well messanger is not letting me retrieve my password  wants my moble #  I donot have one of those # s.

so I cannot work my messager

error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Getting the above error when i run jenkins job on windows 2008 server to connect to nexus.
Kindly help

Hi,

I have noticed that many dns records have timestamp that is not up to day, some are several days, and many are even 1 year. There is no problem with DNS resolving, and I don`t see any DNS issues in the logs. When I right click a record, I can see that the machine name has read and write access. Its both forward and reverse timestamps. Another thing is that the timestamp is different on each DC as well... for information I have not configured scavenging. There are only static addresses.

Is this a problem or could I just ignore it ?

Thanks for reply.

/Regards Andreas

Good day! 
I have a server that is running Windows Server 2008 r2.
One network adapter - 192.168.1.46

On this server, a Cisco VPN client is installed in order to connect to the machine 10.0.2.15 over RDP Protocol. The client gets the address of the 10.183.5.53.  Pay attention to the route and traceroute to 10.0.2.15 in the screenshot. Everything works properly.

Now I installed the RRAS role on the same server. A static pool with a network of 192.168.77.0/24 is configured on RRAS. The client connects and gets the IP address from the pool.

What routes do I need to register on the client to be able to connect via RDP to 10.0.2.15 ?
At the same time I would not like to change the subnet that is given to the client !

Hello,
I have successfully configured Always on VPN with the IKE/IPSEC protocols -  Ports 500 & 4500 = All is working as expected.

I am now trying to implement the ability to use SSTP (443) for when IKE/IPSEC isn't available such as in restaurants or hotels.

I've changed the native protocol to 'Automatic' (Also tested 'SSTP') and have enabled SSTP WAN Miniports in RRAS on the VPN server for RAS/Routing.

However, upon trying to connect, SSTP consistently fails. The connection appears to find the VPN server, then reads the certificate store and then looks to drop out when trying to verify sign-in info. It's at this point when other protocols are attempted.

Interestingly, when I change the Native protocol to be SSTP only (rather than Automatic), I get a pop-up window prompting for the users credentials when trying to connect to the VPN profile.

I'm at a bit of a loss and totally new to any kind of VPN setup so any help would be greatly appreciated.

Thanks in advance!

Hi all,

In my production environment, I have a DNS server (Server 2012 R2 with AD)and not DHCP server,I need to manual add or remove for all records.  Now I would like to enable DDNS in DNS server and I have some questions about this.

1. DDNS need to work with DHCP Server?
2. If no, how can I enable in DNS Server?
3. If I have enabled DDNS, any impacts for production environment?
4. What is the best practices for DDNS? 

Many Thanks!

Stanley

Server 2012R2

I swapped DNS updates to Secure only (with Credentails configured)

I can delete DNS record, do ipconfig /registerdns on client

Then in event log I get error:

The system failed to register host (A or AAAA) resource records (RRs) for network adapter with settings:

but DNS record DOES get created!

Which makes no sense at all?

Seb

Hello,

Most of the time the clients connect without an issue, however, sometimes clients get the message “The connection was prevented because of a policy configured on your RAS/VPN server. Specifically, the authentication method used by the server to verify your username and password may not match the authentication method configured in your connection profile.”
An immediate retry connects without any issue so i think the configuration is OK.

Infrastructure : 
- 2 RRAS on Windows Server 2016 1607 load balanced by a F5 device
- 2 NPS on Windows Server 2016 1607 by a F5 device
To isolate the issue, the AwaysOn infrastructure works currently with only one RRAS and one NPS server.
It works approximatively 4 times out of 5 so it's complicated to troubleshoot this issue.

Has anyone experienced this?

Thanks,
Kevin JAGIELLA

Hello!

I have this scenario on my small network with 10 PCs (connecting from outside to inside my network):

1) Modem with ADSL connection
2) Wireless Router with public IP on WAN interface 
3) Switch 
4) Server 2012 with DC/DHCP/DNS (with 2 NICs) and others servers/desktops machines 

I want to share internet to servers and desktops.
I was able to share internet by 2 methods searching on google, but I am not satisfied with them:

First method - Using the Wireless Router and its DHCP Server
I turned on the DHCP inside the Wireless Router. All machines will get an IP and be able to go to Internet, but I don’t have the ability to control the DHCP and DNS in the router how I would like to have, because the server DHCP and DNS must be turned off on Windows Server.

