Quantcast
Channel: Network Infrastructure Servers forum
Viewing all 5877 articles
Browse latest View live

Setup Windows 2012R2 to connect to Azure

May 13, 2019, 9:33 am
$
0
0

We have a TMG 2010 server for our company and this is our main connection in and out of our network to the internet. We would like to setup a site to site connection to Azure but as I understand it, TMG 2010 doesn’t support VPN connections from Azure. And yes I know TMG 2010 is going away at the end of this year and we are actively working on replacing TMG but need to setup the VPN to Azure sooner rather than later.


So would the following be possible? If I setup a new Windows 2012 R2 Server and give it 2 NICs and use that setup the connection to Azure can I plug that machine into my network and use that to allow access to our Azure network?

 

Networking is not strength so I don’t know how the routing and network traffic would flow in this setup. Our TMG server is the default gateway in our network so I’m not sure what adding another machine to our network with a network connection would do.

 

Any help or suggestions would be helpful.

 

Thanks

Nick


Search

Can we create static record in AD integrated DNS

May 13, 2019, 7:58 pm
$
0
0


Can we create static record in AD integrated DNS ?

I know in general we don’t create static record in AD integrated DNS and it is a dynamic DNS zone.

RRAS Server Doesn't Get Initial 10 IP Allotment from DHCP Server

December 13, 2018, 6:42 am
$
0
0

Hi all,

I installed RRAS on a VM (Hyper-V) server, in a network in which all computers belong to the same Windows Domain. I only installed VPN - not Dialup or Direct Access. Another VM on the same machine, the PDC, is running the DHCP.

When the RRAS service is started, I see that the DHCP does not allocate the expected 10 addresses. In the Remote Access Management Console, "VPN Addressing" has a red X next to it, and its "operations state" is "DHCP Address Assignment".
Of course, any client trying to connect fails, and the RRAS server shows in its log that there are no IP addresses available to allocate.

The details show:

ERROR: The VPN server cannot obtain IP addresses for VPN clients from the DHCP server
CAUSES: The VPN server cannot obtain IP addresses for VPN clients from the DHCP server.
RESOLUTION:
1. Check network connectivity of the VPN server.
2. Verify DHCP settings.

I tried installing RRAS on 2 other VM on the same Hyper-V box, and sometimes they work, and sometimes they don't.

All hosts can ping each other. If I assign the problematic servers' NICs to get an address from DHCP, they successfully get the address. I assume this proves that there is no problem getting addresses in general.

I also tried shutting down all servers except the DHCP, and then starting the others - but it still didn't help.

I would appreciate it if someone could please help me out here.

TIA,
mlavie58

Windows server 2016 NPS not sending Accounting-response msgs

July 5, 2018, 5:41 am
$
0
0

Hi all,

I'm having an issue with NPS Radius accounting for a RRAS PEAP-TLS connection.

Authentication works fine but when accounting should start the only thing I receive are 4 Accounting-Request packets and can't see any Accounting-Response packets.

Following RFC2866 this is normal behaviour if it fails to record the accounting packet:

<< Upon receipt of an Accounting-Request, the server MUST transmit an

      Accounting-Response reply if it successfully records the
      accounting packet, and MUST NOT transmit any reply if it fails to
      record the accounting packet.

>>

Going of this I looked at the accounting config on NPS, which was set to SQL logging. Which is working fine.

To be on the safe side I just went back to local file logging.

This still works as expected.


