Requirements to bring up temporarily network isolated DC
Hi Folks.
A question that has been nagging me for a while.. We are a school district with over 50 physical sites (With matching AD sites and subnets). Each site has a domain controller. (The primary data center has 3 DC's, including the FMSO role holder).
We have found that if one of the remote site loses it's network connectivity to the rest of the WAN, and the domain controller reboots, it will fail to restart AD (and therefore DNS) because it can't connect to it's replication partners.
In sandbox, I found that I can get AD and DNS up on the isolated DC by disconnecting the DC's network card during boot up.
Is this expected behavior? Or is it a sign of misconfiguration somewhere? Are there work arounds that can be done pre-emptively?
Thanks for your thoughts
Hi Paul J. Landry:
Thanks for your posting.
>>Each site has one domain controller. We have found that if one of the remote site loses its network connectivity to the rest of the WAN, and the domain controller reboots, it will fail to restart AD (and therefore DNS) because it can't connect to
its replication partners.
Yes, it will fail because it cannot replicate partners. In your scenario, we recommend to install the RODC in the remote site. Remote sites often have poor network bandwidth when they are connected to a hub site and hamper access to network resources.
RODC could faster logon times and have more efficient access to resources on the network. What more, You could allow the credential caching on an RODC. When your remote site loses the connection, the DC could replicate from the RODC.
For more information about RODCs, see the Read-Only Domain Controller (RODC) Planning and Deployment Guide (http://go.microsoft.com/fwlink/?LinkID=135993).
>>In sandbox, I found that I can get AD and DNS up on the isolated DC by disconnecting the DC's network card during boot up. Is this expected behavior? Or is it a sign of
misconfiguration somewhere? Are there work arounds that can be done pre-emptively?
If you do with the steps, the DC becomes a separate server. We don’t recommend to do.
Best Regards
Mary Dong
Similar Messages
-
Auto Deploy and VCD Network Isolation - Not Working
Hello,
I have opened a support case about this issue, but the case is moving a lot slower than I would like to see. I thought I'd post here to see if anyone has ran into anything similar.
We recently switched our 24-host vCloud cluster (more info about this cluster below) over to Auto-Deploy (was using boot from USB). After the switch, we had a few complaints from customers that use isolated networks. It turns out that only 4 of our 24 hosts were working properly with isolated networks. All 24-hosts are using the same auto-deploy image.
When the hosts boot up, the vCloud Director web interface shows the following with green check marks: "Status", "Enabled", "Ready", "Available", and "VCD Network Isolation Capable".
To get my other 20 hosts working, I disabled all 20 hosts in the vCloud interface, unprepared them, and prepared them. After this, network isolation worked for those 20 hosts. When I reboot one of the hosts, the host still looks like it's good in the interface, but network isolation doesn't work until I disable, unprepare, and prepare.
Here is some more information about our environment:
vCenter build 2001466
ESXi Host Build 2702864
VCD Build 5.5.2.2000523
vShield Build 5.5.3
Here is the Deploy Rule that the hosts are using:
Name : UCS-2.2.1-pcloud.5.5.aln
PatternList : {oemstring=$SPT:ESX_PublicCloud_autod.2.2.x}
ItemList : {ESXi-5.5.0-autod-2.2.1.vshield}
I have confirmed that this is indeed the profile being used by looking at the Summary tab for the hosts and seeing the listed Image Profile.
And here is what's in that item:
PowerCLI D:\ImageBuild> Get-EsxSoftwarePackage
Name Version Vendor Creation Date
misc-cnic-register 1.72.1.v50.1i-1vmw.550.0.0.... VMware 9/19/2013 6:0...
scsi-lpfc820 8.2.3.1-129vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
scsi-megaraid-mbox 2.20.5.1-6vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
esx-xlibs 5.5.0-0.0.1331820 VMware 9/19/2013 6:0...
lpfc 10.0.100.1-1vmw.550.0.0.133... VMware 9/19/2013 6:0...
mtip32xx-native 3.3.4-1vmw.550.1.15.1623387 VMware 2/22/2014 1:1...
net-nx-nic 5.0.621-1vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
block-cciss 3.6.14-10vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
scsi-fnic 1.6.0.5-1OEM.500.0.0.472560 cisco 9/30/2013 11:...
net-enic 2.1.2.42-1OEM.500.0.0.472560 Cisco 9/5/2013 8:30...
sata-sata-sil24 1.1-1vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
rste 2.0.2.0088-4vmw.550.1.15.16... VMware 2/22/2014 1:1...
elxnet 10.0.100.0v-1vmw.550.0.0.13... VMware 9/19/2013 6:0...
scsi-aacraid 1.1.5.1-9vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
ata-pata-cmd64x 0.2.5-3vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
net-cnic 1.72.52.v55.1-1vmw.550.0.0.... VMware 9/19/2013 6:0...
scsi-adp94xx 1.0.8.12-6vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
net-be2net 4.6.100.0v-1vmw.550.0.0.133... VMware 9/19/2013 6:0...
net-ixgbe 3.7.13.7.14iov-12vmw.550.2.... VMware 4/29/2015 6:4...
