DA Client can't be resolved internally

Hi There
I have a Direct Access 2012 R2 setup, and all the clients are working fine but we can't seem to resolve them internally.
On a DC if I try and ping one of the live DA clients it won't resolve but a nslookup returns its IPv6 address.
ping cis-00021
Ping request could not find host cis-00021. Please check the name and try again.
nslookup cis-00021
Server: csl-svr-dc1.ad.capricorn.com.au
Address: 10.3.205.250
Name: cis-00021.ad.capricorn.com.au
Addresses: 2002:67f8:534:1000:9df0:d3a4:3799:7d9a
2001:0:9d38:6ab8:2c42:31:fe6e:df9

Hi,
That's normal. This appearance is expected.
First, ping uses IPv4 by default. When you try to ping cis-00021.ad.capricorn.com.au, the DNS resolver tries to resolve the cis-00021.ad.capricorn.com.au into an IPv4 address.(Look for A record for it) But there is no A record for cis-00021.ad.capricorn.com.au,
therefore, the system returns "Ping request could not find host cis-00021. Please check the name and try again."
Second, even you use "ping -6 cis-00021.ad.capricorn.com.au", the system will only return "Time out". According to the nslookup information, your internal network is IPv4, that means the DirectAccess uses NAT64.
Like the NAT, NAT64 will hide the internal network(The IPv6 network). That means the DirectAccess client can access intranet, but the machine from the intranet can't access the DirectAccess client.
Best Regards.
Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

Similar Messages

DA Client cannot be resolved internally

Hi There
I have a Direct Access 2012 R2 setup, and all the clients are working fine but we can't seem to resolve them internally.
On a DC if I try and ping one of the live DA clients it won't resolve but a nslookup returns its IPv6 address.
ping cis-00021
Ping request could not find host cis-00021. Please check the name and try again.
nslookup cis-00021
Server: csl-svr-dc1.ad.capricorn.com.au
Address: 10.3.205.250
Name: cis-00021.ad.capricorn.com.au
Addresses: 2002:67f8:534:1000:9df0:d3a4:3799:7d9a
2001:0:9d38:6ab8:2c42:31:fe6e:df9

Hi,
That's normal. This appearance is expected.
First, ping uses IPv4 by default. When you try to ping cis-00021.ad.capricorn.com.au, the DNS resolver tries to resolve the cis-00021.ad.capricorn.com.au into an IPv4 address.(Look for A record for it) But there is no A record for cis-00021.ad.capricorn.com.au,
therefore, the system returns "Ping request could not find host cis-00021. Please check the name and try again."
Second, even you use "ping -6 cis-00021.ad.capricorn.com.au", the system will only return "Time out". According to the nslookup information, your internal network is IPv4, that means the DirectAccess uses NAT64.
Like the NAT, NAT64 will hide the internal network(The IPv6 network). That means the DirectAccess client can access intranet, but the machine from the intranet can't access the DirectAccess client.
Best Regards.
Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

VPN Clients can't access internal LAN

Hello - I have seen a few other threads on this issue, but can't seem to fix mine. I have a PIX 506e. My VPN clients can connect, they get a DHCP address from our internal server no problem. But the clients can not ping me or anything else on the LAN. The clients are connecting ipsec. I know I must be missing something simple here. Here is my config. Any help would be great

Change the VPN Pool address to something else for example 192.168.10.0/24 etc. Then try and let me know. There could be ip overlap here.

Intermittent Internet Connection and VPN clients can't ping internal LAN but connected after installating cisco ASA5512x

