Folks, is it possible on windows 2008 DHCP server to bind a static ip to the DHCP client via "Host Name" DHCP Option 12? Without the use of Option 61 Client Identifier?
Thanks
Guan
↧
DHCP Client Host Name Option (Static IP Assignment)
↧
static IP vs DHCP
Kinda a basic networking question for you, but seem to be having quite a few different opinions here at the office.
When we create a server we statically enter in the IP address for the server and DNS. Is this the right way of doing this? Or should we be creating a reservation in DHCP for the server?
Thanks.
↧
↧
Unlimited Lease - DHCP
I was wondering if anyone had thoughts why I shouldn't do the following?
I would like to create a new DHCP scope for servers. I would set the lease to unlimited (and set a reservation for the MAC to be safe). I am trying to have DHCP be in charge of IP distribution (rather than some person looking up DNS and stuff for free IP addresses). The hope is that with the lease set to unlimited it will act as if it is a static IP.
It would play nicely I think when we do deployment of new servers. I am thinking of not using VM templates anymore but integrating VM server builds with WDS/MDT as well. By having default setting be DHCP, the above setup would play nicely.
I think that I can ensure myself of not having to worry about duplicates IPs. I can save our team a few minutes by not having us have to dig thru DNS (or some goofy spreadsheet) in search of free IP addys. This wouldn't be a case either of workstations that leave behind stale records if they're not on the network anymore.
It sounds good to me, but is there a good technical reason not to pursue the above? Would feel more comfortable if someone else has come across this decision before.
Thanks.
↧
Programatically - Unbind Client/Service/Protocol
When we deploy machines (servers or workstations), it seems we have to go thru the exercise of manully removing/unbinding things like QoS, IPv6, Link-Layer stuff, Net Mon (if installed), etc.
Is there some netsh or even PowerShell command to do this? Better, is there a command to state, "remove all but the following..."?
Ideally I'd like to create a few batch files. One for "regular" interfaces, another batch file for iSCSI interfaces (to also remove things like Client for Microsoft Networks, File/Print Sharing, etc.), etc.
Thanks.
↧
DhcpGetOptionValue get nothing from DHCP server?
I want to use DhcpGetOptionValue to get option from DHCP server, the result is ERROR_SUCCESS, but lpValue always repoint to NULL, Anyone could help me? thanks so much.
void CDHCPMFCDlg::OnBnClickedButton1()
{
//search scope
DHCP_OPTION_SCOPE_INFO scope;
scope.ScopeType = DhcpDefaultOptions;
scope.ScopeInfo.DefaultScopeInfo = NULL;
scope.ScopeInfo.GlobalScopeInfo = NULL;
//make room for returned value
char * rpStr;
LPDHCP_OPTION_VALUE lpValue = (LPDHCP_OPTION_VALUE)HeapAlloc(GetProcessHeap(),
HEAP_ZERO_MEMORY,
sizeof(DHCP_OPTION_VALUE));
//get value of root path option for client
DWORD readRc = DhcpGetOptionValue(L"127.0.0.1", 3, &scope, &lpValue);
if( readRc != ERROR_SUCCESS)
{
AfxMessageBox(L"FAILED");
}
else
{
CString s = _T("");
if (lpValue == NULL)// it is always TRUE
{
s.Format(_T("Value IS NULL."));
}
else
{
s.Format(_T("%d %d"),lpValue->OptionID,lpValue->Value.NumElements);
}
AfxMessageBox(s);
}
//free returned value, since we have a copy in rpStr
HeapFree(GetProcessHeap(), 0, lpValue);
}
================================================================
My DHCP Server:
Option Name Vendor Value
Class
003 Router Standard 10.30.0.1
None
224 DHCP 224 Standard 10.30.0.1;80;/Manufacturing.DataCenterAgent.XEX;/MfgBootLauncher.xex None
↧
↧
Requiring Machine *AND* User Certificates with NPS for Wireless Access
I've searched high and low on this questions, and found several people asking the same question, but the trails always lead to dead ends. Can somebody help me out here. I have NPS running on Windows Server 2008 Standard. I have a root CA issuing user and machine certificates to Windows XP SP3 clients. I want to ensure that not only is an authorized *user* the only one connecting to my wireless access points, but also that the authorized user is most assuredly on an authorized *machine*.
I've tried setting NPS up a few different ways, and none of them accomplishes this.
1) Configure a Network Policy that requires group membership in a group that contains all of the users and comptuers. This results in the computer being authorized, all login scripts and policies being processed, and the user being successfully authenticated. That's nice, but it will also allow connection to the wireless access point if the user logs in with cached credentials on a machine that does *not* have a valid machine certificate
2) Configure a Network Policy that requres group membership in two seperate groups. One that has all of the computers, and one that has all of the users. This doesn't work at all, and just keep prompting for which certificate to use, presumably because after the user logs in it is trying to validate the user and machine groups using the user certificate.
