Carrier grade nat - static port block allocation.
Hello,
Is it possible to configure nat (cgn) on ASR 1k to permit the same private address always get the same port block allocation from the same public address? With that You dont need nat logging.
regards
ADAM619,
At the moment we're unable to answer these questions. When we have more information we will provide it here in the forums, and make it available at www.verizon.com. Thanks for your patience during this transition. ~Ian
Ian_VZ
Verizon Support
Notice: Content posted by Verizon employees is meant to be informational and does not supersede or change the Verizon Forums User Guidelines or Terms or Service, or your Customer Agreement Terms and Conditions or Plan.
Similar Messages
-
Hi Every one, I wish you can help me with this inquiry. we are adding Fibre tails to our network and need to do per user queuing and shaping for PPPoE using Radius and I have selected 7603 with IOS15.3(3.)S to do this for me . Noe since we are running out of IPs, we need to do Carrier Grade NAT (CGN) , and based on Cisco Feature navigator only ME3600 and ME3800 (Remote Switches) are able to perform it. I need to come up with a confirmed decision before purchasing the devices. I would appreciate any help.
Hi Adiyudha,
in a general manner, consider these interfaces as SVI or "tunnels" to connect your router to the service blade.
When loaded with a CGN image, the ServiceInfra interface is used for the management of the card. It's mandatory to have it configured to be able to boot properly the card.
The ServiceApp interfaces are used to send traffic (to be NATed or CGv6ed for instance) to and from your router.
It's necessary to configure an IP address on the serviceApp interface, we configure the router side of the tunnel. All other addresses in the range will be considered to be part of the service card side.
So if you define serviceApp1 10.1.1.1/30, 10.1.1.2 will be answered by the CGN card automatically.
These serviceApps must be part of different VRFs (vrf-lite generally) or at least one in the Global routing table and another in a VRF, to avoid routing loops ----> because you'll have to use static routes to send your i2o traffic into the CGN card and to attract back your o2i traffic to guarantee a symetrical path (important in the case of stateful translation).
So, let's take an example if you define a map pool of 20.1.1.0/24 where the external addresses will be allocated to your translations.
You define serviceApp1 in VRF "Inside" with 1.1.1.1/30.
You define serviceApp2 in VRF "Outside" with 1.1.1.5/30.
You need to configure a default route in the VRF Inside pointing to serviceApp1 (or 1.1.1.2), it will send the traffic to the CGN card to be NATed.
And you need to configure a static route 20.1.1.0/24 to serviceApp2 (or 1.1.1.6) to attract the traffic in the o2i direction.
As you said, the serviceApp addresses are only significant locally to the router and don't need to be advertised to the outside, so they can be RFC1918.
Hope it clarifies a bit (not easy without diagrams to describe such principles).
Cheers,
N.
i2o = input to output
o2i = output to intput -
Carrier Grade NAT (CGN)
Verizon,
Verizon has announced some DSL customers will move to Carrier Grade NAT (CGN) which uses IPv6 instead fo the old standard IPv4 we use today (see verizon link below).
This basically means you can no longer port forward. IP cameras and many other applications require port forwarding so they can accessible from the internet outside the home. Many gamers also require this ability.
Eventually everyone will be on IPv6. My question is how will Verizon customers on IPv6 be able to port forward? Or will it just not be allowed?
I understand DSL customers can currently opt-out of CGN, but the point is at some point everyone will be moved to it.
Please See:
http://www22.verizon.com/support/residential/internet/highspeedinternet/networking/troubleshooting/p...
Thank you for your time
- Adam
Solved!
Go to Solution.ADAM619,
At the moment we're unable to answer these questions. When we have more information we will provide it here in the forums, and make it available at www.verizon.com. Thanks for your patience during this transition. ~Ian
Ian_VZ
Verizon Support
Notice: Content posted by Verizon employees is meant to be informational and does not supersede or change the Verizon Forums User Guidelines or Terms or Service, or your Customer Agreement Terms and Conditions or Plan. -
SIP Traffic in CRS-3 Carrier Grade NAT (CGN) with PAT
Hello
Does the SIP traffic through the module CGN works? We use PAT in the module.
Thank you for your comments
RodolfoHi Rodolfo,
yes, SIP can be used with no issue through CGN system without the need of any particular ALG if SBC performs media-latching.
