Firewall problem in domain environment

Similar Messages

• We have created shared folder on multiple client machine in domain environment on different 2 OS like-XP,Vista, etc. from some day's When we facing problem when we are access from host name that shared folder is accessible but same time same computer when

  Hello All,
  we have created shared folder on multiple client machine in domain environment on different 2 OS like-XP,Vista, etc.
  from some day's When we facing problem when we are access from host name that shared folder is accessible but same time same computer when we are trying to access the share folder with IP it asking for credentials i have type again and again
  correct credential but unable to access that. If i re-share the folder then we are access it but when we are restarted the system then same problem is occurring.
  I have checked IP,DNS,Gateway and more each & everything is well.
  Pls suggest us.
  Pankaj Kumar

  Hi,
  According to your description, my understanding is that the same shared folder can be accessed by name, but can’t be accessed be IP address and asks for credentials.
  Please try to enable the option below on the device which has shared folder:
  Besides, check the Advanced Shring settings of shared folder and confrim that if there is any limitation settings.
  Best Regards,
  Eve Wang
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Implementing Sites for a new Single Domain Environment and effects on Exchange

  Copied from the Active Directory forums as the suggestion of replies.
  I didn't find exactly what I was looking for so decided to create my own question to get some direct feedback.
  Currently we have a single domain environment with two domain controllers located at two separate sites. When the domain was first set up, no configuration was done in the Sites and Services module for Active Directory. The two domain controllers we have are
  currently located in the Default-First-Site-Name container. We do not have any subnets configured with the Sites and Services module.
  These two domain controllers are located at two different sites with different IP schemes and the sites are connected with a high speed site-to-site VPN. We also have 2 satellite offices with their own IP schemes as well with more offices to come. In the future
  domain controllers will be placed at these satellite offices which are connected with a slower site-to-site VPN to the main offices.
  All replication and network functions are working well now, but I would like to know what the effects would be and what to watch out for if I create sites for our environment. I am particularly concerned about our Exchange 2010 server and need to make sure
  that the change will not disrupt communications between it and the domain controllers.
  I would like to create a site for each of our locations and link the subnet to that site now so that when we install the domain controllers the configuration is ready.
  Any suggestions or input is highly appreciated thank you in advance.

  Exchange will be an issue only if your Exchange servers span sites when your new Windows sites are created.  If you have Exchange servers all in a single location, adding sites to your Windows forest will cause no issues.  However, if you have
  Exchange servers in both locations, as soon as a new site is defined for an Exchange server in a separate location from your other Exchange servers, you will start having issues.  Let me give some examples so you can see what problems might occur:
  Two datacenters, one Windows site, Exchange mailbox servers in both locations (primary and DR), but hub and CAS roles only in the primary datacenter:
  In this situation, as soon as your second site is defined, the server in the DR datacenter will no longer be receiving mail - there is no hub to deliver it - and users will no longer be able to access their mailboxes - there is no CAS to support them. 
  Solution:  Add hub and CAS to second datacenter and all is well with the world.
   Two datacenters, one Windows site, Exchange multirole servers in both locations (primary and DR), but CAS Array defined:
  Now we have a little bit better setup, since we have all roles in both locations.  However, the CAS array in the primary site isn't going to be able to support your client connections in the DR site - so users will be connecting directly to the CAS
  servers in the DR site (not optimum).  Solution:  Define a second CAS array for the DR site, with its own load balancer and configure the databases in your DR location to use that CAS array as the RPC Client Access Server.
  There are other oddities, but as you can see, there will definitely be issues if your Exchange servers aren't all in the same location and you start defining Windows sites ...

• FWM 01009 (null):firewall problem?