Second method - Using the Windows Server RRAS NAT, DHCP and DNS server

I have 2 NICs on the server:

NIC1 - CONNECTED TO SWITCH

IP: 192.168.1.1
MSK: 255.255.255.0
GTW:192.168.1.1
DNS:192.168.1.1

NIC2 - CONNECTED TO WIRELESS ROUTER
(the LAN IP of the wireless router is 172.16.0.1)

IP: 172.16.0.2
MSK: 255.255.0.0
GTW: 172.16.0.1
DNS: 172.16.0.1

After installing and setting the RRAS with NAT at the Server, the internet began to work on all machines but at some times the internet stop to load some random webpages, and if you hit a couple of times the F5 button, the webpage open sometimes, but very, very slow.

I saw other people in foruns saying that RRAS is not very good, and could cause weird things at internet connection, so, now I think the internet is horrible because of RRAS. After notice that internet is bad I tested it connecting a cable direct to the lan ports of the Wireless Router, and the internet works fast and perfect.

What is the best thing to do in my case to maintain Windows Server DHCP and DNS turned on and Internet be shared without loss of quality?

Thank you!

Guys,

I am in my lab environemnt creating a PPTP VPN setup( i know it is not that safe, but the next step will be L2TP and radius).

I noticed i need to give acces user by user through the dial-in properties, but isnt it possible to do that easier thorugh a group or by creating a policy?

If so, how should i do that?

regards,

johan

Exactly as the one here

My setup is dead simple, internal network 10.0.0.0/16

One RRAS interface in DMZ, another in LAN (so it is not full DMZ setup , but like left picture here)

DHCP gives out 10.0.10.0-10.0.15.254

As I can not get VPN clients to obtain IP from DHCP, I used static pool of 10.0.16.0-10.0.16.254

So the client looks:

PPP adapter AO:Connection-specific DNS Suffix.:Description...........: AOPhysicalAddress.........:
   DHCP Enabled...........:NoAutoconfigurationEnabled....:YesIPv4Address...........:10.0.16.7(Preferred)SubnetMask...........:255.255.255.255DefaultGateway.........:Primary WINS Server.......:10.0.0.22NetBIOS over Tcpip........:Enabled

Static address pool on the RRAS works fine, but DHCP is simply a NO GO!

Anybody had any success (we are talking Server 2019)

Seb

Hello,

I have an Always On VPN setup in our environment. It worked great for around a month or two, however in the last couple of weeks I've had several (around 40%) of our clients get disconnected after 5-10 minutes. The remaining clients stay connected through out the day. The disconnected clients have Error Code 829, however it I've had users who are connected to their home internet switch from WiFi to ethernet and vice versa, as well as work off our test network in the office. Those same users are still getting disconnected while others can stay connected to that same access point and remain connected throughout the day. I thought the issue may actually be the connection being disconnected for them being timed out but I'm not sure.

Here is one of the logs from the server and all of the disconnects look pretty similar -

Can anyone offer any insight?

Customer wants to implement Windows 10 Always On VPN with Force Tunneling, with Windows Server 2016 RRAS.  Is any proxy required for outbound internet traffic (traffic coming over the VPN but destined for the internet), or does the RRAS server simply send the traffic out?  Is there any guidance available for capacity planning in this scenario?  what if the RRAS server does not have internet access?

I've read that under DirectAccess with Force Tunneling, outbound proxy was typically required, and the deployment guide does not contain details for the Force Tunnel scenario for Always On VPN.  Thanks for any insights.

Hi!

I have RRAS server and Zyhel Router with DHCP.

When i set static pool in RRAS, VPN client get ip from pool and connect to server.

If I specify - get the address from the DHCP server, then I get an error

The user WIN-1BNIRH6JKPI\adm connected to port VPN2-127 has been disconnected because no network protocols were successfully negotiated.

