Where is my TCP/IP
Hello to the mac family,
Well I have finallydone it. I upgraded to Jag and got DSL. I connect fine using ethernet and Safari. What I want to do is make my system 9.2 run in the DSL line. I figure I must change the TCP/IP numbers in the 9.2 operating system.
Because I am new to X and also new to DSL I am not sure where the TCP/IP control panel is in X.
This should be a pretty simple fix. L called Veriszon and their people tell me this can be done, but can't explain how to do it.
Can someone please Help.......I have also posted in 9 to see if I get any ideas there.....As always......Thanks......mGb.......Jim
Hello Kurt,
Thanks so much for the fast reply. It was very helpful....but I think I am an idiot. The computer is connecting to the internet using system X Jag. I can't figure out how this is working. It doesn't look like the computer is set to connect but it does. The reason I say this is when I go into the settings it says that I am connecting using my old dial-up internal modem using my former ISP which was rcn.
I am very confused about this....I am pretty competent in 9.2 and figured I should be able to set it up using the setting for X..
Well anyway....I followed your suggestions and got to step 5 I don't see an" Ethernet tab"
In the location tab....it still says rcn (my former ISP)
I selected built in Ethernet next to show
Then I se TCP/IP usingDHCP.
This gives me my numbers etc.
Next to TCP/IP I have 3 other tabs.They are PPPoE......Apple Talk......Proxies
I can't seem to figure step 5........
This should be within my abilities but it seems strange the way this seems to be hooked up..
Additional info....I was using internal 56K
Thanks....any ideas from here...I am a dummy I guess Thanks JIm
Similar Messages
-
TCP/IP Networking settings
Can anyone advise where are the TCP/IP network settings (IP address, DNS server etc) on the Nokia N95. I've connected to my home wireless network but I can't do anything with the connection until I've configured the network settings. There is no DHCP on the router to deliver and IP address to the phone.
Linux fedora core1 kernel 2.4.20-20.9
LabVIEW 6.1
As user, when I run the client : general error on openconnection. I switch as root (using su - ) the client is working. If I go back to user (exit from root), the same error.
It is the same error with server (as localhost), then it is a problem of firewall.
Client and server are at disposal at
http://eurserveur/wwwEur/LesCours/tpdistance/exa1/exa1.html -
How do I monitor a TCP/IP connection if my data does not come perdiodically?
I have an application that connects to several acquisition devices where I get TCP packet data only when something changes. If the line gets cut, how can I monitor this so that the user of the application will know that no data will come from that certain acquisition device? Since the data does not come periodically, I cannot monitor the error from the TCP read function, i.e. Error 56 - Timeout.
Is there a way to find out if an IP exists for example? (Such as a ping but it shoudl be fast)
Thanksarikb-
You can use the System Exec.vi to run a ping command through the command line and see if it is responding. You could also program the client such that it responds to a simple command with a verification message at any time. This would be similar to sending a ping, but it will also let you know if your LabVIEW program is on the other listening on the correct port.
Xaq -
Where are the TCP settings on an 8330m? I've looked through everything under 'options'(and that includes all the subcategories) and can't find it.
this settings are OK but (minimal), when you say "going forward" is this for performance or growth?
tcp_conn_req_max_q 128
tcp_conn_req_max_q0 1024
tcp_xmit_hiwat 16384
tcp_recv_hiwat 24576
tcp_conn_hash_size 512 -
Websockets TCP RST through ASA+IPS and ACE
Hello,
We recently deployed a new websockets project within our existing web infrastructure. The websockets traffic (as all the rest of normal web traffic) is crossing an ASA + IPS module where I do NAT and and then is forwarded to an ACE load balancer where two real server are configured in the server farm in active/standby mode (not load balancing) due the websockets nature. Everything seems to work fine but sometimes (once every 4 days or so) and based upon the server logs a TCP Reset gets the application server and bring down the whole application.
It's clear that this application as a bug but I would like to avoid that TCP reset as a workaround while application team fix the ibug as the go-live is soon. Anybody faced this issue and can help me to find where that supposed TCP reset comes from? I didn't get IPS alerts.