  Hi Guys,
  I have a problem with a DMZ installation and the firewall settings
  Here's the situation.
  On our internal network we have installed the servercomponents of BOXI Edge 3.1, which seems to be running fine.
  We have a seperate Webserver with Tomcat 5.5 installed on it in the DMZ zone. Via Wdeploy I have deployed the war files on it (according to the wdeploy deploy document).
  Whenever I want to logon to the CMC on my webserver machine, my login screen is appearing fine, but after I hit logon, I receive the error message FWM 010009 (null), a communication failure has occured. According to our firewall team, all ports are open in both directions. They have executed a trace and see that the BOXI Edge server is sending back packages, but that in that package should be an end communication order.
  I still have (an older) VM with Edge 3.1 behind the firewalls (thus internally), from which I can access my newly installed machine in a glance...
  As an extra test we have installed a complet Edge version on the Webserver as well. Communication on the webserver is OK, but as soon as we try to connect to the server behind the firewall, it goes wrong and the error appears.
  So here comes my question, is there anyone who can give me a clue where it goes wrong?
  Is it correct to say that it is a firewall problem?
  If all ports are open on the firewall, communication shouldn't be a problem, isn't it?
  Any help is appreciated.
  Regards,
  Jorn

  Hi,
  we have appointed a static port 4982 to the request port.
  According to our firewall guys, no communications is coming from the request port.  Even before the request port can answer, the port 6400 is sending a FIN package (termination package) to the application resulting in the error message.
  They say that all ports are open and that it's not a firewall problem...  However when I communicate within my LAN environment this is not a problem...
  Can please someone help me out?
  Regards,
  Jorn
  Edited by: Jornvdd on Sep 29, 2010 12:08 PM

• Firewall for WLE Domain/LLE

  IHAC who requires linking geographically dispersed WLE applications to a
  central with standardized security as SSL for firewall support.
  Domain gateways with Link Level Encryption is a recommended choice, but
  because there is no firewall proxy available, he would consider opening as
  many SSL client connections to central.
  I there a way to tunnel Domain gateway LLE traffic to accepted firewall
  operation?
  Bernard DEVILLE

  Hi ThisPublicIdentityIsMine,
  " but nothing about simply enabling one of the two default rules already provided but disabled by default, "
  I am a little confused here.I have checked the firewall configurations in my own Windows 7 machine in a domain environment (Control Panel\All Control Panel Items\Windows Firewall\Advanced Settings).All of the profiles "Domain ,Private,Public" show
  that the ping is enabled .Here is the screenshot for reference :
  Are you the administrator of the domain ,have you configured any group policy of the firewall ?
  Apart from the netsh command line ,we also can enable the ping from the group policy .
  Computer Configuration/Policies/Windows Settings/Security Settings/Windows Firewall with Advanced Security/Windows Firewall with Advanced Security/Inbound Rules node.
  Here is a link for reference of configuring this group policy.
  How to Enable ICMP (PING) through the Windows Firewall with Advanced Security using Group Policy
  http://www.hammer-software.com/icmpgphowto.shtml
  NOTE: This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites.
  Best regards
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Add firewall rule with custom environment variable in program path

  Hi,
  We want to create a firewall rule for a program which is placed in folder which changes sometimes. I know you can add a firewall with the ProgramFiles environment variable like this:
  netsh advfirewall firewall add rule name="Test Firewall rule" dir=in program="%%ProgramFiles%%\Test\Test.exe" action=allow security=notrequired
  The environment variable ProgramFiles isn't expanded and if the Program Files folder is different on a system the rule still works.
  We try to use this with a custom environment variable which we set a system environment variable with this command:
  SETX SomeFolder "D:\Some Folder\Apr 2015" /M
  If we use the command below to add the firewall rule in a batch file the environment variable SomeFolder is expanded correctly and the program path is added as a static path.
  netsh advfirewall firewall add rule name="Some Firewall Rule" dir=in program="%SomeFolder%\AFile.exe" action=allow security=notrequired
  Because the folder changes sometimes we want to change the environment variable SomeFolder and not remove the old firewall rule and create a new one. We want to add the environment variable SomeFolder to the program path as a (dynamic) environment variable
  and not as the expanded path at the moment when the rule is added. If we use this command:
  netsh advfirewall firewall add rule name="Some Firewall Rule" dir=in program="%%SomeFolder%%\AFile.exe" action=allow security=notrequired
  We get the error:
            Windows Firewall with Advanced Security
            An error occurred while adding the rule.
            Error: The parameter is incorrect
            Status: The application name could not be resolved
            OK   
  Why can't we use %%SOMEFOLDER%% like we can use %%PROGRAMFILES%%? The same error is shown when we try to add the firewall rule through the management console 'Windows Firewall with Advanced Security'
  W. Spu

