AAA config for PIX
Hello folks!!!
In my PIX 515E I hv configured AAA configuration(tacacs+) & hv also configured serial console authentication as "local" & telnet console authentication from tacacs+ server.Apart from this I hv also configured authorization as "tacacs+" server.Now if AAA server is not available Iam able to go in to user mode with the "enable pwd" set in PIX but if I try to go into enable mode it gives error msg "AAA command authorization failed" since it looks for AAA server for authorization & that is not available.Is there a way by which I can overcome this by configuring "local" authorization as a fallback incase the AAA server is not available
Cheers
SS
You can add a command like this
aaa authentication login default tacacs local
aaa authentication login CONSOLE local
So if Tacacs fail local will take over.
http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080093c81.shtml#login_auth
Similar Messages
-
I am struggling in configuring the TACACS configure to allow authentication via Cisco ACS, I could able to configure for switches 2950,3750 but not with ASA & PIX, can any let me know the configs?
I am actually looking for a similar command which I used on the Cisco 2950/3750
aaa new-model
aaa authentication login default group tacacs+ enable local
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
with this commands I could able to track the command what all the user has used, logs with the user name which I configured on TACACS, the command which you have sent me I could able to login with the TACACS user name "aaa-server TACACS+ host " but it is not accounting all the details like login & logout time, command what the user has issued etc.. -
Aaa authorization commands for pix 535
Hi ,
Can you provide aaa authorization commands for pix 535
Sanjay Nalawade.Hi,
Please find the AAA config for PIX.
aaa-server TACACS+ protocol tacacs+
max-failed-attempts 5
aaa-server TACACS+ (ExranetFW-In) host
timeout 5
key ********
aaa authentication enable console TACACS+ LOCAL
aaa authentication serial console TACACS+ LOCAL
aaa authentication http console TACACS+ LOCAL
aaa authentication ssh console TACACS+ LOCAL
aaa authorization command LOCAL
aaa accounting command privilege 15 TACACS+
aaa authorization exec authentication-server
Karuppuchamy -
AD DS Config problem (The AAAA record for this DC was not found) Cannot connect to ADUC
I am trying to figure out what is wrong with my AD DS Config. I ran dcdiag. The results were:
C:\Users\Administrator>dcdiag /test:dns
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = R210_1_2K12
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\R210_1_2K12
Starting test: Connectivity
......................... R210_1_2K12 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\R210_1_2K12
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
......................... R210_1_2K12 passed test DNS
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : bcas-tbf
Running enterprise tests on : bcas-tbf.local
Starting test: DNS
Test results for domain controllers:
DC: R210_1_2K12.bcas-tbf.local
Domain: bcas-tbf.local
TEST: Basic (Basc)
Warning: The AAAA record for this DC was not found
TEST: Records registration (RReg)
Network Adapter [00000017] Hyper-V Virtual Ethernet Adapter:
Warning:
Missing AAAA record at DNS server 172.16.0.202:
R210_1_2K12.bcas-tbf.local
Warning:
Missing AAAA record at DNS server 172.16.0.202:
gc._msdcs.bcas-tbf.local
Warning:
Missing AAAA record at DNS server ::1:
R210_1_2K12.bcas-tbf.local
Warning:
Missing AAAA record at DNS server ::1:
gc._msdcs.bcas-tbf.local
Warning: Record Registrations not found in some network adapters
R210_1_2K12 PASS WARN PASS PASS PASS WARN n/a
......................... bcas-tbf.local passed test DNS
IPCONFIG info:
C:\Users\Administrator>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : R210_1_2K12
Primary Dns Suffix . . . . . . . : bcas-tbf.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : bcas-tbf.local
Ethernet adapter vEthernet (Broadcom BCM5716C NetXtreme II GigE (NDIS VBD Client
) #36 - Virtual Switch):
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #2
Physical Address. . . . . . . . . : 00-26-B9-7E-81-74
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::bda9:1a28:974a:5fc3%19(Preferred)
IPv4 Address. . . . . . . . . . . : 172.16.0.202(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.16.0.1
DHCPv6 IAID . . . . . . . . . . . : 335554233
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-0A-52-45-00-26-B9-7E-81-75
DNS Servers . . . . . . . . . . . : ::1
172.16.0.202
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{AE70C63E-0A8A-4461-A789-8E4CD99CEA46}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 11:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:1cf5:1d4f:53ef:ff35(Pref
erred)
Link-local IPv6 Address . . . . . : fe80::1cf5:1d4f:53ef:ff35%15(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
I'm unsure of what the problem is or what to do next. Thank You.Disable IPv6 according to Pauls blog:
Disabling
IPv6 on Windows 2008
After disabling run:
ipconfig /flushdns
ipconfig /registerdns
restart the netlogon service or reboot.