I add DCHP relay, but the problem did not go away.

What settings do I need so that client can get the address from the router?
What settings should be in DHCP relay?
Should i configure Network Policy Server (NPS) for that?

I had a Win2000 DHCP server on vlan400 / 10.x.4.x with a superscope for the top three floors of the office and a separate scope (10.x.7.x) for the network staff in the basement (vlan700). This has been working well for years...

The Win2000 server just died (hardware) and I can't find the backup I had for it (Yes, I'm an idiot ;-).

I re-created the scopes from memory on a win2008 server (DC) and the superscope works great, but the 10.x.7.x scope for the Vlan700 is not working.

There has been no changes in any of the switches/routers, etc. so they are still all good. Just the DHCP server.

Question: What do I need to do on the DHCP server to get the clients on the vlan700 to get their 10.x.7.x addresses without preventing the DHCP server from continuing to use the superscope for the clients on the vlan400?

Remember all worked, sever died, not working now - server/config issue.

Thank you in advance for your help.

Hello,

I spent a decent amount of time searching but could not find an answer to my question. 

Is there a way to add 3rd party certs in the CA certs response CertSrv provides in https://<hostname>/certsrv/certcarc.asp ? 

If this needs to be redirected to another forum please let me know. 

Thank you, 
PK

Hi, i have trubleshot with my Always On VPN.
User tunnel (IKEv2) connection from Windows 10 (1803) is triggered, routes applied, i see it`s status, packets are sended to interface – but no packets return back (zero at “Received”). Network and Sharing center shows my VPN-connection as “Identifying…” for a minute or two, then changed to “Public network”. If i wait 3-5 minutes(or if i reconnect manually) – status changed to “Domain Network” and in same time packets start running in both direction – everything is good now, connection worked.
When i use SSTP protocol all work fine.

I have one server vpn: wan interface looks on the Internet, and lan on my local network. Ports 500, 4500 are open. I use Split tunneling in my configuration.
I tried the configuration that Microsoft recommends with wan interfaces in dmz. But I got the same story.
Perhaps this is important, my entire infrastructure is located on a VMware server.

I will be grateful for any advice on this issue, I spent more than a week trying to solve this situation ((

I have 2 ML350 Gen10 Servers both setup the same. Windows Server 2016. As soon as i configure Routing and Remote Access the server will crash on attempted restart with the DPC Watchdog Violation error. additionally as the server begins the shutdown process the machines both stall at 'Restarting' for a good 2 minutes or so before posting bsod error.

If i disable RRAS then both issues are no longer present. I have run Spp-2019.03.1_1 through SUM, I have formatted and started again a few times but the issue is still present. Currently have the most current network driver installed but have tried on older versions aswell with no difference. I contacted HP Support and they offered no assistance.

Here is the dump file if anyone has time: https://www.dropbox.com/s/et1cv1fn8llum5i/051019-9296-01.dmp?dl=0

Any help would be appreciated.

Hi, i have trubleshot with my Always On VPN.
User tunnel (IKEv2) connection from Windows 10 (1803) is triggered, routes applied, i see it`s status, packets are sended to interface – but no packets return back (zero at “Received”). Network and Sharing center shows my VPN-connection as “Identifying…” for a minute or two, then changed to “Public network”. If i wait 3-5 minutes(or if i reconnect manually) – status changed to “Domain Network” and in same time packets start running in both direction – everything is good now, connection worked.
When i use SSTP protocol all work fine.

I have one server vpn: wan interface looks on the Internet, and lan on my local network. Ports 500, 4500 are open. I use Split tunneling in my configuration.
I tried the configuration that Microsoft recommends with wan interfaces in dmz. But I got the same story.
Perhaps this is important, my entire infrastructure is located on a VMware server.

I will be grateful for any advice on this issue, I spent more than a week trying to solve this situation ((

I manage a GC with DNS for one of our branch offices. While there have not been any issues, part of the the /test:DNS results indicates errors that I would like to address.