  Hi,
  Based on my plenty of test with this problem, it seems like there is no better method to achieve your requirement. To add new policy to firewall, it would be better using general cmdlet. The path parameter like %%SomeFolder%% do have problem in add firewall
  policy cmdlet. 
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Is Lightroom supported in a Active Directory domain environment with multiple users logging into a machine?

  We are a school district using an Active Directory environment.  We currently use other Adobe products with multiple users on different machines and it works fine.  If Lightroom does work in a domain environment what are the required local user permissions needed for it tor work properly?  Thanks!

  Lightroom is not a multiuser program. It is required that the catalog is located on a hard drive that is local to the machine accessing it. There are no workarounds.

• In domain environment standard users can't open .psd files

  in domain environment with non admin users; getting this error: http://imageshack.com/a/img543/9085/cdnu.png
  only administrators can open .psd files
  what permissions needs a standard user to open .psd files?

  did fw work previously to open psd files?  - no, only admin users can open psd files wiht fw or ps.
  do you see that error with all psd files? - yes, all psd files give this error, no error given jpeg or png files
  are those cs6 psd files? - yes.
  what happens if you right click fw>click 'run as administrator'? - same error.
  i have to give local administrator rights to users that they can work with psd files.

• I have just installed Lion OS and Face Time encounters server problems on sign up. I have sought the firewall problem without success and even temporarily turned off firewall with no success.

  I have just installed Lion OS and Face Time encounters server problems on sign up. I have sought to rectify the firewall problem without success and even temporarily turned off firewall with no success. Any ideas?

  Some folks have discovered that changing their DNS service fixes FaceTime connection issues.
  The ideal way is to configure your modem/router with DNS service, but often settings in System Preferences/Network/Advanced/DNS on your Mac will override the router settings. Try either of these;
  OpenDNS
  208.67.222.222, 208.67.220.220
  Google Public DNS
  8.8.8.8, 8.8.4.4

• AD RMS for multi tenant domain environment

  Hi,
  I have successfully configure the AD RMS with lots of work around. now i want to use multi tenant domain environment. i have multiple domains running on my production env. Now can anyone help me out to configure the RMS Server to add multiple URLs for licensing
  and certifications in AD RMS Server on windows Server 2012. i need a proper step by step configuration roles to activate on immediate basis. 
  Any help in this regards will be highly appreciated,
  Attahcments screent shots might help you what i want ;)
  Regards,
  Imran Bashir
  MCSA 2008, MCITP, MCTS, MCP
  JNCIA ER,EX
  Brocade Certified
  Imran Bashir Network Administrator MCP, JNCIA-EX,ER,JNIOUS +92-333-4330176

  Hi,
  in a single forest you can have only one RMS SCP. You could create more RMS clusters but those are not discover-able that way, only over using RMS templates or overwriting the clients registry.
  If you say multi-tenant I assume every tenant should have its own RMS key, correct? If you have only one RMS cluster the cluster admin will have control over all documents.
  Hope that helps,
  Lutz

• Activating Windows 7 by using KMS Without the Active Directory Domain environment

  Dear,
               Can we able to activate the Windows 7 O/S Machines by using KMS without the Active Directory Domain environment,As our some of the Computers will not connect with AD domain, we need to setup the speprate KMS
  server for this.
  Thanks
  Balaji K 