For co-existence from IPv4 and IPv6 see:
Configuring DNS for IPv6/IPv4
Coexistence
IPv6
for the Windows Administrator: How Name Resolution Works in a Dual IPv4/IPv6 Scenario
IPv6 for the Windows Administrator: IPv6 Fundamentals
Hopefully, that fixes your issue. Added some links to read in cause you want to.
If it answered your question, remember to “Mark as Answer”.
If you found this post helpful, please “Vote as Helpful”.
Postings are provided “AS IS” with no warranties, and confers no rights.
Active Directory: Ultimate Reading Collection -
AAA Rules for PIX515E 6.3(5)
Hello. If I wanted to configure the PIX for authentication from an ACS server (for the purpose of PIX management), what else would I need apart from the following:
aaa-server Admin-FW protocol tacacs+
aaa-server Admin-FW max-failed-attempts 3
aaa-server Admin-FW deadtime 10
aaa-server Admin-FW (inside) host 192.168.2.9 access timeout 10
aaa authentication serial console Admin-FW
aaa authentication telnet console Admin-FW
aaa authentication ssh console Admin-FW
AFAIK, I have not specified what IP addresses that someone can telnet from to log onto the PIX. I have tried the following, but I'm sure I haven't provided the correct statements:
aaa authentication include telnet inside 192.168.0.0 255.255.0.0 Admin-FW
... and I get a Username / Password prompt on the PIX but it keeps asking for a username and password. I know my TACACS account is fine since I can log onto routers with the same details as what I am using to authenticate to the PIX.
I also ran a debug on the PIX when I was trying to authenticate. The output is attached.
Thanks,
TimothyHi,
Config seems to be just fine, though you can still go through following :
Telnet access :
http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/sysmgmt.html#wp1022109
SSH access :
http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/sysmgmt.html#wp1034079
"aaa authentication include telnet inside 192.168.0.0 255.255.0.0 Admin-FW"
Above command is for pass through traffic, and has no role for Administrative authentication. So you can remove this.
Apart from that, in your debugs I see this,
150: Processing a rejection for user , session id: 1097271073
151: Processing a rejection for user , session id: 1097271073
*152: Marking server 192.168.2.9 down in servertag Admin-FW*
153: Processing a rejection for user , session id: 1097271073
154: Processing a rejection for user , session id: 1097271073
Can you check your ACS server logs pass/fail, to see of you are even touching the ACS server.
I am sure you must have defined a AAA client entry for PIX as a TACACS+ client.
Please look into that. As from these debugs it seems like, PIX is considering it dead.
Debugs that can help you :
debug aaa authentication
debug aaa authorization
Also, as you are using version 6.3(5),
Create a local account on PIX, and use these commands,
aaa authentication serial console Admin-FW LOCAL
aaa authentication telnet console Admin-FW LOCAL
aaa authentication ssh console Admin-FW LOCAL
So that you always have a fallback.
Regards,
Prem -
AAA authentication for networking devices using ACS 4.1 SE
Hi!!!
I want to perform AAA authentication for networking devices using ACS 4.1 SE.
I do have Cisco 4500, 6500,2960, 3750, 3560, ASA, CSMARS, routers (2821) etc in my network. I want to have radius based authentication for the same.
I want telnet, ssh has,console attempt to be verified by radius server & if ACS goes down then it will be via local enable passwordf.
For all users i need to have different privilege levels based upon which access will be granted.
could u plz send me the config that is required to be done in the active devices as well as ACS!!!!Pradeep,
Are you planning MAC authentication for some users while using EAP for others?