Server log:
"Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. at System.Net.Sockets.NetworkStream.EndRead(IAsyncResult asyncResult)"
Thanks,
MiquelHi Miquel,
A packet capture on the server shall show the origin of TCP RST. If you are natting the source traffic then take front end pcaps at front end of firewall as well as at backend and similarly for ACE, to see what is the origin of TCP RST. Normally, it should be from client if it is received on the server. LB's just forward the traffic to the server but it depends and it could be loadbalancer resetting the connection. But we don't have any details to be sure. So packet captures would be our best friend here.
Regards,
Kanwal
Note: Please mark answers if they are helpful. -
Permit Group to logoff and shadow users (2012 R2)
Hello everyone,
I'm looking for a way to grant users permission to shadow und logoff RDS user sessions.
To do this I first need to get the user's session host und unified session id:
$Session = Get-RDUserSession -ConnectionBroker $ConnectionBroker -CollectionName "MyCollection" -ErrorAction Stop | Where {$_.UserName -eq $CommonName}
After that I can use the information to either logoff or shadow the user.
For shadowing:
mstsc /v:$HostServer /shadow:$SessionId /control
For LogOff:
Invoke-RDUserLogoff -Force -HostServer $Session.HostServer -UnifiedSessionID $Session.UnifiedSessionId -ErrorAction Stop
My problem:
To run these commands the user needs admin privileges, which is not what you want for a first level supporter.
My question:
Is there a way to allow a group/user to retrieve the session ID's from the Connection Broker and Logoff/Shadow without granting them admin privileges?
In case there is no way to grant those specific permissions, what are the permissions the user requires on which machines (broker, hosts?)?Hi,
Thank you for posting in Windows Server Forum.
You can use provide access to shadow session to normal user other than administrator. To allow non-administrators permissions to shadow you can use the following command which is also applicable for Windows Server 2008 R2
wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSPermissionsSetting WHERE (TerminalName="RDP-Tcp") CALL AddAccount "domain\group",2
More information:
RDS 2012 Configure Permissions for Remote Desktop Services
Connections
Hope it helps!
Thanks.
Dharmesh Solanki -
2012 R2 RDS Shadowing "Permissions"
Hi All,
Just wondering if anyone has found a "workaround" for the requirement to be an Administrator to perform Remote Desktop Shadowing in Server 2012 R2?
We are a software development company, who offers a Remote Desktop service to our customers to use our software. Our support team needs to be able to take control of these sessions to support them.
We made the leap to 2012 R2 purely for the shadowing feature being re-implemented. However allowing 50+ support staff, some who have little to no knowledge of Server OS's, to have administrative control on an RDS server farm, including the AD server
which is the Connection Broker, is just not an option.
The best i can come up with, is to lock down permissions on all Administrative Tools to these users with implicit Deny ACL's, but that does not stop them from being able to launch Add/Remove Server Roles, and perform other tasks within Server Manager.
Also due to the Server Manager integration, gone are the days where you could permit a Terminal Services MMC for these users like we did in the "old days" of 2003.
Does anyone have any brilliant ideas in regards to either enabling Shadowing without Administrator rights, or locking down Server Manager to a set task list?
Thanks,
NashHi Nash,
A user does not need to be an Administrator to shadow other sessions under Server 2012 R2 RDS. You need to grant the non-admin user/group permissions to the RDP-Tcp listener on each RDSH server.
To do this, first create a security group in your domain and add the users as members that you would like to have shadow permission. Next log on to each 2012 R2 RDSH server, open an administrator command prompt, and enter the following
command (substitute your domain and group name):
wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSPermissionsSetting WHERE (TerminalName ="RDP-Tcp") CALL AddAccount "domain\group",2
The non-admin user can use the query session command to retrieve a list of logged-on users:
query session
If they want to view and control another session they may use the following command:
mstsc /shadow:<sessionid> /control
-TP
Brilliant! Thanks heaps - I saw this one a little earlier from the previous post and couldn't wait to give it a run.
Darmesh, despite saying it's not possible, the link you posted points to an article where the above process is outlined.