net-igb 5.0.5.1.1-1vmw.550.2.54.240... VMware 1/1/2015 8:00...
epsec-mux 5.1.0-01814505 VMware 5/13/2014 4:3...
esx-base 5.5.0-2.62.2702864 VMware 4/29/2015 6:4...
ata-pata-sil680 0.4.8-3vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
ipmi-ipmi-msghandler 39.1-4vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
ata-pata-hpt3x2n 0.3.4-3vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
scsi-megaraid-sas 5.34-9vmw.550.2.33.2068190 VMware 8/23/2014 1:5...
scsi-mptsas 4.23.01.00-9vmw.550.0.0.133... VMware 9/19/2013 6:0...
net-bnx2 2.2.3d.v55.2-1vmw.550.0.0.1... VMware 9/19/2013 6:0...
ata-pata-via 0.3.3-2vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
ima-qla4xxx 2.01.31-1vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
ata-pata-amd 0.3.10-3vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
ata-pata-serverworks 0.4.3-3vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
sata-sata-promise 2.12-3vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
sata-sata-nv 3.5-4vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
ipmi-ipmi-devintf 39.1-4vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
scsi-ips 7.12.05-4vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
sata-sata-svw 2.3-3vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
scsi-mptspi 4.23.01.00-9vmw.550.0.0.133... VMware 9/19/2013 6:0...
net-e1000e 1.1.2-4vmw.550.1.15.1623387 VMware 2/22/2014 1:1...
esx-xserver 5.5.0-0.0.1331820 VMware 9/19/2013 6:0...
net-tg3 3.123c.v55.5-1vmw.550.2.33.... VMware 8/23/2014 1:5...
net-forcedeth 0.61-2vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
scsi-aic79xx 3.1-5vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
sata-ata-piix 2.12-10vmw.550.2.33.2068190 VMware 8/23/2014 1:5...
scsi-bnx2i 2.72.11.v55.4-1vmw.550.0.0.... VMware 9/19/2013 6:0...
ohci-usb-ohci 1.0-3vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
scsi-qla4xxx 5.01.03.2-6vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
scsi-qla2xxx 902.k1.1-9vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
net-mlx4-core 1.9.7.0-1vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
ata-pata-atiixp 0.4.6-4vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
misc-drivers 5.5.0-2.62.2702864 VMware 4/29/2015 6:4...
esx-dvfilter-generic-... 5.5.0-0.0.1331820 VMware 9/19/2013 6:0...
ata-pata-pdc2027x 1.0-3vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
qlnativefc 1.0.12.0-1vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
lsi-mr3 0.255.03.01-2vmw.550.1.16.1... VMware 4/15/2014 9:0...
vshield 5.5.3-2172759 VMware 9/30/2014 2:3...
net-vmxnet3 1.1.3.0-3vmw.550.2.39.2143827 VMware 9/18/2014 11:...
scsi-hpsa 5.5.0-44vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
tools-light 5.5.0-2.62.2702864 VMware 4/29/2015 6:4...
scsi-mpt2sas 14.00.00.00-3vmw.550.1.15.1... VMware 2/22/2014 1:1...
scsi-bnx2fc 1.72.53.v55.1-1vmw.550.0.0.... VMware 9/19/2013 6:0...
lsi-msgpt3 00.255.03.03-1vmw.550.1.15.... VMware 2/22/2014 1:1...
net-e1000 8.0.3.1-3vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
xhci-xhci 1.0-2vmw.550.2.39.2143827 VMware 9/18/2014 11:...
ipmi-ipmi-si-drv 39.1-4vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
sata-ahci 3.0-21vmw.550.2.54.2403361 VMware 1/1/2015 8:00...
net-bnx2x 1.72.56.v55.2-1vmw.550.0.0.... VMware 9/19/2013 6:0...
scsi-megaraid2 2.00.4-9vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
ehci-ehci-hcd 1.0-3vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
esx-tboot 5.5.0-2.33.2068190 VMware 8/23/2014 1:5...
uhci-usb-uhci 1.0-3vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
sata-sata-sil 2.3-4vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
vcloud-agent 5.5.0-1280396 VMware 8/17/2013 4:0...
net-mlx4-en 1.9.7.0-1vmw.550.0.0.1331820 VMware 9/19/2013 6:0...
