Quantcast
Channel: Network Infrastructure Servers forum
Viewing all 5877 articles
Browse latest View live

Always On VPN - Exclusion Routes Example Usage?

October 23, 2018, 7:34 am
$
0
0

Can someone give me some examples of scenarios where you may want to use an exclusion route?

Am I right in thinking you would use it to exclude routing a particular address from a routed subnet in your profile xml  from going over the tunnel and rather going out the client computers interface/gateway?

It sounds like this has very limited use cases? The below example would route everything except 192.168.1.20?

<Route><Address>192.168.1.0</Address><PrefixSize>24</PrefixSize></Route><Route><Address>192.168.1.20</Address><PrefixSize>32</PrefixSize><ExclusionRoute>true</ExclusionRoute></Route>

Search

RRAS Server Doesn't Get Initial 10 IP Allotment from DHCP Server

December 13, 2018, 6:42 am
$
0
0

Hi all,

I installed RRAS on a VM (Hyper-V) server, in a network in which all computers belong to the same Windows Domain. I only installed VPN - not Dialup or Direct Access. Another VM on the same machine, the PDC, is running the DHCP.

When the RRAS service is started, I see that the DHCP does not allocate the expected 10 addresses. In the Remote Access Management Console, "VPN Addressing" has a red X next to it, and its "operations state" is "DHCP Address Assignment".
Of course, any client trying to connect fails, and the RRAS server shows in its log that there are no IP addresses available to allocate.

The details show:

ERROR: The VPN server cannot obtain IP addresses for VPN clients from the DHCP server
CAUSES: The VPN server cannot obtain IP addresses for VPN clients from the DHCP server.
RESOLUTION:
1. Check network connectivity of the VPN server.
2. Verify DHCP settings.

I tried installing RRAS on 2 other VM on the same Hyper-V box, and sometimes they work, and sometimes they don't.

All hosts can ping each other. If I assign the problematic servers' NICs to get an address from DHCP, they successfully get the address. I assume this proves that there is no problem getting addresses in general.

I also tried shutting down all servers except the DHCP, and then starting the others - but it still didn't help.

I would appreciate it if someone could please help me out here.

TIA,
mlavie58

Problem with NPS - PEAP-TLS

June 19, 2019, 6:33 am
$
0
0
Hello everyone

I'm having a realy hard time configuring my wireless to work with PEAP-TLS.
I'm able to make it work with MSCHAPv2, but I don't want mobile devices that are outside my AD domain to connect in my wireless... so as far as I know TLS is the way to go, right?

Here is the error I get in the event viewer(FG-RD-TESTE and both connection request policy and network policy name are right, TESTE_RADIUS).
RADIUS Client:
Client Friendly Name:FG-RD-TESTE
Client IP Address:172.19.60.14

Authentication Details:
Connection Request Policy Name:TESTE_RADIUS
Network Policy Name:TESTE_RADIUS
Authentication Provider:Windows
Authentication Server:VP-DHCP01.XXX.LOCAL
Authentication Type:MS-CHAPv2
EAP Type: -
Account Session Identifier:3137366262396334
Logging Results:Accounting information was written to the local log file.
Reason Code: 66
Reason: The user attempted to use an authentication method that is not enabled on the matching network policy.

One of my problems(I don't know if is realy a problem, but I don't know why it is happening) is that when I try to connect in the Wifi, the authentication comes to the NPS as a Virtual(VPN) type, so in the NAS Port Type, I have to mark Virtual(VPN), otherwise it won't work

So my conditions are 
NAS port type : VPN, Wireless, Wireless otherwise
Windows Group: Domain\Wifi_Group
Client IPv4 Address: 172.19.60.14

The 172.19.60.14 is the IP address of the wifi subnet gateway, all requests will arrive in the NPS with this source IP.

In the authentication methods, I configured "Microsoft: Protected EAP(PEAP)", and inside of it I configured the eap type "Smart Card or other certificate"

My server certificate has the Server Authentication role, but I don't know how to find out which certificate my client(client is in the domain) is using, so I can verify if it have the Client Authentication set.

I don't know if there is something wrong, but in the event viewer, the client seems to be using MSCHAPv2, but I need to work via PEAP-TLS.


Secondary DNS server replication

June 19, 2019, 10:04 am
$
0
0

Hi , 

We are working on configuring secondary read only DNS server in our offices.So, we configure another DNS server as master and allow zone transfer in the master server for that zone.