Take a look at this preso:
http://www.cisco.com/web/CA/events/pdfs/CNSF2011-IPv6-Transition-for-SPs-Chris-Metz.pdf
Kind regards,
N. -
Static NAT with port translation
Hello All,
I have a server running web application on 443 and now I want to publish it on Internet with static nat and just for port 443, I am thinking that following configuration should be fine, can anyone comment on it.
10.1.1.2:443 10.1.1.1 2.2.2.5
Server -------------------------- ASA --------------------- Internet router --Cloud
Config i am planing
static (inside, outside) tcp 2.2.2.2 443 10.10.10.10 443 netmask 255.255.255.255
Thanks
JDThanks Harish and Jouni,
I am using extra Public IP, I want to now why "dns" is the end of access list? I got confuse by at ACL as we I was looking for ASA packet flow:-
A/PIX - Outside (Lower SEC_Level) to Inside (Higher Sec_Lev)
1. FLOW-LOOKUP - [] - Check for existing connections, if none found
create a
new connection.
2. UN-NAT - [static] -
2. ROUTE-LOOKUP - [input] - Initial Checking (Reverse Path Check, etc.)
3. ACCESS-LIST - [log] - ACL Lookup
4. CONN-SETTINGS - [] - class-map, policy-map, service-policy
5. IP-OPTIONS - [] -
6. NAT - [rpf-check] -
7. NAT - [host-limits] -
8. IP-OPTIONS - [] -
9. FLOW-CREATION - [] - If everything passes up until this point a
connection
is created.
10. ROUTE-LOOKUP - [output and adjacency]
access-list OUTSIDE-IN permit tcp any host eq 443 - suggested by you
but if i go by the flow which i come to know it should be like
access-list OUTSIDE-IN permit tcp any host eq 443
What is your opion ?
Thanks
Jagdev -
ACE 4710 A3 outbound static NAT with Port redirection
Hi
I have asked this question before, but as I have not get far with it I am going to try to be more specific this time.
I have a server that needs to do an outbound connection to a mail server. The connection has to be initiated to port 26, that then will be NATed to the external IP and port 26 redirected to port 25 for the SMTP connection.
When I try to configure this:
ACE-2/TEST(config-pmap-c)# nat static x.x.x.x netmask 255.255.255.255 tcp eq 23 vlan 99
I get the error: Error: Invalid real port configured for NAT static
Any ideas what it means anyone?Right. Forget about the previous question. I have an update.
I get this output on show nat policies at the moment:
NAT object ID:39 mapped_if:19 policy_id:50 type:STATIC static_xlate_id:64
ID:64 Static port translation
Real addr:172.21.7.11 Real port:26 Real interface:18
Mapped addr:x.x.x.x Mapped port:25 Mapped interface:19
Netmask:255.255.255.255
where x.x.x.x - is the Public, external IP address on the ACE.
I need the traffic FROM the 172.21.7.11 server going anywhere TO port 26 to be remapped to x.x.x.x port 25. At the moment it does not do it. The service policy on the inside doesn't even get a hit when I am telnetting from the 172.21.7.11 server on port 26 to the outside world. It does get hits when I telnet to x.x.x.x external IP address from outside.
Something is telling me I am looking at it from a wrong direction altogether.
This is the config I have at the moment:
access-list 130 line 20 extended permit ip any any
access-list Source_NAT line 10 extended permit tcp host 172.21.7.11 eq 26 any
class-map match-any Class_Port26
2 match access-list Source_NAT
policy-map multi-match Policy_Port26_Static
class Class_Port26
nat static x.x.x.x netmask 255.255.255.255 tcp eq smtp vlan 99
interface vlan 107
ip address 172.21.7.2 255.255.255.240
peer ip address 172.21.7.1 255.255.255.240
access-group input 130
service-policy input Policy_Port26_Static
no shutdown
No server farms, no load balancing. Just that.
Any ideas? -
Carrier Grade Network Address Translation (CG-NAT)
Hello,
I live in the UK. One of the largest ISPs, BT, has begun trialling carrier grade network address translation (CG-NAT). In a nutshell, this introduces double NAT - first your broadband router, then the ISP's "router". This is before the ISP has introduced IPv6.
I fear it is only a matter of time before my ISP also introduces CG-NAT. Will/does Skype work in a CG-NAT scenario? If not, what are my options?
