ASA5505 won't allow Windows Server 2012 r2 to access internet
I have an ASA5505 I am trying to integrate into our network, however the ASA5505 won't allow our server to access the internet via our HP Procurve layer3 switch. Currently, only the server is connected via the switch as well as the two trunk lines to the ASA5505, for testing purposes. What I am hoping to accomplish is: Internet -> ASA5505 -> Layer3 Switch -> VLANS. The configuration is listed below:
CISCO ASA5505 / with Security Plus Lic:
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
switchport access vlan 1
interface Ethernet0/2
switchport trunk allowed vlan 10,20,30
switchport mode trunk
interface Ethernet0/3
switchport trunk allowed vlan 40,60,250
switchport mode trunk
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 192.168.80.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 10.2.100.2 255.255.255.0
interface Vlan10
no nameif
security-level 100
no ip address
interface Vlan20
no nameif
security-level 100
no ip address
interface Vlan30
no nameif
security-level 100
no ip address
interface Vlan40
no nameif
security-level 100
no ip address
interface Vlan60
no nameif
security-level 100
no ip address
interface Vlan250
no nameif
security-level 100
no ip address
object network obj_any
subnet 0.0.0.0 0.0.0.0
access-list inside_access_in extended permit ip any any
object network obj_any
nat (inside,outside) dynamic interface
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 10.2.100.1 1
route inside 192.168.10.0 255.255.255.0 192.168.80.1 1
HP Procurve E2620 Layer3 switch:
Status and Counters - VLAN Information
Primary VLAN : DEFAULT_VLAN
VLAN ID Name | Status Voice Jumbo
------- -------------------------------- + ---------- ----- -----
1 DEFAULT_VLAN | Port-based No No
10 SERVER | Port-based No No
IP Route Entries
Destination Gateway VLAN Type Sub-Type Metric Dist.
0.0.0.0/0 192.168.80.1 1 static 1 1
127.0.0.0/8 reject static 0 0
127.0.0.1/32 lo0 connected 1 0
192.168.10.0/24 SERVER 10 connected 1 0
192.168.20.0/24 CLIENT 20 connected 1 0
192.168.30.0/24 WIFI 30 connected 1 0
192.168.40.0/24 GUEST 40 connected 1 0
192.168.60.0/24 STORAGE 60 connected 1 0
192.168.80.0/24 DEFAULT_VLAN 1 connected 1 0
192.168.250.0/24 Manage 250 connected 1 0
Load Balancing Method: L3-based (Default), L2-based if non-IP traffic
Port | Name Type | Group Type
---- + -------------------------------- --------- + ----- --------
23 | 10/100TX | Trk2 Trunk
24 | 10/100TX | Trk1 Trunk
Status and Counters - VLAN Information
Primary VLAN : DEFAULT_VLAN
Management VLAN :
Port Information Mode Unknown VLAN Status
1 DEFAULT_VLAN | Port-based No No
10 SERVER | Port-based No No
20 CLIENT | Port-based No No
30 WIFI | Port-based No No
40 GUEST | Port-based No No
60 STORAGE | Port-based No No
250 Manage | Port-based No No
Switch Configuration - VLAN - VLAN Port Assignment
Port DEFAULT_VLAN SERVER CLIENT WIFI GUEST STORAGE Manage
---- + <----------- ------------ ------------ ------------ ------------ ------------ ------------
6 | No Untagged No No No No No
Trk1 | Untagged Tagged Tagged Tagged No No No
Trk2 | Untagged No No No Tagged Tagged Tagged
first off, what license do you have installed on the ASA (show version will tell you that)?
Second, if I remember correctly trunk in HP terms does not mean the same as trunk in Cisco terms. In HP a trunk refers to the bundling of an interface in what Cisco calls Etherchannels or Portchannels (which the 5505 does not support)
Also you need to configure names for all the VLAN interfaces and either dynamic NAT for each interface or configure a dynamic NAT that matches all the interfaces (with the any keyword)
object network obj_any
nat (any,outside) dynamic interface
Please remember to select a correct answer and rate helpful posts
Similar Messages
-
Clean Installation of Windows Server 2012 R2 cannot access internet
I just installed a clean Windows Server 2012 R2 Data Center and all drivers installed with no issue. I used Ethernet connection to access internet via IE (let say google.com) but failed. Clicked "Fix connection problem" and returned "website
(www.google.com) is online but isn't responding to connections attempts." Therefore, I suspected Windows Firewall (WF) setting. I disabled WF, allow IE in WF, allow port 80 but all did not work in this case. I am able to ping google.com but it just does'n
work in browser (IE, Chrome, Firefox). The same cable connection I tried with Windows 8.1, 7 with no issue. Please advise is there any clue I miss up for Windows 2012 R2 Data Center?