Appreciate the input guys, i will post back with the outcome! -
DLSW peer takes 20 min. to establish..Please Help !!!
I have configured a Cisco 7304 with DLSW and the remote peer is not a Cisco router. When the local peer in the Cisco is not configured as promiscuous, it takes about 20min to 1h30min for the peers to get connected.
If the local peer is configured as promiscous, it works good, but we dont want to use this configuration becasuse we want to control the connections on each router.
What can I do in order to solve this problem ?
Attached is the router configuration and the output of a "debug dlsw peers"Hi,
based on the debug dlsw peer:
00:02:00: DLSw: START-TPFSM (peer 172.25.252.254(2065)): event:ADMIN-OPEN CONNECTION state:DISCONN
00:02:00: DLSw: dtp_action_a() attempting to connect peer 172.25.252.254(2065)
00:02:00: DLSw: END-TPFSM (peer 172.25.252.254(2065)): state:DISCONN->WAIT_WR
00:02:00: DLSw: Async Open Callback 172.25.252.254(2065) -> 11004
00:02:00: DLSw: START-TPFSM (peer 172.25.252.254(2065)): event:TCP-WR PIPE OPENED state:WAIT_WR
00:02:00: DLSw: dtp_action_f() start read open timer for peer 172.25.252.254(2065)
00:02:00: DLSw: END-TPFSM (peer 172.25.252.254(2065)): state:WAIT_WR->WAIT_RD
00:02:00: DLSw: passive open 172.25.252.254(2067) -> 2065
00:02:00: DLSw: START-TPFSM (peer 172.25.252.254(2065)): event:TCP-RD PIPE OPENED state:WAIT_RD
00:02:00: DLSw: dtp_action_g() read pipe opened for peer 172.25.252.254(2065)
00:02:00: DLSw: CapExId Msg sent to peer 172.25.252.254(2065)
00:02:00: DLSw: END-TPFSM (peer 172.25.252.254(2065)): state:WAIT_RD->WAIT_CAP
00:02:00: DLSw: START-TPFSM (peer 172.25.252.254(2065)): event:SSP-CAP MSG RCVD state:WAIT_CAP
00:02:00: DLSw: dtp_action_j() cap msg rcvd from peer 172.25.252.254(2065)
00:02:00: DLSw: Recv CapExId Msg from peer 172.25.252.254(2065)
00:02:00: DLSw: Pos CapExResp sent to peer 172.25.252.254(2065)
00:02:00: DLSw: END-TPFSM (peer 172.25.252.254(2065)): state:WAIT_CAP->WAIT_CAP
00:02:00: DLSw: START-TPFSM (peer 172.25.252.254(2065)): event:SSP-CAP MSG RCVD state:WAIT_CAP
00:02:00: DLSw: dtp_action_j() cap msg rcvd from peer 172.25.252.254(2065)
00:02:0
Torrejon0#0: DLSw: Recv CapExPosRsp Msg from peer 172.25.252.254(2065)
00:02:00: DLSw: END-TPFSM (peer 172.25.252.254(2065)): state:WAIT_CAP->WAIT_CAP
00:02:00: DLSw: Processing delayed event:SSP-CAP EXCHANGED - prev state:WAIT_CAP
00:02:00: DLSw: START-TPFSM (peer 172.25.252.254(2065)): event:SSP-CAP EXCHANGED state:WAIT_CAP
00:02:00: DLSw: dtp_action_k() cap xchged for peer 172.25.252.254(2065)
00:02:00: DLSw: closing read pipe tcp connection for peer 172.25.252.254(2065)
00:02:00: DLSw: END-TPFSM (peer 172.25.252.254(2065)): state:WAIT_CAP->PCONN_WT
00:02:00: DLSw: Processing delayed event:TCP-PEER CONNECTED - prev state:PCONN_WT
00:02:00: DLSw: START-TPFSM (peer 172.25.252.254(2065)): event:TCP-PEER CONNECTED state:PCONN_WT
00:02:00: DLSw: dtp_action_m() peer connected for peer 172.25.252.254(2065)
00:02:00: DLSw: END-TPFSM (peer 172.25.252.254(2065)): state:PCONN_WT->CONNECT
at this point the dlsw peer is in state CONNECTED
However you always get a tcp rst or fin right afterwards. Tcp tells dlsw to disconnect the peer.