For MAC authentication, just use the following in your AP.
aaa authentication login mac_methods group radius
In your AP, select the radius server for mac authentication. You must have already defined your ACS as a radius server.
In your SSID configuration, under client authentication settings,
check "open authentication" and also select "MAC Authentication" from the drop-down list.
If you want both MAC or EAP, then select "MAC Authentication or EAP" from the dropdown.
Define the mac address as the username and password in ACS. Make sure the format of the mac is without any spaces.
You will not need to change anything in XP.
NOTE: XP normally does not require user authentication if machine has already authenticated but it might behave differently. If it does, I can let you know the registry settings to force the behaviour change.
HTH -
REMOVING IPSEC VPN CONFIG FROM PIX 6.3 FIREWALL
Hey,
we have pix 6.3 serving as internet firewall and we are int process of replacing it with new ASA Device. currently there are several site to site and remote vpn are configured for access purposes.
i tried to remove one site2site ipsec vpn from pix and it starts acting like a loop generating the same error with qty that processor got 100% CPU, couldn't logged in through normal ssh so i connected via console and place back the isakmp and crypto map commands back in and the error stops.
My purpose of this question is that how can i remove vpn config from pix without generating any error is there any formal process or order of removing rules from pix or we can do it one by one no order is required.
MY PROCESS OF REMOVING CONFIG:
REMOVE THE ACCESS-LIST INSIDEOUT AND OUTSIDE IN COMMANDS
REMOVE THE OBJECTS AND OBJECTS GROUPS
REMOVE THE VPN DEFINED ACCESS-LIST FOR INTERESTING TRAFFIC
REMOVE CRYPTO MAP TRANSFORM-SET
REMOVE ISAKMP-POLICY
REMOVE CRYPTO MAP
WE DO USE ISAKMP SHARED KAY MECHANISM "I DID NOT REMOVE THAT "
BUT AS SOON AS I REMOVE THE CRYPTO MAP FROM THE PIX I GOT THIS ERROR
IPSEC(crypto_map_check): crypto map XYZ 20 incomplete. No peer or access-list specified.
20 IS THE ISAKMP POLICY NUMBER & Peer and Access-list was removed from pix
any help would great
regardsHi
You could do either of 2 things.
1) Enable NAT-Traversal on your ASA
2) Add the following on your pix :
fixup protocol esp-ike
This allows one IPSEC connection to run through PAT.
HTH
Jon -
Securely backing up config for ASA
How do you usually store the backup config for your ASA/PIX config so that it's easily accessible, and yet it's secure enough? Do you simply save it to a network drive? Is there a better way to do it? I just like to know the best practice out there. It's because if I save the backup config in a network drive, people may be able to get to it and look at the config file since it's not encrypted. Any recommendation is welcome. Thanks.
We have our configs backed up automatically and they are stored in a database (with security). Why can't you save it to a network drive that has the appropriate permissions? You could also store them in an encrypted virtual drive using something like TrueCrypt.
Hope that helps. -
I've been trying to find AAA model access configs for 2950's running CATOS. Are there any command references I can review to add radius authentication to the catos similar to IOS12.x?
Thanks.
IOS AAA MODEL:
username adin priv xx password xxx
username admin priv xx password xxx
service password-encryption
aaa new-model
aaa authentication login default local-case radius
aaa authorization exec default local radius if-authenticated
radius-server host 192.1.1.1
radius-server timeout 2
radius-server key pwd111Hi Friend,
2950 is not at all a CATOS switch it is again an IOS switch.
I think you may be having 2948G or someother switch having CATOS like 4k or 6k.
If you are looking for AAA config or infact to be more precise radius configs for CATOS switch have a look at this link
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/8_1/config/authent.htm#1020746
hope thats helps , if yes please rate the post.
Ankur -
Hi
Does anyone have a sample config for standalone Cisco AP1252 (Cisco IOS) for AD Authentication for wireless ?