And here is the output of testing the deploy rule compliance:
PowerCLI D:\ImageBuild> Get-Cluster 0000000-ESXVCLOUDCL1.ALN | Get-VMHost |Test-
DeployRuleSetCompliance
VMHost ItemList
esx142269.vm.seo.... {}
esx140622.vm.seo.... {}
esx139784.vm.seo.... {}
esx140617.vm.seo.... {}
esx138793.vm.seo.... {}
esx135523.vm.seo.... {}
esx138945.vm.seo.... {}
esx138794.vm.seo.... {}
esx139783.vm.seo.... {}
esx140309.vm.seo.... {}
esx140310.vm.seo.... {}
esx140311.vm.seo.... {}
esx140313.vm.seo.... {}
esx140339.vm.seo.... {}
esx140614.vm.seo.... {}
esx140615.vm.seo.... {}
esx140616.vm.seo.... {}
esx140618.vm.seo.... {}
esx140619.vm.seo.... {}
esx140621.vm.seo.... {}
esx141947.vm.seo.... {}
esx141945.vm.seo.... {}
esx142271.vm.seo.... {}
esx142270.vm.seo.... {}
Here is another vib list from a host:
~ # esxcli software vib list
Name Version Vendor Acceptance Level Install Date
net-enic 2.1.2.42-1OEM.500.0.0.472560 Cisco VMwareCertified -
ata-pata-amd 0.3.10-3vmw.550.0.0.1331820 VMware VMwareCertified -
ata-pata-atiixp 0.4.6-4vmw.550.0.0.1331820 VMware VMwareCertified -
ata-pata-cmd64x 0.2.5-3vmw.550.0.0.1331820 VMware VMwareCertified -
ata-pata-hpt3x2n 0.3.4-3vmw.550.0.0.1331820 VMware VMwareCertified -
ata-pata-pdc2027x 1.0-3vmw.550.0.0.1331820 VMware VMwareCertified -
ata-pata-serverworks 0.4.3-3vmw.550.0.0.1331820 VMware VMwareCertified -
ata-pata-sil680 0.4.8-3vmw.550.0.0.1331820 VMware VMwareCertified -
ata-pata-via 0.3.3-2vmw.550.0.0.1331820 VMware VMwareCertified -
block-cciss 3.6.14-10vmw.550.0.0.1331820 VMware VMwareCertified -
ehci-ehci-hcd 1.0-3vmw.550.0.0.1331820 VMware VMwareCertified -
elxnet 10.0.100.0v-1vmw.550.0.0.1331820 VMware VMwareCertified -
epsec-mux 5.1.0-01814505 VMware VMwareCertified -
esx-base 5.5.0-2.62.2702864 VMware VMwareCertified -
esx-dvfilter-generic-fastpath 5.5.0-0.0.1331820 VMware VMwareCertified -
esx-tboot 5.5.0-2.33.2068190 VMware VMwareCertified -
esx-xlibs 5.5.0-0.0.1331820 VMware VMwareCertified -
esx-xserver 5.5.0-0.0.1331820 VMware VMwareCertified -
ima-qla4xxx 2.01.31-1vmw.550.0.0.1331820 VMware VMwareCertified -
ipmi-ipmi-devintf 39.1-4vmw.550.0.0.1331820 VMware VMwareCertified -
ipmi-ipmi-msghandler 39.1-4vmw.550.0.0.1331820 VMware VMwareCertified -
ipmi-ipmi-si-drv 39.1-4vmw.550.0.0.1331820 VMware VMwareCertified -
lpfc 10.0.100.1-1vmw.550.0.0.1331820 VMware VMwareCertified -
lsi-mr3 0.255.03.01-2vmw.550.1.16.1746018 VMware VMwareCertified -
lsi-msgpt3 00.255.03.03-1vmw.550.1.15.1623387 VMware VMwareCertified -
misc-cnic-register 1.72.1.v50.1i-1vmw.550.0.0.1331820 VMware VMwareCertified -
misc-drivers 5.5.0-2.62.2702864 VMware VMwareCertified -
mtip32xx-native 3.3.4-1vmw.550.1.15.1623387 VMware VMwareCertified -
net-be2net 4.6.100.0v-1vmw.550.0.0.1331820 VMware VMwareCertified -
net-bnx2 2.2.3d.v55.2-1vmw.550.0.0.1331820 VMware VMwareCertified -
net-bnx2x 1.72.56.v55.2-1vmw.550.0.0.1331820 VMware VMwareCertified -
net-cnic 1.72.52.v55.1-1vmw.550.0.0.1331820 VMware VMwareCertified -
net-e1000 8.0.3.1-3vmw.550.0.0.1331820 VMware VMwareCertified -
net-e1000e 1.1.2-4vmw.550.1.15.1623387 VMware VMwareCertified -
net-forcedeth 0.61-2vmw.550.0.0.1331820 VMware VMwareCertified -
net-igb 5.0.5.1.1-1vmw.550.2.54.2403361 VMware VMwareCertified -
net-ixgbe 3.7.13.7.14iov-12vmw.550.2.62.2702864 VMware VMwareCertified -
net-mlx4-core 1.9.7.0-1vmw.550.0.0.1331820 VMware VMwareCertified -
net-mlx4-en 1.9.7.0-1vmw.550.0.0.1331820 VMware VMwareCertified -
net-nx-nic 5.0.621-1vmw.550.0.0.1331820 VMware VMwareCertified -
net-tg3 3.123c.v55.5-1vmw.550.2.33.2068190 VMware VMwareCertified -
net-vmxnet3 1.1.3.0-3vmw.550.2.39.2143827 VMware VMwareCertified -
ohci-usb-ohci 1.0-3vmw.550.0.0.1331820 VMware VMwareCertified -
qlnativefc 1.0.12.0-1vmw.550.0.0.1331820 VMware VMwareCertified -
rste 2.0.2.0088-4vmw.550.1.15.1623387 VMware VMwareCertified -
sata-ahci 3.0-21vmw.550.2.54.2403361 VMware VMwareCertified -
sata-ata-piix 2.12-10vmw.550.2.33.2068190 VMware VMwareCertified -
sata-sata-nv 3.5-4vmw.550.0.0.1331820 VMware VMwareCertified -
sata-sata-promise 2.12-3vmw.550.0.0.1331820 VMware VMwareCertified -
sata-sata-sil24 1.1-1vmw.550.0.0.1331820 VMware VMwareCertified -
sata-sata-sil 2.3-4vmw.550.0.0.1331820 VMware VMwareCertified -
sata-sata-svw 2.3-3vmw.550.0.0.1331820 VMware VMwareCertified -
scsi-aacraid 1.1.5.1-9vmw.550.0.0.1331820 VMware VMwareCertified -
