Carrier grade nat - static port block allocation.

Hello,
Is it possible to configure nat (cgn) on ASR 1k to permit the same private address always  get the same port block allocation from the same public address? With that You dont need nat logging.
regards

ADAM619,
At the moment we're unable to answer these questions.  When we have more information we will provide it here in the forums, and make it available at www.verizon.com.  Thanks for your patience during this transition. ~Ian
Ian_VZ
Verizon Support
Notice: Content posted by Verizon employees is meant to be informational and does not supersede or change the Verizon Forums User Guidelines or Terms or Service, or your Customer Agreement Terms and Conditions or Plan.

Similar Messages

  • Carrier Grade NAT

    Hi Every one, I wish you can help me with this inquiry. we are adding Fibre tails to our network and need to do per user queuing  and shaping for PPPoE using Radius and I have selected 7603 with IOS15.3(3.)S to do this for me . Noe since we are running out of IPs, we need to do Carrier Grade NAT (CGN) , and based on Cisco Feature navigator only ME3600 and ME3800 (Remote Switches) are able to perform it. I need to come up with a confirmed decision before purchasing the devices. I would appreciate any help. 

    Hi Adiyudha,
    in a general manner, consider these interfaces as SVI or "tunnels" to connect your router to the service blade.
    When loaded with a CGN image, the ServiceInfra interface is used for the management of the card. It's mandatory to have it configured to be able to boot properly the card.
    The ServiceApp interfaces are used to send traffic (to be NATed or CGv6ed for instance) to and from your router.
    It's necessary to configure an IP address on the serviceApp interface, we configure the router side of the tunnel. All other addresses in the range will be considered to be part of the service card side.
    So if you define serviceApp1 10.1.1.1/30, 10.1.1.2 will be answered by the CGN card automatically.
    These serviceApps must be part of different VRFs (vrf-lite generally) or at least one in the Global routing table and another in a VRF, to avoid routing loops ----> because you'll have to use static routes to send your i2o traffic into the CGN card and to attract back your o2i traffic to guarantee a symetrical path (important in the case of stateful translation).
    So, let's take an example if you define a map pool of 20.1.1.0/24 where the external addresses will be allocated to your translations.
    You define serviceApp1 in VRF "Inside" with 1.1.1.1/30.
    You define serviceApp2 in VRF "Outside" with 1.1.1.5/30.
    You need to configure a default route in the VRF Inside pointing to serviceApp1 (or 1.1.1.2), it will send the traffic to the CGN card to be NATed.
    And you need to configure a static route 20.1.1.0/24 to serviceApp2 (or 1.1.1.6) to attract the traffic in the o2i direction.
    As you said, the serviceApp addresses are only significant locally to the router and don't need to be advertised to the outside, so they can be RFC1918.
    Hope it clarifies a bit (not easy without diagrams to describe such principles).
    Cheers,
    N.
    i2o = input to output
    o2i = output to intput

  • Carrier Grade NAT (CGN)

    Verizon,
    Verizon has announced some DSL customers will move to Carrier Grade NAT (CGN) which uses IPv6 instead fo the old standard IPv4 we use today (see verizon link below).
    This basically means you can no longer port forward. IP cameras and many other applications require port forwarding so they can accessible from the internet outside the home. Many gamers also require this ability.
    Eventually everyone will be on IPv6. My question is how will Verizon customers on IPv6 be able to port forward? Or will it just not be allowed?
    I understand DSL customers can currently opt-out of CGN, but the point is at some point everyone will be moved to it.
    Please See:
    http://www22.verizon.com/support/residential/internet/highspeedinternet/networking/troubleshooting/p...
    Thank you for your time
    - Adam
    Solved!
    Go to Solution.

    ADAM619,
    At the moment we're unable to answer these questions.  When we have more information we will provide it here in the forums, and make it available at www.verizon.com.  Thanks for your patience during this transition. ~Ian
    Ian_VZ
    Verizon Support
    Notice: Content posted by Verizon employees is meant to be informational and does not supersede or change the Verizon Forums User Guidelines or Terms or Service, or your Customer Agreement Terms and Conditions or Plan.

