS server

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: removedforanonymity.com
               TE-SERVER-ARCGIS             PASS PASS PASS PASS PASS WARN n/a

         ......................... removedforanonymity.com passed test DNS
      Test omitted by user request: LocatorCheck
      Test omitted by user request: Intersite

Any suggestions why I am still getting this error?

Thanks,

Brian

Hi,

I have windows server 2008 r2 and it randomly freezes. It is one of our application server which is access remotely via rdp by more the 30 users every day to do business.

I check for any fixes online and it points me to a hotfix by Microsoft but when I click to download, then it says the fix is no longer available.

Would appreciated if the hotfix can be sent to me to resolve my current issue.

regards

dom

Hi,

I have built a Win VPN server in GCP cloud, DHCP service is not allowed here and so I am not able to configure classless static routes, like I have been doing on-prem.

When I connect using VPN client, I can connect to office network but can no longer reach to internet, even when "use gateway on remote network" is unchecked on client machine..

how else can I distribute\define subnets for VPN clients from VPN server? network policy server?

Please suggest..

Hi; spent a good 4 or 5 hours on this one today and feel like if I keep going the same way, I'll have ground my teeth away completely by the end of the week - hoping I'm missing something really obvious.

I've followed documentation to set up an always on VPN, specifically for device tunnels.

I've created an XML and setup script (using Microsoft documentation); when I run this inside an administrative powershell it executes perfectly; the VPN is fully functional accross multiple users and everything seems to work perfectly. "get-vpnconnection" shows the connection profile (interestingly, "get-vpnconnection -alluserconnection" does not show anything... should it?)

I'm hitting a brick wall when I try to deploy the script via SCCM or even via group policy startup script.

The package runs, SCCM client logs indicate that it ran successfully; Windows log events for Powershell show the code blocks being handled by the SYSTEM account - yet when I run "get-vpnconnection" or "get-vpnconnection -alluserconnection", there is nothing! Startup script behave the same.

I'm using the same XML and powershell scripts as I did when I manually executed the script on the machine so I can't see a reason for it failing.

For the purposes of elimination and testing I have set script execution to unrestricted.

Client is running Win 10 1803.

Any suggestions are really appreciated,

Thanks!