From what I have read, once we refresh the zone, it takes a couple of minutes for the  zone to replicate.In our case, it takes an hour and mostly the replication time is unpredictable.Is there a way to know for sure that the zone transfer is complete?

Can we force it from the master in some way ?

Regards,

Kirti 

Force Login Against a Domain Controller

June 19, 2019, 4:33 pm
$
0
0

I am moving a small SharePoint Farm, one web server and one database server, from a co-located solution up into Microsoft Azure. As part of this move I am using Azure Site Recovery to fail my my virtual machines from my co-located provider up into Azure. My co-located SharePoint Farm is connected to my office and part of my primary domain. 

My Azure tenant is connected to my office, via VPN, and I have a number of existing Windows VMs in Azure that are joined to my domain.

Using Azure Site Recovery I have created exact replica VMs of my SharePoint Farm in my Azure Tenant. Since these VMs are essentially images of my existing SharePoint Farm, SIDs, Server Names, and all, I have walled them off in Azure within their own subnet that can't reach my office network and hit my Primary DC.

But I want to test these VMs in Azure before I cut over....so....prior to doing the Azure Site Recovery Failover, from my co-location into Azure, I setup a NEW Domain Controller, in Azure, that's part of my primary domain. This DC is not a backup/read-only. It is a full DC with DNS and our GC.

Once I knew that my SharePoint Farm at my co-location could see the new DC, I did test fail-over of my farm into Azure and brought up my parallel SharePoint Farm, in Azure, in my walled off subnet. I then brought down my new DC, redid its networking, and brought it back up in my walled off subnet in Azure.

I now have my test SharePoint Farm VMs and my DC, walled off, can't connect to the primary domain controller, and all within Azure.

I want my test SharePoint Farm to logon against the DC within this walled off subnet. The test SharePoint web server seems to be hitting it. A test of $env:logonserver comes back with the DC within the walled off subnet. But the test SharePoint database server simply won't logon against this walled off DC. It keeps trying to reach my PDC.

I have tried everything. DNS entries within their network interfaces, LMHosts files, GPO settings to try and force the server to look for the next closest DC. Nothing seems to work, for the test SharePoint database server.

Not sure what else I can do here...except reach out to the community. Any help would be appreciated.

2012 R2 NPS/RADIUS Server. Event ID 4402: There is no domain controller available for the domain.

November 12, 2015, 2:00 pm
$
0
0

Attempting to replace existing Winidows 2003 RADIUS server with new 2012 R2 NPS/RADIUS Server. RADIUS server used for 2nd Factor SafeWord authentication. All policies and settings replicated to new NPS server. NPS server has been registered w/ AD (child.domain.com).

When testing w/ NTRadPing Utility, continually get response: Access-Reject. Event ID 4402 "There is no domain controller for the domain domain.com" logged in System Log on NPS server.

Unable to locate any reference to issue w/ child domains. Not sure if this error is perhaps a red herring of some sort.

Distribute SCCM applications to VPN clients

June 21, 2019, 12:56 am
$
0
0

Hi,

In our organization we have a lot of users connecting via VPN.

Our problem is that when new applications are published in via SCCM Software Center (SCCM 1810), the users can see the updated application but whenever they try to download the application it is stuck on 0%. 

This has always been a problem but when we had 1806 upgrade installed it suddenly worked, but then we upgraded to  SCCM 1810 it stopped working again. 

Please direct us to what documentation we should read to have this working.  
I was thinking that there might be something being blocked in the firewall. If so, what should we look for? 

Thanks

DNS TTL live setting

May 22, 2019, 11:15 pm
$
0
0

I have problem when setting the DNS TTL in the DC server it will revert to default like 15 minute, 20 minute, 1 hour. I check some explanation and solution but just in sure how can I change the value in the DC so it will not revert back to default after updating in the DNS Server settings for the hostname.

Thanks

Search

Cannot restore a dhcp netsh database dump onto 2008 R2 Servers

November 14, 2013, 12:56 pm
$
0
0

We are running DHCP servers on several of our 2008 R2 DCs in different sites.  I have been able to back up those servers using the netsh dhcp server dump command.  I am not able to import that dhcp file onto any of our other 2008R2 DCs.  I have tried opening the file up and replacing the IPs, making sure the new server is authorized, deleting the current dhcp mdb(on the target server) before attempt the import, running the netsh command from an elevated command prompt, using "netsh exec" or "netsh dhcp server import", etc.  It always fails.  I usually either get "the following command was not found |. or sometimes get "access denied"  I have tried this with 2 different netsh dumps from 2 different 2008 R2 dhcp servers and restoring on (2)different DCs that have dhcp on them and are authorized in AD, with no dhcp databse.  I know that I can backup the DHCP database through the gui and restore through the gui, but not looking to do it that way because I want to use a netsh scripting solution.  If anyone has any ideas of some commands I an use to restore my netsh dhcp dump, let me know and I will try them.  I have read most of the MS dhcp migration articles, but maybe I missed something.