  • SIP Traffic in CRS-3 Carrier Grade NAT (CGN) with PAT

    Hello
    Does the SIP traffic through the module CGN works? We use PAT in the module.
    Thank you for your comments
    Rodolfo

    Hi Rodolfo,
    yes, SIP can be used with no issue through CGN system without the need of any particular ALG if SBC performs media-latching.
    Take a look at this preso:
    http://www.cisco.com/web/CA/events/pdfs/CNSF2011-IPv6-Transition-for-SPs-Chris-Metz.pdf
    Kind regards,
    N.

  • Static NAT with port translation

    Hello All,
    I have a server running web application on 443 and now I want to publish it on Internet with static nat and just for port 443,  I am thinking that following configuration should be fine, can anyone comment on it.
      10.1.1.2:443         10.1.1.1    2.2.2.5
    Server -------------------------- ASA --------------------- Internet router --Cloud
    Config  i am planing      
    static (inside, outside) tcp 2.2.2.2 443 10.10.10.10 443 netmask 255.255.255.255
    Thanks
    JD

    Thanks Harish and Jouni,
    I am using extra Public IP, I want to now why "dns" is the end of access list? I got confuse by at ACL as we I was looking for ASA packet flow:-
    A/PIX - Outside (Lower SEC_Level) to Inside (Higher Sec_Lev)
    1. FLOW-LOOKUP - [] - Check for existing connections, if none found
    create a
    new connection.
    2. UN-NAT - [static] -
    2. ROUTE-LOOKUP - [input] - Initial Checking (Reverse Path Check, etc.)
    3. ACCESS-LIST - [log] - ACL Lookup
    4. CONN-SETTINGS - [] - class-map, policy-map, service-policy
    5. IP-OPTIONS - [] -
    6. NAT - [rpf-check] -
    7. NAT - [host-limits] -
    8. IP-OPTIONS - [] -
    9. FLOW-CREATION - [] - If everything passes up until this point a
    connection
    is created.
    10. ROUTE-LOOKUP - [output and adjacency]
    access-list OUTSIDE-IN permit tcp any host eq 443 - suggested by you
    but if i go by the flow which i come to know it should be like
    access-list OUTSIDE-IN permit tcp any host eq 443
    What is your opion ?
    Thanks
    Jagdev

  • ACE 4710 A3 outbound static NAT with Port redirection

    Hi
    I have asked this question before, but as I have not get far with it I am going to try to be more specific this time.
    I have a server that needs to do an outbound connection to a mail server. The connection has to be initiated to port 26, that then will be NATed to the external IP and port 26 redirected to port 25 for the SMTP connection.
    When I try to configure this:
    ACE-2/TEST(config-pmap-c)# nat static x.x.x.x netmask 255.255.255.255 tcp eq 23 vlan 99
    I get the error: Error: Invalid real port configured for NAT static
    Any ideas what it means anyone?

    Right. Forget about the previous question. I have an update.
    I get this output on show nat policies at the moment:
    NAT object ID:39 mapped_if:19 policy_id:50 type:STATIC static_xlate_id:64
    ID:64 Static port translation
    Real addr:172.21.7.11 Real port:26 Real interface:18
    Mapped addr:x.x.x.x Mapped port:25 Mapped interface:19
    Netmask:255.255.255.255
    where x.x.x.x - is the Public, external IP address on the ACE.
    I need the traffic FROM the 172.21.7.11 server going anywhere TO port 26 to be remapped to x.x.x.x port 25. At the moment it does not do it. The service policy on the inside doesn't even get a hit when I am telnetting from the 172.21.7.11 server on port 26 to the outside world. It does get hits when I telnet to x.x.x.x external IP address from outside.
    Something is telling me I am looking at it from a wrong direction altogether.
    This is the config I have at the moment:
    access-list 130 line 20 extended permit ip any any
    access-list Source_NAT line 10 extended permit tcp host 172.21.7.11 eq 26 any
    class-map match-any Class_Port26
    2 match access-list Source_NAT
    policy-map multi-match Policy_Port26_Static
    class Class_Port26
    nat static x.x.x.x netmask 255.255.255.255 tcp eq smtp vlan 99
    interface vlan 107
    ip address 172.21.7.2 255.255.255.240
    peer ip address 172.21.7.1 255.255.255.240
    access-group input 130
    service-policy input Policy_Port26_Static
    no shutdown
    No server farms, no load balancing. Just that.
    Any ideas?