  You can point the KMS clients to the KMS host machine by opening an Elevated CMD prompt:
  and running slmgr /skms to point directly to the KMS host.
  You do not need a Domain controller.
  Volume Licensing: Key Management Service (KMS) Client Options:
  /skms <Name[:Port] | : port> [Activation ID] [Activation ID]                                                                                                          
  Set the name and/or the port for the KMS computer this machine will use. IPv6 address must be specified in
  the format [hostname]:port                          /ckms [Activation ID]                  
  Arnav Sharma | http://arnavsharma.net/ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading
  the thread.

• Home Sharing- alleged firewall problem (-3259)

  Hi,
  I've had this problem since I first tried to share any content between libraries with iTunes 9. In fact, I noticed the same problem when I was trying to stream content to my Apple TV a couple of weeks ago.
  So I have an iMac, MacBook Pro and Airport Extreme (802.11n) Base Station. Both Macs have Snow Leopard installed with iTunes 9. None have any third-party firewall software installed nor do they have the firewall turned on in System Preferences.
  Here's the problem: when I try to share content from library to library, it doesn't happen. Specifically, I can initialise a connection between both computers so the other computer's library shows up in the sidebar in iTunes, but that's as far as it gets. When I click on said library, there's a 2 minute wait before the following message is displayed.
  "The shared library "Liam's Music" is not responding. (-3259) Check that any firewall software running on either the shared computer or this computer has been set to allow communication on port 3689."
  I've tried absolutely everything (including a direct Ethernet connection between both Macs- same error message). Most recently, I even verified port 3689 is open using the Network Activity app. If anybody could help me here, I would really appreciate it. I have so much content I want to share to my family's iPods, etc.
  Liam.

  I am having the same problem. Except I am sharing the library from a D-Link NAS. It worked perfectly before upgrading to iTunes 9. It's not a network or firewall problem. Nothing has changed there. The only change is iTunes 9. Any help is appreciated.
  T.

• Strange problem with Domain Values

  Dear All,
    I encounter one strange problem with Domain Fixed Values.
  Background:
     We have a custom domain ( ZXREF2) created for custom data element(ZXREF2) which has replaced standard dataelement in BSEG for field XREF2. This domain has 12 Fixed values. The idea was to have F4 help for field "Reference Key2" in FBL5N/FBL01 tcodes. It is working fine with these 12 Fixed value, means, on F4 we could see all these 12 values and when selecting a line from F4 the entry got thru the screen validation ( plz note hat this validation is like checking the mandatory value so this is done even before PAI).
  Problem:
    The requirement was to add a new line to F4 values( tecnically, 13th record in domain ZXREF2). We added this line to domain and moved to Quality system. Its working fine in both Dev and Qality, but the strange problem occured after moving and testing in Production.
    In production, we could see all 13 lines in F4 help. <b>BUT</b>, after selecting the new one( 13th one), and after the value appears on screen field, when Enter is pressed, it gives error message "Enter Valid value".
     This error message also comes when we enter any value which is not there in F4. That means, system is able to recognize the new value in F4, but falied to validate that.
    We thought that, this might be the problem with Buffer, and request Client to re-start the system. Even after system restart, it still gives the same error message.
  Please note that, the error message is triggered even before PAI of the screen called. So noway( I already tried system debugging) we can debug this error message to findout the rootcause.
  Any quick help would be highly appriciated.
  Thanks and Regards,
  Prasad.

  Hello Max,
    I guess DB Utility ( SE14 ) is to be run only when there is a change at structure level, to make Runtime and Database objects in sync. Here, we just added a new line to existing domain, and this added a new row to the Database table DD07T/DD07L.
    Could you please expalin it more clearly if your view is different that what I just described. 
  Prasad.