This can have two potential sources.
The tcp stack on this router or the tcp stack on the remote router has closed the session.
00:02:00: DLSw: dlsw_tcpd_fini() for peer 172.25.252.254(2065)
00:02:00: DLSw: tcp fini closing connection for peer 172.25.252.254(2065)
00:02:00: DLSw: START-TPFSM (peer 172.25.252.254(2065)): event:ADMIN-CLOSE CONNECTION state:CONNECT
00:02:00: DLSw: dtp_action_b() close connection for peer 172.25.252.254(2065)
00:02:00: DLSw: END-TPFSM (peer 172.25.252.254(2065)): state:CONNECT->DISCONN
so the question really is where does the tcp rst come from? Who is closing the tcp connection?
This sequence repeats itself over and over again until it finally stays up.
You can do a
debug ip tcp driver
debug ip tcp transaction
this will show you if you get a disconnect or if this router is sending one. However you have to be a bit carefull with the debugging if you have a lot of tcp activity going on in this router.
Alternative is to take a sniffer trace on the WAN and find out who is sending the tcp reset/fin in that case.
thanks...
Matthias -
Performance and HA for HttpClusterServlet
Hi,
I didn't see much information in the documentation about the HttpClusterServlet:
- can it be (easily) set up in a HA configuration (to avoid it being a SPOF)?
- how does it perform?
- is it possible to cluster it?
Regards,
Frank Olsen
Stonesoft
"Cameron Purdy" <[email protected]> wrote:
>You can run HttpClusterServlet on a whole slew of Weblogic Express servers
>with a h/w load balancer in front and a cluster in back, for example.
> That
>gives you no SPOF (assuming secondary h/w load balancer etc.) and some
>scale.
>
OK.
>I don't know how the software load balancer fits in there ...
>
The answer is ... well, sorry for "plugging" our product -- (selling it would
of course be nice); but getting feedback on what we can do better is also a good
reason to tell yo about a possible alternative.
As I see it, it could be an alternative to (i.e., it replaces) the dispatchers:
- you run a cluster of WLS instances with in-memory replication to ensure failover
of session state (or, JDBC persistence for a less performant alternative)
- our StoneBeat WebCluster product can do this:
. as I've explained in a thread on the in-memory replication group, this works
fine in the major cases
. I've been able to detect some scenarios that causes problems with sessions
being lost, but it was in cases where the Dynamic Tcp feature of the WebCluster
was not used (or keepalives where disabled)
. I'm contacting BEA to see if they'd be willing to consider (certify) this
as an alternative to the HW/SW dispacther solutions
. of course, each have pros and cons, but if the choice is there...
. one advantage of WebCluster would be that it is simple to set up and manage;
it is distributed and has no inherent SPOF; it has a very good test subsystem
to allow for dynamic load balancing
. we also have a whole range of products from load balancing for firewalls (and
soon our own firewall), to load balancing of web servers, ..., to a HA solution
for databases and other applications based on shared storage
Regards,
Frank Olsen
Stonesoft
>--
>Cameron Purdy
>Tangosol, Inc.
>http://www.tangosol.com
>+1.617.623.5782
>WebLogic Consulting Available
>
>
>"Frank Olsen" <[email protected]> wrote in message
>news:[email protected]...
>>
>> Hi,
>>
>> I didn't see much information in the documentation about the
>HttpClusterServlet:
>> - can it be (easily) set up in a HA configuration (to avoid it being
>a
>SPOF)?
>> - how does it perform?
>> - is it possible to cluster it?