Kind regards,
AnwarI am new to Oracle VM. The dom0 and domU are set up by someone else. So I don't know the details. In the domU, I can't even ping the 10.244.69.35 address of the dom0.
# ping 10.244.69.35
PING 10.244.69.35 (10.244.69.35) 56(84) bytes of data.
From 192.168.200.50 icmp_seq=2 Destination Host Unreachable
From 192.168.200.50 icmp_seq=3 Destination Host Unreachable
From 192.168.200.50 icmp_seq=4 Destination Host Unreachable
The Cisco switch on the 10.*.*.* network is owned by IT and I can't change anything on it. This is why I try to set up NAT on the dom0. I would appreciate any help so that I can access the 10.*.*.* network from the domU. -
Can you configure a static port to use with certsrv.msc?
I am trying to use certsrv.msc to connect from my workstation to the CA for administration purposes. Workstation is Win7, CA is 2008 R2 Enterprise running Enterprise Subordinate on a dedicated box.
I configured a static DCOM port for certsvc by following this article, including bouncing the service and also rebooting the CA box:
http://social.technet.microsoft.com/wiki/contents/articles/1559.how-to-configure-a-static-dcom-port-for-ad-cs.aspx
The static port was opened in the firewall from my workstation to the CA. We also found that TCP 445 was required, so that has been opened as well, port 135 & other ports normally needed for autoenrollment should be open. Sniffing the firewall
showed that a random high numbered port that is not the static dcom port is being attempted - this is the only port showing dropped packets & no traffic on the static port.
I am wondering if there is a way to configure a static port for this high-level random port to use with certsrv.msc as I was able to do with the certsvc dcom port? I am trying to avoid having tens of thousands of network ports wide open going to my
CA... Thanks in advance!Hi Steve,
I am sorry that I wasn’t able to find references about restricting certificate services only use one port in the random port range.
However, we can configure RPC dynamic ports allocation to restrict port range. In the meantime, we should keep at least 100 ports open to keep necessary system services running.
More information for you:
How to configure RPC dynamic port allocation to work with firewalls
http://support.microsoft.com/kb/154596/en-us
Service overview and network port requirements for Windows
http://support.microsoft.com/kb/832017/en-au
Firewall Rules for Active Directory Certificate Services
http://blogs.technet.com/b/pki/archive/2010/06/25/firewall-roles-for-active-directory-certificate-services.aspx
Best Regards,
Amy Wang -
Port blocked prevents app from working
Dear all,
Although I don't even have ipfilters support compiled into my kernel, external attempts to connect to my tcp port 4662 fail. This happens although (locally) nmap shows it to be open:
# nmap -sT -P0 -p 1-65535 localhost
Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-05-03 23:40 EDT
Interesting ports on thinkpad (127.0.0.1):
(The 65533 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
4662/tcp open unknown
6000/tcp open X11
Nmap finished: 1 IP address (1 host up) scanned in 2.805 seconds
However, it is impossible to connect from the internet to this port. Eg, I've used
http://www.amule.org/testport.php?tcpport=4662
and it always answers that the port is inacessible.
Do you have any idea why this port might not be accessible on my machine? I am a residential cable customer, so I'm not behind a firewall.
Thanks for any clue,
MackActually a cable modem, acts as a router, as long as it has DHCP service in it, and im pretty sure its in NAT mode (so if you connect a switch to it, you can access internet from multiple PCs)...
Arch has no port blocking per default that im aware of.
EDIT:
Also, as you see with nmap the port is open in your computer, but you cant reach it from internet because when you are behind a NAT you have to forward that port in the router/cablemodem/dslmodem to your PC IP and port. This was what i was talking in my first post. (Im quite sure about the cablemodem being in NAT mode and causing this problem, but i could be wrong, in my case, this was the problem (though i have DSL)). -
WRVS4400N Static Port Forwarding
Hi
I'm trying to get 3CX working and it is detecting that there are issues with the firewall on router. I think have narrowed it down to the router as the problem still exists with Kaspersky and Windows Firewall off. Please see the bottom of this page for the results page from 3CX.
There is a description 3CX provide on getting this working are for Linksys and Cisco routers.
