Where is my TCP/IP

Similar Messages

• TCP/IP Networking settings

  Can anyone advise where are the TCP/IP network settings (IP address, DNS server etc) on the Nokia N95. I've connected to my home wireless network but I can't do anything with the connection until I've configured the network settings. There is no DHCP on the router to deliver and IP address to the phone.

  Linux fedora core1 kernel 2.4.20-20.9
  LabVIEW 6.1
  As user, when I run the client : general error on openconnection. I switch as root (using su - ) the client is working. If I go back to user (exit from root), the same error.
  It is the same error with server (as localhost), then it is a problem of firewall.
  Client and server are at disposal at
  http://eurserveur/wwwEur/LesCours/tpdistance/exa1/exa1.html

• How do I monitor a TCP/IP connection if my data does not come perdiodically?

  I have an application that connects to several acquisition devices where I get TCP packet data only when something changes. If the line gets cut, how can I monitor this so that the user of the application will know that no data will come from that certain acquisition device? Since the data does not come periodically, I cannot monitor the error from the TCP read function, i.e. Error 56 - Timeout.
  Is there a way to find out if an IP exists for example? (Such as a ping but it shoudl be fast)
  Thanks

  arikb-
  You can use the System Exec.vi to run a ping command through the command line and see if it is responding. You could also program the client such that it responds to a simple command with a verification message at any time. This would be similar to sending a ping, but it will also let you know if your LabVIEW program is on the other listening on the correct port.
  Xaq

• TCP settings?

  Where are the TCP settings on an 8330m? I've looked through everything under 'options'(and that includes all the subcategories) and can't find it.

  this settings are OK but (minimal), when you say "going forward" is this for performance or growth?
  tcp_conn_req_max_q 128
  tcp_conn_req_max_q0 1024
  tcp_xmit_hiwat 16384
  tcp_recv_hiwat 24576
  tcp_conn_hash_size 512

• Websockets TCP RST through ASA+IPS and ACE

  Hello,
  We recently deployed a new websockets project within our existing web infrastructure. The websockets traffic (as all the rest of normal web traffic) is crossing an ASA + IPS module  where I do NAT and and then is forwarded to an ACE load balancer where two real server are configured in the server farm in active/standby mode (not load balancing) due the websockets nature. Everything seems to work fine but sometimes (once every 4 days or so) and based upon the server logs a TCP Reset gets the application server and bring down the whole application.
  It's clear that this application as a bug but I would like to avoid that TCP reset as a workaround while application team fix the ibug as the go-live is soon. Anybody faced this issue and can help me to find where that supposed TCP reset comes from? I didn't get IPS alerts.
  Server log:
  "Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.    at System.Net.Sockets.NetworkStream.EndRead(IAsyncResult asyncResult)"
  Thanks,
  Miquel

  Hi Miquel,
  A packet capture on the server shall show the origin of TCP RST. If you are natting the source traffic then take front end pcaps at front end of firewall as well as at backend and similarly for ACE, to see what is the origin of TCP RST. Normally, it should be from client if it is received on the server. LB's just forward the traffic to the server but it depends and it could be loadbalancer resetting the connection. But we don't have any details to be sure. So packet captures would be our best friend here.
  Regards,
  Kanwal
  Note: Please mark answers if they are helpful.

• Permit Group to logoff and shadow users (2012 R2)

  Hello everyone,
  I'm looking for a way to grant users permission to shadow und logoff RDS user sessions.
  To do this I first need to get the user's session host und unified session id:
  $Session = Get-RDUserSession -ConnectionBroker $ConnectionBroker -CollectionName "MyCollection" -ErrorAction Stop | Where {$_.UserName -eq $CommonName}
  After that I can use the information to either logoff or shadow the user.
  For shadowing:
  mstsc /v:$HostServer /shadow:$SessionId /control
  For LogOff:
  Invoke-RDUserLogoff -Force -HostServer $Session.HostServer -UnifiedSessionID $Session.UnifiedSessionId -ErrorAction Stop
  My problem:
  To run these commands the user needs admin privileges, which is not what you want for a first level supporter.
  My question:
  Is there a way to allow a group/user to retrieve the session ID's from the Connection Broker and Logoff/Shadow without granting them admin privileges?
  In case there is no way to grant those specific permissions, what are the permissions the user requires on which machines (broker, hosts?)?