3) Configured a Wireless access GPO that uses User Reauthentication as the Authmode and a single group that contains both users and computers. This behaves like scenario 1, letting the user authenticate to the WAP even if there is no valid machine cert.
4) Configured a Wireless access GPO that uses Computer Only as the Authmode. This one at least let me validate the machine while the user was logged in, but obviously doesn't check that the user has a valid certificate so it could be used with local account or any unauthorized user.
Does anybody know how to accomplish this?! It doesn't seem to much to ask that *both* the user *and* machine certificates are required all the time, but as it is, it seems I can only require a machine cert prior to login (which is fine), but then once a user is logged in I can only validate the user *or* machine certificates. After/during login I want to continue to ensure that the machine certificate is valid.
Any ideas?
I've tried setting NPS up a few different ways, and none of them accomplishes this.
1) Configure a Network Policy that requires group membership in a group that contains all of the users and comptuers. This results in the computer being authorized, all login scripts and policies being processed, and the user being successfully authenticated. That's nice, but it will also allow connection to the wireless access point if the user logs in with cached credentials on a machine that does *not* have a valid machine certificate
2) Configure a Network Policy that requres group membership in two seperate groups. One that has all of the computers, and one that has all of the users. This doesn't work at all, and just keep prompting for which certificate to use, presumably because after the user logs in it is trying to validate the user and machine groups using the user certificate.
3) Configured a Wireless access GPO that uses User Reauthentication as the Authmode and a single group that contains both users and computers. This behaves like scenario 1, letting the user authenticate to the WAP even if there is no valid machine cert.
4) Configured a Wireless access GPO that uses Computer Only as the Authmode. This one at least let me validate the machine while the user was logged in, but obviously doesn't check that the user has a valid certificate so it could be used with local account or any unauthorized user.
Does anybody know how to accomplish this?! It doesn't seem to much to ask that *both* the user *and* machine certificates are required all the time, but as it is, it seems I can only require a machine cert prior to login (which is fine), but then once a user is logged in I can only validate the user *or* machine certificates. After/during login I want to continue to ensure that the machine certificate is valid.
Any ideas?
↧
Migration from Infoblox DNS / DHCP to Windows Server 2008 R2 ADS Integrated DNS and DHCP
Hi Guys
In a couple of weeks we will migrate our DNS / DHCP Services from Infoblox Boxes to Windows Server 2008 R2.
Migrating the DHCP part will be an easy step, so it is not necessary to talk about it.
The first and very important step is migrating the DNS.
I've read a lot about the migration and how it should be going. I've also chatted with our technology partner and have now a lot of information about the situation.
But I'm not sure what would be the best approach to finalize the migration successfully.
Has somebody experience with DNS migrations like this? Any help would be very appreciated!
We have two domain controllers and the DNS should be installed on this two dcs, ad integrated.
The main question is, can we build the microsoft dns concurrently to the infoblox dns?
Or is there another procedure or circumstances, which require other steps to go forward?
We have only a few DNS entries in Infoblox, which must be migrated or created in the microsoft dns. So importing the whole dns data from Infoblox is not necessary.
What we know is, that we must change the DNS entries manually on every server, switches and the firewall.
Do the DCs register in the new DNS properly when we reconfigure the DNS server entries?
Thanks for any answer.
Regards, Pascal
↧
DNS event ID's 4521, 9999, 4011, 3000 repeatedly
Recently our workstations began seeing the yellow exclamation point over the network connection icon and some users noticed a brief period (maybe a few seconds) of lost connectivity but the internet will continue to function however I get the event ID's listed above in the title on our DNS server over and over. Below is the windows client error. I know it's an issue with out DNS server but not sure exactly what.
Log Name: System
Source: Microsoft-Windows-DNS-Client
Date: 5/7/2013 10:39:28 AM
Event ID: 1014
Task Category: None
Level: Warning
Keywords:
User: NETWORK SERVICE
Computer: SPICEWORKS7.xxxxx.xxxxxxxxxxxx.com
Description:
Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DNS-Client" Guid="{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}" />
<EventID>1014</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2013-05-07T14:39:28.559007900Z" />
<EventRecordID>128061</EventRecordID>
<Correlation />
<Execution ProcessID="1040" ThreadID="1996" />
<Channel>System</Channel>
<Computer>SPICEWORKS7.xxx.xxxxxxxxxxxxxx.com</Computer>
<Security UserID="S-1-5-20" />
</System>
<EventData>
<Data Name="QueryName">dns.msftncsi.com</Data>
<Data Name="AddressLength">16</Data>
<Data Name="Address">02000035C0A84B160000000000000000</Data>
</EventData>
</Event>
↧
Fault Bucket
I have 23 Fault Buckets from my System Info I found. Let's Start with the first ten all with the same code and please help me fix or identify these:
1076429709 PnP Device Problem
↧
↧
DNS ADI zone replication to non-domain-controller DNS servers
Scanario: We have many (200+) DNS zones that are all ADI replicated between two domain controllers (DC1 & DC2). However, we have two addition Server 2008 R2 servers (IPServices1 & IPServices2) that we would like to point all DNS clients to use, rather than clients using our domain controllers.