Thanks,

Dan

Dan Heim


Network utilization

June 25, 2019, 3:29 am
$
0
0

Hi,

Please find screenshot attached and confirm network utilization is normal as marked. Our network team has suggested, there is huge network trafic from this server due to which our office network is slow.

This is windows server 2012 R2.

ITandIT

How to disable passive mode in IIS Ftp server on Window server

June 25, 2019, 5:35 am
$
0
0

 I encounter the problem when using library CoreFtp 1.3.6  to connect to FTP server

It always open high port (50000+) at server side instead of port 20. 

this problem doesn't be shown in FileZilla client or Window FTP cmd and another library, and I assume that they can detect active mode FTP.

My question is it is possible to force the FTP server to use active mode FTP instead of passive in case the FTP client prefer transfer mode in different or not know what the transfer mode of client is?

 

Windows 2016 DHCP Server dont respond on DHCP Discover

June 26, 2019, 2:30 am
$
0
0

Hello

There is a problem with the deployment of dhcp server for virtual machines in my Hyper-V environment. The environment is a s2d cluster of four hyper-v nodes. Yesterday I deployed two virtual machines in it. The first is a DHCP server, the other is a test virtual machine for obtaining IP via DHCP. Network connection of virtual machines through SET (Switch Embeded Teaming). DHCP server and others will be used on the same network (192.168.214.0/24). On the DHCP server, I deployed the OS, setup static network settings, entered the domain, authorized DHCP, and configured the scope with simple options (003 Router and 006 DNS Servers). After that, I deployed a test virtual machine and was very surprised that the IP address was never received. Deep study and googling of the problem did not give anything interesting. No problems in Event logs and DHCP audit log.

RouterGuard and DHCPGuard options are not enabled on both virtual machines. Traffic sniffing on a DHCP server shows that `DHCP Discover` packets are passing, but the server is not even trying to respond and issue an Offer. Scope works in "Both" mode (DHCP+BOOTP)

Any ideas?

Turn DHCP back on without active directory

May 14, 2007, 1:31 pm
$
0
0

I have a DHCP server setup on a stand-alone WIN2K box for flashing Cisco Switches. but i had to plug the box into my Win2K3 domain to download a QA_spreadsheet and forgot i had DHCP enabled. and now appears Active directory hacked my server and quietly shutdown my DHCP from assigning IPs to the switches now. how do i turn the DHCP server back on WITHOUT AD 2003.

 

Is there a reg hack or syntax to have it turn DHCP back on to assign IPs again. Thanks!

VPN Always-ON User connection fails to contact domain controller for file shares

June 27, 2019, 9:22 pm
$
0
0

I installed and configured the user vpn profile successfully and connected to the remote server. I can see the authenticated user in the NPS audit logs.

Network tests

nslookup shows the correct dns server and is able to correctly resolve both hostnames and FQDNs.

I have also made sure to flush the ip configuration.

Problem

Attempting to access file shares on the user profile results in the message "the system cannot contact a domain controller to service the authentication request". After entering proper credentials I am then granted access to that PCs shares for the remainder of the vpn session.

Accessing the share with the FQDN does not prompt for authentication and instead immediately shows the available shares.

Using a device tunnel instead of a user tunnel fixes the problem of asking for authentication. I have renewed certificates for the domain controller and client pcs, yet still have this problem.

If any one can confirm if this is intended functionality or if there is a solution, it would be very much appreciated. Thanks!


internet disconnected suddenly

June 28, 2019, 5:12 am
$
0
0
internet disconnected but after sign out and sign in from domain , it's come again
Search

NAT for PLC Network, Assign external IP to PLC network IP

June 28, 2019, 1:31 pm
$
0
0

So we got a new production machine in, it has it's own PLC network that has a bunch of addresses in 192.168.1.x space so it can't be on our network as we already have some addresses in that space. 