  Hi,
  Thank you for posting in Windows Server Forum.
  You can use provide access to shadow session to normal user other than administrator. To allow non-administrators permissions to shadow you can use the following command which is also applicable for Windows Server 2008 R2 
  wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSPermissionsSetting WHERE (TerminalName="RDP-Tcp") CALL AddAccount "domain\group",2
  More information:
  RDS 2012 Configure Permissions for Remote Desktop Services
  Connections
  Hope it helps!
  Thanks.
  Dharmesh Solanki

• 2012 R2 RDS Shadowing "Permissions"

  Hi All,
  Just wondering if anyone has found a "workaround" for the requirement to be an Administrator to perform Remote Desktop Shadowing in Server 2012 R2?
  We are a software development company, who offers a Remote Desktop service to our customers to use our software. Our support team needs to be able to take control of these sessions to support them.
  We made the leap to 2012 R2 purely for the shadowing feature being re-implemented. However allowing 50+ support staff, some who have little to no knowledge of Server OS's, to have administrative control on an RDS server farm, including the AD server
  which is the Connection Broker, is just not an option.
  The best i can come up with, is to lock down permissions on all Administrative Tools to these users with implicit Deny ACL's, but that does not stop them from being able to launch Add/Remove Server Roles, and perform other tasks within Server Manager.
  Also due to the Server Manager integration, gone are the days where you could permit a Terminal Services MMC for these users like we did in the "old days" of 2003.
  Does anyone have any brilliant ideas in regards to either enabling Shadowing without Administrator rights, or locking down Server Manager to a set task list?
  Thanks,
  Nash

  Hi Nash,
  A user does not need to be an Administrator to shadow other sessions under Server 2012 R2 RDS.  You need to grant the non-admin user/group permissions to the RDP-Tcp listener on each RDSH server. 
  To do this, first create a security group in your domain and add the users as members that you would like to have shadow permission.  Next log on to each 2012 R2 RDSH server, open an administrator command prompt, and enter the following
  command (substitute your domain and group name):
  wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSPermissionsSetting WHERE (TerminalName ="RDP-Tcp") CALL AddAccount "domain\group",2
  The non-admin user can use the query session command to retrieve a list of logged-on users:
  query session
  If they want to view and control another session they may use the following command:
  mstsc /shadow:<sessionid> /control
  -TP
  Brilliant! Thanks heaps - I saw this one a little earlier from the previous post and couldn't wait to give it a run.
  Darmesh, despite saying it's not possible, the link you posted points to an article where the above process is outlined.
  Appreciate the input guys, i will post back with the outcome!

• DLSW peer takes 20 min. to establish..Please Help !!!

  I have configured a Cisco 7304 with DLSW and the remote peer is not a Cisco router. When the local peer in the Cisco is not configured as promiscuous, it takes about 20min to 1h30min for the peers to get connected.
  If the local peer is configured as promiscous, it works good, but we dont want to use this configuration becasuse we want to control the connections on each router.
  What can I do in order to solve this problem ?
  Attached is the router configuration and the output of a "debug dlsw peers"