  • Carrier Grade Network Address Translation (CG-NAT)

    Hello,
    I live in the UK.  One of the largest ISPs, BT, has begun trialling carrier grade network address translation (CG-NAT).  In a nutshell, this introduces double NAT - first your broadband router, then the ISP's "router".  This is before the ISP has introduced IPv6.
    I fear it is only a matter of time before my ISP also introduces CG-NAT.  Will/does Skype work in a CG-NAT scenario?  If not, what are my options?
    Kind regards,
    Anwar

    I am new to Oracle VM. The dom0 and domU are set up by someone else. So I don't know the details. In the domU, I can't even ping the 10.244.69.35 address of the dom0.
    # ping 10.244.69.35
    PING 10.244.69.35 (10.244.69.35) 56(84) bytes of data.
    From 192.168.200.50 icmp_seq=2 Destination Host Unreachable
    From 192.168.200.50 icmp_seq=3 Destination Host Unreachable
    From 192.168.200.50 icmp_seq=4 Destination Host Unreachable
    The Cisco switch on the 10.*.*.* network is owned by IT and I can't change anything on it. This is why I try to set up NAT on the dom0. I would appreciate any help so that I can access the 10.*.*.* network from the domU.

  • Can you configure a static port to use with certsrv.msc?

    I am trying to use certsrv.msc to connect from my workstation to the CA for administration purposes.  Workstation is Win7, CA is 2008 R2 Enterprise running Enterprise Subordinate on a dedicated box.
    I configured a static DCOM port for certsvc by following this article, including bouncing the service and also rebooting the CA box:
    http://social.technet.microsoft.com/wiki/contents/articles/1559.how-to-configure-a-static-dcom-port-for-ad-cs.aspx
    The static port was opened in the firewall from my workstation to the CA.  We also found that TCP 445 was required, so that has been opened as well, port 135 & other ports normally needed for autoenrollment should be open.  Sniffing the firewall
    showed that a random high numbered port that is not the static dcom port is being attempted - this is the only port showing dropped packets & no traffic on the static port.
    I am wondering if there is a way to configure a static port for this high-level random port to use with certsrv.msc as I was able to do with the certsvc dcom port?  I am trying to avoid having tens of thousands of network ports wide open going to my
    CA...  Thanks in advance!

    Hi Steve,
    I am sorry that I wasn’t able to find references about restricting certificate services only use one port in the random port range.
    However, we can configure RPC dynamic ports allocation to restrict port range. In the meantime, we should keep at least 100 ports open to keep necessary system services running.
    More information for you:
    How to configure RPC dynamic port allocation to work with firewalls
    http://support.microsoft.com/kb/154596/en-us
    Service overview and network port requirements for Windows
    http://support.microsoft.com/kb/832017/en-au
    Firewall Rules for Active Directory Certificate Services
    http://blogs.technet.com/b/pki/archive/2010/06/25/firewall-roles-for-active-directory-certificate-services.aspx
    Best Regards,
    Amy Wang