scsi-adp94xx 1.0.8.12-6vmw.550.0.0.1331820 VMware VMwareCertified -
scsi-aic79xx 3.1-5vmw.550.0.0.1331820 VMware VMwareCertified -
scsi-bnx2fc 1.72.53.v55.1-1vmw.550.0.0.1331820 VMware VMwareCertified -
scsi-bnx2i 2.72.11.v55.4-1vmw.550.0.0.1331820 VMware VMwareCertified -
scsi-hpsa 5.5.0-44vmw.550.0.0.1331820 VMware VMwareCertified -
scsi-ips 7.12.05-4vmw.550.0.0.1331820 VMware VMwareCertified -
scsi-lpfc820 8.2.3.1-129vmw.550.0.0.1331820 VMware VMwareCertified -
scsi-megaraid-mbox 2.20.5.1-6vmw.550.0.0.1331820 VMware VMwareCertified -
scsi-megaraid-sas 5.34-9vmw.550.2.33.2068190 VMware VMwareCertified -
scsi-megaraid2 2.00.4-9vmw.550.0.0.1331820 VMware VMwareCertified -
scsi-mpt2sas 14.00.00.00-3vmw.550.1.15.1623387 VMware VMwareCertified -
scsi-mptsas 4.23.01.00-9vmw.550.0.0.1331820 VMware VMwareCertified -
scsi-mptspi 4.23.01.00-9vmw.550.0.0.1331820 VMware VMwareCertified -
scsi-qla2xxx 902.k1.1-9vmw.550.0.0.1331820 VMware VMwareCertified -
scsi-qla4xxx 5.01.03.2-6vmw.550.0.0.1331820 VMware VMwareCertified -
uhci-usb-uhci 1.0-3vmw.550.0.0.1331820 VMware VMwareCertified -
vcloud-agent 5.5.0-1280396 VMware VMwareCertified -
vmware-fdm 5.5.0-2001466 VMware VMwareCertified -
vshield 5.5.3-2172759 VMware VMwareCertified -
xhci-xhci 1.0-2vmw.550.2.39.2143827 VMware VMwareCertified -
tools-light 5.5.0-2.62.2702864 VMware VMwareCertified -
scsi-fnic 1.6.0.5-1OEM.500.0.0.472560 cisco VMwareCertified -
Any help is appreciated. Thanks.Right now, on my test host (that is not working), I have two VMs, one named "Test 1" and the other "Test 2" They only have an isolated network on them (named "Test Isolated Network") that is in my VDC, and pings do not work between them. If I move them to any other host (that have been unprepared and prepared), pings work. I can move both to the same host, or different hosts.
Here is the fence info on this host, I'm not really sure how to interpret this:
~ # esxcli vcloud fence getfenceinfo
Module Parameters:
Host Key: 0x104b0
Configured LAN MTUs:
+------------------------------------------------------------------------------------------+
| LAN ID | 1 2 3 4 5 6 7 8 9 10 - - - - - - |
| MTU | 1500 1500 1500 1500 1500 1500 1500 1500 1500 1500 - - - - - - |
+------------------------------------------------------------------------------------------+
Active Ports:
+-----------------------------------------+
| ID | OPI | LanID | MTU |
+-----------------------------------------+
| 410b1d4ce7d0 | 01,0001a2 | 4 | 1500 |
| 410b1d4cfde0 | 01,0001a2 | 4 | 1500 |
+-----------------------------------------+
Switch State:
+-----------------------------------------------------+
| Inner MAC | Outer MAC | used | age | seen |
+-----------------------------------------------------+
+ ............................... Port:0x410b1d4ce7d0 +
+-----------------------------------------------------+
+ ............................... Port:0x410b1d4cfde0 +
| 00:50:56:01:06:16 | 00:13:F5:01:04:B4 | 1 | 1 | 1 |
+-----------------------------------------------------+
Port Statistics Summary:
+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Identity | To VM dropped | To VM passed | From VM dropped | From VM passed | Reflect |
| Port ID | Fence ID | total | misunf | misfen | stored | frag | other | fenced | join | unfen | csum | frag | GVT | other | fenced | tso | frag | csum | GVT | ufport | pass | error |
+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| 410b1d4ce7d0 | 01,0001a2 | 3991 | 2 | 3976 | 0 | 0 | 0 | 13 | 0 | 0 | 0 | 0 | 0 | 0 | 679 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| 410b1d4cfde0 | 01,0001a2 | 4478 | 2 | 3860 | 0 | 0 | 0 | 616 | 0 | 0 | 0 | 0 | 0 | 0 | 626 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
And here is the output of the command a little while later on the same host (while my test pings are going)
~ # esxcli vcloud fence getfenceinfo
Module Parameters:
Host Key: 0x104b0
Configured LAN MTUs:
+------------------------------------------------------------------------------------------+
| LAN ID | 1 2 3 4 5 6 7 8 9 10 - - - - - - |
| MTU | 1500 1500 1500 1500 1500 1500 1500 1500 1500 1500 - - - - - - |
+------------------------------------------------------------------------------------------+
Active Ports:
+-----------------------------------------+
| ID | OPI | LanID | MTU |