The Linksys description is fairly straight forward and doesn't make any difference; the Cisco description appears to be a Windows based Utility with some similarities to the WRVS4400N web interface and setting up ACL rules and as close as I can replicate what I think should be set doesn't work either.
The link for the cisco description is http://www.3cx.com/blog/voip-howto/cisco-voip-configuration/
The link for NAT firewall issues on 3CX http://www.3cx.com/blog/voip-howto/static-port-mappings/
If anyone has any ideas or can point me in the right direction i'd be very grateful.
Kind regards
Mark
Firewall Output
3CX Firewall Checker, v1.0. Copyright (C) 3CX Ltd. All rights reserved.
<11:40:57>: Phase 1, checking servers connection, please wait...
<11:40:57>: Stun Checker service is reachable. Phase 1 check passed.
<11:40:57>: Phase 2a, Check Port Forwarding to UDP SIP port, please wait...
<11:41:07>: UDP SIP Port is set to 5060. Response received WITH TRANSLATION 5061::5060. Phase 2a check passed with WARNINGS. Some functionality will be LIMITED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
<11:41:07>: Phase 2b. Check Port Forwarding to TCP SIP port, please wait...
<11:41:08>: TCP SIP Port is set to 5060. Response received WITH TRANSLATION 5061::5060. Phase 2b check passed with WARNINGS. Some functionality will be LIMITED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
<11:41:08>: Phase 3. Check Port Forwarding to TCP Tunnel port, please wait...
<11:41:08>: TCP TUNNEL Port is set to 5090. Response received correctly with no translation. Phase 3 check passed.
<11:41:08>: Phase 4. Check Port Forwarding to RTP external port range, please wait...
<11:43:23>: UDP RTP Port 9000. Response received correctly with no translation. Phase 4-01 check passed.
<11:43:23>: UDP RTP Port 9001. Response received correctly with no translation. Phase 4-02 check passed.
<11:43:23>: UDP RTP Port 9002. Response received correctly with no translation. Phase 4-03 check passed.
<11:43:23>: UDP RTP Port 9003. Response received correctly with no translation. Phase 4-04 check passed.
<11:43:23>: UDP RTP Port 9004. Response received correctly with no translation. Phase 4-05 check passed.
<11:43:23>: UDP RTP Port 9005. NO RESPONSE received. Phase 4-06 check failed with ERRORS. Some functionality will be LIMITED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
<11:43:23>: UDP RTP Port 9006. Response received correctly with no translation. Phase 4-07 check passed.
<11:43:23>: UDP RTP Port 9007. Response received correctly with no translation. Phase 4-08 check passed.
<11:43:23>: UDP RTP Port 9008. Response received correctly with no translation. Phase 4-09 check passed.
<11:43:23>: UDP RTP Port 9009. Response received correctly with no translation. Phase 4-10 check passed.
<11:43:23>: UDP RTP Port 9010. Response received correctly with no translation. Phase 4-11 check passed.
<11:43:23>: UDP RTP Port 9011. Response received correctly with no translation. Phase 4-12 check passed.
<11:43:23>: UDP RTP Port 9012. Response received correctly with no translation. Phase 4-13 check passed.
<11:43:23>: UDP RTP Port 9013. Response received correctly with no translation. Phase 4-14 check passed.
<11:43:23>: UDP RTP Port 9014. Response received correctly with no translation. Phase 4-15 check passed.
<11:43:23>: UDP RTP Port 9015. Response received correctly with no translation. Phase 4-16 check passed.
<11:43:23>: UDP RTP Port 9016. Response received correctly with no translation. Phase 4-17 check passed.
<11:43:23>: UDP RTP Port 9017. Response received correctly with no translation. Phase 4-18 check passed.
<11:43:23>: UDP RTP Port 9018. Response received correctly with no translation. Phase 4-19 check passed.
<11:43:23>: UDP RTP Port 9019. Response received correctly with no translation. Phase 4-20 check passed.
<11:43:23>: UDP RTP Port 9020. Response received correctly with no translation. Phase 4-21 check passed.
<11:43:23>: UDP RTP Port 9021. Response received correctly with no translation. Phase 4-22 check passed.
<11:43:23>: UDP RTP Port 9022. Response received correctly with no translation. Phase 4-23 check passed.
<11:43:23>: UDP RTP Port 9023. Response received correctly with no translation. Phase 4-24 check passed.