Appreciated your kind reply.The short version :
in config terminal mode :
-radius-server host auth-port 1812 acct-port 1813 key 0
-aaa authentication dot1x eap_methods group radiusThen you need to configure your ssid for dot1x :-dot11 ssid -authentication open eap eap_methods-authentication network-eap eap_methodsThis is only the part needed for radius interaction. This assumes that you already configured your SSID with according WPA settings.that's about it I think.If you want info about more commands or so, just check out this link :http://www.cisco.com/en/US/docs/wireless/access_point/12.4_10b_JA/configuration/guide/scg12410b-chap11-authtypes.html#wp1002608 -
I have set up authentication and Authorization on the PIX. Authentication works but Authorization fails. I try to debug but nothing shows up (on PIX or ACS), but it does if I debug Authentication
Make sure you have enable authentication ,
aaa authentication ssh console TACACS LOCAL
aaa authentication telnet console TACACS LOCAL
aaa authentication enable console TACACS LOCAL
aaa authorization command TACACS LOCAL
Incase it does not work pls get aaa config
Regards,
~JG
Do rate helpful posts -
Hello all,
I am referring to the PIX 6.3 command reference guide for the command "aaa authentication". As per this document, there is no option like 'inbound' or 'outbound' in this command. But the examples under these command show these keywords. I am getting confused here.
Can anyone show me a place where AAA commands on PIX are explained clearly. I know how these commands work on a router. But PIX is very difficult to understand.
Any help would be highly appreciated.
TIA,
MohanThere is an inbound/outbound option in the aaa authentication command on the PIX. You could refer to the command reference at http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a0080104239.html#wp1025384
-
Dear all,
I'm a new basis and now I'm working in big project ERP. I have a disturbed about config for Production client.
In scc4 we must set client role is Production and No change allowed for Objects. But in production some time we need do Open and Close Period, or change following business requirement, ... This is not allowed to do in Production client.
How do we config for Production client to cover this requirements ?
Do we need a config client for maintain Production client ? Example: Production client is 500, Config client is 100. When we need Open or Close Period or change anything, we do in 100 and transfer request to 500.
Thank you very much.
Regards,
Thanh.
Do not use text message language, the next time your thread will be deleted.
Read the "Rules of Engagement"
Edited by: Juan Reyes on Dec 1, 2010 11:06 AMYou can customize transaction to be executable although the setting in SCC4 is "productive", this is accomplished by using transaction SOBJ:
Note 1497640 - Open and close periods in productive client
You can theoretically put every customizing view there and make it "executable" in a production system.
Markus -
How to use the same services-config for the local and remote servers.
My flex project works fine using the below but when I upload my flash file to the server I doesn't work, all the relative paths and files are the same execpt the remote one is a linux server.
<?xml version="1.0" encoding="UTF-8"?>
<services-config>
<services>
<service id="amfphp-flashremoting-service"
class="flex.messaging.services.RemotingService"
messageTypes="flex.messaging.messages.RemotingMessage">
<destination id="amfphp">
<channels>
<channel ref="my-amfphp"/>
</channels>
<properties>
<source>*</source>
</properties>
</destination>
</service>
</services>
<channels>
<channel-definition id="my-amfphp" class="mx.messaging.channels.AMFChannel">
<endpoint uri="http://localhost/domainn.org/amfphp/gateway.php" class="flex.messaging.endpoints.AMFEndpoint"/>
</channel-definition>
</channels>
</services-config>
I think the problem is the line
<endpoint uri="http://localhost/domainn.org/amfphp/gateway.php" class="flex.messaging.endpoints.AMFEndpoint"/>
but I'm not sure how to use the same services-config for the local and remote servers.paul.williams wrote:
You are confusing "served from a web-server" with "compiled on a web-server". Served from a web-server means you are downloading a file from the web-server, it does not necessarily mean that the files has been generated / compiled on the server.
The server.name and server.port tokens are replaced at runtime (ie. on the client when the swf has been downloaded and is running) not compile time (ie. while mxmlc / ant / wet-tier compiler is running). You do not need to compile on the server to take advantage of this.
Hi Paul,
In Flex, there is feature that lets developer to put all service-config.xml file configuration information into swf file. with
-services=path/to/services-config.xml
IF
services-config.xml
have tokens in it and user have not specified additional
-context-root
and this swf file is not served from web-app-server (like tomcat for example) than it will not work,
Flash player have no possible way to replace token values of service-config.xml file durring runtime if that service-config.xml file have been baked into swf file during compilation,
for example during development you can launch your swf file from your browser with file// protocol and still be able to access blazeDS services if
-services=path/to/services-config.xml
have been specified durring compilation.