• Recommended DNS zone replication scope for single domain environment

  Hi, in my company we have domain/forest functional level Windows Server 2008 R2 - there is only one domain. AD DS is installed on 5 servers -
  AD integrated DNS zone is used.
  I noticed today that on both forward lookup DNS zones, _msdcs.internaldomain.com
  & internaldomain.com, zone replication scope was set to
  All DNS servers in this domain and also for one reverse lookup zone. I changed this setting for all these zones to
  All domain controllers in this domain but later (10-15 mins at most) I reverted these settings back to
  All DNS servers in this domain.
  Which zone replication scope for mentioned zones is recommended keeping in mind this is single domain environment? Also could I do any harm to DNS and AD in all when I changed zone replication scope and later reverting it back for these zones? How to check
  that dns related informations (zones) are located where they should be in Active Directory and that there is no any garbage in other locations (partitions) in AD database.

  Hi,
  All DNS servers in this domain : Replicates zone data to all Windows Server 2003 and Windows Server 2008 domain controllers running the DNS Server service in the Active Directory domain. This option replicates zone data
  to the DomainDNSZone partition. It is the default setting for DNS zone replication in Windows Server 2003 and Windows Server 2008.
  http://technet.microsoft.com/en-us/library/cc772101.aspx
  Hope this helps.
  Regards.
  If you have any feedback on our support, please click
  here
  Vivian Wang

• Finally a solution to all your firewall problems

  I finally have answer to all of you who are seeking this
  question.
  When the Flash Player encounters the connect() method, it
  attempts to connect to your FCS following a very specific pattern.
  It first attmpts to connect over port 1935, then port 433, then
  port 80 and then it automatically attempts to tunnel through by
  sending rtmp data over http also called RTMPT it turns out the
  automatic sequence of attempts is fine for many situations however
  you may find some users can't make a connection (well , the
  NetConnection can't) because their firewall blocks data from
  traveling through port 1935. If those users can connect to any
  website surely they can use port 80 .And even if their setup blocks
  rtmp surely they can use RTMPT over port 80 because its really just
  plain http ...you might think the final attempt by flash player
  RTMPT on port 80 to be failsafe however the problem is that if you
  are running your webserver on the same machine as FMS then they
  can't both use port 80 at the same time....a perfectly legitimate
  solution is to use to computers one for the webserver and one for
  FMS ......two computers probably means you need to specify the
  domain in your rtmp (rtmp://mydomain.com/video).
  To force the flash player to try to connect through a
  specific port other than the defaults as specified above.....write
  rtmp as ....my_nc.connect("rtmp::8500/mydomain.com/video);
  FlashMX2004 by Phillip Kerman

  changing my post back to orginal ...........open port 433 and
  1935 if that doesn't work try one of the other solutions.
  I finally have answer to all of you who are seeking this
  question.
  When the Flash Player encounters the connect() method, it
  attempts to connect to your FCS following a very specific pattern.
  It first attmpts to connect over port 1935, then port 433, then
  port 80 and then it automatically attempts to tunnel through by
  sending rtmp data over http also called RTMPT it turns out the
  automatic sequence of attempts is fine for many situations however
  you may find some users can't make a connection (well , the
  NetConnection can't) because their firewall blocks data from
  traveling through port 1935. If those users can connect to any
  website surely they can use port 80 .And even if their setup blocks
  rtmp surely they can use RTMPT over port 80 because its really just
  plain http ...you might think the final attempt by flash player
  RTMPT on port 80 to be failsafe however the problem is that if you
  are running your webserver on the same machine as FMS then they
  can't both use port 80 at the same time....a perfectly legitimate
  solution is to use to computers one for the webserver and one for
  FMS ......two computers probably means you need to specify the
  domain in your rtmp (rtmp://mydomain.com/video).
  To force the flash player to try to connect through a
  specific port other than the defaults as specified above.....write
  rtmp as ....my_nc.connect("rtmp::8500/mydomain.com/video);
  FlashMX2004 by Phillip Kerman