<11:43:23>: UDP RTP Port 9024. Response received correctly with no translation. Phase 4-25 check passed.
<11:43:23>: UDP RTP Port 9025. Response received correctly with no translation. Phase 4-26 check passed.
<11:43:23>: UDP RTP Port 9026. Response received correctly with no translation. Phase 4-27 check passed.
<11:43:23>: UDP RTP Port 9027. Response received correctly with no translation. Phase 4-28 check passed.
<11:43:23>: UDP RTP Port 9028. Response received correctly with no translation. Phase 4-29 check passed.
<11:43:23>: UDP RTP Port 9029. Response received correctly with no translation. Phase 4-30 check passed.
<11:43:23>: UDP RTP Port 9030. Response received correctly with no translation. Phase 4-31 check passed.
<11:43:23>: UDP RTP Port 9031. Response received correctly with no translation. Phase 4-32 check passed.
<11:43:23>: UDP RTP Port 9032. Response received correctly with no translation. Phase 4-33 check passed.
<11:43:23>: UDP RTP Port 9033. Response received correctly with no translation. Phase 4-34 check passed.
<11:43:23>: UDP RTP Port 9034. Response received correctly with no translation. Phase 4-35 check passed.
<11:43:23>: UDP RTP Port 9035. Response received correctly with no translation. Phase 4-36 check passed.
<11:43:23>: UDP RTP Port 9036. Response received correctly with no translation. Phase 4-37 check passed.
<11:43:23>: UDP RTP Port 9037. Response received correctly with no translation. Phase 4-38 check passed.
<11:43:23>: UDP RTP Port 9038. Response received correctly with no translation. Phase 4-39 check passed.
<11:43:23>: UDP RTP Port 9039. Response received correctly with no translation. Phase 4-40 check passed.
<11:43:23>: UDP RTP Port 9040. Response received correctly with no translation. Phase 4-41 check passed.
<11:43:23>: UDP RTP Port 9041. NO RESPONSE received. Phase 4-42 check failed with ERRORS. Some functionality will be LIMITED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
<11:43:23>: UDP RTP Port 9042. Response received correctly with no translation. Phase 4-43 check passed.
<11:43:23>: UDP RTP Port 9043. Response received correctly with no translation. Phase 4-44 check passed.
<11:43:23>: UDP RTP Port 9044. Response received correctly with no translation. Phase 4-45 check passed.
<11:43:23>: UDP RTP Port 9045. Response received correctly with no translation. Phase 4-46 check passed.
<11:43:23>: UDP RTP Port 9046. Response received correctly with no translation. Phase 4-47 check passed.
<11:43:23>: UDP RTP Port 9047. Response received correctly with no translation. Phase 4-48 check passed.
<11:43:23>: UDP RTP Port 9048. Response received correctly with no translation. Phase 4-49 check passed.
<11:43:23>: UDP RTP Port 9049. Response received correctly with no translation. Phase 4-50 check passed.
Application exit code is 4Hi Sir,
I'm sorry if i dind't understand your question, but already you tried the configuration as attached? Please change the IP to your 3CX IP.
Regards.
Andrey Cassemiro -
I've seen many articles about setting static ports in Exchange 2010, but nothing about 2013. Can it still be done the same way in 2013? My concern isn't blocking ports/firewalls/etc, but between our sites we have WAN accelerators which have limits
by connection. The connection count by the device seems a bit "sticky" where an Outlook client at one site accessing a shared mailbox on the other site can end up counting as almost 100 connections because of the dynamic RPC ports used for
different connections. Thus setting static ports would greatly reduce the connection count on the device. Is that still possible?Hello,
Here you can find port references for all Exchange server versions (except 2013):
http://blogs.technet.com/b/exchange/archive/2013/02/18/exchange-firewalls-and-support-oh-my.aspx - the Exchange Network Port References section.
The list for Exchange 2010 and 2013 is similar but 2013 version uses Outlook Anywhere (port 443) instead of RPC for client connections. So you do not need to configure static RPC
ports for Exchange 2013.