  • Port blocked prevents app from working

    Dear all,
    Although I don't even have ipfilters support compiled into my kernel, external attempts to connect to my tcp port 4662 fail. This happens although (locally) nmap shows it to be open:
    # nmap -sT -P0 -p 1-65535 localhost
    Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-05-03 23:40 EDT
    Interesting ports on thinkpad (127.0.0.1):
    (The 65533 ports scanned but not shown below are in state: closed)
    PORT     STATE SERVICE
    4662/tcp open  unknown
    6000/tcp open  X11
    Nmap finished: 1 IP address (1 host up) scanned in 2.805 seconds
    However, it is impossible to connect from the internet to this port. Eg, I've used
    http://www.amule.org/testport.php?tcpport=4662
    and it always answers that the port is inacessible.
    Do you have any idea why this port might not be accessible on my machine? I am a residential cable customer, so I'm not behind a firewall.
    Thanks for any clue,
    Mack

    Actually a cable modem, acts as a router, as long as it has DHCP service in it, and im pretty sure its in NAT mode (so if you connect a switch to it, you can access internet from multiple PCs)...
    Arch has no port blocking per default that im aware of.
    EDIT:
    Also, as you see with nmap the port is open in your computer, but you cant reach it from internet because when you are behind a NAT you have to forward that port in the router/cablemodem/dslmodem to your PC IP and port. This was what i was talking in my first post. (Im quite sure about the cablemodem being in NAT mode and causing this problem, but i could be wrong, in my case, this was the problem (though i have DSL)).