+-----------------------------------------+
| 410b1d4ce7d0 | 01,0001a2 | 4 | 1500 |
| 410b1d4cfde0 | 01,0001a2 | 4 | 1500 |
+-----------------------------------------+
Switch State:
+-----------------------------------------------------+
| Inner MAC | Outer MAC | used | age | seen |
+-----------------------------------------------------+
+ ............................... Port:0x410b1d4ce7d0 +
+-----------------------------------------------------+
+ ............................... Port:0x410b1d4cfde0 +
| 00:50:56:01:06:16 | 00:13:F5:01:04:B4 | 1 | 1 | 1 |
+-----------------------------------------------------+
Port Statistics Summary:
+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Identity | To VM dropped | To VM passed | From VM dropped | From VM passed | Reflect |
| Port ID | Fence ID | total | misunf | misfen | stored | frag | other | fenced | join | unfen | csum | frag | GVT | other | fenced | tso | frag | csum | GVT | ufport | pass | error |
+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| 410b1d4ce7d0 | 01,0001a2 | 4696 | 2 | 4681 | 0 | 0 | 0 | 13 | 0 | 0 | 0 | 0 | 0 | 0 | 796 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| 410b1d4cfde0 | 01,0001a2 | 5300 | 2 | 4565 | 0 | 0 | 0 | 733 | 0 | 0 | 0 | 0 | 0 | 0 | 743 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
Looking at the VDS, the Maximum MTU is set to 1500. Looking at dvs.VCDVSTest Isolated Network-ca9a45c9-1dec-4f95-8b96-68d9c05b2a5d, I see it's VLAN is set to 2535 (which matches the network pool settings) and number of ports is 16 -
WRT110 and Vista SP1 - additional log on information is required to connect to this network...
Setup WEP 64bit . WinXP SP3 and iPod Touch connect fine but when I select the SSID via Vista it doesn't give the network option. How can I get the network propt option to appear.
[img]http://www.auburn.edu/oit/connectivity/wireless/images/new_connectionsVista10.jpg[/img]
"additional log on information is required to connect to this network
You may need to select a certificate or enter a user name and password to connect to this network."
[img]http://www.auburn.edu/oit/connectivity/wireless/images/new_connectionsVista11.jpg[/img]
I updated to the lastest firmware with no luck.
Using WRT110 firmware Ver. 1.0.04 (build 10).toomanydonuts let me clarify again:
-XP SP3 desktop = able to connect.
-iPod Touch = able to connect.
New Vista SP1 laptop = NOT able to connect and DO NOT get a prompt to enter a Network Key. Instead I get:
"additional log on information is required to connect to this network
You may need to select a certificate or enter a user name and password to connect to this network."
here is an example screen shot of the above message (found on another web site).
http://www.auburn.edu/oit/connectivity/wireless/images/new_connectionsVista11.jpg
Then Vista SP1 as me to enter a user name/password/domain. This is a home network.
http://www.auburn.edu/oit/connectivity/wireless/images/new_connectionsVista12.jpg
No prompt for Network Key (on VISTA SP1).
My WRT110 is running the lastest firmware Ver. 1.0.04 (build 10).
Message Edited by FerociousLS on 02-04-2009 04:45 AM
Message Edited by FerociousLS on 02-04-2009 04:46 AM
Message Edited by FerociousLS on 02-04-2009 04:47 AM -
Can't find "Require Password" checkbox when creating network on MBP
I'm trying to create a network as I've often done on a MacBook Pro.
When I bring up the window to create the network, there is no "Require Password" checkbox.
Does anyone know how to require a password please? I'm trying to create a little network for just my MBP, AppleTV and iPhone so that I run presentations via Airplay in a conference room, and I don't want everyone in the room logging onto my Mac. Thanks in advance.
MBP Retina 13" late 2013. Yosemite 10.10.2OK I've managed to solve this problem but there's no rhyme or reason why what I did had any effect. I dug out the old printer and noticed that it was getting a 10.x IP address whereas the 710 was getting a 168.x IP address... that should have been my first clue, but I wasn't thinking. Nevertheless, I had no idea why it was getting that sort of IP address.
So, I went through the manual set up (again) on the printer, and instead of searching for the SSID, I typed it in manually. Now it gets a 10.x IP address and it's showing up on my network.