  Hi,
  based on the debug dlsw peer:
  00:02:00: DLSw: START-TPFSM (peer 172.25.252.254(2065)): event:ADMIN-OPEN CONNECTION state:DISCONN
  00:02:00: DLSw: dtp_action_a() attempting to connect peer 172.25.252.254(2065)
  00:02:00: DLSw: END-TPFSM (peer 172.25.252.254(2065)): state:DISCONN->WAIT_WR
  00:02:00: DLSw: Async Open Callback 172.25.252.254(2065) -> 11004
  00:02:00: DLSw: START-TPFSM (peer 172.25.252.254(2065)): event:TCP-WR PIPE OPENED state:WAIT_WR
  00:02:00: DLSw: dtp_action_f() start read open timer for peer 172.25.252.254(2065)
  00:02:00: DLSw: END-TPFSM (peer 172.25.252.254(2065)): state:WAIT_WR->WAIT_RD
  00:02:00: DLSw: passive open 172.25.252.254(2067) -> 2065
  00:02:00: DLSw: START-TPFSM (peer 172.25.252.254(2065)): event:TCP-RD PIPE OPENED state:WAIT_RD
  00:02:00: DLSw: dtp_action_g() read pipe opened for peer 172.25.252.254(2065)
  00:02:00: DLSw: CapExId Msg sent to peer 172.25.252.254(2065)
  00:02:00: DLSw: END-TPFSM (peer 172.25.252.254(2065)): state:WAIT_RD->WAIT_CAP
  00:02:00: DLSw: START-TPFSM (peer 172.25.252.254(2065)): event:SSP-CAP MSG RCVD state:WAIT_CAP
  00:02:00: DLSw: dtp_action_j() cap msg rcvd from peer 172.25.252.254(2065)
  00:02:00: DLSw: Recv CapExId Msg from peer 172.25.252.254(2065)
  00:02:00: DLSw: Pos CapExResp sent to peer 172.25.252.254(2065)
  00:02:00: DLSw: END-TPFSM (peer 172.25.252.254(2065)): state:WAIT_CAP->WAIT_CAP
  00:02:00: DLSw: START-TPFSM (peer 172.25.252.254(2065)): event:SSP-CAP MSG RCVD state:WAIT_CAP
  00:02:00: DLSw: dtp_action_j() cap msg rcvd from peer 172.25.252.254(2065)
  00:02:0
  Torrejon0#0: DLSw: Recv CapExPosRsp Msg from peer 172.25.252.254(2065)
  00:02:00: DLSw: END-TPFSM (peer 172.25.252.254(2065)): state:WAIT_CAP->WAIT_CAP
  00:02:00: DLSw: Processing delayed event:SSP-CAP EXCHANGED - prev state:WAIT_CAP
  00:02:00: DLSw: START-TPFSM (peer 172.25.252.254(2065)): event:SSP-CAP EXCHANGED state:WAIT_CAP
  00:02:00: DLSw: dtp_action_k() cap xchged for peer 172.25.252.254(2065)
  00:02:00: DLSw: closing read pipe tcp connection for peer 172.25.252.254(2065)
  00:02:00: DLSw: END-TPFSM (peer 172.25.252.254(2065)): state:WAIT_CAP->PCONN_WT
  00:02:00: DLSw: Processing delayed event:TCP-PEER CONNECTED - prev state:PCONN_WT
  00:02:00: DLSw: START-TPFSM (peer 172.25.252.254(2065)): event:TCP-PEER CONNECTED state:PCONN_WT
  00:02:00: DLSw: dtp_action_m() peer connected for peer 172.25.252.254(2065)
  00:02:00: DLSw: END-TPFSM (peer 172.25.252.254(2065)): state:PCONN_WT->CONNECT
  at this point the dlsw peer is in state CONNECTED
  However you always get a tcp rst or fin right afterwards. Tcp tells dlsw to disconnect the peer.
  This can have two potential sources.
  The tcp stack on this router or the tcp stack on the remote router has closed the session.
  00:02:00: DLSw: dlsw_tcpd_fini() for peer 172.25.252.254(2065)
  00:02:00: DLSw: tcp fini closing connection for peer 172.25.252.254(2065)
  00:02:00: DLSw: START-TPFSM (peer 172.25.252.254(2065)): event:ADMIN-CLOSE CONNECTION state:CONNECT
  00:02:00: DLSw: dtp_action_b() close connection for peer 172.25.252.254(2065)
  00:02:00: DLSw: END-TPFSM (peer 172.25.252.254(2065)): state:CONNECT->DISCONN
  so the question really is where does the tcp rst come from? Who is closing the tcp connection?
  This sequence repeats itself over and over again until it finally stays up.
  You can do a
  debug ip tcp driver
  debug ip tcp transaction
  this will show you if you get a disconnect or if this router is sending one. However you have to be a bit carefull with the debugging if you have a lot of tcp activity going on in this router.
  Alternative is to take a sniffer trace on the WAN and find out who is sending the tcp reset/fin in that case.
  thanks...
  Matthias