The DNS Server role is installed on IPServices1 and IPServices2. The question I have is there an easy way to keep the zones on IPServices1 and IPServices2 in sync with the zones that exist in Active Directory? I'm not talking about sync'ing the records within the zones, I'm talking about the zone objects themselves.
I can do it with Powershell scripts, but I was wondering if someone knew of a better way.
↧
dhcp scopes
is it possible to assign different dhcp scopes to different domains on the same physical network?
↧
_VLMSC DNS record & sppsvc.exe
Good day.
I faced the problem of the appearance of _VLMSC._tcp.domain.com record.
This record is responsible for the local KMS, but i don't have this service in my infrastructure.
Several interesting observations:
- record points to specific host, which has an open 1688 port and sppsvc.exe (Microsoft Software Protection Platform Service) listens to it;
- "slmgr.vbs -dlv" indicates running KMS with DNS publishing, but "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SL" is missing, no other suspicious activity (clean startup records; clean running process, verified by processexlorer; no records from antivirus... everything looks good).
- if i delete DNS record and restart sppsvc.exe service, it appears again (according to processexp, slmgr.vbs create this record, but this is not normally) ;
This problem occurs only for some win7 workstations and two clean 2012 servers.
If anyone has any idea on finding the cause of this problem, it will be wonderful.
I faced the problem of the appearance of _VLMSC._tcp.domain.com record.
This record is responsible for the local KMS, but i don't have this service in my infrastructure.
Several interesting observations:
- record points to specific host, which has an open 1688 port and sppsvc.exe (Microsoft Software Protection Platform Service) listens to it;
- "slmgr.vbs -dlv" indicates running KMS with DNS publishing, but "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SL" is missing, no other suspicious activity (clean startup records; clean running process, verified by processexlorer; no records from antivirus... everything looks good).
- if i delete DNS record and restart sppsvc.exe service, it appears again (according to processexp, slmgr.vbs create this record, but this is not normally) ;
This problem occurs only for some win7 workstations and two clean 2012 servers.
If anyone has any idea on finding the cause of this problem, it will be wonderful.
↧
DNS: PTR record not deleted when computer name was changed
I changed the name of my computer and the A record in the DNS forward lookup zone changed properly but the PTR record in the reverse lookup zone was not changed or deleted. A new PTR record was added with the new name. I can just delete
the old record but I would like to know to set this up so this is done automatically.
↧
↧
Scavenging on new server question
I have scavenging setup correctly now and it is functioning perfectly. Scavenging,refresh, & no-refresh all set to 7 days.
I have over a dozen DC's with one set to scavenge every 7 days. I am planning on decommissioning the DC that currently is doing the scavenging every week.
My question is, can I just uncheck scavenging on the DC I am decommissioning and check it on the new one without adverse effects? I am hoping I do not have to start over from scratch again.
↧
LAN to WAN routing using Server 2003 - LAN clients unable to resolve names
Hi All
Thanks in advance for taking time to read
I have just configured a Windows Server 2003 R2 machine with 2 NICs to provide Internet access to my AD Domain users using RRAS.
AD Users can ping using internet IP addresses but not friendly urls. Can anyone help me solve this problem.