SeanC:\Users\Administrator>ipconfig/all
Windows IP Configuration
Host Name . . . . . . . . . . . . : WIN-4O28FIG5HD5
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 30-85-A9-94-5B-62
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.13(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, June 6, 2014 11:46:30 PM
Lease Expires . . . . . . . . . . : Saturday, June 7, 2014 11:46:30 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled
C:\Users\Administrator>nslookup
Default Server: router.asus.com
Address: 192.168.1.1
> google.com
Server: router.asus.com
Address: 192.168.1.1
Non-authoritative answer:
Name: google.com
Addresses: 2404:6800:4001:801::1008
123.136.105.20
123.136.105.35
123.136.105.46
123.136.105.59
123.136.105.49
123.136.105.27
123.136.105.57
123.136.105.37
123.136.105.24
123.136.105.31
123.136.105.53
123.136.105.38
123.136.105.48
123.136.105.26
123.136.105.16
123.136.105.42
LAN settings in IE is set to Automatically detect settings, no proxy is selected.
Sean -
Windows Server 2012 R2 RDP access too slow when user access
HI Team,
Recently installed Windows Server 2012 R2 Standard edition .
The above server also promoted as Domain controller.
I am trying to access the server VIA RDP from Windows 8 client machine access is toll slow and welcome screen shows for 2 to 3 minutes then only i can able to see my server desktop.
Please advise me.We have two applications published on Rdweb.
1. MS
Paint
2. Remote
Desktop with option /v: <fqdn of the terminal server itself>
MS Paint – can see local drives when logged on to the paint application
Remote Desktop with parameters /v: <fqdn of the terminal server itself> - cannot see local drives when logged onto the full desktop view
Mahesh -
Network Positioning of a Windows Server 2012 R2 Direct Access & VPN Server
Reposted moved from Windows Server Forums- Security
Hi
I'm in the process of creating a new active directory forest with a single domain using AD.Contoso.com to use the Microsoft example. The reason I have decided on AD.XXXXXXXXX.com is to get way from using split horizon (Split Brain) DNS. The requirements
for our new domain are :-
2012 R2 AD
Direct Access & VPN
Exchange 2013 OWA, Active Sync Outlook Anywhere (Possibly a Hybrid Config where we have on premises mailboxes and some exchange online mailboxes Office 365 etc)
Lync 2013 ?
SharePoint 2013 ?
Microsoft Active Directory Certificate Services
System Center Configuration Manager 2012 R2
Two way trusts between old forest and new to enable Transition/Migration
Ok so that's what I'm aiming for so now the question.
They are allowing me to purchase a next Generation Firewall may be a Barracuda NG firewall or a Cisco ASA X series so I need some advice on what type of network topology I should configure. I've read that using the two NIC configuration for
the 2012 R2 Direct Access Server is preferable, one nic on the internal network one on the perimeter. The problem I have with this is that it bridges the internal network and the perimeter bypassing the backend Firewall see image
The other alternative is to dispense with the perimeter network use the Direct Access server with a single NIC and setup the NG Firewall in a three-legged config with the DA server on the DMZ.
So all you security experts out there what would be your design for this simple domain? we don't need any HA or Load Balancing.
Thanks
SimonOk I'm not sure we are going to get any advice on this subject but one last effort. Our budget can only stretch to one next generation firewall so I'm considering the following three legged firewall design with a two NIC 2012 R2 Direct
Access server. If someone could validate this configuration or suggest an alternative then I would be grateful. -
How do I change the URL to the Remote Web Access server in Windows Server 2012?
Hallo!
I have set up a Remote Dexktop Service using the "Quick" deployment method in Server Manager and everything is working greate internally, but I cannot start an app published in Remote Web Access from outside our network.
The problem is that it wants to start the using the internal URL, for example, server.domain.local, instead of the external one, for example remote.server.com.
I therefore want to know how I can change the default URL for the Remote Web Access server and all the Remote Web Apps in Windows Server 2012?
I have allready looked in Server Manager and I can change some of the deployment settings in server manager, but there is no way to alter the URL of the Remote Web Access server. See below images:
Pressing the internal URL only results in opening the internal URL.
This was very simple to do in Windows Server 2008 R2 using the tsconfig tool, but it does not seam to be any way of solving this in server manager.
A possible sollution would be to alter the registry someware in HKLM->Software->Microsoft->Windows NT->Terminal Services. But this can easaly lead to problems due to wrong format, etc. and is probably not supported.
Is there a simpler and supported way?That option can be used to connect to any machine that you want. The error message indicates that the client machine cannot resolve the name "server.domain.local" to an IP address that it can connect to.
