Branch Office - client network (Unauthenticated)

Similar Messages

• Branch Office without network

  Hi!
  We have been trying to use a branch office install on a single computer for concurrent access from multiple (local) clients.
  This works like a charm as long as the computer is on a network (dial-up up or LAN). When we disconnect from the network, new connections to the BO database tends to take several seconds.
  The BO machine OS is Windows NT or 2K
  I suspect this delay has something to do with the network connection. We have tried to install Microsft Loopback Adapter to remedy this. The result is that it is a little bit faster than before, but the delay is still there.
  Is the Branch Office multiuser listener bound to a specific network interface? If so can it be changed? Or does anyone have any other ideas...

  It is possible that a PC responds slowly when connecting to the a MU listener when the PC is not on the network. Check how the DSN is defined. Defining it as a localhost may speed up.
  MU Listener uses Windows sockets to open the connection.

• Install windows server 2012 DC on Branch office

  Hi ALL,
  i am planning to install a secondary DC on our branch office where currently they are on different domain and forest. our head office is currently on windows server 2008 R2 std, where forest and domain functional level are on windows server 2003. our headoffice
  domain name is:- (corpoffice.org) and branch office domain is:- ssl (its a single level domain on windows server 2003).
  am thinking to upgrade our headoffice DC to windows server 2012 r2 and the same i wanted to do for branch office as well.
  i need some guidance how to proceed with this DC setup as both vlan network is different and all the client settings are different. am getting few query like
  1. should i upgrade my headoffice DC first before i setup the branch office DC.
  2. how the branch office client will communicate to new DC.
  any suggestion and guidance would really helpful.
  Thanks
  srini

  Hi
  You will need to make sure all the ports are open for traffic to move between both DC's. Also need to check that you dont have replication problems, IE, slow link. First step would be to see if you can ping the HO DC from the branch, then once you have established
  that you have all the ports open and your VLAN is routing traffic correctly then you can start with your DC setup.
  You can first upgrade your DC, look at this blog: 
  http://blogs.technet.com/b/kevinholman/archive/2013/09/25/upgrading-domain-controllers-to-windows-server-2012-r2.aspx
  Hope this helps. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Branch Office Connectivity

  hi
  we have firewall setup in our main office with following setup:
  we are running DC on Windows 2008 Servers with MS Exchange 2010, lync 2010 and ip phone as well.
  planning to setup AD replication to our branch offices for network drive access and group policy update; kindly advice on this.
  Best Regards,
  Ramesh TP

  Hi
   i think you mean about best practice topology.
  First of all,you will add Additional Domain Controllers on your branch offices.Also This ADC will have DNS,DHCP role based.And will deploy a File server.
  Important point is structure you want to build.
  This is a detailed article about domain topologies, So please check this article about your questions;
  https://msdn.microsoft.com/en-us/library/cc749945.aspx?=255&MSPPError=-2147217396

• Branch office installation of Oracle 8i Lite

  I have developed a Java application using Oracle 8i Lite. I know, how to extract a required datbase file and supporitng run time files using deploy utility for stand alone machine. Thus, i can zip and send those file by email or thru web server to the client for installation on stand alone machine.
  Since we can not use the Web to GO server, we want to send the Branch office database and its run time files (Only required files for running and not for developing) for server as well as for client to work in the LAN in the same manner as how deployed on stand alone machine without sending the Oracle lite CD and without using the Web to GO server.
  In short, we want to install the Branch office Database machine files and Branch office client files by sending only required files in email without using web to go server and without sending Oracle lite CD.
  Advance thanks for your valuable reply.
  Thansk and Best regards
  M.Thiagarajan

  It would help if you told us the exact problem description and ... post in the correct forum. This forum is dedicated to oracle on apple's macosX.
  What is the problem ?
  Ronald.
  http://ronr.nl/unix-dba