Hi!
I wish someone can help me on this, I'm a new guy on cisco firewalls and I'm currently implementing cisco asa 5512x, here are the details:
ISP -> Firewall -> Core switch -> Internal LAN
after installing the cisco asa and terminating the appropriate lan for the outside and inside interfaces, internet seems intermittent and cisco vpn client can connect with internet connection but can't ping internal LAN.
here's my configuration from my firewall.
ASA Version 8.6(1)2
hostname ciscofirewall
enable password 2KFQnbNIdI.2KYOU encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 203.x.x.x 255.255.255.0
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 10.152.11.15 255.255.255.0
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
ftp mode passive
dns domain-lookup outside
dns domain-lookup inside
dns server-group DefaultDNS
name-server 4.2.2.2 -------> public DNS
name-server 8.8.8.8 -------> public
name-server 203.x.x.x ----> Clients DNS
name-server 203.x.x.x -----> Clients DNS
same-security-traffic permit intra-interface
object network net_access
subnet 10.0.0.0 255.0.0.0
object network citrix_server
host 10.152.11.21
object network NETWORK_OBJ_10.10.10.0_28
subnet 10.10.10.0 255.255.255.240
object network NETWORK_OBJ_10.0.0.0_8
subnet 10.0.0.0 255.0.0.0
object network InterconHotel
subnet 10.152.11.0 255.255.255.0
access-list net_surf extended permit ip any any
access-list net_surf extended permit ip object NETWORK_OBJ_10.10.10.0_28 object InterconHotel
access-list outside_access extended permit tcp any object citrix_server eq www
access-list outside_access extended permit ip object NETWORK_OBJ_10.10.10.0_28 any
access-list outsidevpn_splitTunnelAcl standard permit 10.152.11.0 255.255.255.0
access-list LAN_Users remark LAN_clients
access-list LAN_Users standard permit any
access-list vpnpool extended permit ip 10.10.10.0 255.255.255.248 any
pager lines 24
logging enable
logging asdm informational
mtu management 1500
mtu outside 1500
mtu inside 1500
ip local pool vpnpool 10.10.10.1-10.10.10.6 mask 255.255.255.248
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat (inside,outside) source static NETWORK_OBJ_10.10.10.0_28 NETWORK_OBJ_10.10.10.0_28 destination static NETWORK_OBJ_10.10.10.0_28 NETWORK_OBJ_10.10.10.0_28 no-proxy-arp route-lookup
object network net_access
nat (inside,outside) dynamic interface
object network citrix_server
nat (inside,outside) static 203.177.18.234 service tcp www www
object network NETWORK_OBJ_10.10.10.0_28
nat (any,outside) dynamic interface
object network InterconHotel
nat (inside,outside) dynamic interface dns
access-group outside_access in interface outside
access-group net_surf out interface outside
route outside 0.0.0.0 0.0.0.0 203.x.x.x 1
route outside 10.10.10.0 255.255.255.248 10.152.11.15 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication telnet console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
http 10.0.0.100 255.255.255.255 inside
http 10.10.10.0 255.255.255.240 outside
http 0.0.0.0 0.0.0.0 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map inside_map interface inside
crypto ikev1 enable outside
crypto ikev1 enable inside
crypto ikev1 policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
client-update enable
telnet 10.152.11.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
threat-detection basic-threat
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
webvpn
enable outside
anyconnect-essentials
group-policy outsidevpn internal
group-policy outsidevpn attributes
dns-server value 203.x.x.x 203.x.x.x
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-client
split-tunnel-policy tunnelall
split-tunnel-network-list value outsidevpn_splitTunnelAcl
default-domain value interconti.com
address-pools value vpnpool
username test1 password i1lji/GiOWB67bAs encrypted privilege 5
username test1 attributes
vpn-group-policy outsidevpn
username mnlha password WlzjmENGEEZmT9LA encrypted
username mnlha attributes
vpn-group-policy outsidevpn
username cisco password 3USUcOPFUiMCO4Jk encrypted privilege 15
tunnel-group outsidevpn type remote-access
tunnel-group outsidevpn general-attributes
address-pool (inside) vpnpool
address-pool vpnpool
authentication-server-group (outside) LOCAL
default-group-policy outsidevpn
tunnel-group outsidevpn ipsec-attributes
ikev1 pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
inspect http
inspect ipsec-pass-thru
class class-default
user-statistics accounting
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
hpm topN enable
Cryptochecksum:edc30dda08e5800fc35b72dd6e1d88d7
: end
thanks. please help.

I think you should change your nat-exemption rule to smth more general, like
nat (inside,outside) source static any any destination static NETWORK_OBJ_10.10.10.0_28 NETWORK_OBJ_10.10.10.0_28 no-proxy-arp route-lookup
'cause your inside networks are not the same as your vpn-pool subnet.
Plus, if you're trying to reach inside subnets, different from 10.152.11.0 255.255.255.0 (ip from wich subnet is assignet to your inside interface, and for wich above nat exception should be enough), you should check if routing is configured from that subnets to your vpn-pool-subnet through the ASA.

Vpn client can access internet but cannot access internal network

I am using PIX 501 to setup a VPN. At first the VPN client cannot access the internet once they logged in via the Cisco system vpn client, so i enable split tunneling. Now the VPN client can access the internet but they can't access the internal network.Due to the limited characters can be posted here, only necessary IOS coding is posted on the next message. Who knows how to solve this problem? Pls Help.....