I have a dns Server in My AD which is 10.0.0.248
following is the ip config of the Server 2003 Router I have just configured
Windows IP Configuration
Host Name . . . . . . . . . . . . : router
Primary Dns Suffix . . . . . . . : corp.mycorp.net
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : corp.mycorp.net
corp.mycorp.net
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 00-90-0B-26-AA-0D
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.0.0.1
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 27.114.140.40
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller #2
Physical Address. . . . . . . . . : 00-90-0B-26-AA-0C
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 203.104.25.102
Subnet Mask . . . . . . . . . . . : 255.255.255.252
Default Gateway . . . . . . . . . : 203.104.25.101
DNS Servers . . . . . . . . . . . : 27.114.138.4
27.114.140.40Following is the routing table of the Server 2003 router
IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 90 0b 26 aa 0d ...... Realtek PCIe GBE Family Controller
0x10004 ...00 90 0b 26 aa 0c ...... Realtek PCIe GBE Family Controller #2
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 203.104.25.101 203.104.25.102 20
10.0.0.0 255.0.0.0 10.0.0.1 10.0.0.1 20
10.0.0.1 255.255.255.255 127.0.0.1 127.0.0.1 20
10.255.255.255 255.255.255.255 10.0.0.1 10.0.0.1 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
203.104.25.100 255.255.255.252 203.104.25.102 203.104.25.102 20
203.104.25.102 255.255.255.255 127.0.0.1 127.0.0.1 20
203.104.25.255 255.255.255.255 203.104.25.102 203.104.25.102 20
224.0.0.0 240.0.0.0 10.0.0.1 10.0.0.1 20
224.0.0.0 240.0.0.0 203.104.25.102 203.104.25.102 20
255.255.255.255 255.255.255.255 10.0.0.1 10.0.0.1 1
255.255.255.255 255.255.255.255 203.104.25.102 203.104.25.102 1
Default Gateway: 203.104.25.101
===========================================================================
Persistent Routes:
NoneAnd here is the ipconfig of an AD client machine
C:\Users\Administrator>ipconfig Windows IP Configuration Wireless LAN adapter Wireless Network Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Home Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : corp.mycorp.net Link-local IPv6 Address . . . . . : fe80::3456:2d54:abe2:c2fe%11 IPv4 Address. . . . . . . . . . . : 10.0.0.4 Subnet Mask . . . . . . . . . . . : 255.0.0.0 Default Gateway . . . . . . . . . : 10.0.0.1 Tunnel adapter isatap.Home: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Tunnel adapter Local Area Connection* 12: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Tunnel adapter isatap.corp.mycorp.net: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : corp.mycorp.netSo far I have not done any configuration on our DNS server. It has the defaults as installed. Any help will be highly appreciated.
↧
Question: Setting up AD DS on a subnet
Hi Microsoft community,
I have a question regarding my Windows Server 2008 R2 server plans.
Currently, our network has an AD server (which only the admin has access to) that deals with giving out IP addresses, etc on the network 190.160.3.xxx with domain name company.local.
My plan is as follows:
Using my Windows Server 2008 (named newad), set up a new AD environment which puts the servers connected to it on the subnet 190.160.5.xxx as a sort of lab environment (with the domain name lab.local).
Questions:
1. Is this possible?
2. What roles are needed? I have Active Directory Domain Services, DNS and DHCP installed.
What I've done so far lets new servers use their preferred DNS server as my server (newad.lab.local), which lets me see it on my ADDS page.
However, I think these are my mistakes:
1. newad.lab.local is on the network 190.160.3.xxx
2. New servers which connect to lab.local are also on 190.160.3.xxx
I'm not sure how to correct this.
Any help is greatly appreciated, please ask for any further clarification.
Thank you.
Kind Regards,
gshergill
↧
Network Bridge could not modify the network adapter packet filter...
Hello to all!
So I am facing with this problem lately with a network bridge I've created. It seems that after some period of time after a fresh reboot, while everything works fine, one of my two network adapters keeps connecting in disconnecting in a matter of seconds. This happens until I restart the system. Those two adapters are bridged and the error log I get is "The bridge could not modify the network adapter packet filter. The network adapter will not function correctly." I haven't managed getting any solutions on this anywhere.
For your information both adapters connect to a switch where also some PC's connect to. It is done only for getting some more bandwith in the network.
The adapters are Intel 82574L Gigabit on latest Drivers and Windows Server 2008 R2 also on latest Drivers.
I would assume that this could be also a hardware problem but still those adapters worked just fine for a long period of time.
P.S. Network adapters are tested both on intel and OEM drivers and the problem persists.
Any help would be grateful! Thanks in advance!
↧
↧
Delete Assigned task to group users
Dear,
I have one of the users who had created task and assigned it to all employees in the office (1200 users) .Is there is a method to delete this task from all users outlook .
I have exchange server 2010 Sp2.
↧
DNS Debugging Logging
Have a question and have read multiple items about this. Including the ones that were related topics when I typed in my title.
What I have is multiple DC's with the DNS Role installed on them. These are Windows 2008 R2 systems. We have DNS Debugging Logging enabled and have it set to log to the D: drive not the C:, not sure if that makes a difference or not. It doesn't seem to be creating the log files but DNS is working. And keeping track of this is something that is required. Any suggestions would be great and appreciated. Thanks.
↧
RRAS NAT problems
Hi,
I`ve been using 2008 server as a LAN router (without NAT) with no problems, but now I need to change it and use it with NAT.
The problem is that NAT is not working, I only see dashes (-) in all the columns. I´ve reconfigured it like 1 millions times but it still doesnt work.
I made a test at home whit virtual machines and it works fine except in one 2008 server. In this virtual machine, a few weeks ago, I installed Microsoft Forefront to try it and after unistalling Forefront, NAT in RRAS stop working. I think Forefront is the problem, because I installed and uninstalled it in the real machine and same problem happens.
Thanks a lot
↧