You have several options for configuring that tab on the RDweb site. You can even remove it entirely.
Customization of RD Web Site
RD Web provides a number of customization options for the RD Web interface, including the ability to control default Gateway server settings and redirection settings. These settings
are controlled by editing the web.config file located in %SYSTEMROOT%\Web\RDWeb\Pages.
Displaying Local Help
To display local help for users instead of the web-based help, edit the LocalHelp value and change the value from false to true.
<!-- LocalHelp: Displays local help for users, instead of the web-based help. Value must be "true" or "false" -->
<add key="LocalHelp" value="false" />
When this value is changed, a user that clicks on Help in the upper right corner of the RD Web login page will open the local help file instead of web-based help.
Hiding the Connect to a Remote PC Tab
The RDWeb page
Connect to a Remote PC tab can be hidden from users to prevent connections to any servers through RD Web other than the servers configured in a collection. By default, this setting is set to true and the
Remote Desktops tab is displayed. To hide the tab, set the value to false.
<!-- ShowDesktops: Displays or hides the Remote Desktops tab. Value must be "true" or "false" -->
<add key="ShowDesktops" value="true" />
When the value is set to false, a user will not see the Connect to a Remote PC tab when logged on to the RD Web page
RD Gateway Settings
If the Connect to a Remote PC tab is enabled, an administrator can configure RD Web to use a Gateway server when connecting to remote computers. To specify a gateway, edit the below
value with the name of the RD Gateway server:
<!-- DefaultTSGateway: Admin can preset this to a given Gateway name, or set to "" for no gateway. -->
<add key="DefaultTSGateway" value="" />
The default authentication method for the RD Gateway server can also be configured by editing the following section of the web.config:
<!-- GatewayCredentialsSource: TS Gateway Authentication Type.
Admins can preset this.
0 = User Password
1 = Smartcard
4 = "Ask me later"
-->
<add key="GatewayCredentialsSource" value="0" />
Devices and Resources
By default, only Printers and Clipboard are redirected on connections made using the Connect to a Remote PC tab. If the user clicks the
Options << button, the redirection settings for a specific connection can be modified
To configure each specified redirection option to be enabled or disabled by default, edit the following section in the web.config file:
<!-- Devices and resources: Preset the Checkbox values to either true or false -->
<add key="xPrinterRedirection" value="true" />
<add key="xClipboard" value="true" />
<add key="xDriveRedirection" value="false" />
<add key="xPnPRedirection" value="false" />
<add key="xPortRedirection" value="false" />
LAN Experience Defaults
Windows Server 2012 RD Web Access can display a new user selectable option for optimizing the connection for a LAN experience. This option is displayed at the bottom of the RD Web
page and can be controlled by the administrator using the following section of the web.config file:
<!-- Checkbox to opt for optimized LAN experience -->
<add key="ShowOptimizeExperience" value="false" />
<add key="OptimizeExperienceState" value="false" />
This value is set to false by default, but when changed to true, the following checkbox will display at the bottom of the webpage. The LAN experience
checkbox can also be set as enabled by default.
Each setting can also be modified using the IIS Manager user interface:
Don Geddes - SR Support Escalation Engineer - Remote Desktop Services - Printing and Imaging -
Activate windows server 2012 R2 after evaluation expired
I installed windows server 2012 R2 evaluation version on 4 servers. The evaluation expired and the servers are shutting down automatically now. When I try to put the license key, it is not accepting it. I could activate some other servers with same license
key; but before the evaluation time expired. I used the same media to install these serves as well. Kindly let me know if there is a way or workaround to make these servers licensed.
Regards.Hi,
Did the problematic Windows Server 2012 R2 connect to Internet when attempt to activate the server? Please also
refer to Converting evaluation versions of Windows Server 2012 to full retail versions section in following article and check if can help you.
Evaluation Versions and Upgrade Options for
Windows Server 2012
à
When I try to put the license key, it is not accepting it.
By the way, did you get any error message when can’t activate the problematic server?
If any update, please feel free to let me know.
Hope this helps.
Best regards,
Justin Gu
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Windows Server 2012 won't stream to a Windows 7 computer
I have a windows 7 computer and I built a windows server using windows server 2012. I am using it mainly to store and stream movies. I have the media pack installed that would allow me to stream but when I try to steam it from the server to my laptop it
does not stream it just wants to download it. I am clicking on the file under media, and it pops up with a new window like it is about to play with the play in the middle of the screen then goes away and asks if I want to download it. I cant find an answer
out and was wondering if anyone knew what was going on. I also have a windows 8 laptop and it will stream to that just fine so I know I have the streaming set up but just dont know why it wont stream to my windows 7 computer. Any ideas?This one might help.
http://windows.microsoft.com/en-us/windows7/stream-your-media-to-devices-and-computers-using-windows-media-player
Regards, Dave Patrick ....