• Branch office web-to-go is not starting

  Hi,
  I have downloaded and installed the Oracle Lite Branch Office setup from server's webtogo/setup. But the webtogo in branch office PC is not starting. The htttp://localhost/webtogo and listener are not started even after executing the executables manually.
  The PATH variable is set correctly. The branch office PC has Windows XP.
  Regards,
  Aneesh

  Hi,
  webtogo -d option is giving following error.
  E:\mobileclient\bin>webtogo -d
  log9: [LOADING wtgos.dll BOAdminToolNative]
  log9: [BOAdminToolNative wtgos Loaded Successfully]
  log9: MODE_BRANCH CONNECT_STRING =jdbc:polite@:1160:
  log1: Translated JDK:'Cp1252' to IANA: 'WINDOWS-1252'
  log1: Mount point jdbc:polite@:1160:WEBTOGO oracle.lite.web.ifs.OMFS@145d068
  log9: java.sql.SQLException: [ODBC 08001] unable to connect to data source
  log9: at oracle.lite.poljdbc.LiteEmbJDBCConnection.jniDriverConnect(Native Met
  hod)
  log9: at oracle.lite.poljdbc.LiteEmbJDBCConnection.connect(Unknown Source)
  log9: at oracle.lite.poljdbc.LiteType2JDBCFactory.createConnection(Unknown Sou
  rce)
  log9: at oracle.lite.poljdbc.POLJDBCConnection.<init>(Unknown Source)
  log9: at oracle.lite.poljdbc.OracleConnection.<init>(Unknown Source)
  log9: at oracle.lite.poljdbc.POLJDBCDriver.connect(Unknown Source)
  log9: at java.sql.DriverManager.getConnection(Unknown Source)
  log9: at java.sql.DriverManager.getConnection(Unknown Source)
  log9: at oracle.lite.web.JupConnection.<init>(Unknown Source)
  log9: at oracle.lite.web.JupConfig.createConnection(Unknown Source)
  log9: at oracle.lite.web.JupConfig.getConnection(Unknown Source)
  log9: at oracle.lite.web.JupConfig.getStatement(Unknown Source)
  log9: at oracle.lite.web.JupServer.loadMimes(Unknown Source)
  log9: at oracle.lite.web.JupConfig.reload(Unknown Source)
  log9: at oracle.lite.web.JupConfig.initializeRM(Unknown Source)
  log9: at oracle.lite.web.JupConfig.initializeRM(Unknown Source)
  log9: at oracle.lite.web.JupServer.initialize(Unknown Source)
  log9: at oracle.lite.web.JupServer.listen(Unknown Source)
  log9: at oracle.lite.web.JupServer.main(Unknown Source)
  log-1: ============== Server Exception - Begin ==================
  java.sql.SQLException: [ODBC 08001] unable to connect to data source
  at oracle.lite.poljdbc.LiteEmbJDBCConnection.jniDriverConnect(Native Met
  hod)
  at oracle.lite.poljdbc.LiteEmbJDBCConnection.connect(Unknown Source)
  at oracle.lite.poljdbc.LiteType2JDBCFactory.createConnection(Unknown Sou
  rce)
  at oracle.lite.poljdbc.POLJDBCConnection.<init>(Unknown Source)
  at oracle.lite.poljdbc.OracleConnection.<init>(Unknown Source)
  at oracle.lite.poljdbc.POLJDBCDriver.connect(Unknown Source)
  at java.sql.DriverManager.getConnection(Unknown Source)
  at java.sql.DriverManager.getConnection(Unknown Source)
  at oracle.lite.web.JupConnection.<init>(Unknown Source)
  at oracle.lite.web.JupConfig.createConnection(Unknown Source)
  at oracle.lite.web.JupConfig.getConnection(Unknown Source)
  at oracle.lite.web.FileHandlerUtil.<init>(Unknown Source)
  at oracle.mobile.job.Scheduler.<init>(Unknown Source)
  at oracle.lite.web.JupConfig.initializeRM(Unknown Source)
  at oracle.lite.web.JupConfig.initializeRM(Unknown Source)
  at oracle.lite.web.JupServer.initialize(Unknown Source)
  at oracle.lite.web.JupServer.listen(Unknown Source)
  at oracle.lite.web.JupServer.main(Unknown Source)
  ================== Server Exception - End ====================
  Noticed that listener is not getting started,
  E:\mobileclient\bin>olsv2040 /start
  OliteService reports the following error:
  OliteService failed, Error Code: (0x5), Message: Access is denied.
  Internal message: StartService failed in CmdStartService function.
  Forgot to mention earlier,
  During installation of branch office client, I recieved following Warnings,
  1. Operating system message: Password doesnot meet minimum security requirements. Check the password length, complexity and history.
  2. No mapping between accounts and security ID was done.
  Thanks,
  Regards,
  Aneesh