In the end, there is something screwy with the way the network software on the printer is handling its network search feature. Definitely an Epson thing, not Apple. -
[SOLVED] netctl not bringing up my network at boot
I recently converted from netcfg to netctl and but my network is not coming up ever at boot time. Once the machine is booted I can bring it up manually using
netcfg start ethernet-static
It is obviously an static IP address and I copied the netctl sample script and then modified it. Here is my ethernet-static profile.
Description='A basic static ethernet connection'
Interface=enp2s0
Connection=ethernet
IP=static
Address=('192.168.0.5/24')
#Routes=('192.168.0.0/24 via 192.168.1.2')
Gateway='192.168.0.1'
DNS=('192.168.0.1')
## For IPv6 autoconfiguration
#IP6=stateless
## For IPv6 static address configuration
#IP6=static
#Address6=('1234:5678:9abc:def::1/64' '1234:3456::123/96')
#Routes6=('abcd::1234')
#Gateway6='1234:0:123::abcd'
The output of journalctl -d | grep net is the following
un 14 08:40:03 kfrance-home kernel: Initializing cgroup subsys net_cls
Jun 14 08:40:03 kfrance-home kernel: audit: initializing netlink socket (disabled)
Jun 14 08:40:03 kfrance-home kernel: drop_monitor: Initializing network drop monitor service
Jun 14 08:40:03 kfrance-home systemd[1]: Expecting device sys-subsystem-net-devices-enp2s0.device...
Jun 14 08:40:03 kfrance-home kernel: r8169 Gigabit Ethernet driver 2.3LK-NAPI loaded
Jun 14 08:40:03 kfrance-home kernel: microcode: Microcode Update Driver: v2.00 <[email protected]>, Peter Oruba
Jun 14 08:40:03 kfrance-home systemd-udevd[171]: renamed network interface eth0 to enp3s0
Jun 14 08:40:03 kfrance-home systemd-udevd[168]: renamed network interface eth0 to enp2s0
Jun 14 08:40:07 kfrance-home network[253]: Starting network profile 'ethernet-static'...
Jun 14 08:40:12 kfrance-home network[253]: No connection on interface 'enp2s0'
Jun 14 08:40:12 kfrance-home network[253]: Failed to bring the network up for profile 'ethernet-static'
Jun 14 08:40:12 kfrance-home systemd[1]: netctl@ethernet\x2dstatic.service: main process exited, code=exited, status=1/FAILURE
Jun 14 08:40:12 kfrance-home systemd[1]: Failed to start A basic static ethernet connection.
Jun 14 08:40:12 kfrance-home systemd[1]: Unit netctl@ethernet\x2dstatic.service entered failed state.
Jun 14 08:47:53 kfrance-home sudo[1300]: kfrance : TTY=pts/1 ; PWD=/home/emily ; USER=root ; COMMAND=/usr/bin/netctl start ethernet-static
Jun 14 08:47:53 kfrance-home systemd[1]: Starting A basic static ethernet connection...
Jun 14 08:47:53 kfrance-home network[1307]: Starting network profile 'ethernet-static'...
Jun 14 08:47:57 kfrance-home network[1307]: Started network profile 'ethernet-static'
Jun 14 08:47:57 kfrance-home systemd[1]: Started A basic static ethernet connection.
Nothing from netcfg, or any other network service, is leading to a conflict for configuring the network.
systemctl list-units | grep net
[email protected] loaded active exited A basic static ethernet connection
network.target loaded active active Network
I do have two ethernet ports but from what I can tell the naming of the two ports is consistent.
netctl status shows that my ethernet-static profile is the only profile and is active.
I know I could connect without using netctl but want to get this working. Any ideas?
Last edited by kfrance (2013-06-15 04:12:06)I fixed the problem. I changed the device name of the ethernet device I wanted to use using an udev-rule, according to the notes on the Network Configuration wiki page, to make sure that it wasn't a naming conflict and that solved it.
-
WAP4410N access point 4 or 8 digit PIN required by WIN 8.1 network not of router label
I am unable to get my WAP4410N wireless access point connected to my switch with an RJ45 connection to join my network because the 4 or 8 numeric digit PIN required by Win 7 and Win 8.1 is not identifiable on the router label. The network sees the WAP4410N but will not accept any6 of the numbers I put in. I have tried various numbers from the Mac address, serial number and model number, but "network setup" will not accept any of them.
Hi Peter, this is a Windows feature (a confusing one at that). On the same Window where the message displays asking for the PIN should say something like "Connect to the network without setting it up". This should take care of that for you.
-
What is required for Cisco WSA SensorBase network to work ?
Hello !
I would like to know if the Web Security Appliance has to have a public address to receive the data collected by SensorBase network.
Is there any additional requirements ?
Thank you for your answers.
Stephane WalkerHi Stephane,
The WSA will somehow connected to the Internet directly or via a firewall with your external IP address in the egress point.
SensorBase participation is working via URL via wbnp.ironport.com:443
Depending on your routing, you can test if your WSA can reach this URL from its interface.