Microsoft Certified Professional
Microsoft MVP [Windows]
Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. -
Windows Server 2012 CA will not allow Windows XP to autoenroll
I have a Windows Server 2012 Domain Controller with an Enterprise root CA installed. I have created a client authentication certificate template (2003 compatible). Domain Computers have Read, Enroll and Autoenroll permissions. I modified
the Domain Policy to enable Certificate autoenrollment. I have two clients on the same subnet with the domain controller, one Windows 7 Ent SP1 and one Windows XP SP3. The problem: Windows 7 reboots, has client auth cert installed in computer's
personal cert store. The Windows XP machine cannot acquire the certificate. Event ID 13, source is AutoEnrollment, 0x80094011,The permissions on this certification authority do not allow the current user to enroll for certificates. Both machines
belong to the domain. Running gpudate /force on the XP machine generates an info event stating that the computer security policy has be applied successfully, then the autoenrollment error. I've setup autoenrollment dozens of times without any
problems. The only thing different in this environment is that the CA is installed on Server 2012. I could be something else, but the only real difference is Server 2012. There are no errors on the server. It is like the client just
cannot talk to the server at all, but it's getting its policy from that server.
Any ideas?http://technet.microsoft.com/en-us/library/hh831373.aspx
What works differently?
Windows XP clients
will not be compatible with this higher security setting enabled by
default on a Windows Server 2012 CA. If necessary, you can lower the
security setting as previously described.
Try run this command:
certutil -setreg CA\InterfaceFlags +IF_ENFORCEENCRYPTICERTREQUEST
Restart the certification authority
net stop certsvc
net start certsvc
INFO FROM LINK:
What value does this change add?
The CA
enforces enhanced security in the requests that are sent to it. This
higher security level requires that the packets requesting a certificate
are encrypted, so they cannot be intercepted and read. Without this
setting enabled, anyone with access to the network can read packets sent
to and from the CA using a network analyzer. This means that
information could be exposed that might be considered a privacy
violation, such as the names of requesting users or machines, the types
of certificates for which they are enrolling, the public keys involved,
and so on. Within a forest or domain, leaking these data may not be a
concern for most organizations. However, if attackers gain access to the
network traffic, internal company structure and activity could be
gleaned, which could be used for more targeted social engineering or
phishing attacks.
The commands to enable the enhanced security
level of RPC_C_AUTHN_LEVEL_PKT on Windows Server® 2003,
Windows Server® 2003 R2, Windows Server® 2008, or Windows
Server 2008 R2 certification authorities are:
certutil -setreg CA\InterfaceFlags +IF_ENFORCEENCRYPTICERTREQUEST
Restart the certification authority
net stop certsvc
net start certsvc
If
you still have Windows XP client computers that need to request
certificates from a CA that has the setting enabled, you have two
options: -
New Windows Server 2012 install won't boot after installing Hyper-V role.
I have just installed Windows Server 2012 onto a Dell PowerEdge R310. Everything worked okay until I installed the Hyper-V role. After that, when it tries to boot, I get "Your PC ran into a problem and needs to restart. We're just collecting
some error info, and then we'll restart for you. (0% complete)" for a split second, then the system reboots into Automatic Repair mode.
In Automatic Repair mode, my options are Refresh your system (which tells me the drive that Windows is on is locked), Reset your system (which tells me there is no partition), and Automatically Fix your PC (which tells me it can't fix it).
I have updated to the latest version of the BIOS (1.11.0, which Dell states adds Windows Server 2012 support).
I'm at a loss.. I've tried everything I can think of. Has anyone run into this issue and figured out a solution? The only references I can find to this issue talk about Gigabyte motherboards with USB 3.0, but this server pre-dates USB 3.0 by
quite a bit.Hi,
Not only the BIOS but the iDRAC and storage part also need to ne up date check, have a look at the following list to see what you need for Server 2012:
http://en.community.dell.com/techcenter/os-applications/w/wiki/3868.dell-bios-support-for-windows-server-2012.aspx
If any info was collected during the error then have a look in the event viewer or look for a kernel/memory dump file so you can try to find the issue, in many cases a driver, anti-virus sofware or 3rd part service can cause these kind of issues.
When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer
MCSE:Server Infrastructure, MCSE:Desktop Infrastructure, MCSA Server 2012, Citrix CCIA & CCEE, Cisco CCNA, VMware VCP 3/4/5 Blog: http://www.citrix-guru.com and http://www.rds-support.eu Twitter: @dnyvandam -
Windows Server 2012 Standard - Remote Desktop Management service won't start
Dear colleges, I'm seeking your help in resolving a weird issue with Remote Desktop.