enable password ********** encrypted
passwd ********** encrypted
hostname Firewall
domain-name aqswdefrgt.com.sg
access-list 100 permit ip 192.168.1.0 255.255.255.0 192.168.50.0 255.255.255.0
access-list nat permit tcp any host 65.165.123.142 eq smtp
access-list nat permit tcp any host 65.165.123.142 eq pop3
access-list nat permit tcp any host 65.165.123.143 eq smtp
access-list nat permit tcp any host 65.165.123.143 eq pop3
access-list nat permit tcp any host 65.165.123.143 eq www
access-list nat permit tcp any host 65.165.123.152 eq smtp
access-list nat permit tcp any host 65.165.123.152 eq pop3
access-list nat permit tcp any host 65.165.123.152 eq www
access-list nat permit tcp any host 65.165.123.143 eq https
access-list nat permit icmp any any
ip address outside 65.165.123.4 255.255.255.240
ip address inside 192.168.1.2 255.255.255.0
ip verify reverse-path interface outside
ip local pool clientpool 192.168.50.1-192.168.50.50
global (outside) 1 interface
nat (inside) 0 access-list 100
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp 65.165.123.142 smtp 192.168.1.56 smtp netmask 255.255.2
55.255 0 0
static (inside,outside) tcp 65.165.123.142 pop3 192.168.1.56 pop3 netmask 255.255.2
55.255 0 0
static (inside,outside) tcp 65.165.123.143 smtp 192.168.1.55 smtp netmask 255.255.2
55.255 0 0
static (inside,outside) tcp 65.165.123.143 pop3 192.168.1.55 pop3 netmask 255.255.2
55.255 0 0
static (inside,outside) tcp 65.165.123.143 www 192.168.1.55 www netmask 255.255.255
.255 0 0
static (inside,outside) tcp 65.165.123.152 smtp 192.168.1.76 smtp netmask 255.255.
255.255 0 0
static (inside,outside) tcp 65.165.123.152 pop3 192.168.1.76 pop3 netmask 255.255.
255.255 0 0
static (inside,outside) tcp 65.165.123.152 www 192.168.1.76 www netmask 255.255.25
5.255 0 0
static (inside,outside) tcp 65.165.123.143 https 192.168.1.55 https netmask 255.255
.255.255 0 0
access-group nat in interface outside
route outside 0.0.0.0 0.0.0.0 65.165.123.1 1
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
aaa-server plexus protocol radius
aaa-server plexus (inside) host 192.168.1.55 ******** timeout 5
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto dynamic-map cisco 1 set transform-set myset
crypto map dyn-map 20 ipsec-isakmp dynamic cisco
crypto map dyn-map client authentication plexus
crypto map dyn-map interface outside
isakmp enable outside
isakmp key ******** address 0.0.0.0 netmask 0.0.0.0
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
isakmp policy 40 authentication pre-share
isakmp policy 40 encryption 3des
isakmp policy 40 hash md5
isakmp policy 40 group 2
isakmp policy 40 lifetime 86400
vpngroup vpn3000 address-pool clientpool
vpngroup vpn3000 dns-server 192.168.1.55
vpngroup vpn3000 wins-server 192.168.1.55
vpngroup vpn3000 default-domain aqswdefrgt.com.sg
vpngroup vpn3000 idle-time 1800
vpngroup vpn3000 password ********
telnet 192.168.1.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
terminal width 80

Internal clients can't send nor rcv internally

I have an Ex2k13 setup as :
Win2012 R2 DC
Win2012 R2 + Ex2k13 act as CAS and MBX server
now i promoted a new Ex2k13 node to configure DAG between them , but once the installation of the new exchange finished and before doing any settings related to DAG or any send/rcv connector , i started receiving complains about some internal users
can't send/rcv internally although the mailbox is connected ,
at first i checked queue and i found many emails in the shadow queue , although it shudn't be related to the problem but i disabled it then i had to stop all transport services and other exchange services in the new Exchange node and then the users
started to send / rcv normally !
what cud be the reason ? and how to avoid it ?
BR, Mohamed Wahab "Egypt Cyber Center"

Hi There,
It looks like a transport Issue on the new 2013 CAS.
I would check the Send \ Receive connectors on the new 2013 server to see if there is a configuration issue.
Cheers,
Exchange Blog:
www.ntweekly.com
MCSA, MCSE, MCITP:SA, MCITP:EA, MCITP:Enterprise Messaging Administrator 2010,MCTS:Virtualization

DNS not querying/ recognizing/ resolving internal domain name using nslookup

I've setup a virtual lab for practice purpose on VMware 8 workstation.
I have already asked this question in vm community but still got no answers hence asking it here.
In my vmware workstation 8, for practice lab purpose my setup is as follows:-
1] Win 2k8R2 Enetrprise edi.vm as my DC with DNS & DHCP configured and working perfect. DNS is getting resolved internally via NSLOOKUP. Server has manual ip assigned...192.168.1.xx series.
2] Win xp vm as my Client and getting dhcp lease address from the above DC and also the DNS is getting resolved internally via NSLOOKUP.
Now that these two vms are communicating perfectly with each other, I thought about connecting them to my physical internet.
So, in the Virtual network editor, I added a Host-only type network named
VMnet 04 with Use local dhcp service checkbook Disabled and on each of these vms, in network adapter settings, selected specific virtual network and pointed it to
VMnet 04 in both vms.
Now, in both the vms, an additional network connection got added and hence was successfully able to browse internet from both vms.
Now the REAL problem:--
After the above configuration, when I do NSLOOKUP on the DC, the DNS doesnt resolves external sites on the internet.
I havent specified any kind of conditional forwarding etc.., its a simple DNS setup.
I want it to resolve to the internal domain and also be connected to the internet .
What setting do I need to do in DNS or in VM network?
I tried almost all types of settings in vm virtual network editor by specifying dns manually and so on but none worked.