<Event><Timestamp data_type="4">07/05/2018 14:10:02.265</Timestamp><Computer-Name data_type="1">NPS1</Computer-Name><Event-Source data_type="1">IAS</Event-Source><NAS-Identifier data_type="1">VPN1</NAS-Identifier><Service-Type data_type="0">2</Service-Type><Framed-Protocol data_type="0">1</Framed-Protocol><NAS-Port data_type="0">410</NAS-Port><NAS-Port-Type data_type="0">5</NAS-Port-Type><Tunnel-Type data_type="0">9</Tunnel-Type><Tunnel-Medium-Type data_type="0">1</Tunnel-Medium-Type><Called-Station-Id data_type="1">x.x.x.x</Called-Station-Id><Tunnel-Server-Endpt data_type="1">x.x.x.x</Tunnel-Server-Endpt><Calling-Station-Id data_type="1">x.x.x.x</Calling-Station-Id><Tunnel-Client-Endpt data_type="1">x.x.x.x</Tunnel-Client-Endpt><Framed-MTU data_type="0">1400</Framed-MTU><Class data_type="1">311 1 x.x.x.x 07/05/2018 12:09:13 11</Class><Acct-Session-Id data_type="1">116</Acct-Session-Id><User-Name data_type="1">Username@domain</User-Name><Framed-IP-Address data_type="3">x.x.x.x</Framed-IP-Address><Port-Limit data_type="0">1</Port-Limit><Acct-Multi-Session-Id data_type="1">350</Acct-Multi-Session-Id><Acct-Link-Count data_type="0">1</Acct-Link-Count><Event-Timestamp data_type="4">07/05/2018 12:09:47</Event-Timestamp><Acct-Authentic data_type="0">3</Acct-Authentic><Acct-Status-Type data_type="0">1</Acct-Status-Type><Client-IP-Address data_type="3">x.x.x.x</Client-IP-Address><Client-Vendor data_type="0">311</Client-Vendor><Client-Friendly-Name data_type="1">VPN1</Client-Friendly-Name><Proxy-Policy-Name data_type="1">Virtual Private Network (VPN) Connections</Proxy-Policy-Name><Acct-Interim-Interval data_type="0">60</Acct-Interim-Interval><MS-RAS-Vendor data_type="0">311</MS-RAS-Vendor><MS-RAS-Version data_type="1">MSRASV5.20</MS-RAS-Version><MS-RAS-Correlation-ID data_type="1">{68CA818A-185C-3906-273D-31FBF10DB1AF}</MS-RAS-Correlation-ID><MS-Network-Access-Server-Type data_type="0">2</MS-Network-Access-Server-Type><MS-RAS-RoutingDomain-ID data_type="1">{00000000-0000-0000-0000-000000000000}</MS-RAS-RoutingDomain-ID><Packet-Type data_type="0">4</Packet-Type><Reason-Code data_type="0">9</Reason-Code></Event>

Any help would be gratefull as i'm at a loss


DHCP Server - Keeps stopping.

May 20, 2019, 12:59 am
$
0
0

Environment

OS: Windows Server 2016

Hardware: Lenovo Workstation

Domain Environment 

Problem:

DHCP Server keeps stopping requiring a restart before it leases IP Addresses.

DHCP Switchover between two domains.

May 20, 2019, 6:03 am
$
0
0

Hello - I need an assist to perform DHCP switch-over between 2 different domains.

  1. Currently the DHCP scopes are configured in DHCP cluster for domain NET.AAA.COM.
  2. Client machines also in NET.AAA.COM.
  3. Now, I need to move the scopes out from cluster servers and need to configure the same in another server which is in BB.NET domain.
  4. Still the client machines will be in NET.AAA.COM domain only.
  5. Both domains NET.AAA.COM and BB.NET are having trust relationship between them and we can login to servers using either domain accounts to both domain servers.

Please suggest an solution to perform this migration. Thanks in advance!

Moving DNS from 2008 R2 to 2016

May 21, 2019, 4:56 pm
$
0
0
I have a 2008 R2 DNS server, it is in a Workgroup (no AD is involved) and is not Internet facing. It is not used much. I need to move DNS off of it to a new 2016 server. Is it OK to install the DNS role on the 2016 server and copy the zones over before I actually make it the DNS server (meaning give it the same name and IP of the current one)? Or, is it better to rename and re-IP the current one.....then install the DNS role on the new one and copy over the zones, then give it the same name and IP of the old one? I am just trying to minimize downtime (either way I will do this off hours).