The Remote Desktop Management service gives the following error message any time it is attempted to start:
"The Remote Management Service on Local Computer started and then stopped. Some services stop automatically if they are not in use by other services or programs."
The Event Viewer error message is as follows:
"The Remote Desktop Management service failed to start. Error code: 0x88250001"
Whenever I connect to the server with RD I get error message that the Remote Desktop Licensing Server isn't configured and that the RD trill will expire in N-days. The server is up to date updates wise and has been licensed for 5 RD CALs. The server hosts DNS
server and has AD DS role installed, is virtualized to have one Hyper-V server.
I read some blogs about having both DNS and AD DS on one box is a bad sea and a root cause of the issue. Well, that very well may be, but for me that's an option as I'm not going to get a box to just host DNS. There should a solution to this as I shouldn't
only one suffering from this issue.
I also read about KB2871777 - Servicing stack update supposedly addressign this issue. Well, it's on my system and the issue is there too. :)
Will I loose ability to RD when the trial expires or it's just another misleading MS message that can be ignored?
How do I mend Remote Desktop Management service to start?
Appreciate your help!
Hi,
Thank you for posting in Windows Server forum.
Can administrators perfectly connect to RDS environment?
In meantime please check that you have properly configured and activated RD License role service and install RDS CAL on it. It might also possible that you have configured RD License server but it server can’t find it and giving you error due to certificate
also. Please check that you have properly configured certificate on your RDS Server. Try to install and update below hotfix for License related issue.
No RDS license when you connect to an RDS farm in Windows Server 2012
http://support.microsoft.com/kb/2916846
If you have configured both RDS and AD DS on single server then also you may find some error reading this. If so please try to setup both roles on different server and check the result. In addition to this, please check below articles.
What's New in Remote Desktop Services in Windows Server 2012
http://technet.microsoft.com/en-in/library/hh831527.aspx
Install Remote Desktop Services Failed on Windows 2012 Server
http://social.technet.microsoft.com/Forums/windowsserver/en-US/bbf47aa2-8ae5-4f22-9827-afee5a11417a/install-remote-desktop-services-failed-on-windows-2012-server?forum=winserverTS
Hope it helps!
Thanks.
Dharmesh Solanki -
Windows Server 2012 installation won't start
Hi,
I'm trying to install windows server 2012 which i downloaded from my MSDN subscription,
i'm installing it on HP 8100 Convertiable Mini-tower.
Windows loading files and then when the windows icon shows up it just restart the computer, and it enter an endless boot loop.Hi,
In addition to Tim’s suggestions, we need to ensure that we have updated and digitally signed kernel-mode drivers for Windows Server 2012 for x-64 based operating system.
Installing Windows Server 2012
http://technet.microsoft.com/en-us/library/jj134246.aspx
Best regards,
Frank Shen -
How to allow more than two users on remote desktop on windows server 2012 foundation?
i have a dell server power edge T300 with windows server 2012 foundation. I am unable to connect more than two remote desktop at once.
Hi,
Add to Brain, you cannot have more than 15 user accounts in Windows Server 2012 Foundation.
In order to access a hosted application, such as Microsoft® Office, a license for Windows Server 2012 Remote Desktop Services is required for each user account (not to exceed 15 user
accounts) that directly or indirectly uses RD Gateway to host a graphical user interface, including using Remote Desktop Connection (RDC) client. When using Remote Desktop Services, you may not install or use Remote Desktop Connection Broker or Remote
Desktop Virtualization Host role services. For more information about Remote Desktop CALs , see http://go.microsoft.com/fwlink/?LinkId=140238.
http://technet.microsoft.com/en-us/library/jj679892.aspx
Hope this helps.
Jeremy Wu
TechNet Community Support -
VMM Agent install fails on Windows Server 2012 R2 Hyper-V
Hi,
We are unable to install VMM 2012 R2 agent on Windows Server 2012 R2 server either from VMM console or manually on the hyper-v server.
Error on VMM Console:
Error (410)
Agent installation failed on chsicoecdh03.casper.com.
Fatal error during installation (0x80070643)
Recommended Action
Try the operation again. If the problem persists, install the agent locally and then add the managed computer.
==================================================================
Error on Hyper-v server:
MSI (c) (E8:D0) [16:53:24:726]: Windows Installer installed the product. Product Name: Microsoft System Center Virtual Machine Manager Agent (x64). Product Version: 3.2.7510.0. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success
or error status: 1603.
Also, I suspect may be issue with WMI then checked WMI repository and it is in consistent state. winmgmt /verifyrepository.