Sorry my bad.... slight mistake in my question...Here is my corercted query--
After successfully connecting to the internet, when I do NSLOOKUP on the DC, the DNS doesnt resolve my internal domain/site but instead resolves external sites on the internet.
My computer FQDN is nri.wwe.com
Domain dns name is wwe.com
The above should get resolve internally but it searches on the internet.
This is how it should work
& it works perfect when I disable the other NAT network adapter (i.e. disable internet connectivity on my virtual DC)
C:\>nslookup nri.wwe.com
Server: nri.wwe.com
Address: 192.168.1.11
Name:    nri.wwe.com
Address: 192.168.1.11
But when I again enable internet connectivity, this it what happens.
C:\nslookup www.wwe.com
DNS request timed out.
    timeout was 2 seconds.
Server: UnKnown
Address: 192.168.12.2
DNS request timed out.
    timeout was 2 seconds.
Non-authoritative answer:
DNS request timed out.
    timeout was 2 seconds.
Name:    www.wwe.com.nsatc.net
Address: 64.152.0.124
Aliases: www.wwe.com
And when I again nslookup, this is what I get,
C:\>nslookup www.wwe.com
DNS request timed out.
    timeout was 2 seconds.
Server: UnKnown
Address: 192.168.12.2
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to UnKnown timed-out
Now this 192.168.12.2 is VM assigned DNS via VM Natting with its own DHCP. If we do it manually, none of the virtual machines can connect to the internet. So I cannot fiddle with it anymore as I have already that as well.

Can't connect to internal Software Update Server

Greetings All,
I just upgraded my XServer from Tiger to Leopard. Before the upgrade, I was using the server as a Software Update Server pushing all updates to Tiger clients. Now after upgrading to Leopard and installing the Software Update Service, it seems that my Leopard (haven't tried Tiger) clients are not able to connect to it internally - they go straight to Apple. I started the service and configured the client with:
defaults write com.apple.SoftwareUpdate CatalogURL http://10.0.1.249:8088/
But it seems to not work. Other question is, will Tiger clients be able to connect to the Leopard server for OS updates? Thanks in advance,
-andy-

I've got two 10.5.4 servers (one upgraded throughout the 10.5 life-cycle and one freshly installed at 10.5.1 and combo-updated) and I've never (!!) been able to get them to connect to my Software Update Server (SUS). 10.4 clients can connect and indicate the domain in the SoftwareUpdate title bar. I can copy and paste the same command I make 10.4 clients connect into each 10.5 box I have and none of them will resolve. They all default back to Apple's servers.
When I run "defaults read com.apple.SoftwareUpdate" I get the proper domain listed and it looks just like 10.4 client's responses. No 10.5 clients or servers will attach to my SUS. Why do 10.4 clients and servers? I even recently upgrade the SUS from 10.4.11 to 10.5.4 and Tiger clients still work, 10.5's do not.
Matthew W.
Des Moines, IA

External outlook clients can't connect to Exchange 2013

Currently running server 2012 r2 and exchange 2013 sp1...
Internally everything works fine, clients can also connect externally to owa/ecp. However when using an outlook client they are unable to connect. This is my first experience with exchange 2013 so I am at a loss. What steps should I be following to get this
working properly? Or if anyone has some suggestions to get more information I can do that as well.
Thanks!
Connecting from a mobile-phone using mail.mail.com works fine.
We are using a self-signed certificate for testing purposes..

Testing Outlook connectivity.
The Outlook connectivity test failed.
Additional Details
Elapsed Time: 941 ms.
Test Steps
Testing RPC over HTTP connectivity to server mail.mail.com
RPC over HTTP connectivity failed.
Additional Details
Elapsed Time: 941 ms.
Test Steps
Attempting to resolve the host name mail.mail.com in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: xxx.xxx.xx.x
Elapsed Time: 535 ms.
Testing TCP port 443 on host mail.mail.com to ensure it's listening and open.
The port was opened successfully.
Additional Details
Elapsed Time: 176 ms.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Additional Details
Elapsed Time: 229 ms.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server mail.mail.com on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=mail.mail.com, Issuer: CN=mail.mail.com.
Elapsed Time: 154 ms.
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name mail.mail.com was found in the Certificate Subject Common name.
Elapsed Time: 0 ms.
Certificate trust is being validated.
Certificate trust validation failed.
Test Steps
The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=mail.mail.com
A certificate chain couldn't be constructed for the certificate.
Tell me more about this issue and how to resolve it
Additional Details
The certificate chain didn't end in a trusted root. Root = CN=mail.mail.com
Elapsed Time: 33 ms.

Dealing with resolving internal URLs externally in a non-split DNS scenario

Hi all -
I submitted this yesterday under a different banner but thought I'd try this forum as well.
I have a client who wishes to have internal URLs resolvable from outside the network and they do not have split DNS. He scenario is this:
UserA sends a link to UserB in an email. Internally the URL is MySIte.Acme.int. UserB picks up the email on his mobile device whilst travelling and wants to gain access to it. However the external namespace of the company is
Acme.com. Obviously the link will not resolve outside of the corporate network.
So far I have received recommendations for using a VPN, however this is not an option for them. In a past life I seem to recall something about alternate access mappings (or something like that) and wondered if this was the way to do make the links
resolvable. And, if so, if someone could point me to a good article on how to implement this it would be much appreciated.
Alternatively I was wondering if there is some magic that can be done with URL rewrites or an edge device like UAG or TMG.
Any guidance or suggestions would be greatly appreciated!
Kind regards,
Wren