>>
>> Regards,
>> Frank Olsen
>> Stonesoft
>>
>
>
-
ACL not Working with Keepalive Configuration
Hi,
I have configured ACL on CSS 11506 with software version 07.50.1_03.0 .After configuring we observed in show keepalive-summary all Server serivce are up except the App server service where keepalive type TCP & Port is configured we tried by removing keepalive configuration from App server afterwhich it is working fine does any specfic port needs to be allowed in ACL for Keepalive.Below is the conifguration which is done CSS.
acl enable
acl log enable
acl 1
clause 1 permit tcp any destination any eq 8080
clause 2 permit tcp any destination any eq 80
clause 3 permit tcp any destination any eq 443
clause 4 permit any any destination 224.0.0.18
clause 5 permit icmp any destination any
apply all
service WEBSERVER 1
ip address 1.1.1.11
redundant-index 1
protocol tcp
port 80
active
service WEBSERVER 2
ip address 1.1.1.12
redundant-index 2
protocol tcp
port 80
active
service APP1
ip address 1.1.2.11
redundant-index 10
Keepalive type tcp
Keepalive port 8080
active
service APP2
ip address 1.1.2.12
redundant-index 11
Keepalive type tcp
Keepalive port 8080
activeHi,
Thanks for reply kindly find the below required output & let me your views.
CSS11506_Backup# sh keepalive-sum
Keepalives:
AUTO_nexthop00001 State: Alive 1.1.3.1
AUTO_nexthop00002 State: Alive 1.1.3.1
AUTO_SEZ-WEBSERVER-03 State: Down 1.1.1.11
AUTO_SEZ-WEBSERVER-04 State: Down 1.1.1.12
AUTO_WEBSERVER-01 State: Alive 1.1.4.6
AUTO_WEBSERVER-02 State: Alive 1.1.4.7
AUTO_chk-con-pix103 State: Alive 1.1.3.4
AUTO_chk-con-pix225 State: Alive 1.1.3.17
AUTO_chk-con-web104 State: Alive 1.1.4.5
AUTO_chk-con-web224 State: Alive 1.1.1.18
AUTO_chk-con-pix227 State: Alive 1.1.4.4
AUTO_chk-con-app226 State: Alive 1.1.2.4
AUTO_SEZAPP1 State: Down 1.1.2.11
AUTO_SEZAPP2 State: Dying 1.1.2.12
AUTO_nexthop00005 State: Alive 1.1.4.1
CSS11506_Backup# sh keepalive-sum
Keepalives:
AUTO_nexthop00001 State: Alive 1.1.3.1
AUTO_nexthop00002 State: Alive 1.1.3.1
AUTO_SEZ-WEBSERVER-03 State: Down 1.1.1.11
AUTO_SEZ-WEBSERVER-04 State: Down 1.1.1.12
AUTO_WEBSERVER-01 State: Alive 1.1.4.6
AUTO_WEBSERVER-02 State: Alive 1.1.4.7
AUTO_chk-con-pix103 State: Alive 1.1.3.4
AUTO_chk-con-pix225 State: Alive 1.1.3.17
AUTO_chk-con-web104 State: Alive 1.1.4.5
AUTO_chk-con-web224 State: Alive 1.1.1.18
AUTO_chk-con-pix227 State: Alive 1.1.4.4
AUTO_chk-con-app226 State: Alive 1.1.2.4
AUTO_SEZAPP1 State: Down 1.1.2.11
AUTO_SEZAPP2 State: Down 1.1.2.12
AUTO_nexthop00005 State: Alive 1.1.4.1
CSS11506_Backup# sh keepalive
Keepalives:
Name: AUTO_nexthop00001 Index: 0 State: Alive
Description: Auto generated for service nexthop00001
Address: 1.1.3.1 Port: Any
Type: ICMP
Encryption: Disabled
Frequency: 5
Max Failures: 3
Retry Frequency: 5
Dependent Services:
nexthop00001
Name: AUTO_nexthop00002 Index: 1 State: Alive
Description: Auto generated for service nexthop00002
Address: 1.1.3.1 Port: Any
Type: ICMP
Encryption: Disabled
Frequency: 5
Max Failures: 3
Retry Frequency: 5
Dependent Services:
nexthop00002
Name: AUTO_-WEBSERVER-03 Index: 2 State: Down
Description: Auto generated for service -WEBSERVER-03
Address: 1.1.1.11 Port: 80
Type: TCP
Encryption: Disabled
Frequency: 5
Max Failures: 3
Retry Frequency: 5
Dependent Services:
-WEBSERVER-03
Name: AUTO_-WEBSERVER-04 Index: 3 State: Down
Description: Auto generated for service -WEBSERVER-04
Address: 1.1.1.12 Port: 80
Type: TCP
Encryption: Disabled
Frequency: 5