I hope this helps.
thanks,
Donny
(*If you have received the answer to your original question, and found this helpful/correct - please mark the question as answered, and be sure to leave a rating to reflect!) -
I have a network requirement to acheive where we are installing a LIS software which should be adhereing to the HIPAA Compliance and should be seperated from the existing network infrastructure. Our network has 4510 as the core switch directly attaching to campus. Also a firewall is hanging off the core for Internet. Now internally all the VLANs talk to each other. Going forward the new server should be communicating from a secure vlan and only with the required clients only if permitted. How would i go to implement this in our existing network? I have requirement for 2 VM hosts and storage for that server. Everyone accessing this server should follow the HIPAA compliance guidelines.......
Should I implement using access-list in the core by creating a VLAN but i think it wouldn't be that scalable and nightmare for maintance and troubleshooting?
Should I implement it by forcing the traffic through ASA(hairpining) and inspecting the traffic over there on ASA along with static nat and also should i have to permit intra interface traffic?
I am confused about how to implement this solution?
Little help into this or any documentation that would help me to get to the solution.
Thanks in advance.I haven't worked anywhere needing HIPAA compliance but I would have thought the guidelines would dictate what level of security you needed ie. stateless acls on the SVI or stateful firewall.
In terms of the implementation then I assume the server will be in it's own vlan ?
If so I can't see why maintaining an acl will be any more work than updating rules on a firewall.
If you did use the firewall then you would need to create a vlan for the server but no SVI, ie. you extend the vlan to the firewall.
Then you would need a route on the 4500 for this vlan pointing to the firewall so clients could get to the server.
The servers default gateway would obviously be the firewall.
Is this at all helpful or were you asking something completely different ?
Jon -
Compliance and Storage Network Isolation
I have two tenants in a multitenant environment that access the same iSCSI array. The iSCSI array has a limitation in that can only use one IP address on one vLAN. the result of this is that using this array means sharing a vLAN between two tenants, even though it is a non-routed vLAN dedicated to iSCSI. (ESXi vmkernel adapters from HA clusters in both tenants connect to the same iSCSI array). Tenant A has no special compliance requirements, but Tenant B does. The LUNs in the storage array are mapped only to the appropriate IPs for the appropriate ESXi servers in the respective environments to access. But will sharing this vLAN among iSCSI vmkernel ports in both tenants mean that Tenant B will be non-compliant with respect to a standard such as HIPAA? The vmkernel ports would be in the same broadcast domain.
It matters if the traffic is routed or not. "Routing" traffic and "switching" traffic are two different things and the "bandiwidth" rating on "routing" traffic versus "switching" traffic are considerably lower. More takes place when a "packet" is routed than when it just uses layer 2 traffic. This must be taken in consideration when planning traffic between your VM servers and its respective "storage, VMs and etc. Personally, I would never have that traffic "routed". Never. Do it if you like. I wouldn't recommend it. Any time your "hop" to a target... you introduce latency. Maybe your network fabric can handle it now... But what will happen when you start adding to your environment?
Remember the maximumn throughput on a 1 GB connection is 125mbs. Even creating a 2 member bond just gives you 250/mbs. Throw a "hop" in the mix....... I just don't like the numbers. Especially if you're going to run several VM guests on one server.
I feel your pain. Oracle VM can be a complicated product to use if you don't understand its full functionality. If you don't have your system in production.... then change it. Go through the headache now. Oracle VM works very well when it is setup properly. Very well. I just implemented a RAC environment running Oracle's ERP systems for several hundred users. It works great. Haven't had one problem since the migration. Performance is spectacular... -
AppleTV constantly requires me to re-input network and iTunes passwords
Why does my Apple TV constantly require me to renter my wi-fi network and iTunes account passwords? This mostly happens after it has been shutdown; however last night it asked me to renter my iTunes password during the MIDDLE of watching a movie I rented. Any suggestions?
I I tried to update my software (currently 4.3) and it as says it's up to date...i would change the wifi channel as interference would explain your issue
-
Best ways to transfer files to network isolated VMs?
I'm looking at creating a DHCP scope and have some IP addresses that would be static for such items as routers, printers, etc. I've been told various ways depending on your point of view. I'm curious on what everyone's perspective is.For example, I have a scope of IP addresses, for example 192.168.0.0 - 192.168-0.255. Obviously I can't use 192.168.0.0 and 192.168.0.255. Out of the remaining IP addresses, I'd like to save 10 IP addresses (192.168.0.1 - 192.168.0.10) for static IP addresses. Some people have said to start the scope at 192.168.0.11 while others have said to include the first 10 IP addresses and exclude/reserve them. BTW, I do know the difference between reservation and exclusion.The way that I was taught is that since I'm not going to have those addresses leased out, that I should start my scope at .11. The only benefit...
My scan doesn't recognize the above device. If there is no SMNP support in the device, is there anything other than classifying it as a network device that I can do?Also, I have two devices running off of this device by its routerEthernet ports. One is a MS Vista PC, the other is a MS Win 8.1 device. Is it possible to scan through this router to get information about these more moderndevices? If so, how?Likewise, the router is also a wireless access point. I only connect one device to it via Wi-Fi. Can the inventory include information about the WAP?Below are some scan test results for the router.Thanks!Dave-------------------------------------------------------------------------------------------------D-Link DIR-615 Hardware version B2, Firmware 2.25WAN is Comcast Cable Modem RouterTrace Route(15:03:03)Tracing route to 10.1.10.9 over...