What I would do is create a new internal DNS zone named Acme.com, create an A record of "mysite" pointing to the IP currently used by mysite.acme.int, and then simply add AAMs (or better yet, replace AAMs as the AAM the user is coming in on is
what will be reflected in that email).
http://blogs.msdn.com/b/sharepoint_strategery/archive/2013/05/25/alternate-access-mappings-explained.aspx
https://technet.microsoft.com/en-us/library/cc263208.aspx
URLRewrite won't work because the Acme.int domain is not resolvable on the Public Internet.
So the plan of action should be:
Go to Central Admin -> Delete -> select Remove SharePoint from IIS Web Site, and then choose the option to Delete the IIS web site. Change the AAM for the Web Application under Application Management -> Configure Alternate Access Mappings. Click
Edit Public URLs, choose the Web Application hosting mysite.acme.int, and then change the Default Zone AAM to https://mysite.acme.com. Go back to Manage Web Applications, highlight the Web Application (you'll see the new AAM reflected here), then click on
Extend. Create a new IIS site, change the port number (likely 443) with the appropriate host header (mysite.acme.com), select Use SSL, then click OK.
So a couple of caveats:
1) All SharePoint servers hosting this Web Application must have the SSL certificate matching mysite.acme.com prior to re-extending it.
2) If you have any hard coded URLs (e.g. to images) on any SharePoint site within mysite.acme.com, you'll break their links and you will need to manually reconfigure them.
3) If you've made any manual changes to the web.config, you will need to recreate those changes. It might be a good idea to grab a copy of the web.config for that Web Application (IIS Site) before deleting the site.
4) Use SSL! You do not want to send NTLM in the clear over the public Internet. It can be easily intercepted and decrypted.
Hope that helps.
Trevor Seward
Follow or contact me at...
&nbsp&nbsp
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

I can connect my cisco mobile vpn but can't ping & access internal IP

Hi somebody,
i've configured mobile vpn configuration in cisco 7200 with GNS3. i can connect VPN to my cisco router with cisco vpn client software from outside. but i can't ping to internal ip and can't access internal resources.
My Internal IP is 192.168.1.x . And IP for mobile VPN client from outside is 172.60.1.x.
Your advise will be appreciate.
here is my configuration with cisco 7200 in GNS 3,
OfficeVPN_Router#sh run
Building configuration...
Current configuration : 2186 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname OfficeVPN_Router
boot-start-marker
boot-end-marker
enable secret 5 $1$E0Gz$U8UzNtHOXy2CeoEFj30by0
aaa new-model
aaa authentication login userlist local
aaa authorization network grouplist local
aaa session-id common
ip cef
no ip domain lookup
username asm privilege 15 password 0 pncsadmin
username user privilege 15 password 0 pncsadmin
username user1 privilege 15 password 0 pncsadmin
username cisco123 secret 5 $1$lCOc$Db.e8AFd/0f02ZI4/aeV./
crypto isakmp policy 10
encr aes
authentication pre-share
group 2
crypto isakmp client configuration group MWG
key cisco
dns 165.21.83.88
pool vpnpool
acl 101
netmask 255.255.0.0
crypto ipsec transform-set myset esp-aes esp-sha-hmac
crypto dynamic-map dynmap 10
set transform-set myset
reverse-route
crypto map mymap client authentication list userlist
crypto map mymap isakmp authorization list grouplist
crypto map mymap client configuration address initiate
crypto map mymap client configuration address respond
crypto map mymap 10 ipsec-isakmp dynamic dynmap
interface FastEthernet0/0
no ip address
shutdown
duplex half
interface FastEthernet1/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex full
speed 100
interface FastEthernet1/1
ip address 200.200.200.200 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map mymap
ip local pool vpnpool 172.60.1.10 172.60.1.100
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 200.200.200.201
no ip http server
no ip http secure-server
ip nat inside source list 111 interface FastEthernet1/1 overload
access-list 101 permit ip 192.168.1.0 0.0.0.255 172.60.0.0 0.0.255.255
access-list 111 deny ip 192.168.1.0 0.0.0.255 172.60.0.0 0.0.255.255
access-list 111 permit ip any any
control-plane
gatekeeper
shutdown
line con 0
exec-timeout 0 0
password cisco123
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password cisco123
end
OfficeVPN_Router#sh ver
Cisco IOS Software, 7200 Software (C7200-A3JK9S-M), Version 12.4(25), RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Tue 21-Apr-09 18:50 by prod_rel_team
ROM: ROMMON Emulation Microcode
BOOTLDR: 7200 Software (C7200-A3JK9S-M), Version 12.4(25), RELEASE SOFTWARE (fc2)
OfficeVPN_Router uptime is 30 minutes
System returned to ROM by unknown reload cause - suspect boot_data[BOOT_COUNT] 0x0, BOOT_COUNT 0, BOOTDATA 19
System image file is "tftp://255.255.255.255/unknown"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
Cisco 7206VXR (NPE400) processor (revision A) with 245760K/16384K bytes of memory.
Processor board ID 4279256517
R7000 CPU at 150MHz, Implementation 39, Rev 2.1, 256KB L2 Cache
6 slot VXR midplane, Version 2.1
Last reset from power-on
PCI bus mb0_mb1 (Slots 0, 1, 3 and 5) has a capacity of 600 bandwidth points.
Current configuration on bus mb0_mb1 has a total of 600 bandwidth points.
This configuration is within the PCI bus capacity and is supported.
PCI bus mb2 (Slots 2, 4, 6) has a capacity of 600 bandwidth points.
Current configuration on bus mb2 has a total of 0 bandwidth points
This configuration is within the PCI bus capacity and is supported.
Please refer to the following document "Cisco 7200 Series Port Adaptor
Hardware Configuration Guidelines" on Cisco.com <http://www.cisco.com>
for c7200 bandwidth points oversubscription and usage guidelines.
3 FastEthernet interfaces
125K bytes of NVRAM.
65536K bytes of ATA PCMCIA card at slot 0 (Sector size 512 bytes).
8192K bytes of Flash internal SIMM (Sector size 256K).
Configuration register is 0x2102
OfficeVPN_Router#