I dont know any better way to exmplain this, but in summary there is two places that you can tell swf about service confogiration,
1) pass -services=path/to/services-config.xml parameter to compiler this way you tell swf file up front about all that good stuff,
or 2) you put that file on the webserver( in this case, yes you should have replacement tokens in that file) and they will be repaced at runtime . -
DCDIAG /test:dns result is pested here.
C:\Users\administrator.SUD>dcdiag /test:dns
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = MUM-ADS-01
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\MUM-ADS-01
Starting test: Connectivity
......................... MUM-ADS-01 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\MUM-ADS-01
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
......................... MUM-ADS-01 passed test DNS
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : sud
Running enterprise tests on : sud.in
Starting test: DNS
Test results for domain controllers:
DC: MUM-ADS-01.sud.in
Domain: sud.in
TEST: Basic (Basc)
Warning: The AAAA record for this DC was not found
TEST: Forwarders/Root hints (Forw)
Error: Root hints list has invalid root hint server:
a.root-servers.net. (198.41.0.4)
Error: Root hints list has invalid root hint server:
b.root-servers.net. (128.9.0.107)
Error: Root hints list has invalid root hint server:
c.root-servers.net. (192.33.4.12)
Error: Root hints list has invalid root hint server:
d.root-servers.net. (128.8.10.90)
Error: Root hints list has invalid root hint server:
e.root-servers.net. (192.203.230.10)
Error: Root hints list has invalid root hint server:
f.root-servers.net. (192.5.5.241)
Error: Root hints list has invalid root hint server:
g.root-servers.net. (192.112.36.4)
Error: Root hints list has invalid root hint server:
h.root-servers.net. (128.63.2.53)
Error: Root hints list has invalid root hint server:
i.root-servers.net. (192.36.148.17)
Error: Root hints list has invalid root hint server:
j.root-servers.net. (192.58.128.30)
Error: Root hints list has invalid root hint server:
k.root-servers.net. (193.0.14.129)
Error: Root hints list has invalid root hint server:
l.root-servers.net. (198.32.64.12)
Error: Root hints list has invalid root hint server:
m.root-servers.net. (202.12.27.33)
TEST: Delegations (Del)
Error: DNS server: sud-ad.sud.in. IP:<Unavailable>
[Missing glue A record]
TEST: Records registration (RReg)
Network Adapter
[00000006] Intel(R) PRO/1000 MT Network Connection:
Warning:
Missing AAAA record at DNS server 10.1.6.132:
MUM-ADS-01.sud.in
Warning:
Missing AAAA record at DNS server 10.1.6.132:
gc._msdcs.sud.in
Warning:
Missing AAAA record at DNS server 10.1.6.133:
MUM-ADS-01.sud.in
Warning:
Missing AAAA record at DNS server 10.1.6.133:
gc._msdcs.sud.in
Warning: Record Registrations not found in some network adapters
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 128.63.2.53
DNS server: 128.8.10.90 (d.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 128.8.10.90
DNS server: 128.9.0.107 (b.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 128.9.0.107
DNS server: 192.112.36.4 (g.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.112.36.4
DNS server: 192.203.230.10 (e.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.203.230.10
DNS server: 192.33.4.12 (c.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.33.4.12
DNS server: 192.36.148.17 (i.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.36.148.17
DNS server: 192.5.5.241 (f.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.5.5.241
DNS server: 192.58.128.30 (j.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.58.128.30
DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 193.0.14.129
DNS server: 198.32.64.12 (l.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 198.32.64.12
DNS server: 198.41.0.4 (a.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 198.41.0.4
DNS server: 202.12.27.33 (m.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 202.12.27.33
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
Domain: sud.in
MUM-ADS-01 PASS WARN FAIL FAIL PASS WARN n/a
......................... sud.in failed test DNSHi Meinolf,
Please find the IP Details as well as DNS test results.