  • WRVS4400N Static Port Forwarding

    Hi
    I'm trying to get 3CX working and it is detecting that there are issues with the firewall on router.  I think have narrowed it down to the router as the problem still exists with Kaspersky and Windows Firewall off.  Please see the bottom of this page for the results page from 3CX.
    There is a description 3CX provide on getting this working are for Linksys and Cisco routers.
    The Linksys description is fairly straight forward and doesn't make any difference; the Cisco description appears to be a Windows based Utility with some similarities to the WRVS4400N web interface and setting up ACL rules and as close as I can replicate what I think should be set doesn't work either.
    The link for the cisco description is http://www.3cx.com/blog/voip-howto/cisco-voip-configuration/
    The link for NAT firewall issues on 3CX  http://www.3cx.com/blog/voip-howto/static-port-mappings/
    If anyone has any ideas or can point me in the right direction i'd be very grateful.
    Kind regards
    Mark
    Firewall Output
    3CX Firewall Checker, v1.0. Copyright (C) 3CX Ltd. All rights reserved.
    <11:40:57>: Phase 1, checking servers connection, please wait...
    <11:40:57>: Stun Checker service is reachable. Phase 1 check passed.
    <11:40:57>: Phase 2a,  Check Port Forwarding to UDP SIP port, please wait...
    <11:41:07>: UDP SIP Port is set to 5060. Response received WITH TRANSLATION 5061::5060. Phase 2a check passed with WARNINGS. Some functionality will be LIMITED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <11:41:07>: Phase 2b. Check Port Forwarding to TCP SIP port, please wait...
    <11:41:08>: TCP SIP Port is set to 5060. Response received WITH TRANSLATION 5061::5060. Phase 2b check passed with WARNINGS. Some functionality will be LIMITED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <11:41:08>: Phase 3. Check Port Forwarding to TCP Tunnel port, please wait...
    <11:41:08>: TCP TUNNEL Port is set to 5090. Response received correctly with no translation. Phase 3 check passed.
    <11:41:08>: Phase 4. Check Port Forwarding to RTP external port range, please wait...
    <11:43:23>: UDP RTP Port 9000. Response received correctly with no translation. Phase 4-01 check passed.
    <11:43:23>: UDP RTP Port 9001. Response received correctly with no translation. Phase 4-02 check passed.
    <11:43:23>: UDP RTP Port 9002. Response received correctly with no translation. Phase 4-03 check passed.
    <11:43:23>: UDP RTP Port 9003. Response received correctly with no translation. Phase 4-04 check passed.
    <11:43:23>: UDP RTP Port 9004. Response received correctly with no translation. Phase 4-05 check passed.
    <11:43:23>: UDP RTP Port 9005. NO RESPONSE received. Phase 4-06 check failed with ERRORS. Some functionality will be LIMITED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <11:43:23>: UDP RTP Port 9006. Response received correctly with no translation. Phase 4-07 check passed.
    <11:43:23>: UDP RTP Port 9007. Response received correctly with no translation. Phase 4-08 check passed.
    <11:43:23>: UDP RTP Port 9008. Response received correctly with no translation. Phase 4-09 check passed.
    <11:43:23>: UDP RTP Port 9009. Response received correctly with no translation. Phase 4-10 check passed.
    <11:43:23>: UDP RTP Port 9010. Response received correctly with no translation. Phase 4-11 check passed.
    <11:43:23>: UDP RTP Port 9011. Response received correctly with no translation. Phase 4-12 check passed.
    <11:43:23>: UDP RTP Port 9012. Response received correctly with no translation. Phase 4-13 check passed.
    <11:43:23>: UDP RTP Port 9013. Response received correctly with no translation. Phase 4-14 check passed.
    <11:43:23>: UDP RTP Port 9014. Response received correctly with no translation. Phase 4-15 check passed.
    <11:43:23>: UDP RTP Port 9015. Response received correctly with no translation. Phase 4-16 check passed.
    <11:43:23>: UDP RTP Port 9016. Response received correctly with no translation. Phase 4-17 check passed.
    <11:43:23>: UDP RTP Port 9017. Response received correctly with no translation. Phase 4-18 check passed.
    <11:43:23>: UDP RTP Port 9018. Response received correctly with no translation. Phase 4-19 check passed.
    <11:43:23>: UDP RTP Port 9019. Response received correctly with no translation. Phase 4-20 check passed.
    <11:43:23>: UDP RTP Port 9020. Response received correctly with no translation. Phase 4-21 check passed.
    <11:43:23>: UDP RTP Port 9021. Response received correctly with no translation. Phase 4-22 check passed.
    <11:43:23>: UDP RTP Port 9022. Response received correctly with no translation. Phase 4-23 check passed.
    <11:43:23>: UDP RTP Port 9023. Response received correctly with no translation. Phase 4-24 check passed.
    <11:43:23>: UDP RTP Port 9024. Response received correctly with no translation. Phase 4-25 check passed.
    <11:43:23>: UDP RTP Port 9025. Response received correctly with no translation. Phase 4-26 check passed.
    <11:43:23>: UDP RTP Port 9026. Response received correctly with no translation. Phase 4-27 check passed.
    <11:43:23>: UDP RTP Port 9027. Response received correctly with no translation. Phase 4-28 check passed.
    <11:43:23>: UDP RTP Port 9028. Response received correctly with no translation. Phase 4-29 check passed.
    <11:43:23>: UDP RTP Port 9029. Response received correctly with no translation. Phase 4-30 check passed.
    <11:43:23>: UDP RTP Port 9030. Response received correctly with no translation. Phase 4-31 check passed.
    <11:43:23>: UDP RTP Port 9031. Response received correctly with no translation. Phase 4-32 check passed.
    <11:43:23>: UDP RTP Port 9032. Response received correctly with no translation. Phase 4-33 check passed.
    <11:43:23>: UDP RTP Port 9033. Response received correctly with no translation. Phase 4-34 check passed.
    <11:43:23>: UDP RTP Port 9034. Response received correctly with no translation. Phase 4-35 check passed.
    <11:43:23>: UDP RTP Port 9035. Response received correctly with no translation. Phase 4-36 check passed.
    <11:43:23>: UDP RTP Port 9036. Response received correctly with no translation. Phase 4-37 check passed.
    <11:43:23>: UDP RTP Port 9037. Response received correctly with no translation. Phase 4-38 check passed.
    <11:43:23>: UDP RTP Port 9038. Response received correctly with no translation. Phase 4-39 check passed.
    <11:43:23>: UDP RTP Port 9039. Response received correctly with no translation. Phase 4-40 check passed.
    <11:43:23>: UDP RTP Port 9040. Response received correctly with no translation. Phase 4-41 check passed.
    <11:43:23>: UDP RTP Port 9041. NO RESPONSE received. Phase 4-42 check failed with ERRORS. Some functionality will be LIMITED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <11:43:23>: UDP RTP Port 9042. Response received correctly with no translation. Phase 4-43 check passed.
    <11:43:23>: UDP RTP Port 9043. Response received correctly with no translation. Phase 4-44 check passed.
    <11:43:23>: UDP RTP Port 9044. Response received correctly with no translation. Phase 4-45 check passed.
    <11:43:23>: UDP RTP Port 9045. Response received correctly with no translation. Phase 4-46 check passed.
    <11:43:23>: UDP RTP Port 9046. Response received correctly with no translation. Phase 4-47 check passed.
    <11:43:23>: UDP RTP Port 9047. Response received correctly with no translation. Phase 4-48 check passed.
    <11:43:23>: UDP RTP Port 9048. Response received correctly with no translation. Phase 4-49 check passed.
    <11:43:23>: UDP RTP Port 9049. Response received correctly with no translation. Phase 4-50 check passed.
    Application exit code is 4