Dear Javier ,
Thanks for your info. i already tested as you say. but still i can't use & ping to my internal IP which is behind cisco VPN router. i posted my config file.
OfficeVPN_Router(config)#ip access-list resequence 111 10 10
OfficeVPN_Router(config)#do sh run
Building configuration...
Current configuration : 2201 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname OfficeVPN_Router
boot-start-marker
boot-end-marker
enable secret 5 $1$E0Gz$U8UzNtHOXy2CeoEFj30by0
aaa new-model
aaa authentication login userlist local
aaa authorization network grouplist local
aaa session-id common
ip cef
no ip domain lookup
username asm privilege 15 password 0 pncsadmin
username user privilege 15 password 0 pncsadmin
username user1 privilege 15 password 0 pncsadmin
username cisco123 secret 5 $1$lCOc$Db.e8AFd/0f02ZI4/aeV./
crypto isakmp policy 10
encr aes
authentication pre-share
group 2
crypto isakmp client configuration group MWG
key cisco
dns 165.21.83.88
pool vpnpool
acl 101
netmask 255.255.0.0
crypto ipsec transform-set myset esp-aes esp-sha-hmac
crypto dynamic-map dynmap 10
set transform-set myset
reverse-route
crypto map mymap client authentication list userlist
crypto map mymap isakmp authorization list grouplist
crypto map mymap client configuration address initiate
crypto map mymap client configuration address respond
crypto map mymap 10 ipsec-isakmp dynamic dynmap
interface FastEthernet0/0
no ip address
shutdown
duplex half
interface FastEthernet1/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex full
speed 100
interface FastEthernet1/1
ip address 200.200.200.200 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map mymap
ip local pool vpnpool 172.60.1.10 172.60.1.100
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 200.200.200.201
no ip http server
no ip http secure-server
ip nat inside source list 111 interface FastEthernet1/1 overload
access-list 101 permit ip 192.168.1.0 0.0.0.255 172.60.0.0 0.0.255.255
access-list 111 deny ip 192.168.1.0 0.0.0.255 172.60.0.0 0.0.255.255
access-list 111 permit ip 192.168.1.0 0.0.0.255 any
control-plane
gatekeeper
shutdown
line con 0
exec-timeout 0 0
password cisco123
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password cisco123
end

Client can not communicate with MP over https. Certification Problem

Hi All,
I have been fighting with this problem for the last 3 days and couldn't solve yet. So, I hope we can solve it here.
I am trying to install client manually from a usb drive by using the below command.
Ccmsetup.exe /usepkicert smsmp=”srvsccm2012.domain.local” ccmhostname=”sccm.domain.tr” smssitecode=”AUTO”
Client Installs on workstations but only info that I can see under Configuration Manager Properties are:
Client Certificate: None
Connection Type: Currently Intranet
Version:5.00.x.x
So, there is a problem with connection to MP, It can not get policies and certificate info (PKI) etc...
If I try to browse these urls, result is 403 - Forbidden: Acces is denied.
http://siteservername/SMS_MP/.sms_aut?MPCert<o:p></o:p>
http://siteservername/SMS_MP/.sms_aut?MPlist<o:p></o:p>
This makes me think certificates are messed up but if I try to browse my MP with the url below, Result is IIS 8 page.
https://sccmserver.domain.local
I can see these errors in my log files:
CcmMessaging Log errors:
Post to http://”myservername.mydomain”/ccm_system/request failed with 0x87d00231.
Failed in WinHttpSendRequest API, ErrorCode = 0x2ee7.
ClientIDManagerStartup Log errors:
RegTask: Failed to refresh site code. Error: 0x8000ffff
LocationServices Log errors:
Failed to retrieve DNS service record using _mssms_mp_”auto”._tcp.mydomain lookup. DNS returned error 9003
Policy prevents failover to WINS for lookup
LocationServices 8/26/2014 4:18:29 PM
3900 (0x0F3C)
LSGetSiteVersionFromAD : Failed to retrieve version for the site '”AUTO”' (0x80004005)
The ip address of workstation on DNS is correct.
I can ping and resolve the name of MP from workstation.
I want to check if my certificates are OK but I dont know how to make sure certificates are good. Please advise.
By the way, This problem is happening on the newly reformatted workstation, existing workstations can be re-installed with client without problems.
Yavuz Selim Atmaca