Max Failures: 3
Retry Frequency: 5
Dependent Services:
-WEBSERVER-04
Name: AUTO_WEBSERVER-01 Index: 4 State: Alive
Description: Auto generated for service WEBSERVER-01
Address: 1.1.4.6 Port: 80
Type: ICMP
Encryption: Disabled
Frequency: 5
Max Failures: 3
Retry Frequency: 5
Dependent Services:
WEBSERVER-01
Name: AUTO_WEBSERVER-02 Index: 5 State: Alive
Description: Auto generated for service WEBSERVER-02
Address: 1.1.4.7 Port: 80
Type: ICMP
Encryption: Disabled
Frequency: 5
Max Failures: 3
Retry Frequency: 5
Dependent Services:
WEBSERVER-02
Name: AUTO_chk-con-pix103 Index: 6 State: Alive
Description: Auto generated for service chk-con-pix103
Address: 1.1.3.4 Port: Any
Type: SCRIPT ap-kal-pinglist
Script Arguments: "1.1.3.4"
Script Error: None
Script Run Time: 0 seconds
Script Using Output parsing: No
Encryption: Disabled
Frequency: 2
Max Failures: 2
Retry Frequency: 2
Dependent Services:
chk-con-pix103
Name: AUTO_chk-con-pix225 Index: 7 State: Alive
Description: Auto generated for service chk-con-pix225
Address: 1.1.3.17 Port: Any
Type: SCRIPT ap-kal-pinglist
Script Arguments: "1.1.3.17"
Script Error: None
Script Run Time: 0 seconds
Script Using Output parsing: No
Encryption: Disabled
Frequency: 2
Max Failures: 2
Retry Frequency: 2
Dependent Services:
chk-con-pix225
Name: AUTO_chk-con-web104 Index: 8 State: Alive
Description: Auto generated for service chk-con-web104
Address: 1.1.4.5 Port: Any
Type: SCRIPT ap-kal-pinglist
Script Arguments: "1.1.4.5"
Script Error: None
Script Run Time: 0 seconds
Script Using Output parsing: No
Encryption: Disabled
Frequency: 2
Max Failures: 2
Retry Frequency: 2
Dependent Services:
chk-con-web104
Name: AUTO_chk-con-web224 Index: 9 State: Alive
Description: Auto generated for service chk-con-web224
Address: 1.1.1.18 Port: Any
Type: SCRIPT ap-kal-pinglist
Script Arguments: "1.1.1.18"
Script Error: None
Script Run Time: 0 seconds
Script Using Output parsing: No
Encryption: Disabled
Frequency: 2
Max Failures: 2
Retry Frequency: 2
Dependent Services:
chk-con-web224
Name: AUTO_chk-con-pix227 Index: 10 State: Alive
Description: Auto generated for service chk-con-pix227
Address: 1.1.4.4 Port: Any
Type: SCRIPT ap-kal-pinglist
Script Arguments: "1.1.4.4"
Script Error: None
Script Run Time: 0 seconds
Script Using Output parsing: No
Encryption: Disabled
Frequency: 2
Max Failures: 2
Retry Frequency: 2
Dependent Services:
chk-con-pix227
Name: AUTO_chk-con-app226 Index: 11 State: Alive
Description: Auto generated for service chk-con-app226
Address: 1.1.2.4 Port: Any
Type: SCRIPT ap-kal-pinglist
Script Arguments: "1.1.2.4"
Script Error: None
Script Run Time: 0 seconds
Script Using Output parsing: No
Encryption: Disabled
Frequency: 2
Max Failures: 2
Retry Frequency: 2
Dependent Services:
chk-con-app226
Name: AUTO_APP1 Index: 12 State: Down
Description: Auto generated for service APP1
Address: 1.1.2.11 Port: 8080
Type: TCP
Encryption: Disabled
Frequency: 5
Max Failures: 3
Retry Frequency: 5
Dependent Services:
APP1
Name: AUTO_APP2 Index: 13 State: Down
Description: Auto generated for service APP2
Address: 1.1.2.12 Port: 8080
Type: TCP
Encryption: Disabled
Frequency: 5
Max Failures: 3
Retry Frequency: 5
Dependent Services:
APP2
Name: AUTO_nexthop00005 Index: 14 State: Alive
Description: Auto generated for service nexthop00005
Address: 1.1.4.1 Port: Any
Type: ICMP
Encryption: Disabled
Frequency: 5
Max Failures: 3
Retry Frequency: 5
Dependent Services: -
Shadow only for Administrators?