    Hi Sir,
    I'm sorry if i dind't understand your question, but already you tried the configuration as attached? Please change the IP to your 3CX IP.
    Regards.
    Andrey Cassemiro

  • Exchange 2013 Static Ports

    I've seen many articles about setting static ports in Exchange 2010, but nothing about 2013.  Can it still be done the same way in 2013?  My concern isn't blocking ports/firewalls/etc, but between our sites we have WAN accelerators which have limits
    by connection.  The connection count by the device seems a bit "sticky" where an Outlook client at one site accessing a shared mailbox on the other site can end up counting as almost 100 connections because of the dynamic RPC ports used for
    different connections.  Thus setting static ports would greatly reduce the connection count on the device.  Is that still possible?

    Hello,
    Here you can find port references for all Exchange server versions (except 2013):
    http://blogs.technet.com/b/exchange/archive/2013/02/18/exchange-firewalls-and-support-oh-my.aspx - the Exchange Network Port References section.
    The list for Exchange 2010 and 2013 is similar but 2013 version uses Outlook Anywhere (port 443) instead of RPC for client connections. So you do not need to configure static RPC
    ports for Exchange 2013.
    Hope it helps,
    Adam
    www.codetwo.com
    If this post helps resolve your issue, please click the "Mark as Answer" or "Helpful" button at the top of this message. By marking a post as Answered, or Helpful you help others
    find the answer faster.

  • NAT STATIC ISM

    Hi guys, 
    A want to know how can configure a NAT statics on the ASR9000, the ASR have de IOS-XR 4.3.4 and the configuration is the next:
    hw-module service cgn location 0/4/CPU0
    interface ServiceInfra 1
    ipv4 address 100.10.200.253 255.255.255.252
    service-location 0/4/CPU0
    interface Gigabitethernet 0/0/0/19
    description INSIDE
    vrf ivrf1
    ipv4 address 192.168.0.254 255.255.255.0
    interface ServiceApp1
    desciption INBOUND INSIDE TO ISM
    vrf ivrf1
    ipv4 address 100.10.200.1 255.255.255.252
    service cgn prueba service-type nat44
    interface ServiceApp2
    description OUTBOUND OUTSIDE
    ipv4 address 100.10.200.5 255.255.255.252
    service cgn prueba service-type nat44
    router static
    address-family ipv4 unicast
    191.20.20.0/24 ServiceApp2
    vrf ivrf1
    address-family ipv4 unicast
    0.0.0.0/0 ServiceApp1
    service cgn prueba
     service-location preferred-active 0/4/CPU0
     service-type nat44 nat1
      portlimit 65535
      alg ActiveFTP
      alg rtsp
      alg pptpAlg
      inside-vrf ivrf1
       map address-pool 191.20.20.0/24
      protocol udp
       session initial timeout 30
       session active timeout 120
      protocol tcp
       session initial timeout 120
       session active timeout 1800
      protocol icmp
       timeout 60
      refresh-direction Outbound
    The configuration above is working perfect and i can reach internet, now a need to migrate the next configuration of nat static to the ASR9000
    ip nat inside source static tcp 192.168.0.205 3299 191.20.20.205 3299 extendable
    Can help please..
    Would greatly appreciate if you could help me
    Thanks.
    Fredy Caceres