Hi Peter,
I checked IIS Logs and I didn't see any error messages.
I checked the certificate requirements and I think there is no problem with them.
certutil -verify -urlfetch command outputs some results that I couldnt understand. Here it is:
ssuer:
CN=mydomain-SRVDC01-CA
DC=mydomain
DC=edu
DC=local
Subject:
EMPTY (DNS Name=selimtestPC.mydomain.edu.local)
Cert Serial Number: 29e6fe37000000005edb
dwFlags = CA_VERIFY_FLAGS_ALLOW_UNTRUSTED_ROOT (0x1)
dwFlags = CA_VERIFY_FLAGS_IGNORE_OFFLINE (0x2)
dwFlags = CA_VERIFY_FLAGS_FULL_CHAIN_REVOCATION (0x8)
dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000)
dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000)
ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN (0x20000000)
HCCE_LOCAL_MACHINE
CERT_CHAIN_POLICY_BASE
-------- CERT_CHAIN_CONTEXT --------
ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
ChainContext.dwRevocationFreshnessTime: 7 Hours, 33 Minutes, 49 Seconds
SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
SimpleChain.dwRevocationFreshnessTime: 7 Hours, 33 Minutes, 49 Seconds
CertContext[0][0]: dwInfoStatus=102 dwErrorStatus=0
Issuer: CN=mydomain-SRVDC01-CA, DC=mydomain, DC=edu, DC=local
NotBefore: 26.08.2014 14:19
NotAfter: 26.08.2016 14:29
Subject:
Serial: 29e6fe37000000005edb
SubjectAltName: DNS Name=selimtestPC.mydomain.edu.local
Template: ConfigMgr Client Certificate
74 cf 94 a4 5d 72 0f e9 19 d1 36 b4 5c 06 4e 55 12 04 89 26
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
---------------- Certificate AIA ----------------
Verified "Certificate (0)" Time: 0
[0.0] ldap:///CN=mydomain-SRVDC01-CA,CN=AIA,CN=Public%20Key%20Services,CN=Servi
ces,CN=Configuration,DC=mydomain,DC=edu,DC=local?cACertificate?base?objectClass=cer
tificationAuthority
---------------- Certificate CDP ----------------
Verified "Base CRL (057a)" Time: 0
[0.0] ldap:///CN=mydomain-SRVDC01-CA,CN=SRVDC01,CN=CDP,CN=Public%20Key%20Servic
es,CN=Services,CN=Configuration,DC=mydomain,DC=edu,DC=local?certificateRevocationLi
st?base?objectClass=cRLDistributionPoint
Verified "Delta CRL (057a)" Time: 0
[0.0.0] ldap:///CN=mydomain-SRVDC01-CA,CN=SRVDC01,CN=CDP,CN=Public%20Key%20Serv
ices,CN=Services,CN=Configuration,DC=mydomain,DC=edu,DC=local?deltaRevocationList?b
ase?objectClass=cRLDistributionPoint
Verified "Delta CRL (057a)" Time: 5
[0.0.1] http://srvdc01.mydomain.edu.local/CertEnroll/mydomain-SRVDC01-CA+.crl
Verified "Base CRL (057a)" Time: 4
[1.0] http://srvdc01.mydomain.edu.local/CertEnroll/mydomain-SRVDC01-CA.crl
Verified "Delta CRL (057a)" Time: 0
[1.0.0] ldap:///CN=mydomain-SRVDC01-CA,CN=SRVDC01,CN=CDP,CN=Public%20Key%20Serv
ices,CN=Services,CN=Configuration,DC=mydomain,DC=edu,DC=local?deltaRevocationList?b
ase?objectClass=cRLDistributionPoint
Verified "Delta CRL (057a)" Time: 4
[1.0.1] http://srvdc01.mydomain.edu.local/CertEnroll/mydomain-SRVDC01-CA+.crl
---------------- Base CRL CDP ----------------
OK "Delta CRL (057e)" Time: 0
[0.0] ldap:///CN=mydomain-SRVDC01-CA,CN=SRVDC01,CN=CDP,CN=Public%20Key%20Servic
es,CN=Services,CN=Configuration,DC=mydomain,DC=edu,DC=local?deltaRevocationList?bas
e?objectClass=cRLDistributionPoint
OK "Delta CRL (057e)" Time: 4
[1.0] http://srvdc01.mydomain.edu.local/CertEnroll/mydomain-SRVDC01-CA+.crl
---------------- Certificate OCSP ----------------
No URLs "None" Time: 0
CRL 057a:
Issuer: CN=mydomain-SRVDC01-CA, DC=mydomain, DC=edu, DC=local
a4 81 a4 bb 01 7e e1 be e2 33 4b 06 5d 00 3c 30 97 93 27 f6
Delta CRL 057e:
Issuer: CN=mydomain-SRVDC01-CA, DC=mydomain, DC=edu, DC=local
52 c5 95 b3 9d c2 9d 22 ee fa 3b c4 b9 04 08 3e 95 98 1d 5c
Application[0] = 1.3.6.1.5.5.7.3.2 Client Authentication
CertContext[0][1]: dwInfoStatus=10c dwErrorStatus=0
Issuer: CN=mydomain-SRVDC01-CA, DC=mydomain, DC=edu, DC=local
NotBefore: 22.10.2010 16:50
NotAfter: 22.10.2025 17:00
Subject: CN=mydomain-SRVDC01-CA, DC=mydomain, DC=edu, DC=local
Serial: 49c50a78f367cdb8466cd34160977233
Template: CA
01 a8 da 41 35 f7 52 be 7a 9b 4d 26 3d ee 33 af c4 e0 9c e0
Element.dwInfoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER (0x4)
Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
---------------- Certificate AIA ----------------
No URLs "None" Time: 0
---------------- Certificate CDP ----------------
No URLs "None" Time: 0
---------------- Base CRL CDP ----------------
OK "Delta CRL (057e)" Time: 0
[0.0] ldap:///CN=mydomain-SRVDC01-CA,CN=SRVDC01,CN=CDP,CN=Public%20Key%20Servic
es,CN=Services,CN=Configuration,DC=mydomain,DC=edu,DC=local?deltaRevocationList?bas
e?objectClass=cRLDistributionPoint
OK "Delta CRL (057e)" Time: 4
[1.0] http://srvdc01.mydomain.edu.local/CertEnroll/mydomain-SRVDC01-CA+.crl
---------------- Certificate OCSP ----------------
No URLs "None" Time: 0
CRL 057a:
Issuer: CN=mydomain-SRVDC01-CA, DC=mydomain, DC=edu, DC=local
a4 81 a4 bb 01 7e e1 be e2 33 4b 06 5d 00 3c 30 97 93 27 f6
Delta CRL 057e:
Issuer: CN=mydomain-SRVDC01-CA, DC=mydomain, DC=edu, DC=local
52 c5 95 b3 9d c2 9d 22 ee fa 3b c4 b9 04 08 3e 95 98 1d 5c
Exclude leaf cert:
58 db 23 c9 81 00 ff 3e de e0 13 da 87 29 66 96 56 45 51 cd
Full chain:
ba 55 5a 92 f0 b4 69 47 01 d7 02 23 1c db 7e 88 66 f2 42 dc
Verified Issuance Policies: None
Verified Application Policies:
1.3.6.1.5.5.7.3.2 Client Authentication
Leaf certificate revocation check passed
CertUtil: -verify command completed successfully.
I just checked SCCM SystemStatus/ Component Status from the SCCM Console and found errors under SMS_MP_CONTROL_MANAGER
component:
"MP has rejected a message from GUID:A90AA88F-FB10-407C-B2ED-DCE41479FBDC because the signature could not be validated. If this is a valid client, it will attempt to re-register automatically so its signature can be correctly validated."
Should I delete all config manager related certificates and re-create them?
Yavuz Selim Atmaca