C:\Users\Administrator.SCI>dcdiag /test:dns
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = MDCDCDNS
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: MDC-Powai\MDCDCDNS
Starting test: Connectivity
......................... MDCDCDNS passed test Connectivity
Doing primary tests
Testing server: MDC-Powai\MDCDCDNS
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
ERROR: NO DNS servers for IPV6 stack was found
......................... MDCDCDNS passed test DNS
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : sci
Running enterprise tests on : sci.com
Starting test: DNS
Test results for domain controllers:
DC: MDCDCDNS.sci.com
Domain: sci.com
TEST: Basic (Basc)
Warning: The AAAA record for this DC was not found
TEST: Records registration (RReg)
Network Adapter
[00000009] Microsoft Virtual Network Switch Adapter:
Warning:
Missing AAAA record at DNS server 10.64.7.32:
MDCDCDNS.sci.com
Warning:
Missing AAAA record at DNS server 10.64.7.32:
gc._msdcs.sci.com
Warning:
Missing AAAA record at DNS server 10.64.7.35:
MDCDCDNS.sci.com
Warning:
Missing AAAA record at DNS server 10.64.7.35:
gc._msdcs.sci.com
Warning:
Missing AAAA record at DNS server 10.20.33.72:
MDCDCDNS.sci.com
Warning:
Missing AAAA record at DNS server 10.20.33.72:
gc._msdcs.sci.com
Warning:
Missing AAAA record at DNS server 10.20.33.71:
MDCDCDNS.sci.com
Warning:
Missing AAAA record at DNS server 10.20.33.71:
gc._msdcs.sci.com
Warning: Record Registrations not found in some network adapters
MDCDCDNS PASS WARN PASS PASS PASS WARN n/a
......................... sci.com passed test DNS
C:\Users\Administrator.SCI>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : MDCDCDNS
Primary Dns Suffix . . . . . . . : sci.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : sci.com
Ethernet adapter Local Area Connection 7:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : External Internal Virtual Network
Physical Address. . . . . . . . . : 00-14-4F-CA-83-AC
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.64.7.32(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.64.7.1
DNS Servers . . . . . . . . . . . : 10.64.7.32
10.64.7.35
10.20.33.72
10.20.33.71
NetBIOS over Tcpip. . . . . . . . : Disabled
Ethernet adapter Local Area Connection 6:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TEAM : Team #1
Physical Address. . . . . . . . . : 00-14-4F-CA-83-AC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Autoconfiguration IPv4 Address. . : 169.254.105.163(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Local Area Connection* 8:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{2D5A4A27-298F-48E5-A376-EA886EF1E
42A}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 9:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{14FA7CD4-8B69-4C86-A58B-056793B7D
901}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Please check and revert back for any queries..
Thanks...
Deva Self-trust is the first secret of success.
Maybe you are looking for
-
I run a network of 10 macs, all run OSX 10.4.11 using Safari 3.0.4 (523.12.2) Two of the macs (One: imac 2.4 Ghz intel with 3 gb ram; the second computer MacBook Pro 2.2 Ghz, 2 gb ram) Cannot access one website by typing the name (www.visiondc.com) -
-
Unable to undeploy a dictionary project
Hi, I have a DC that is of the type Dictionary project. I have my tables defined in this. How do I undeploy this DC. I tried it from the SDM and it is greyed out and does not allow me to undeploy it. So if I have it in my SDA it does not deploy as i
-
Adobe Reader 7でセキュリティ設定したPDFを開けない
Adobe Reader 7でセキュリティ設定したPDFを開くと次のエラーが発生するという事象が起こっています. 埋め込みフォント「OONPKP+MS-Pgothic」を抽出できません.一部の文字を正しく表示できない場合や.印刷できない場合があります. 対象のPDFはExcel97-2003形式のXLSファイルをPDF変換した後パスワードをかけてセキュリティ設定したもので.以下のプロパティになっています. アプリケーション:PScript5.dll Version 5.2.2 PDF変換:Acr
-
Why canI not download photoshop or creative cloud on windows 8?
I wanted to try out Lightroom or photoshop, but everytime I try to download it, I am told that photoshop or lightroom is a desktop app, so I need to download it from my desktop. Weird. I am trying to download on a Windows 8 Surface. Does that make
-
Hi, I'm trying to pass data from self-defined table which has a field type of LCHR and its length is more than 255 characters. Which type of element should I use on Smartforms side to get all data to the smartform? Now it shows only ~255 characters b