• Performance and HA for HttpClusterServlet

            Hi,
            I didn't see much information in the documentation about the HttpClusterServlet:
            - can it be (easily) set up in a HA configuration (to avoid it being a SPOF)?
            - how does it perform?
            - is it possible to cluster it?
            Regards,
            Frank Olsen
            Stonesoft
            

            "Cameron Purdy" <[email protected]> wrote:
            >You can run HttpClusterServlet on a whole slew of Weblogic Express servers
            >with a h/w load balancer in front and a cluster in back, for example.
            > That
            >gives you no SPOF (assuming secondary h/w load balancer etc.) and some
            >scale.
            >
            OK.
            >I don't know how the software load balancer fits in there ...
            >
            The answer is ... well, sorry for "plugging" our product -- (selling it would
            of course be nice); but getting feedback on what we can do better is also a good
            reason to tell yo about a possible alternative.
            As I see it, it could be an alternative to (i.e., it replaces) the dispatchers:
            - you run a cluster of WLS instances with in-memory replication to ensure failover
            of session state (or, JDBC persistence for a less performant alternative)
            - our StoneBeat WebCluster product can do this:
            . as I've explained in a thread on the in-memory replication group, this works
            fine in the major cases
            . I've been able to detect some scenarios that causes problems with sessions
            being lost, but it was in cases where the Dynamic Tcp feature of the WebCluster
            was not used (or keepalives where disabled)
            . I'm contacting BEA to see if they'd be willing to consider (certify) this
            as an alternative to the HW/SW dispacther solutions
            . of course, each have pros and cons, but if the choice is there...
            . one advantage of WebCluster would be that it is simple to set up and manage;
            it is distributed and has no inherent SPOF; it has a very good test subsystem
            to allow for dynamic load balancing
            . we also have a whole range of products from load balancing for firewalls (and
            soon our own firewall), to load balancing of web servers, ..., to a HA solution
            for databases and other applications based on shared storage
            Regards,
            Frank Olsen
            Stonesoft
            >--
            >Cameron Purdy
            >Tangosol, Inc.
            >http://www.tangosol.com
            >+1.617.623.5782
            >WebLogic Consulting Available
            >
            >
            >"Frank Olsen" <[email protected]> wrote in message
            >news:[email protected]...
            >>
            >> Hi,
            >>
            >> I didn't see much information in the documentation about the
            >HttpClusterServlet:
            >> - can it be (easily) set up in a HA configuration (to avoid it being
            >a
            >SPOF)?
            >> - how does it perform?
            >> - is it possible to cluster it?
            >>
            >> Regards,
            >> Frank Olsen
            >> Stonesoft
            >>
            >
            >
            