    Hi Fredy,
    Please see link below,
    https://supportforums.cisco.com/document/11939006/cgv6-ism-cgnnat44-deployment-guide#static-port-forwarding
    http://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k_r4-3/cg_nat/command/reference/b_cgnat_cr43xasr9k/b_cgnat_cr42crs_chapter_01.html#wp2900083483
    Best Regards,
    Bheem

  • Trying to install WSUS role on Windows Server 2012 R2 using dedicated SQL Instance with static port on remote SQL Server 2012 SP1 CU7 on Windows Server 2012 R2.

    I am trying to install WSUS role on Windows Server 2012 R2 using dedicated SQL Instance with static port on remote SQL Server 2012 SP1 CU7 on Windows Server 2012 R2.
    It verifies the connection and then throws the error:
    The request to add or remove features on the specified server failed. The operation cannot be completed, because the server you specified requires a restart.
    WSUS Server : Windows Server 2012 R2
    Remote SQL Server: 2012 SP1 CU7 hosted on Windows Server 2012 R2
    Please let me know if anyone has experienced this issue.

    We were trying to install WSUS role on Windows Server 2012 R2 using dedicated SQL Instance with static port on remote SQL Server 2012 SP1 CU7 on Windows Server 2012 R2.
    It verifies the connection and then throws the error:
    The request to add or remove features on the specified server failed. The operation cannot be completed, because the server you specified requires a restart.
    Same error even after rebooting the server multiple times.
    WSUS Server : Windows Server Standard2012 R2
    Remote SQL Server: Windows Server 2012 SP1 CU7 hosted on Windows Server 2012 R2
    Event ID 7000:
    The Windows Internal Database service failed to start due to the following error:
    The service did not start due to a logon failure.
    Event ID 7041
    The MSSQL$MICROSOFT##WID service was unable to log on as NT SERVICE\MSSQL$MICROSOFT##WID with the currently configured password due to the following error:
    Logon failure: the user has not been granted the requested logon type at this computer.
    Service: MSSQL$MICROSOFT##WID
    Domain and account: NT SERVICE\MSSQL$MICROSOFT##WID
    This service account does not have the required user right "Log on as a service."
    User Action
    Assign "Log on as a service" to the service account on this computer. You can use Local Security Settings (Secpol.msc) to do this. If this computer is a node in a cluster, check that this user
    right is assigned to the Cluster service account on all nodes in the cluster.
    If you have already assigned this user right to the service account, and the user right appears to be removed, check with your domain administrator to find out if a Group Policy object associated
    with this node might be removing the right.
    I found following article:
    "MSSQL$MICROSOFT##WID service was unable to log on as NT SERVICE\MSSQL$MICROSOFT##WID" error when you install WID in Windows Server 2012
    http://support.microsoft.com/kb/2832204/en-us
    To work around the issue, use one of the following methods:
    Assign the Log on as a service user right to NT SERVICE\ALL SERVICES in the GPO that defines the user right.
    Exclude the computer from the GPO that defines the user right.
    We moved the SCCM server to OU where no policies were getting applied and then applied the new GPO to that OU. Restarted the server and we were able to install WSUS role.
    Regards
    PR

  • Read a Properties File in a Static Floating Block

    I am trying to read a properties file in a static floating block:
       static
          try
             Properties p = new Properties();  
             String path = "/WEB-INF/classes";
             InputStream is = getClass().getResourceAsStream( path + "artimus_message_MessagInboxConfig.properties" );
             p.load(is); // load the stream into the Properties object
             WEBSITE_HOME = p.getProperty( "WEBSITE_HOME" );
             setWebSiteHome( WEBSITE_HOME );
          catch { ......}
       }I got a compilation error saying that the non-static method getClass() cannot be referenced from a static context. There is almost no way to make this static floating block non-static. What should I do?