Hi,
is it true, what if user needs to shadow other user session on Windows Server 2012 R2 RDS he needs to be a local Administrator on that Terminal?
If yes, maybe there are plans to change that?Hi Billy,
Thank you for your posting in Windows Server Forum.
No, it’s not necessary to have administrator permission to shadow the other user account.
A user does not need to be an Administrator to shadow other sessions under Server 2012 R2 RDS. You need to grant the non-admin user/group permissions to the RDP-Tcp listener on each RDSH server. To do this, first create a security group in your
domain and add the users as members that you would like to have shadow permission. Next log on to each 2012 R2 RDSH server, open an administrator command prompt, and enter the following command (substitute your domain and group name): (Quoted from below
thread-answered by TP)
wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSPermissionsSetting WHERE (TerminalName ="RDP-Tcp") CALL AddAccount "domain\group",2
Source:
2012 R2 RDS Shadowing "Permissions"
http://social.technet.microsoft.com/Forums/windowsserver/en-US/5e784267-c017-4afe-855a-fe7f5b9043fb/2012-r2-rds-shadowing-permissions?forum=winserverTS
Hope it helps!
Thanks.
Dharmesh Solanki -
Cannot print from wireless laptop with ultra line 9100 em router
I am having the same problem with the new router unable to print from a wireless connected laptop only I have a ultra line 9100 em router from Verizon. I am naive as to terminology and I don't know where to start to change the IP address in the printer(HP series 6110 office jet) I got no help from Verizon and HP referred me back to Verizon. Can anybody help in plain English
Does the Printer ALSO have a Wireless Connection ?
Also are you running a Software based Firewall on either the desktop with the printer or the laptop ?
I have seen instances where the Actiontec TCP/IP Range is different that the previous router and the software firewall detects this as a new network and blocks access unless you give it permission.
If you are the original poster (OP) and your issue is solved, please remember to click the "Solution?" button so that others can more easily find it.
If anyone has been helpful to you, please show your appreciation by clicking the "Kudos" button. -
Configure ASR via Group Policy
A recent security advisory suggests configuring EMET 5.0 to enable some additional ASR mitigation settings for dllhost.exe and powerpoint.
See: Microsoft security advisory 3010060
The instructions include importing an XML file containing the new configuration settings.
Is there a way to apply these settings via the EMET group policy settings?
If using group policy to configure EMET, are the default ASR settings enabled? Are any ASR settings available to be configured through group policy?Hi,
No, I think there is no change from old “Win32_TSPermissionsSetting”. You can use the same class for remote control.
You may use WMI to change the listener's security descriptor. For example, you may use the AddAccount method to add a group to the default RDP-Tcp listener and grant it Full Control (below is using wmic logged in locally):
wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSPermissionsSetting WHERE(TerminalName="RDP-Tcp") CALL AddAccount "DOMAIN\group",2
After making a permission change you should log off any users that will be the target of a log off so that the change will take effect (quoted from
this thread).
Apart you can also try below policy setting.
Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections
User Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections
Set rules for remote control of Remote Desktop Session Host server user sessions: Enable
Hope it helps!
Thanks.
Dharmesh Solanki
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Set inactivity time via group policy or registry
Hi,
I have been asked to enable the "Show me as away when I've been inactive for X minutes" option within Skype's general settings for everybody in the company and also set the time option to 5 minutes.