• ACL not Working with Keepalive Configuration

  Hi,
  I have configured ACL on CSS 11506 with software version 07.50.1_03.0 .After configuring we observed in show keepalive-summary all Server serivce are up except the App server service where keepalive type TCP & Port is configured we tried by removing keepalive configuration from App server afterwhich it is working fine does any specfic port needs to be allowed in ACL for Keepalive.Below is the conifguration which is done CSS.
  acl enable
  acl log enable
  acl 1
  clause 1 permit tcp any destination any eq 8080
  clause 2 permit tcp any destination any eq 80
  clause 3 permit tcp any destination any eq 443
  clause 4 permit any any destination 224.0.0.18
  clause 5 permit icmp any destination any
  apply all
  service WEBSERVER 1
  ip address 1.1.1.11
  redundant-index 1
  protocol tcp
  port 80
  active
  service WEBSERVER 2
  ip address 1.1.1.12
  redundant-index 2
  protocol tcp
  port 80
  active
  service APP1
  ip address 1.1.2.11
  redundant-index 10
  Keepalive type tcp
  Keepalive port 8080
  active
  service APP2
  ip address 1.1.2.12
  redundant-index 11
  Keepalive type tcp
  Keepalive port 8080
  active

  Hi,
  Thanks for reply kindly find the below required output & let me your views.
  CSS11506_Backup# sh keepalive-sum
  Keepalives:
  AUTO_nexthop00001 State: Alive 1.1.3.1
  AUTO_nexthop00002 State: Alive 1.1.3.1
  AUTO_SEZ-WEBSERVER-03 State: Down 1.1.1.11
  AUTO_SEZ-WEBSERVER-04 State: Down 1.1.1.12
  AUTO_WEBSERVER-01 State: Alive 1.1.4.6
  AUTO_WEBSERVER-02 State: Alive 1.1.4.7
  AUTO_chk-con-pix103 State: Alive 1.1.3.4
  AUTO_chk-con-pix225 State: Alive 1.1.3.17
  AUTO_chk-con-web104 State: Alive 1.1.4.5
  AUTO_chk-con-web224 State: Alive 1.1.1.18
  AUTO_chk-con-pix227 State: Alive 1.1.4.4
  AUTO_chk-con-app226 State: Alive 1.1.2.4
  AUTO_SEZAPP1 State: Down 1.1.2.11
  AUTO_SEZAPP2 State: Dying 1.1.2.12
  AUTO_nexthop00005 State: Alive 1.1.4.1
  CSS11506_Backup# sh keepalive-sum
  Keepalives:
  AUTO_nexthop00001 State: Alive 1.1.3.1
  AUTO_nexthop00002 State: Alive 1.1.3.1
  AUTO_SEZ-WEBSERVER-03 State: Down 1.1.1.11
  AUTO_SEZ-WEBSERVER-04 State: Down 1.1.1.12
  AUTO_WEBSERVER-01 State: Alive 1.1.4.6
  AUTO_WEBSERVER-02 State: Alive 1.1.4.7
  AUTO_chk-con-pix103 State: Alive 1.1.3.4
  AUTO_chk-con-pix225 State: Alive 1.1.3.17
  AUTO_chk-con-web104 State: Alive 1.1.4.5
  AUTO_chk-con-web224 State: Alive 1.1.1.18
  AUTO_chk-con-pix227 State: Alive 1.1.4.4
  AUTO_chk-con-app226 State: Alive 1.1.2.4
  AUTO_SEZAPP1 State: Down 1.1.2.11
  AUTO_SEZAPP2 State: Down 1.1.2.12
  AUTO_nexthop00005 State: Alive 1.1.4.1
  CSS11506_Backup# sh keepalive
  Keepalives:
  Name: AUTO_nexthop00001 Index: 0 State: Alive
  Description: Auto generated for service nexthop00001
  Address: 1.1.3.1 Port: Any
  Type: ICMP
  Encryption: Disabled
  Frequency: 5
  Max Failures: 3
  Retry Frequency: 5
  Dependent Services:
  nexthop00001
  Name: AUTO_nexthop00002 Index: 1 State: Alive
  Description: Auto generated for service nexthop00002
  Address: 1.1.3.1 Port: Any
  Type: ICMP
  Encryption: Disabled
  Frequency: 5
  Max Failures: 3
  Retry Frequency: 5
  Dependent Services:
  nexthop00002
  Name: AUTO_-WEBSERVER-03 Index: 2 State: Down
  Description: Auto generated for service -WEBSERVER-03
  Address: 1.1.1.11 Port: 80
  Type: TCP
  Encryption: Disabled
  Frequency: 5
  Max Failures: 3
  Retry Frequency: 5
  Dependent Services:
  -WEBSERVER-03
  Name: AUTO_-WEBSERVER-04 Index: 3 State: Down
  Description: Auto generated for service -WEBSERVER-04
  Address: 1.1.1.12 Port: 80
  Type: TCP
  Encryption: Disabled
  Frequency: 5
  Max Failures: 3
  Retry Frequency: 5