• Branch Office implementation

  where can I find a good white paper on 'Branch Office' arch. and implementation of Lite?

  Hi ,
  Oracle Lite -Branch Office not working as expected
  Lite Version- 5.0.2
  1.     The documentation says an odbc dsn should have been automatically created with a name of "USER_DBNAME” when sync with Mobile server
  2.     A blank "files available for download" page is display with no buttons and no file from url ‘http://BR/public/download’
  3.     Can’t see any application in the Branch office system
       Steps used to create/publish a branch office application
       We have three machines and their hostnames are
       M1 = Mobile Server + Mobile development kit Win2k
       M2 = Branch Office win2k
       M3 = Branch Office client win2k
  1) Install Mobile Server and mobile developer kit 5.0.2 on machine M1 2) Launch "Mobile Server Control Center" to machine M1
  3) Create user “Test”, Assign user "Test" System Privilege of
  "Administrator"
  4) Assign user "Test" to the "Branch Adminstrators" group
  5) Create a dummy application (Sample. jar).
  6) Launch packaging wizard on machine m1
  7) Select "Win32 Native" as your target
  8) created snapshots with scott.emp table
  9) Enter "Sample" in the client side database name field.
  10) Publish the application from machine M1
  11) Launch "Mobile Server Control Center" to machine m1
  12) from the applications tab of "Control Center" Select the
  "Sample” application
  13) Enter the database users password and save the change
  14) Select the "Access" link from the left nav and grant user
  "Test" access to the "Sample" application
  15) Select the "Files" link from the left nav then select the win32
  link.
  Check the public file box for file "Sample.jar" and save changes
  16) from machine M1 install branch office by downloading the software
  from machine M1.
  Download/install http://MO/webtogo/setup, select the "branch
  office" download
  17) From the M1 machine launch setup.exe
  18) Sign on as user Test, Press "next" to sync
  19) The documentation says an odbc dsn should have been automatically
  created with a name of "Test_Sample".
  Can see only DSN name “webtogo” which points to <<Dir>>\OLDB40 and file ‘Sample.odb’
  20) From the M1 machine launch the control center @ http://localhost/ 21) Sign on as user shekar , Press sync tab
  20) checked the M1 machine and it did not install my "Sample.jar" but can see ‘Sample.odb’
  21) Now attempt to configure the branch office client machine m1
  22) From machine M2 download the client software @ http://m1/public/download
  23) A blank "files available for download" page is display with no buttons and no file.

• Clients Not seeing DHCP server at branch office or not accepting ip offers (NO LOG REPORTS KIND OF IN THE DARK)