VPN connection to host, RDP to VMs

May 22, 2019, 2:09 am
$
0
0

Hi

I'm trying to sort out a situation. We have two hosted servers, Server 2012R2 with the RRAS and Hyper-V roles, each with a single NIC and they are connected directly to the internet (So public IPs). On each host is multiple VMs connected. Each VM has its own public IP and used by our roaming clients. We are trying to cut down on our public IP needs so we want to change how the system works.

We want our roamers to start a VPN connection to the host machine, then use RDP through the VPN to connect to their respective VM... But I cannot seem to get the RRAS to play fair. The clients don't need to access the host machine at all, just the VMs. I have managed to get the VPN side of things to connect and that is about it. I cannot seem to figure out how to allow routing to the internal VMs. VMs also still need internet access.

I'm stuck and need some help. I want to start fresh and take it from there.

Search

Always On VPN: DNS Registers remote WiFI Adapter IP and cannot access SYSVOL through User Tunnel

February 2, 2019, 3:06 pm
$
0
0

Hi There,

I have a new new Server 2016 / W10 1809 Always On VPN Setup:

- Server 2016 Routing and Remote Access Server providing IKEv2 (Device Tunnel) and SSTP (User Tunnel)
- Windows 10 1809 Clients with Device and User Certificates from internal AD integrated PKI

The Problems are:
1. GPUPDATE is not working if the User Tunnel is connected (SYSVOL is not accessible). Accessing SYSVOL in explorer prompts for a user and password, any other share in the domain is working fine, it's just not working with DFS Shares.
But if I disconnect the User Tunnel and let only the Device Tunnel opened, GPUPDATE and DFS is working fine.
Booth tunnels are having the same DNS / Remote Address Ranges Config and no Traffic Filters are configured.
I have no idea how to fix this, the only workaround is enabling the Network access: Do not allow storage of passwords and credentials for network authenticationbut the drawbacks with this GPO Security Setting enabled are to big.

2. All Remote Clients are registering their VPN IP in the DNS, which is desired, but further more they are registering the IP of the WiFi Adapter too, which makes manage-out quite unreliable.
The only Workaround I've figured out is, unchecking the "register this connection's Addresses in the DNS" in the advanced settings of the WiFi Adapter, but rolling this out to a few hundred clients is a quite difficult.

Is anyone else having these problems and have found a solution for it?

Thanks in advance

Malte

Server 2019 Radius blocked by Defender Firewall

January 11, 2019, 11:45 am
$
0
0
I am having a problem with the Defender Firewall blocking Radius requests.  I have verified the firewall is the problem by turning it off and on.  The radius client is set to use the default ports and the ports are open in the firewall config.  Any ideas?

Steve

DNS TTL live setting

May 22, 2019, 11:15 pm
$
0
0

I have problem when setting the DNS TTL in the DC server it will revert to default like 15 minute, 20 minute, 1 hour. I check some explanation and solution but just in sure how can I change the value in the DC so it will not revert back to default after updating in the DNS Server settings for the hostname.

Thanks

where is net helpmsg 2182. ??https://social.technet.microsoft.com/Forums/en-us/home?category=windowsserver&filter=alltypes&sort=lastpostdesc

May 26, 2019, 10:53 am
$
0
0

message: net helpmsg 2182.

how to fix

tried to find file: none

help site no longer available

conflicting answers

DNS Server 2019

May 28, 2019, 9:17 am
$
0
0

Running DNS Debug Logging to gather more information on interesting DNS traffic.

Log shows a PTR lookup to 2 of 3 DNS forwarders with SERVFAIL. Then there is an A record lookup then there is a subsequent PTR lookup to the DNS server provided in the previous A record lookup DATA section. How does my DNS server use a DNS server IP that is neither a forwarder or root hint server. It's like my DNS server is unhappy with the SERVFAIL responses and fetches some unknown DNS server to query.

There are other DNS external server my internal DNS server will query, this is an example I'm focused on because the IP 195.22.26.248 is a sinkhole.