Hope it helps,
Adam
www.codetwo.com
If this post helps resolve your issue, please click the "Mark as Answer" or "Helpful" button at the top of this message. By marking a post as Answered, or Helpful you help others
find the answer faster. -
Hi guys,
A want to know how can configure a NAT statics on the ASR9000, the ASR have de IOS-XR 4.3.4 and the configuration is the next:
hw-module service cgn location 0/4/CPU0
interface ServiceInfra 1
ipv4 address 100.10.200.253 255.255.255.252
service-location 0/4/CPU0
interface Gigabitethernet 0/0/0/19
description INSIDE
vrf ivrf1
ipv4 address 192.168.0.254 255.255.255.0
interface ServiceApp1
desciption INBOUND INSIDE TO ISM
vrf ivrf1
ipv4 address 100.10.200.1 255.255.255.252
service cgn prueba service-type nat44
interface ServiceApp2
description OUTBOUND OUTSIDE
ipv4 address 100.10.200.5 255.255.255.252
service cgn prueba service-type nat44
router static
address-family ipv4 unicast
191.20.20.0/24 ServiceApp2
vrf ivrf1
address-family ipv4 unicast
0.0.0.0/0 ServiceApp1
service cgn prueba
service-location preferred-active 0/4/CPU0
service-type nat44 nat1
portlimit 65535
alg ActiveFTP
alg rtsp
alg pptpAlg
inside-vrf ivrf1
map address-pool 191.20.20.0/24
protocol udp
session initial timeout 30
session active timeout 120
protocol tcp
session initial timeout 120
session active timeout 1800
protocol icmp
timeout 60
refresh-direction Outbound
The configuration above is working perfect and i can reach internet, now a need to migrate the next configuration of nat static to the ASR9000
ip nat inside source static tcp 192.168.0.205 3299 191.20.20.205 3299 extendable
Can help please..
Would greatly appreciate if you could help me
Thanks.
Fredy CaceresHi Fredy,
Please see link below,
https://supportforums.cisco.com/document/11939006/cgv6-ism-cgnnat44-deployment-guide#static-port-forwarding
http://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k_r4-3/cg_nat/command/reference/b_cgnat_cr43xasr9k/b_cgnat_cr42crs_chapter_01.html#wp2900083483
Best Regards,
Bheem -
I am trying to install WSUS role on Windows Server 2012 R2 using dedicated SQL Instance with static port on remote SQL Server 2012 SP1 CU7 on Windows Server 2012 R2.
It verifies the connection and then throws the error:
The request to add or remove features on the specified server failed. The operation cannot be completed, because the server you specified requires a restart.
WSUS Server : Windows Server 2012 R2
Remote SQL Server: 2012 SP1 CU7 hosted on Windows Server 2012 R2
Please let me know if anyone has experienced this issue.We were trying to install WSUS role on Windows Server 2012 R2 using dedicated SQL Instance with static port on remote SQL Server 2012 SP1 CU7 on Windows Server 2012 R2.
It verifies the connection and then throws the error:
The request to add or remove features on the specified server failed. The operation cannot be completed, because the server you specified requires a restart.
Same error even after rebooting the server multiple times.
WSUS Server : Windows Server Standard2012 R2
Remote SQL Server: Windows Server 2012 SP1 CU7 hosted on Windows Server 2012 R2
Event ID 7000:
The Windows Internal Database service failed to start due to the following error:
The service did not start due to a logon failure.
Event ID 7041
The MSSQL$MICROSOFT##WID service was unable to log on as NT SERVICE\MSSQL$MICROSOFT##WID with the currently configured password due to the following error:
Logon failure: the user has not been granted the requested logon type at this computer.
Service: MSSQL$MICROSOFT##WID
Domain and account: NT SERVICE\MSSQL$MICROSOFT##WID
This service account does not have the required user right "Log on as a service."
User Action
Assign "Log on as a service" to the service account on this computer. You can use Local Security Settings (Secpol.msc) to do this. If this computer is a node in a cluster, check that this user
right is assigned to the Cluster service account on all nodes in the cluster.
If you have already assigned this user right to the service account, and the user right appears to be removed, check with your domain administrator to find out if a Group Policy object associated
with this node might be removing the right.
I found following article:
"MSSQL$MICROSOFT##WID service was unable to log on as NT SERVICE\MSSQL$MICROSOFT##WID" error when you install WID in Windows Server 2012
http://support.microsoft.com/kb/2832204/en-us
To work around the issue, use one of the following methods:
Assign the Log on as a service user right to NT SERVICE\ALL SERVICES in the GPO that defines the user right.