  Hi there i am having an issue that has popped up recently i have a DC at a branch office that is connected to the main office DC via a Persistent Demand Dial connection in RRAS. Everything was working properly according to me until i found out that the Network
  Admin who manages the branch office network failed to notify me that client machines weren't getting IP addresses from the DHCP server. This server was recently installed and wasn't fully implemented till about a week ago when i configured the Demand Dial
  connection in RRAS up until that point it just had a regular old VPN connection to the main office while we worked out the kinks with a few things. the things ive tried so far to get DHCP working are as followed
  1.Rebooted the branch office server (MULTIPLE TIMES)
  2. Uninstalled the DHCP Role and re-installed it....To my surprise 1 client managed to get a ip on its lan adapter after DHCP was re-installed but nothing else
  3. Disconnected the connection between the main office DC and the Branch office DC as i figured the main office DC DHCP server might be interfering with the branch office DC DHCP Server but nothing happened 
  4. Unauthorized and Reauthorized the main office DHCP server and the branch office DHCP server nothing changed
  5. sifted through multiple log files on both servers and found noting in fact DHCP logs are empty on both servers
  6. restored backups of the DHCP servers from when they were working
  7. came here cause im out of ideas and im pulling my hair out
  here are the current statistics from the problem server
  Start Time: 7/12/2014 2:02:10PM
  Up Time: 1Hours, 18 Minutes, 41 Seconds
  Discovers: 90
  Offers: 90
  Requests: 2
  Acks: 13
  Nacks: 0
  Declines: 0
  Releases: 0
  Total Scopes: 1
  Total Addresses 253
  In Use 2 (0%)
  Available: 251 (99%)
  Id like to add that RRAS was getting IP addresses from the problem server up until the point i uninstalled the role and re-installed it
  heres is a ipconfig /all from the problem server
  Windows IP Configuration
     Host Name . . . . . . . . . . . . : MNB-DC
     Primary Dns Suffix  . . . . . . . : VTEACR.LOCAL
     Node Type . . . . . . . . . . . . : Hybrid
     IP Routing Enabled. . . . . . . . : Yes
     WINS Proxy Enabled. . . . . . . . : No
     DNS Suffix Search List. . . . . . : VTEACR.LOCAL
  PPP adapter Remote Router:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Remote Router
     Physical Address. . . . . . . . . :
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     IPv4 Address. . . . . . . . . . . : 10.141.70.25(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.255
     Default Gateway . . . . . . . . . :
     DNS Servers . . . . . . . . . . . : 10.141.70.10
     NetBIOS over Tcpip. . . . . . . . : Disabled
  Ethernet adapter Local Area Connection:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
     Physical Address. . . . . . . . . : 00-16-35-AB-D3-05
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     Link-local IPv6 Address . . . . . : fe80::d9e:daa4:34dd:db44%10(Preferred)
     IPv4 Address. . . . . . . . . . . : 10.141.80.102(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Default Gateway . . . . . . . . . : fe80::226:5aff:feb7:5b3c%10
                                         10.141.80.1
     DNS Servers . . . . . . . . . . . : ::1
                                         10.141.80.102
     NetBIOS over Tcpip. . . . . . . . : Enabled
  PPP adapter RAS (Dial In) Interface:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : RAS (Dial In) Interface
     Physical Address. . . . . . . . . :
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     IPv4 Address. . . . . . . . . . . : 169.254.238.243(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.255
     Default Gateway . . . . . . . . . :
     DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                         fec0:0:0:ffff::2%1
                                         fec0:0:0:ffff::3%1
     NetBIOS over Tcpip. . . . . . . . : Disabled
  Tunnel adapter Local Area Connection* 8:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : isatap.{427DF66B-3B30-40B1-B67E-B5587465C
  394}
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter Local Area Connection* 9:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
     Physical Address. . . . . . . . . : 02-00-54-55-4E-01
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter Local Area Connection* 11:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : isatap.ziricom.com
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter Local Area Connection* 12:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : isatap.VTEACR.LOCAL
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter Local Area Connection* 13:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : isatap.{BE201060-A9B9-404A-8361-F8FFB82F5
  6F6}
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter Local Area Connection* 14:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter Local Area Connection* 15:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : isatap.VTEACR.LOCAL
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter Local Area Connection* 16:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft ISATAP Adapter #7
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter Local Area Connection* 19:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : isatap.ziricom.com
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  if anymore information is needed please let me know i have full access to everything on the network so its not a problem and i am able to remotely access the branch office DC and all computer and switches at any time of the day
  Viper Technologies Computer Repair Putting The Venomus Bite Back In Your Computer We Are Located In Antigonish ,NS Canada Check Us Out HTTP://WWW.VIPERTECHNOLOGIES.TK