               TEST: Forwarders/Root hints (Forw)
                  Recursion is enabled
                  Forwarders Information: 
                     125.170.93.234 (<name unavailable>) [Invalid] 
                     210.145.254.170 (<name unavailable>) [Invalid] 
                     8.8.4.4 (<name unavailable>) [Invalid] 
                     8.8.8.8 (<name unavailable>) [Invalid] 
                     Error: All forwarders in the forwarder list are invalid. 
                  Root hint Information: 
                     Name: a.root-servers.net. IP: 198.41.0.4 [Invalid]
                     Name: b.root-servers.net. IP: 199.9.14.201 [Invalid]
                     Name: c.root-servers.net. IP: 192.33.4.12 [Invalid]
                     Name: d.root-servers.net. IP: 199.7.91.13 [Invalid]
                     Name: e.root-servers.net. IP: 192.203.230.10 [Invalid]
                     Name: f.root-servers.net. IP: 192.5.5.241 [Invalid]
                     Name: g.root-servers.net. IP: 192.112.36.4 [Invalid]
                     Name: h.root-servers.net. IP: 198.97.190.53 [Invalid]
                     Name: i.root-servers.net. IP: 192.36.148.17 [Invalid]
                     Name: j.root-servers.net. IP: 192.58.128.30 [Invalid]
                     Name: k.root-servers.net. IP: 193.0.14.129 [Invalid]
                     Name: l.root-servers.net. IP: 199.7.83.42 [Invalid]
                     Name: m.root-servers.net. IP: 202.12.27.33 [Invalid]
                  Error: Both root hints and forwarders are not configured or 
                  broken. Please make sure at least one of them works.

As can be seen above, I have forwarders enabled. The first two are from the ISP, the second two are public Google DNS. While ISP DNS servers are preferred, I added the Google DNS to help investigate this issue. I have no problems removing it, though it does not resolve the problems.

Questions #1: Why is the name unavailable?
Running nslookup on all of the forwarder IPs and root IP returns the name as expected. Here are several queries run on the DNS server.

C:\>nslookup 125.170.93.234
Server:  dc01.site01.company.org
Address:  172.21.4.253

Name:    nv-ku501.ocn.ad.jp
Address:  125.170.93.234

C:\>nslookup 8.8.4.4
Server:  dc01.site01.company.org
Address:  172.21.4.253

Name:    google-public-dns-b.google.com
Address:  8.8.4.4

C:\>nslookup 198.41.0.4
Server:  dc01.site01.company.org
Address:  172.21.4.253

Name:    a.root-servers.net
Address:  198.41.0.4

C:\>nslookup 199.9.14.201
Server:  dc01.site01.company.org
Address:  172.21.4.253

Name:    b.root-servers.net
Address:  199.9.14.201

The next section:

         Summary of test results for DNS servers used by the above domain 
         controllers: 

            DNS server: 125.170.93.234 (<name unavailable>) 
               1 test failure on this DNS server 
               Name resolution is not functional. _ldap._tcp.company.org. failed on the DNS server 125.170.93.234
               [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]

            DNS server: 192.112.36.4 (g.root-servers.net.) 
               1 test failure on this DNS server 
               Name resolution is not functional. _ldap._tcp.company.org. failed on the DNS server 192.112.36.4
               [Error details: 9002 (Type: Win32 - Description: DNS server failure.)]

            DNS server: 192.203.230.10 (e.root-servers.net.) 
               1 test failure on this DNS server 
               Name resolution is not functional. _ldap._tcp.company.org. failed on the DNS server 192.203.230.10
               [Error details: 9002 (Type: Win32 - Description: DNS server failure.)]

            DNS server: 192.33.4.12 (c.root-servers.net.) 
               1 test failure on this DNS server 
               Name resolution is not functional. _ldap._tcp.company.org. failed on the DNS server 192.33.4.12
               [Error details: 9002 (Type: Win32 - Description: DNS server failure.)]

            DNS server: 192.36.148.17 (i.root-servers.net.) 
               1 test failure on this DNS server 
               Name resolution is not functional. _ldap._tcp.company.org. failed on the DNS server 192.36.148.17
               [Error details: 9002 (Type: Win32 - Description: DNS server failure.)]