Please help on this issue.
Any help would be appreciated.
Thanks
Kumaresan LakshmananSo, I've managed to research this some more since Thursday and I've come to the conclusion that Hyper-V does a horrible job of supporting Qualcomm NIC cards. That's the only thing I can conclude as far as where the issue is originating. I've read many
post and walkthroughs but nothing that has helped. The issue wasn't with any settings in the domain controller. The issue was that there really is a slow connection originating at the domain controller that is a VM and has network connectivity through the
virtual switch from Hyper-V. So, next question is, how do I get the DC to have better connectivity through the NIC that Hyper-V won't give it? If hyper-v would allow passthrough, this would be so much simpler. VM-ware is looking really good at this point.
Im disappointed in MS right now. -
I have racked my brain and done everything that I know to do for about two weeks now. I am setting up a new system at our fire department and I am having the worst luck with getting the workstations to login to the domain controller with roaming
profiles. It keeps telling me that the roaming profile could not be loaded because of a slow connection. These are workstations that are connected directly to the switch that the DC is connected to. I have tried multiple connections regarding
the layout (DC into the router, router into the switch). The router is a Cisco RV220W. I have two VLANS, one for public and one for private domain. The Private VLAN has DHCP turned off since I am providing it through the DC. I currently
have a connection from the Private VLAN going to the unmanaged switch that the workstations and server are plugged into.
The server is a Dell PowerEdge R420 that has 6 NIC ports (1 dual port and 1 quad port). I have a virtual switch setup on Hyper-V for an external port (let's say Card 2 Port 3) that is assigned to the WS 2012R2 Domain Controller. The DC can see
the internet fine and the workstations can connect to the shared folders on the server. I can retrieve files by just using the computer name or FQDN. The DC is also running DNS and DHCP. The DNS has the _msdcs setup from when I installed
the active directory role. I have attempted to assign static IP addresses to the workstations:
IP: 10.0.0.80
Subnet: 255.255.255.0
IPV4 Gateway: 10.0.0.1
IPV4 DNS: 10.0.0.12
I've attempted "append the specific DNS suffix", I've "registered the connection in DNS", I've used "use this connections suffix in DNS registration".
The server is assigned:
IP: 10.0.0.12
Subnet: 255.255.255.0
IPV4 Gateway: 10.0.0.1
IPV4 DNS: 10.0.0.12
The DNS entries have forwarders that forward to my ISP DNS servers for lookup
I've enabled and disabled DHCP, I've installed a new VM just to create another DC to make sure that I didn't goof up when I created it.
I've lost my patience with this project and am sinking fast. Can someone please offer some advice as to what I've done wrong? I've created this exact scenario at work many times but, I've never done it with Windows Server 2012. Is this
possibly something to do with the Dell PowerEdge server (Generation 12) with the SR-IOV? I am going to attempt to work on it some more tomorrow when I get over there. I think there may be an issue with the SR-IOV not being enabled on the machine
through the Dell Bios. Would the SR-IOV really cause the workstations to report a slow connection? When I login at the domain controller the roaming profiles and folder redirection work fine so, I know the GPO settings are correct. I don't
have "ignore slow connections" or any of those GPO's set. I need to get it working the correct way so, I didn't want to fool the server when there is another underlying problem. Any help that someone can offer, I am more than willing
to listen. If you need more information, please ask.
Thanks,
JaySo, I've managed to research this some more since Thursday and I've come to the conclusion that Hyper-V does a horrible job of supporting Qualcomm NIC cards. That's the only thing I can conclude as far as where the issue is originating. I've read many
post and walkthroughs but nothing that has helped. The issue wasn't with any settings in the domain controller. The issue was that there really is a slow connection originating at the domain controller that is a VM and has network connectivity through the
virtual switch from Hyper-V. So, next question is, how do I get the DC to have better connectivity through the NIC that Hyper-V won't give it? If hyper-v would allow passthrough, this would be so much simpler. VM-ware is looking really good at this point.
Im disappointed in MS right now. -
Upgrade Windows Server 2012 to Windows Server 2012 R2 in-place upgrade
I have tried to do an in place upgrade for Windows Server 2012 Standard to Windows Server 2012 R2 using the in-place upgrade at least a dozen times. Always with the same unhelpful failure message.
I have tried downloading the latest (setup) update and not downloading it - makes no difference - same error.
I would really rather upgrade this server than re-install. I have scoured the internet looking for answers and I can't find anything useful.
I have downloaded the latest 2012 R2 Standard iso. The version of 2012 installed is a stock retail Standard version it was never an eval version.
Any help much appreciated.