    Thanks for the reply. But, huh... I do not quite
    understand. Which class is MyClass?It's a generic placeholder for whichever class your put that block into. You wouldn't put it there literally--replace it with the name of the actual class. If that block is in Foo.java, then use Foo.class instead of MyClass.class.
    >
    Okay, this static floating block is in a class called
    MessageInboxConfig.java. Then use MessageInboxConfig.class.getResourceAsStream(...)
    And inside this static
    floating block, I am reading a properties file and
    this properties file is in the
    ContextRoot/WEB-INF/classes/artimus_message_MessagInbox
    onfig.propertiesHow do I read this properties file?
    Properties p = new Properties();  
    InputStream is = MessageInboxConfig.class.getResourceAsStream("artimus_message_MessagInboxConfig.properties" );
    ... etc. ...You shouldn't need to specify "WEB-INF/classes," since it should be in your classpath. What you pass to getResource is a path relative to a directory in your classpath.

  • SQL Server 2012 - 3 SQL clustered instances - one default/ two named instances - how assign/should assign static ports for named instances

    We have two physical servers hosting 3 SQL 2012 clustered instances, one default instance and two named instances.
    The default instance is using port 1433 and the two named instances are using dynamic port assignment.
    There is discussion about assigning static port numbers to the two named clustered SQL instances.
    What is considered best-practice?  For clustered named instances to have dynamic or static ports?
    Are there any pitfalls to assigning a static port to a named instance that is a cluster?
    Any help is greatly appreciated

    Hi RobinMCBC,
    In SQL server the default instance has a listener which listens on the fixed port which is TCP port 1433. And for the named instance the port on which the SQL server listens is random and is dynamically selected when the named instance of the SQL server
    starts.
    For Standalone instance of the SQL server we can change the dynamic port of the named instance to the static port by using SQL server configuration manager as other post, however, in case of the cluster, when we change the port no. of the named instance
    to the static port using the method described above, the port no. again changes back to the dynamic port after you restart the services. I recommend you changing the Dynamic port of the SQL Server to static port 
    on all the nodes , disabling and enabling the checkpointing to the quorum.
    For more information, you can review the following article about how to change the dynamic port of the SQL Server named instance to an static port in a SQL Server 2005 cluster.
    http://blogs.msdn.com/b/sqlserverfaq/archive/2008/06/02/how-to-change-the-dynamic-port-of-the-sql-server-named-instance-to-an-static-port-in-a-sql-server-2005-cluster.aspx
    Regards,
    Sofiya Li
    Sofiya Li
    TechNet Community Support

Maybe you are looking for

  • Itunes says it cannot ascess my ipad4 and it says there is a new version of ios mine is 7.0.3 how can i solve this please help

    i have the new version of i tunes and it says it cannot ascess my ipad4 and asks to upgrade and reset how to solve this????

  • IDOC sender/receiver partner type LS?

    Hi, I am in need of advise if SAP 5.0 can be configured for ORDERS outbound (PO NEU) to pick up receiver (KU) partner type by standard config? I understand that there's exit available but would like to utilise standard application config method. Rega

  • Primary set of books

    Hi all, Could anyone help me with the folowing? If I query a Journal Entry from a Reporting SOB how can I determine (by using SQL) to what Primary SOB the reporting SOB belongs? Tia, Martin

  • Oracle Client 10 Unattended Installation

    Hello, using the unattended installation mode: steup -nowait -force -silent -responseFile c:\test.rsp the installation failes. the errorlog tells me that DepMode and TLDepmode is not defines in the answer file. The test.rsp was recorded by using the

  • Would you use it to play an instrument?

    I'll be abroad for a year and I don't have any speaker to play my music. But in adittion I have a keyboard and I was wondering if it would sound nice to practice at home, to play with another instrument, for example, a guitar, or to eventually play i