2 SERVFAIL PTR requests:

5/28/2019 10:55:28 AM 0870 PACKET  0000021D4647AD00 UDP Rcv 66.155.216.122  83f8 R Q [8281   DR SERVFAIL] PTR    (3)185(3)142(3)237(3)204(7)IN-ADDR(4)ARPA(0)
UDP response info at 0000021D4647AD00

5/28/2019 10:55:28 AM 0870 PACKET  0000021D469FAD90 UDP Rcv 207.59.153.242  83f8 R Q [8281   DR SERVFAIL] PTR    (3)185(3)142(3)237(3)204(7)IN-ADDR(4)ARPA(0)
UDP response info at 0000021D469FAD90

Unusual A record lookup to DNS forwarder

5/28/2019 10:55:32 AM 0AD4 PACKET  0000021D4949F920 UDP Snd 207.59.153.242  d011   Q [0001   D   NOERROR] A      (3)ns1(19)whartontechnologies(3)com(0)
UDP question info at 0000021D4949F920

ANSWER SECTION:
    Offset = 0x002d, RR count = 0
      TYPE   A  (1)
      CLASS  1
      TTL    89
      DLEN   4
      DATA   195.22.26.248

Unusual PTR lookup to unknown DNS server (provided in the previous A record lookup results)

5/28/2019 10:55:28 AM 0870 PACKET  0000021D473A50B0 UDP Snd 195.22.26.248   c021   Q [0000       NOERROR] PTR    (3)185(3)142(3)237(3)204(7)IN-ADDR(4)ARPA(0)
UDP question info at 0000021D473A50B0

Any DNS guru can help me understand the process how or why an internal dns server will query an unknown DNS server?


Always on VPN Failover Cluster

July 9, 2018, 7:33 am
$
0
0

Hello Everyone, 

i can't find anything related to setting up an always on VPN Failover Cluster!

i'd like to use my fortigate as a load balancing hardware so that my AOV clients can switch to the second RRAS server if the connection to the first is interrupted.

pretty simple setup really but i can't make it work...

i have 2 RRAS servers setup as AOV servers. i can connect to each one individually but the switch has to be manual, i have to disconnect the client manually and reconnect it so that i switch to the second server. disconnecting the network card does't even disconnect the AOV connection it just stays connected to nothing basically

anyone have any ideas on how to set this up ?

thanks!

Hitch Bardawil

2012 R2 NPS/RADIUS Server. Event ID 4402: There is no domain controller available for the domain.

November 12, 2015, 2:00 pm
$
0
0

Attempting to replace existing Winidows 2003 RADIUS server with new 2012 R2 NPS/RADIUS Server. RADIUS server used for 2nd Factor SafeWord authentication. All policies and settings replicated to new NPS server. NPS server has been registered w/ AD (child.domain.com).

When testing w/ NTRadPing Utility, continually get response: Access-Reject. Event ID 4402 "There is no domain controller for the domain domain.com" logged in System Log on NPS server.

Unable to locate any reference to issue w/ child domains. Not sure if this error is perhaps a red herring of some sort.

Search

Always On VPN with one NIC

May 30, 2019, 3:14 pm
$
0
0

Good evening,

I wonder if it is possible to set Always On VPN using one network card? I have a HP server with one, dual port NIC. Server is behind the router (set in the DMZ Zone). Server itself has private IP address and redirection is set on the router (public IP->Router->Server).

Supported Number of VPN Connections in Routing and Remote Access for WinServer2012r2-2016-2019

May 31, 2019, 1:05 am
$
0
0

Hello.

I found only this page for 2003-2008

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ee344833(v=ws.10)

Where i can see for 2012-2016-2019 ?

RRAS doesn't start. Error 8007042a. EventID 20103

September 16, 2009, 8:04 am
$
0
0
Hi all.
When I install and enable the Routing and Remote Access service on a Windows 2008 R2 (with Remote Access and NAT), the service does not start (EventID 20103 - Unable to load C:\Winnt\System32\Iprtrmgr.dll).
In HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RemoteAccess\RouterManagers\<protocol>\DllPath:
 Value data: %SystemRoot%\System32\Iprtrmgr.dll
Iprtrmgr.dll is located in the C:\Windows\System32\

When I install RRAS without Remote Access, the service is start without errors.