-
DAG Replication Network Isolation from MAPI
Hi,
Recently We have implemented Exchange 2010 SP2 DR setup.
We have two sites Prod and DR. We are facing some issue in DAG replication Network (Replication Adapter).
We are using 10.10.10.x for Mapi Networks and 192.168.1.x for Replication Network for Prod and 10.11.10.x for MAPI and 192.168.2.x for Replications.
As per Microsoft recommended, We configured replication adapters and added static routes for Replication Network.
We understand, Replicarion adapter is used for DAG Replication (Log Shipping and Seeding) and configured forewall to allow tonly DAG port 64327 for replication Vlans between sites.
Now, When we check the replication network hit in firewall. Its still using MAPI Network (MAPI Nic) to communication with DR sites. Replication Nics is not working properly.
Please let me know, How to isolate the MAPI and Replication Networks. Do we need configure Replication Port in DAG properties.
How to check whether Replication Network is working between the sites.
Regards
M
My Problem is, While seeding is happening between Primary Site to DR Site. Connections are going only via MAPI Networks. It is not using Replication Netowork. I have added the static route in all the prod and DR Mailbox Servers. But I have not
configured Replication Port in DAG properties. And also, I allowed only Port 64327 for Replication Vlan in both Primary and DR. Please let me know if you have any solutions. Regards M
That's expected if you are just using the EMC, or using standard options via EMS
What happens if you use
http://technet.microsoft.com/en-us/library/dd335201(v=exchg.141).aspx
Update-MailboxDatabaseCopy -Network
and
http://technet.microsoft.com/en-us/library/dd335158.aspx
Managing Mailbox Database Copies
To specify the networks you want to use for seeding, use the Network parameter when running the
Update-MailboxDatabaseCopy cmdlet and specify the DAG networks that you want to use. If you don't use the
Network parameter, the system uses the following default behavior for selecting a network to use for the seeding operation:
If the source server and target server are on the same subnet and a replication network has been configured that includes the subnet, the replication network will be used.
If the source server and target server are on different subnets, even if a replication network that contains those subnets has been configured, the client (MAPI) network will be used for seeding.
If the source server and target server are in different datacenters, the client (MAPI) network will be used for seeding.
Cheers,
Rhoderick
Microsoft Premier Field Engineer, Exchange
Blog:
http://blogs.technet.com/rmilne Twitter:
LinkedIn:
Facebook:
Note: My posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose. -
Require Password for Printing to Networked Printer?
Hi All,
I have a HP Color LaserJet 3600n on my network of 4 Airport Extreme Gigabit Routers. It is both connected by USB to the router AND CAT6 Ethernet to the router for a direct network connection. I have 5 computers on the network and i would like to password protect the printing to this printer. We also have an HP LaserJet 4100 connected by USB only. That is the regular printer that everyone should print to but if they need color they need to request permission. Is there a way to be asked for a password every time they want to print to the color? It doesn't matter if it is printing through network IP or Bonjour USB.
Thanks
- HarrisIt may be possible. On your computer's browser enter the following URL: http://localhost:631/. This should open the CUPS administration page. There is a set of tabs near the top of the page. Click on the tab labeled Administration. You should now see a list of options you can check. You should see one labeled "Use Kerberos authentication (FAQ). Click on the FAQ link which will open a help page on configuring and using Kerberos authentication with CUPS. From here you are on your own because I know nothing about this nor if it will provide the type of password control for which you are looking.
-
Safari requires password to connect to network when there isn't one
on my imac when i open safari it says it can't connect to the internet and i run network diagnostics. When I do it recognizes my network but wants a password and there isn't one. I have other PCs and they all connect fine without a password . . . HELP!
Have you tried a Restart...?
-
Power requirements for a 1042 mesh network
this note is from the 5508 controller config manual, does this apply to 1040 access points in a mesh network?
Note:The recommended power source for MAPs is either a power supply or power injector. PoE is not a recommended power source for MAPs.No, that would be about the 15xx series of MESH AP.
Steve
Maybe you are looking for
-
Opening Balance and closing balance
Dear All, Can i create a calculated field for ledger opening balance and closing balance. we are using epicor. I dont know the exact table which captures opening balance and closing balance, where as i got credit balances and debit bala
-
How do I install my Creative Cloud apps on my new computer?
My old laptop that I had originally downloaded my creative cloud membership on broke. I bought a new laptop and now when I sign into my adobe account online I don't have the option to download any of the apps, only to buy them; even though I have a y
-
Original windows 8 operating system
I am having a problem with my HP notebook in which windows 8(which was pre-installed when i bought it) got crashed and i don't have any recovery. Please let me know how to get original windows 8 operating system on my notebook.
-
Printing to a network printer - printing error "Adobe Print Engine" failure
I was printing to a network printer all day and then it just stop. The printing error read: "Adobe Print Engine failed to output your data due to an unknown problem." Does anyone have any ideas as to how I can fix this problem? It is happening with A
-
How do i save photos from ios to pc from icloud
can i save pictures from iphone to pc using icloud? wil i be able to delete from iphone without deleting from pc?