  Hi,
  Does this issue occur on one client or multiple?
  Please check this article:
  http://technet.microsoft.com/en-us/library/cc757164(v=ws.10).aspx#BKMK_5
  Regards.
  Vivian Wang

• Simulating small branch office in lab network

  Hi,
  I have to setup what seems to be a very basic configuration, but it doesn't work.
  In our lab there is a cluster of switches with a 3550 that does all the routing for vlans.
  I need to simulate a sort of a small branch office that has one connection
  to the outside world (the lab network).
  Here is my design:
  Vlan 230 (the internet)
  A port on 3550 is in vlan 230 and is connected to e0/0 (172.26.230.150) on 2611 router.
  e0/1 interface on a 2611 is (192.168.1.1).
  A PC is connected to e0/1 (192.168.1.12).
  From the router I can ping any host on vlan 230 and other vlans,
  I can also ping the pc connected to e0/1.
  However from the PC I can only ping 192.168.1.1(e0/1) and 172.26.230.150 (e0/0)
  Below is my configuration
  Thanks for your help.
  R2611-1#sh run
  Building configuration...
  Current configuration:
  version 12.0
  service timestamps debug uptime
  service timestamps log uptime
  no service password-encryption
  hostname R2611-1
  ip subnet-zero
  ip dhcp excluded-address 192.168.1.1 192.168.1.9
  ip dhcp pool 192.168.1
     network 192.168.1.0 255.255.255.0
     default-router 192.168.1.1
  interface Ethernet0/0
  ip address 172.26.230.150 255.255.255.0
  no ip directed-broadcast
  no ip mroute-cache
  no mop enabled
  interface Ethernet0/1
  ip address 192.168.1.1 255.255.255.0
  no ip directed-broadcast
  no ip mroute-cache
  ip classless
  ip route 0.0.0.0 0.0.0.0 172.26.230.1
  ip http server
  no scheduler allocate
  end

  You are not performing nat on the router.
  This is typically required on a box which provides internet connectivity.
  Probably the other hosts on vlan 230 have no route back to the pc on 192.168.1.1
  Configuring nat on the router will resolve this problem.
  regards,
  Leo

• Small branch office network

  We have a small branch office (7 users) that will be moving to a building that has a Wireless Residential Gateway (Model: DPC3829).  This device provides wifi for 2 other tenants on the same floor.  Can we connect another wireless router to this wireless residential gateway device and create our own SSID so that we don't have to use the wifi settings that the other 2 tenants connect to?  
  I've attached a picture of what the back of the DPC3829 currently looks like.  I am thinking I can plug that yellow network cable into another wireless router and create our own wireless network (obviously off of their internet connection) for our 7 users. 
  Thank you for your help.

  u may but any plane wireless device and run it in bridge mode (shouldd run by default i beleive). Then connect one of its lan port to any one of the lan ports available on the DPC3829 thing.
  you are correct in what you want to do, and it can be done no problem.
  Regards
  Please mark answer as correct if it helps.

• VPN CLient TO access HO through BRanch office

  We have a branch office using cisco 1841 , which makes vpn to HO (ASA 5505)
  , both (1841 and asa )have VPN CLient Configured .we need Branch office VPN software client users to Connect to HO netword.i have tried but iam missimg out some where. I've attached some configs of both devices.can any one help ASAP.