AndyI did check the article. I did the ADPREP as described and adprep worked fine. Unfortunately it did not make any difference. Log entries below:
setupact
2014-05-28 07:56:56, Info MIG End of hive list
2014-05-28 07:56:56, Warning [0x0803db] MIG IndirectKeyMapper: RegLoadKey(HKEY_USERS,S-1-5-21-902023783-652776199-2643897273-500 (1),C:\Users\Administrator\NTUSER.DAT) failed; giving up (32)
2014-05-28 07:56:56, Error [0x08039d] MIG Cannot add mapping for user profile C:\Users\Administrator. Error: 32: Win32Exception: The process cannot access the file because it is being used by another process. [0x00000020] __cdecl
Mig::CIndirectKeyMapper::CIndirectKeyMapper(class UnBCL::String *,struct HKEY__ *,class UnBCL::String *,class UnBCL::String *,int,int,const Mig::HiveLoadRetryOptions *)[gle=0x000000cb]
2014-05-28 07:56:56, Error [0x080801] MIG User profile loading error. Aborting due to external request.[gle=0x000000cb]
2014-05-28 07:56:56, Warning [0x0803de] MIG Failed to unload hive at HKEY_LOCAL_MACHINE\$ONLINE_RW$ELAM (error 1314)
2014-05-28 07:56:56, Warning [0x0809d4] MIG Failed to close keymapper 'ELAM': error 1314
2014-05-28 07:56:56, Warning [0x0803de] MIG Failed to unload hive at HKEY_LOCAL_MACHINE\$ONLINE_RW$ELAM (error 1314)
2014-05-28 07:56:56, Error MigStartupOnline caught exception: Win32Exception: User profile loading error. Aborting due to external request.: The specified user does not have
a valid profile. [0x000004E5] void __cdecl Mig::COnlineWinNTPlatform::ProcessUser(class Mig::CRegistryDataStore *,class Mig::CRegistryDataUnit *,class UnBCL::String *,class UnBCL::String *,int,int)
2014-05-28 07:56:56, Info Leaving MigStartupOnline method
2014-05-28 07:56:56, Error MIG pDoOnlineGather: Engine initialization failed with error: 0x00000004
2014-05-28 07:56:56, Error [0x0800ad] MIG Callback_GatherOldSys: Migration phase failed.
2014-05-28 07:56:56, Info MIG PublishCriticalError: Setup can't continue. Restart the computer and restart Setup. When prompted, try getting the latest updates.
2014-05-28 07:56:56, Info [0x0a013d] UI Accepting Cancel. Exiting Page Progress.
2014-05-28 07:56:56, Info UI Entering Page Cancel.
2014-05-28 07:56:56, Info [0x0a0035] UI Allowing Page 'App Compat' to be shown
2014-05-28 07:56:56, Info [0x0a0035] UI Allowing Page 'App Compat' to be shown
2014-05-28 07:56:56, Info [0x0a011c] UI WizardDialogPost::SetActive
2014-05-28 09:17:28, Info [0x070042] DIAG CallBack_DiagnosticDataSend: Called with notification for Error published by ErrorHandler
2014-05-28 09:17:28, Info [0x0a0023] UI progress task ProgressInfo\SendDiagnostics : StartProgress
2014-05-28 09:17:28, Info DIAG DiagnosticDataSendWorker: Phase=1 Start time was 0X309961825, End time was 0X309962C98, total time was 0X1473
2014-05-28 09:17:28, Info [0x070044] DIAG DiagnosticDataSendWorker: startSetupTimeInSecs = 0X309962634
2014-05-28 09:17:28, Info [0x070045] DIAG Processing Diagnostic data at 2014-05-28 09:17:28
2014-05-28 09:17:28, Info [0x070046] DIAG DiagnosticDataSendWorker: endSetupTimeInSecs = 0X309963AA8
2014-05-28 09:17:28, Info DIAG DiagnosticDataSendWorker: setupInstallTime = 0X1474
2014-05-28 09:17:28, Info DIAG DiagnosticDataSendWorker: User is NOT OPTED-IN for SQM and Watson.
2014-05-28 09:17:28, Info [0x0a0024] UI progress task ProgressInfo\SendDiagnostics : EndProgress
2014-05-28 09:17:28, Info [0x090095] PANTHR WdsExitImmediate called! Execution will stop, and the queue won't be saved.