  Dependent Services:
  -WEBSERVER-04
  Name: AUTO_WEBSERVER-01 Index: 4 State: Alive
  Description: Auto generated for service WEBSERVER-01
  Address: 1.1.4.6 Port: 80
  Type: ICMP
  Encryption: Disabled
  Frequency: 5
  Max Failures: 3
  Retry Frequency: 5
  Dependent Services:
  WEBSERVER-01
  Name: AUTO_WEBSERVER-02 Index: 5 State: Alive
  Description: Auto generated for service WEBSERVER-02
  Address: 1.1.4.7 Port: 80
  Type: ICMP
  Encryption: Disabled
  Frequency: 5
  Max Failures: 3
  Retry Frequency: 5
  Dependent Services:
  WEBSERVER-02
  Name: AUTO_chk-con-pix103 Index: 6 State: Alive
  Description: Auto generated for service chk-con-pix103
  Address: 1.1.3.4 Port: Any
  Type: SCRIPT ap-kal-pinglist
  Script Arguments: "1.1.3.4"
  Script Error: None
  Script Run Time: 0 seconds
  Script Using Output parsing: No
  Encryption: Disabled
  Frequency: 2
  Max Failures: 2
  Retry Frequency: 2
  Dependent Services:
  chk-con-pix103
  Name: AUTO_chk-con-pix225 Index: 7 State: Alive
  Description: Auto generated for service chk-con-pix225
  Address: 1.1.3.17 Port: Any
  Type: SCRIPT ap-kal-pinglist
  Script Arguments: "1.1.3.17"
  Script Error: None
  Script Run Time: 0 seconds
  Script Using Output parsing: No
  Encryption: Disabled
  Frequency: 2
  Max Failures: 2
  Retry Frequency: 2
  Dependent Services:
  chk-con-pix225
  Name: AUTO_chk-con-web104 Index: 8 State: Alive
  Description: Auto generated for service chk-con-web104
  Address: 1.1.4.5 Port: Any
  Type: SCRIPT ap-kal-pinglist
  Script Arguments: "1.1.4.5"
  Script Error: None
  Script Run Time: 0 seconds
  Script Using Output parsing: No
  Encryption: Disabled
  Frequency: 2
  Max Failures: 2
  Retry Frequency: 2
  Dependent Services:
  chk-con-web104
  Name: AUTO_chk-con-web224 Index: 9 State: Alive
  Description: Auto generated for service chk-con-web224
  Address: 1.1.1.18 Port: Any
  Type: SCRIPT ap-kal-pinglist
  Script Arguments: "1.1.1.18"
  Script Error: None
  Script Run Time: 0 seconds
  Script Using Output parsing: No
  Encryption: Disabled
  Frequency: 2
  Max Failures: 2
  Retry Frequency: 2
  Dependent Services:
  chk-con-web224
  Name: AUTO_chk-con-pix227 Index: 10 State: Alive
  Description: Auto generated for service chk-con-pix227
  Address: 1.1.4.4 Port: Any
  Type: SCRIPT ap-kal-pinglist
  Script Arguments: "1.1.4.4"
  Script Error: None
  Script Run Time: 0 seconds
  Script Using Output parsing: No
  Encryption: Disabled
  Frequency: 2
  Max Failures: 2
  Retry Frequency: 2
  Dependent Services:
  chk-con-pix227
  Name: AUTO_chk-con-app226 Index: 11 State: Alive
  Description: Auto generated for service chk-con-app226
  Address: 1.1.2.4 Port: Any
  Type: SCRIPT ap-kal-pinglist
  Script Arguments: "1.1.2.4"
  Script Error: None
  Script Run Time: 0 seconds
  Script Using Output parsing: No
  Encryption: Disabled
  Frequency: 2
  Max Failures: 2
  Retry Frequency: 2
  Dependent Services:
  chk-con-app226
  Name: AUTO_APP1 Index: 12 State: Down
  Description: Auto generated for service APP1
  Address: 1.1.2.11 Port: 8080
  Type: TCP
  Encryption: Disabled
  Frequency: 5
  Max Failures: 3
  Retry Frequency: 5
  Dependent Services:
  APP1
  Name: AUTO_APP2 Index: 13 State: Down
  Description: Auto generated for service APP2
  Address: 1.1.2.12 Port: 8080
  Type: TCP
  Encryption: Disabled
  Frequency: 5
  Max Failures: 3
  Retry Frequency: 5
  Dependent Services:
  APP2
  Name: AUTO_nexthop00005 Index: 14 State: Alive
  Description: Auto generated for service nexthop00005
  Address: 1.1.4.1 Port: Any
  Type: ICMP
  Encryption: Disabled
  Frequency: 5
  Max Failures: 3
  Retry Frequency: 5
  Dependent Services:

• Shadow only for Administrators?

  Hi,
  is it true, what if user needs to shadow other user session on Windows Server 2012 R2 RDS he needs to be a local Administrator on that Terminal?
  If yes, maybe there are plans to change that?

  Hi Billy,
  Thank you for your posting in Windows Server Forum.
  No, it’s not necessary to have administrator permission to shadow the other user account.
  A user does not need to be an Administrator to shadow other sessions under Server 2012 R2 RDS.  You need to grant the non-admin user/group permissions to the RDP-Tcp listener on each RDSH server.  To do this, first create a security group in your
  domain and add the users as members that you would like to have shadow permission.  Next log on to each 2012 R2 RDSH server, open an administrator command prompt, and enter the following command (substitute your domain and group name): (Quoted from below
  thread-answered by TP)
  wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSPermissionsSetting WHERE (TerminalName ="RDP-Tcp") CALL AddAccount "domain\group",2
  Source:
  2012 R2 RDS Shadowing "Permissions"
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/5e784267-c017-4afe-855a-fe7f5b9043fb/2012-r2-rds-shadowing-permissions?forum=winserverTS
  Hope it helps!
  Thanks.
  Dharmesh Solanki

• Cannot print from wireless laptop with ultra line 9100 em router

  I am having the same problem with the new router unable to print from a wireless connected laptop only I have a ultra line 9100 em router from Verizon. I am naive as to terminology and I don't know where to start to change the IP address in the printer(HP series 6110 office jet) I got no help from Verizon and HP referred me back to Verizon. Can anybody help in plain English

  Does the Printer ALSO have a Wireless Connection ?
  Also are you running a Software based Firewall on either the desktop with the printer or the laptop ?
  I have seen instances where the Actiontec TCP/IP Range is different that the previous router and the software firewall detects this as a new network and blocks access unless you give it permission.
  If you are the original poster (OP) and your issue is solved, please remember to click the "Solution?" button so that others can more easily find it.
  If anyone has been helpful to you, please show your appreciation by clicking the "Kudos" button.

• Configure ASR via Group Policy

  A recent security advisory suggests configuring EMET 5.0 to enable some additional ASR mitigation settings for dllhost.exe and powerpoint.
  See:  Microsoft security advisory 3010060
  The instructions include importing an XML file containing the new configuration settings.
  Is there a way to apply these settings via the EMET group policy settings?
  If using group policy to configure EMET, are the default ASR settings enabled? Are any ASR settings available to be configured through group policy?