  Here is the URL for the Configuring and Managing Connection Entries for the VPN follow the steps for configuration which will help you :
  http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_user_guide_chapter09186a008015e271.html

• ASA5505 I cannot reach to an outside network from a branch office

  My customer has a HQ office and many Branch offices. In the HQ there is an ASA5510 configured as a default gateway, From HQ customer must access to internet (everythig works fine), from Inside LAN should reach to anyway including special services like Credit Card service provider and others (it works fine). From Branch offices must reach Inside LAN hosts (it works fine), from Branch Offices must reach DMZ (it works fine), from branch offices should reach CC Service provider and here's the point of this Q, From almost all branch offices they reach CCSP fine but branch offices where an ASA5505 is installed (Offices that reach CCSP have a RV042 installed or a TPlink ER6120 installed) but offices with ASA just can ping to LAN side of CCSP's router.
  I think ASA5505 conf is an opened door configuration. Here's the 5505 configuration and also attached the network diagram. Some one can help please

  Hi,
  Are the branch offices connected to the HQ through some ISP MPLS network since I do not see any L2L VPN configurations on the ASA5505?
  I presume this is the case. Since you say that the connections between Branch Office (with ASA5505) and HQ LAN work fine it should tell us that there should be no routing problems between those networks.
  The diagram possibly also suggests that all the Branch Office connections come to your HQ network through the same Router at the edge so if other Branc Offices connections CCSP work then there should be no routing problem between the Branch Offices and the CCSP (atleast regarding your part of the network)
  Now, some questions.
  Does the ISR Router forward traffic destined to CCSP directly to the Router at 192.168.2.249 ?
  Does the Router with the connection to the CCSP use the Internet to reach the CCSP or is there somekind of dedicated connection between these networks?
  If the Router towards CCSP uses Internet then does it lack some NAT configurations for the source network 192.168.27.0/24? Does it perhaps lack a route towards the network 192.168.27.0/24? Or is there any possible errors in the configurations (wrong gateway IP or network mask somewhere?)
  Is there any ACLs configured on the Router that has the connection to the CCSP that might block traffic?
  Does the CCSP have all the required routing information to pass traffic towards the network 192.168.27.0/24? (If were talking about a dedicated connection and not traffic through the Internet) Have they allowed traffic from the mentioned network 192.168.27.0/24 to their servers/network?
  Have you taken "packet-tracer" output from the ASA5505 to confirm that the ASA configurations allow the traffic and dont drop it for some reason?
  For example
  packet-tracer input inside tcp 192.168.27.100 12345 193.168.1.100 80
  You can modify the IP addresses (source/destination) and the used destination port and protocol to match the connections that are actually attempted.
  Have you monitored the connections on the ASA when users attempt them? This should atleast tell you why they are failing or give a hint. You could also configure traffic capture on the ASA5505 if you wanted to make sure if any traffic was coming from the CCSP towards this ASA (return traffic for connection attempt)
  Hope this helps :)
  Let me know if I missunderstood the situation wrong somehow.
  - Jouni

• Windows Server 2008 R2 Network Unauthenticated

  Hi all,
  So I have an odd problem. Wanted to see if anyone had any ideas. I have a client network that has Three locations. HQ, Branch 1 and Branch 2. All connected over IPSEC VPN Tunnels.
  Each Branch Office has 1 domain controller. The HQ location has 1 DC and 1 Exchange server.
  All of a sudden I noted the network Connection on the HQ DC had gone to unauthenticated. I worked on the issue and tried many different things to get it out of this state. Removed Nic Card drivers, reboots, Reset TCP Stack and Winsock Stack, changed Adaptors.
  Just several different things I could think of and things I found. Nothing...
  So next, This DC has all the FSMO Masters, so I transferred them to one of the branch servers and then demoted this DC. After the demotion, it rebooted and Unauthenticated was gone. Back to the Domain connection normal. I thought Great! So I ran DCPROMO
  again and once it installed AD, and rebooted, Back to Unauthenticated again....
  So Next, I removed AD again and this time I waited. Changed the other two DC's to look at the other. I unjoined the HQ Server. Then I went through DNS and removed all record of this server.
  Next .. I rejoined the server. Network was good. Then ran DCpromo, and back to unauthenticated again.
  Everything seems to work ok so far, but I am still worried about it as it should not be happening.
  Any Ideas about this from anyone ?
  Thanks for your help!