Exclude the computer from the GPO that defines the user right.
We moved the SCCM server to OU where no policies were getting applied and then applied the new GPO to that OU. Restarted the server and we were able to install WSUS role.
Regards
PR -
Read a Properties File in a Static Floating Block
I am trying to read a properties file in a static floating block:
static
try
Properties p = new Properties();
String path = "/WEB-INF/classes";
InputStream is = getClass().getResourceAsStream( path + "artimus_message_MessagInboxConfig.properties" );
p.load(is); // load the stream into the Properties object
WEBSITE_HOME = p.getProperty( "WEBSITE_HOME" );
setWebSiteHome( WEBSITE_HOME );
catch { ......}
}I got a compilation error saying that the non-static method getClass() cannot be referenced from a static context. There is almost no way to make this static floating block non-static. What should I do?Thanks for the reply. But, huh... I do not quite
understand. Which class is MyClass?It's a generic placeholder for whichever class your put that block into. You wouldn't put it there literally--replace it with the name of the actual class. If that block is in Foo.java, then use Foo.class instead of MyClass.class.
>
Okay, this static floating block is in a class called
MessageInboxConfig.java. Then use MessageInboxConfig.class.getResourceAsStream(...)
And inside this static
floating block, I am reading a properties file and
this properties file is in the
ContextRoot/WEB-INF/classes/artimus_message_MessagInbox
onfig.propertiesHow do I read this properties file?
Properties p = new Properties();
InputStream is = MessageInboxConfig.class.getResourceAsStream("artimus_message_MessagInboxConfig.properties" );
... etc. ...You shouldn't need to specify "WEB-INF/classes," since it should be in your classpath. What you pass to getResource is a path relative to a directory in your classpath. -
We have two physical servers hosting 3 SQL 2012 clustered instances, one default instance and two named instances.
The default instance is using port 1433 and the two named instances are using dynamic port assignment.
There is discussion about assigning static port numbers to the two named clustered SQL instances.
What is considered best-practice? For clustered named instances to have dynamic or static ports?
Are there any pitfalls to assigning a static port to a named instance that is a cluster?
Any help is greatly appreciatedHi RobinMCBC,
In SQL server the default instance has a listener which listens on the fixed port which is TCP port 1433. And for the named instance the port on which the SQL server listens is random and is dynamically selected when the named instance of the SQL server
starts.
For Standalone instance of the SQL server we can change the dynamic port of the named instance to the static port by using SQL server configuration manager as other post, however, in case of the cluster, when we change the port no. of the named instance
to the static port using the method described above, the port no. again changes back to the dynamic port after you restart the services. I recommend you changing the Dynamic port of the SQL Server to static port
on all the nodes , disabling and enabling the checkpointing to the quorum.
For more information, you can review the following article about how to change the dynamic port of the SQL Server named instance to an static port in a SQL Server 2005 cluster.
http://blogs.msdn.com/b/sqlserverfaq/archive/2008/06/02/how-to-change-the-dynamic-port-of-the-sql-server-named-instance-to-an-static-port-in-a-sql-server-2005-cluster.aspx
Regards,
Sofiya Li
Sofiya Li
TechNet Community Support
Maybe you are looking for
-
i have the new version of i tunes and it says it cannot ascess my ipad4 and asks to upgrade and reset how to solve this????
-
IDOC sender/receiver partner type LS?
Hi, I am in need of advise if SAP 5.0 can be configured for ORDERS outbound (PO NEU) to pick up receiver (KU) partner type by standard config? I understand that there's exit available but would like to utilise standard application config method. Rega
-
Hi all, Could anyone help me with the folowing? If I query a Journal Entry from a Reporting SOB how can I determine (by using SQL) to what Primary SOB the reporting SOB belongs? Tia, Martin
-
Oracle Client 10 Unattended Installation
Hello, using the unattended installation mode: steup -nowait -force -silent -responseFile c:\test.rsp the installation failes. the errorlog tells me that DepMode and TLDepmode is not defines in the answer file. The test.rsp was recorded by using the
-
Would you use it to play an instrument?
I'll be abroad for a year and I don't have any speaker to play my music. But in adittion I have a keyboard and I was wondering if it would sound nice to practice at home, to play with another instrument, for example, a guitar, or to eventually play i