I so far can't find a Group Policy template that allows this however I was wondering if there was a simple registry setting that would enable this? That way I could just push out the registry setting company wide.
Would anybody be able to point me in the right direction for this?
Thanks
DavidHi,
No, I think there is no change from old “Win32_TSPermissionsSetting”. You can use the same class for remote control.
You may use WMI to change the listener's security descriptor. For example, you may use the AddAccount method to add a group to the default RDP-Tcp listener and grant it Full Control (below is using wmic logged in locally):
wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSPermissionsSetting WHERE(TerminalName="RDP-Tcp") CALL AddAccount "DOMAIN\group",2
After making a permission change you should log off any users that will be the target of a log off so that the change will take effect (quoted from
this thread).
Apart you can also try below policy setting.
Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections
User Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections
Set rules for remote control of Remote Desktop Session Host server user sessions: Enable
Hope it helps!
Thanks.
Dharmesh Solanki
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Hi Crew,
Has anyone had any experience or learings about browser pipelining.
It appears that the J2EE Engine supports pipeling but IE does not.
We have a situation where because the TCP connection is closed several times during a page load, the NTLM authentication is executed multiple times during the rendering of the page.
This has a significant impact on performance due to latency.
Look forward to hearing your thoughts.
PaulOk, it seems you have to do the following :
1. (if the dns name of the portal is not the same as the computer name (netbios))
setspn -A HTTP / <portal_host_name> <netbios_name>
(reference http://support.microsoft.com/default.aspx?scid=kb;en-us;326985 and http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/setspn-o.asp)
If this is not done, you will only get a ticket if you add the name of the server as a DNS entry in the host file(C:\WINNT\system32\drivers\etc\host) of the client computer.
If you install kerbtray from http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/kerbtray-o.asp
you can see which kerberos ticket you have. You should have one for HTTP/<portal_host_name>
Another way to check this is to view the event log on the server on the security tab. For each logon/logoff event the method is displayed. This should be kerberos, not ntlmssp.
2. The computer must be trusted for delegation of tickets . a. On the domain controller, click Start, point to Settings, and then click Control Panel.
b. Double-click the Administrative Tools folder, and then double-click Active Directory Users and Computers.
c. Under your domain, click the Computers folder.
d. In the list, locate the IIS server. Right-click the server name, and then click Properties.
e. Click the General tab, click to select the Trusted for delegation check box, and then click OK.
But even after having done this changes it seems like there are quite a few reauthentications, although alot fewer than before (and they use less http packages). Perhaps this is the way it works ?
(ps a very good walkthrough of IIS authentication is available at http://support.microsoft.com/?scid=http://support.microsoft.com%2Fservicedesks%2Fwebcasts%2Fen%2Ftranscripts%2Fwctd060904.asp , but it doesn't say what happens for subsequent kerberos request to IIS).
Maybe you are looking for
-
hi, in excise invoice printout we need to print date & time of issue & removal BUt in J1ip There is no option to enter this date & time pl suggetest is there any field where we can enter this date & time of issue & removal so that it gets printed in
-
How can I use the Concentric Shape Generator in Motion to create a graphic?
Hi, "Concentric Shapes generator The Concentric Shapes generator is used to generate patterns derived from circles or from polygons ranging from 3 to 100 sides. Choose two fixed colors or set up a flexible multicolor gradient." (taken from http://www
-
Difference between down payment & advance payment
Hi frndzz.. I have lil' confusion on these two. Advance payment is what you you pay to your vendor against the purchase order is raised. Later you clear this value against the invoice sent by your vendor. I see the same is applicable for downpaymen
-
Layout for printing a book?
Does a page ordering template exist for Pages for printing a book with two pages per side of 8X10 in. paper (printing both sides) so that the pages will be ordered correctly when the sheets are stacked, folded and stapled? I want to publish poetry ch
-
Encoding .mpg? Media Encoder wont allow me to import them...
Hello, I am trying to convert my .mpg videos into a video format that I can use in Camtasia... Unfortunately, I cannot import them into Adobe Media Encoder... Any tips? Thanks for any help!! Ryan