            DNS server: 192.5.5.241 (f.root-servers.net.) 
               1 test failure on this DNS server 
               Name resolution is not functional. _ldap._tcp.company.org. failed on the DNS server 192.5.5.241
               [Error details: 9002 (Type: Win32 - Description: DNS server failure.)]

            DNS server: 192.58.128.30 (j.root-servers.net.) 
               1 test failure on this DNS server 
               Name resolution is not functional. _ldap._tcp.company.org. failed on the DNS server 192.58.128.30
               [Error details: 9002 (Type: Win32 - Description: DNS server failure.)]

            DNS server: 193.0.14.129 (k.root-servers.net.) 
               1 test failure on this DNS server 
               Name resolution is not functional. _ldap._tcp.company.org. failed on the DNS server 193.0.14.129
               [Error details: 9002 (Type: Win32 - Description: DNS server failure.)]

            DNS server: 198.41.0.4 (a.root-servers.net.) 
               1 test failure on this DNS server 
               Name resolution is not functional. _ldap._tcp.company.org. failed on the DNS server 198.41.0.4
               [Error details: 9002 (Type: Win32 - Description: DNS server failure.)]

            DNS server: 198.97.190.53 (h.root-servers.net.) 
               1 test failure on this DNS server 
               Name resolution is not functional. _ldap._tcp.company.org. failed on the DNS server 198.97.190.53
               [Error details: 9002 (Type: Win32 - Description: DNS server failure.)]

            DNS server: 199.7.83.42 (l.root-servers.net.) 
               1 test failure on this DNS server 
               Name resolution is not functional. _ldap._tcp.company.org. failed on the DNS server 199.7.83.42
               [Error details: 9002 (Type: Win32 - Description: DNS server failure.)]

            DNS server: 199.7.91.13 (d.root-servers.net.) 
               1 test failure on this DNS server 
               Name resolution is not functional. _ldap._tcp.company.org. failed on the DNS server 199.7.91.13
               [Error details: 9002 (Type: Win32 - Description: DNS server failure.)]

            DNS server: 199.9.14.201 (b.root-servers.net.) 
               1 test failure on this DNS server 
               Name resolution is not functional. _ldap._tcp.company.org. failed on the DNS server 199.9.14.201
               [Error details: 9002 (Type: Win32 - Description: DNS server failure.)]

            DNS server: 202.12.27.33 (m.root-servers.net.) 
               1 test failure on this DNS server 
               Name resolution is not functional. _ldap._tcp.company.org. failed on the DNS server 202.12.27.33
               [Error details: 9002 (Type: Win32 - Description: DNS server failure.)]

            DNS server: 210.145.254.170 (<name unavailable>) 
               1 test failure on this DNS server 
               Name resolution is not functional. _ldap._tcp.company.org. failed on the DNS server 210.145.254.170
               [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]

            DNS server: 8.8.4.4 (<name unavailable>) 
               1 test failure on this DNS server 
               Name resolution is not functional. _ldap._tcp.company.org. failed on the DNS server 8.8.4.4
               [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]

            DNS server: 8.8.8.8 (<name unavailable>) 
               1 test failure on this DNS server 
               Name resolution is not functional. _ldap._tcp.company.org. failed on the DNS server 8.8.8.8
               [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]

            DNS server: 172.21.4.253 (DC-Foo01) 
               All tests passed on this DNS server 
               Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered 

         Summary of DNS test results: 

                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: Site01.company.org 
               DC-Foo01                      PASS PASS FAIL PASS PASS PASS n/a  

         ......................... company.org failed test DNS

Question #2: Why is it querying the forwarders and root servers for these internal records? This is an internal DNS server, so I would not expect or desire any of the following DNS queries would resolve. My guess is that this is that this is due to the unfortunate name domain name: *.org, which is ideally for public DNS. This name was decided on long before I started working here and is not something that I can change. Other than changing the name, is there anything I can or should do to fix this?