Can anybody help me to solve this problem?
P.S. sorry for my bad english.

DHCP Option 121 is ignored if NPS IP Filtering is enabled

June 2, 2019, 5:26 pm
$
0
0

Hi All

I have the following setup:-

Server 2016 with RRAS, DHCP and NPS roles providing VPN access for remote users.

Two scenarios:-

1. Users with no NPS IP filtering policies will get a DHCP address and DHCP option 121 for classless routes.

2. Users with NPS IP filtering Policies (policy to allow only certain destination IPs and ports) will NOT get the classless routes.

Removing the IP filters from the users who would typically get them results in the routes being applied.

Why would simply enabling IP filtering on NPS stop DHCP from applying only option 121? - other DHCP options are applied.

Thanks!

RRAS Clients continuously disconnecting

July 11, 2018, 5:02 am
$
0
0

I have a problem that is beginning to drive me crazy, any help is much appreciated.

We have a RRAS Windows 2016 Server running in our DMZ. All our laptops are Windows 10 1607 or 1703. We are using IKEv2 Protocol which uses a computer certificate for authentication. 

A number of laptops repeatedly disconnect from Always on VPN but on the other hand some remain connected just fine. This morning for example myself and three other colleagues were connected to the same Wi-Fi Access Point, three of us were working fine and remained connected but my other colleague continuously kept getting disconnected. We are seeing this happen a lot and I really need to find the root cause of this problem. It's been tried and tested on numerous Wireless networks (In a few of our offices and many user's home networks and mobile hotspots).

What I've tried and found so far;

- Updated wireless drivers on laptops and updated BIOS

- Installed latest Windows updates on laptops and RRAS Server

- Re-install Always On VPN Profile

- 'Forget' wireless networks on the laptops

- Even though we use IKEv2 I found a few forums posts that mention issues when the VPN is behind a NAT, and so I modified the registry on a couple of affected laptops as follows; 

  • create a new DWORD value called "AssumeUDPEncapsulationContextOnSendRule" under "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent" and set it to "2"

What I have noticed is a reoccurring log in event viewer both on the client and server.

On the clients I see: The user dialed a connection named "" which has been terminated. The reason code return on termination is 829. A Google search of this returned that 829 is an (ERROR_LINK_FAILURE). I'm almost certain it's not the wireless connection as we have laptops connected to the same wireless network in the same small room, and some get the problem and some not. 

On the server side I've found something that I think may be related but I don't understand the log well enough. If possible could someone shed some light on what the following means? It's in the RASTAPI.LOG which can be found in C:\Windows\Tracing.

07-11 10:57:34:438: RasTapiCallback: lineDropped. port VPN2-449, id=0xffffffff
[6368] 07-11 10:57:34:438: RasTapiCallback: Idle Received for port VPN2-449
[6368] 07-11 10:57:34:438: RasTapiCallback: changing state of VPN2-449. 5 -> 1
[6368] 07-11 10:57:34:438: RasTapiCallback: lineDeallocateCall for VPN2-449,hcall = 0x8da00a0
[6368] 10:57:34: SyncDriverRequest: Oid(CloseCall), devID(1), reqID(2bb2), hCall(000000000000007B)
[5840] 07-11 10:57:34:438: PortTestSignalState: DisconnectReason = 2
[7876] 07-11 10:57:34:453: DeviceListen: Changing State for VPN2-449 from 1 -> 2
[7876] 07-11 10:57:34:453: DeviceListen: Changing Listen State for VPN2-449 from 4 -> 2

In particular why is it changing state? What do the state numbers 1,2,4 & 5 mean? What does DisconnectReason=2 mean?

I will be grateful of any help please.

Viewing all 5877 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>