They didn't include a NAT device like the Allen-Bradley 1783-NATR but I have a Server 2016 machine in it with two NICs, one on the PLC net, one our LAN. 

I should be able to use Routing and Remote Access to NAT between the two networks right? How do I do this?

I'd like to assign an LAN IP address to NAT to a PLC net IP address ideally. 

After setting up the interfaces, I right click on Internet-LAN under NAT, setup the address pool for the LAN IP range assigned to the NIC, setup a reservation with say 192.168.2.27 to point to 192.168.1.201 on the PLC Lan...but I can't get any connection. 

So I removed that, and tried just setting up Service/Port forward via public address 192.168.2.27, tcp, incoming port 80, private address 192.168.1.201, out going port 80. No connection. 

I seem to be missing something?

RRAS - Server 2012 Core - How to enable 'LAN Routing'

February 12, 2013, 1:57 am
$
0
0

Hi,

how can i enable 'LAN Routing' on a Server core with RRAS Role installed via command line?

In GUI it's just 'Enable' -> Custom -> LAN-Routing. How can i do the same via command line (powershell or cmd)?

Thank you!

An error occured during connection of the interface. Require Configuration Payload Missing. VPN S2S

June 29, 2019, 8:47 pm
$
0
0

Hello, Experts

When i want to connect to VPN S2S, i got an error "An error occured during connection of the interface. Require Configuration Payload Missing".  That vpns2s using machine certificate, on router1 can connected, but other one display that message error.

Any suggestions on how to resolve this error.??

Thanks,


No name resolution (DNS) if gateway is missing

July 1, 2019, 5:50 am
$
0
0

This is less a call for a troubleshooting, but rather a question of understanding the problem.

Take the following config:

DC1: Domain controller of contoso.com 192.168.0.1 255.255.255.0 NO GATEWAY has DNS installed DNS config: localhost, DNS1 (in this order)

DNS1: Member of the domain 192.168.0.2 NO GATEWAY has DNS installed. DNS config localhost, DC1 (in this order)

DC1 hosts the domain contoso.com, DNS2 hosts the domain disneyland.com with one A-record www.disneyland.com pointing to 10.10.10.1


Client1 has 192.168.0.3 and uses 192.168.0.1 as resolver.


Ping from Client to www.disneyland.com tells me, that the host could not be found. Obvious, because no zone on DC1.


Configured a forwarder to 192.168.0.2 from DC1.


Ping from Client to www.disneyland.com tells me, that the host could not be found. Not so obvious....cause of the forwarder. But to be clear, what came back, was NOT a timeout but the clear statement that the host could not be found.


nslookup www.disneyland.com gave me back the correct ip of 10.10.10.1


Switched to DNS1 and tried a  ping to www.disneyland.com. NO LUCK! Even though i tried the ping on the server hosting the zone.


Frustration....went to the Gym.


Back at my desk. Got the stupid idea, to enter a gateway (a virtual non existing gateway) in the config of DNS1. BAAAAAM...Tried out the ping and the FQDN was perfectly translated to the ip adress. (no echo reply, but that is fine since www.disneyland.com is an imaginary host).


Same thing from the client. Forwarder works perfectly. Name resolution works fine.


Now my question: Why does a client get no response from a DNS server (so, he doesn´t even try to resolve the name) if there is no gateway configured in the DNS. And more important, why does nslookup work, while ping gives the host-not-found-error? Is it maybe, because nslookup sockets directly to the dns?


The funny thing is, another A-record, pointing to an adress which resides in 192.168.0.0/24 works fine, even though no gateway is configured.


Thanks in Advance,


Patrick

IPAM on 2012R2-Ability to scan and discover static addresses with computernames?

December 26, 2016, 11:15 am
$
0
0

Hey guys,

I have a 2012R2 domain.  All of our server subnets use static IP addresses that are not specified in DHCP.  We keep spreadsheets and want to replace that with something that can scan the subnets we specify and do ping sweeps(SNMP/WMI) to help detect and name devices.   I care more about the ability to scan and the quality of those scans, that I do about all the other features of IPAM.  I know the Microsoft solution will allow static addresses to be entered manually, or imported from a csv file. I am probably going to spin up a 2012 R2 IPAM test server and compare it against the Solarwinds IPAM product, but does anyone know if the Microsoft solution will also scan static subnets specified to help determine which IP addresses are in use? Possibly even query and figure out the servername(if DNS record exists, or if they have credentials to make a SNMP or WMI connection? 

Thanks,

Dave






Viewing all 5877 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>