2014-05-28 09:17:28, Info DIAG Module path is [C:\$WINDOWS.~BT\Sources\setup.exe]
2014-05-28 09:17:28, Info DIAG Module version is [6.3.9600.16384 (winblue_rtm.130821-1623)]
2014-05-28 09:17:28, Info DIAG Module path is [C:\$WINDOWS.~BT\Sources\setup.exe]
2014-05-28 09:17:28, Info DIAG Failed install count for build [6.3.9600.16384 (winblue_rtm.130821-1623)] is [12]
2014-05-28 09:17:28, Info IBS Successfully incremented the failed install count on this machine
2014-05-28 09:17:28, Info [0x0800af] MIG Leaving Callback_GatherOldSys (failure)
2014-05-28 09:17:28, Info [0x09008c] PANTHR SeqExecute -- stopping, since WdsExitImmediate() was called
2014-05-28 09:17:28, Info [0x090086] PANTHR pWorkerThreadFunc -- Stopping
2014-05-28 09:17:28, Info [0x090086] PANTHR pWorkerThreadFunc -- Stopping
2014-05-28 09:17:28, Info [0x090086] PANTHR pWorkerThreadFunc -- Stopping
2014-05-28 09:17:28, Info PANTHR DeleteCriticalSection for pExecQueue->csLock;
2014-05-28 09:17:28, Info [0x0500bd] DU Module_Term_DU called
2014-05-28 09:17:28, Info [0x050081] DU Done with DU. DUMgr is cleaning up...
2014-05-28 09:17:28, Info [0x050082] DU Cleanup completed
2014-05-28 09:17:28, Info [0x0605a6] IBS Requested UI to hide the language and locale selection pages.
2014-05-28 09:17:28, Info [0x06010d] IBS Module_Term_Productkey: Valid product key in blackboard, show property set to hide.
2014-05-28 09:17:28, Info UI CallbackWin32UITerminate: Deleted WizardUI
2014-05-28 09:17:28, Info [0x090081] PANTHR Destroying any unreferenced modules! (SEQ6)
2014-05-28 09:17:28, Info [0x0601d7] IBS InstallWindows:Error Type = 3211266
2014-05-28 09:17:28, Info [0x090009] PANTHR CBlackboard::Close: c:\$windows.~bt\sources\panther\setupinfo.
setuperr
2014-05-28 07:56:56, Error [0x08039d] MIG Cannot add mapping for user profile C:\Users\Administrator. Error: 32: Win32Exception: The process cannot access the file because it is being used by another process. [0x00000020] __cdecl
Mig::CIndirectKeyMapper::CIndirectKeyMapper(class UnBCL::String *,struct HKEY__ *,class UnBCL::String *,class UnBCL::String *,int,int,const Mig::HiveLoadRetryOptions *)[gle=0x000000cb]
2014-05-28 07:56:56, Error [0x080801] MIG User profile loading error. Aborting due to external request.[gle=0x000000cb]
2014-05-28 07:56:56, Error MigStartupOnline caught exception: Win32Exception: User profile loading error. Aborting due to external request.: The specified user does not have
a valid profile. [0x000004E5] void __cdecl Mig::COnlineWinNTPlatform::ProcessUser(class Mig::CRegistryDataStore *,class Mig::CRegistryDataUnit *,class UnBCL::String *,class UnBCL::String *,int,int)
2014-05-28 07:56:56, Error MIG pDoOnlineGather: Engine initialization failed with error: 0x00000004
2014-05-28 07:56:56, Error [0x0800ad] MIG Callback_GatherOldSys: Migration phase failed.
Kind regards, Andy CISSP, GCIA, GCIH, GPEN, GWAPT, CSTA, CSTP Blog.InfoSecMatters.net
Maybe you are looking for
-
RoboHelp Server 8/Active Directory
Hi again, After moving my install of RoboHelp Server from our Windows Server 2008 R2 server to an older Windows Server 2003 Web Edition box, I was able to get RoboHelp Server talking to SQL Server 2008 through ODBC. Now on to the next problem. I've
-
Bookmarks have disappeared, and unable to add new bookmarks
My bookmarks have all disappeared, and Firefox won't allow me to add new bookmarks either. I recently updated from 3.6.9 to 3.6.10, but the problem only showed up a day later. If I try to restore, it just says, "Firefox unable to process the backup f
-
Setting the File Adapter Sender Source Directory...
Good morning, Experts We have 2 sender file adapter communication channels in XI 7.0. Source directories for each are as follows: Channel A - //757spgmr16-xp.sauder.com/SAP Channel B - //devqas.sauder.com/ROOTBIN Channel A works. Channel B does not.
-
Pdf does not display properly in safari
Something changed. My Safari now displays pdfs as gobbley gook. Other browsers have no problems. Please help!
-
Presently use Firefox Reader v. 3.1.4. Many files on my desk computer, operating on XP Pro, are stored in PDF files done with the 3.1.4 version. If I up date to the new 5.0 will these old files still open? Or will they be lost? Worse case if FireFox