  Hi,
  No, I think there is no change from old “Win32_TSPermissionsSetting”. You can use the same class for remote control.
  You may use WMI to change the listener's security descriptor.  For example, you may use the AddAccount method to add a group to the default RDP-Tcp listener and grant it Full Control (below is using wmic logged in locally):
  wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSPermissionsSetting WHERE(TerminalName="RDP-Tcp") CALL AddAccount "DOMAIN\group",2
  After making a permission change you should log off any users that will be the target of a log off so that the change will take effect (quoted from
  this thread).
  Apart you can also try below policy setting.
  Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections 
  User Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections 
  Set rules for remote control of Remote Desktop Session Host server user sessions: Enable
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Set inactivity time via group policy or registry

  Hi,
  I have been asked to enable the "Show me as away when I've been inactive for X minutes" option within Skype's general settings for everybody in the company and also set the time option to 5 minutes.
  I so far can't find a Group Policy template that allows this however I was wondering if there was a simple registry setting that would enable this? That way I could just push out the registry setting company wide.
  Would anybody be able to point me in the right direction for this?
  Thanks
  David

  Hi,
  No, I think there is no change from old “Win32_TSPermissionsSetting”. You can use the same class for remote control.
  You may use WMI to change the listener's security descriptor.  For example, you may use the AddAccount method to add a group to the default RDP-Tcp listener and grant it Full Control (below is using wmic logged in locally):
  wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSPermissionsSetting WHERE(TerminalName="RDP-Tcp") CALL AddAccount "DOMAIN\group",2
  After making a permission change you should log off any users that will be the target of a log off so that the change will take effect (quoted from
  this thread).
  Apart you can also try below policy setting.
  Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections 
  User Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections 
  Set rules for remote control of Remote Desktop Session Host server user sessions: Enable
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Browser pipelining

  Hi Crew,
  Has anyone had any experience or learings about browser pipelining.
  It appears that the J2EE Engine supports pipeling but IE does not.
  We have a situation where because the TCP connection is closed several times during a page load, the NTLM authentication is executed multiple times during the rendering of the page.
  This has a significant impact on performance due to latency.
  Look forward to hearing your thoughts.
  Paul

  Ok, it seems you have to do the following :
  1. (if the dns name of the portal is not the same as the computer name (netbios))
  setspn -A HTTP / <portal_host_name> <netbios_name>
  (reference http://support.microsoft.com/default.aspx?scid=kb;en-us;326985 and http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/setspn-o.asp)
  If this is not done, you will only get a ticket if you add the name of the server as a DNS entry in the host file(C:\WINNT\system32\drivers\etc\host) of the client computer.
  If you install kerbtray from http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/kerbtray-o.asp
  you can see which kerberos ticket you have. You should have one for HTTP/<portal_host_name>
  Another way to check this is to view the event log on the server on the security tab. For each logon/logoff event the method is displayed. This should be kerberos, not ntlmssp.
  2. The computer must be trusted for delegation of tickets . a.     On the domain controller, click Start, point to Settings, and then click Control Panel.
  b.     Double-click the Administrative Tools folder, and then double-click Active Directory Users and Computers.
  c.     Under your domain, click the Computers folder.
  d.     In the list, locate the IIS server. Right-click the server name, and then click Properties.
  e.     Click the General tab, click to select the Trusted for delegation check box, and then click OK.
  But even after having done this changes it seems like there are quite a few reauthentications, although alot fewer than before (and they use less http packages). Perhaps this is the way it works ?
  (ps a very good walkthrough of IIS authentication is available at http://support.microsoft.com/?scid=http://support.microsoft.com%2Fservicedesks%2Fwebcasts%2Fen%2Ftranscripts%2Fwctd060904.asp , but it doesn't say what happens for subsequent kerberos request to IIS).