  Hi Chris,
  Sorry for the delay.
  Due to these servers are connected by VPN and Kerberos uses connectionless UDP datagram packets, these UDP packets may be dropped.
  We can change MaxPacketSize to 1 to force the clients to use Kerberos traffic over TCP.
  To do this, follow these steps:
  Important: Serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully.
  Start Registry Editor.
  Locate and then click the following registry subkey:
  HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\ Kerberos\Parameters
  Note If the Parameters key does not exist, create it now.
  On the Edit menu, point to New, and then click
  DWORD Value.
  Type MaxPacketSize, and then press ENTER.
  Double-click MaxPacketSize, type 1 in the
  Value data box, click to select the Decimal option, and then click OK.
  Quit Registry Editor.
  Restart your computer.
  For detailed information, please click the link below,
  How to force Kerberos to use TCP instead of UDP in Windows
  http://support.microsoft.com/kb/244474/en-us
  If issue persist, please try to run netlogon in debug mode. The debug log may give some hints.
  For detailed information, please refer to the link below,
  Enabling debug logging for the Net Logon service
  http://support.microsoft.com/kb/109626/en-us
  Best Regards.
  Steven Lee
  TechNet Community Support

• Windows 8.1 laptop not connecting to domain in branch office

  We have a problem with a laptop. 
  It is installed in our Head office (The Netherlands), just like all other laptops by using an image.
  Tested and working on the domain.
  The user had to go to one of our branch offices (China) and when he connected there, the laptop just won't connect to the domain.
  When he plugged in the laptop, it keeps trying to connect it's directaccess.
  Other laptops (same image) immediately recognize the domain network, but this laptop just won't.
  I am able to ping everything on the local network (MPLS connection), from HQ to all Branch offices but not access them.
  I've tried changing the DNS settings, but without any result.
  Any suggestions?

  Hi,
  According to this tool's description, I think it should be helpful to check system current enviroment, such as network, certificates, etc. problem. Actually according to your description, I doubt it probably network enviroment of ISP problem, but we should
  find a way to verify our suspect. Then this tool would be convenient, it also would generate a trace log and it would be helpful with troubleshooting.
  The DirectAccess Client Troubleshooting Tool is a graphical application, based on the .NET Framework, which checks the health of a DirectAccess client by running various tests.  Built-in health tests: The following tests are currently implemented:
  Network interfaces Network location (NLS and NRPT DNS) IP connectivity (6to4, Teredo, IPHTTPS, entry point in a multisite setup, DNS) Windows Firewall (applied profile, Firewall outbound rules) Certificates (EKU Client Authentication, trust chain for AIA and
  CRL) IPsec infrastructure tunnel (Domain SysVol share) IPsec intranet tunnel (PING and HTTP probes) Additional features Run post-check script (PowerShell, VBScript, BAT or CMD file)
  Roger Lu
  TechNet Community Support

• Branch Office Direct Printing - server offline?

  Hi All,
  We are implementing Branch Office Direct Printing and I have a question about when the server is down or, in the case of a WAN connection to/from the branch going down, the client being unable to reach the server.
  I could have sworn I originally read about Windows 8/2012 being smart enough to send the print job straight from the client to the printer in cases where it can't talk to the server, but now I seem unable to locate that information.  Is that indeed
  the case (hopefully)?
  Thanks,
  Wes

  Branch Office Direct Printing may benefit your organization in the following ways:
  Client      computers running Windows Server 2012 obtain printer information from the      print server, but send the
  print jobs directly to the printer. The print      data no longer travels to the central server and then back to the branch      office printer.
  The      printer information is cached in the branch office, so that if the print      server is unavailable for some
  reason (for example if the WAN link to the      data center is down), then it is still possible for the user to print.
  The      client computer renders the print job before sending it to the printer.      The major difference between Branch Office Direct
  Printing and Client-Side      Rendering (CSR) is that Branch Office Direct Printing does not send the      print job to the server. Instead the job is sent directly to the printer,      resulting
  in a significant reduction in network bandwidth usage when the      printers are centrally managed.
  Branch Office Direct Printing Overview
  http://technet.microsoft.com/en-us/library/jj134156.aspx