TNS names can't be resolved

Hi All!
I try to connect to a database and the error message that TNS names can't be resolved. tnsnames.ora is copied from the PC where the connection works. Only one instance of Oracle client (9.2) is installed. I tried to add a TNS names in Net Assistent. It worked and the test within the assistent was successfull. The tnsnames.ora was also adjusted. But! I don't see the service in NetManager and I can't add any service there. The NT user is a member of the administrator group. I also try to connect using SQL plus, Excel, Enterprice manager - it doesn't work. Any ideas?
Is there any Windows service for the TNS? How it calls? I tried to check it with lsnrctl status but the command is not exist. Only client is installed on the PC.
Thanks,
Andrej

If you copied it from another PC then check that you have the correct entries in sqlnet.ora
For instance, in sqlnet.ora, if the parameter NAMES.DEFAULT_DOMAIN=yourserver_name.domain_name is not in use (commented out) and your net service name in[b] tnsnames.ora is mydb.yourserver_name.domain_name , when you try connecting with mydb as the connect string, you will get that error.
To resolve that, you either enter the connect string as mydb.yourserver_name.domain_name or uncomment NAMES.DEFAULT_DOMAIN in sqlnet.ora(add it if it does not exist) or change the net service name intnsnames.ora to mydb

Prefix: 'q1' can not be resolved to a URI

We are trying to import a WSDL whihc is provided by the client in Informatica using Web Service consumer, the WSDL is using SOAP12. While importing it gives erros like below.. has any one encountered a similar issue? @schema5, line 5, char 112 ): Prefix: 'q1' can not be resolved to a URI.@schema5, line 5, char 112 ): Schema Representation Constraint: Namespace '' is referenced without <import> declaration.@schema3, line 5, char 174 ): Prefix: 'q1' can not be resolved to a URI.@schema3, line 5, char 174 ): Prefix: 'q1' can not be resolved to a URI.@schema3, line 5, char 174 ): Prefix: 'q1' can not be resolved to a URI.@schema3, line 5, char 174 ): Type not found in :PropertyChangedEventHandler.@schema1, line 88, char 173 ): Prefix: 'q2' can not be resolved to a URI.@schema1, line 88, char 173 ): Prefix: 'q2' can not be resolved to a URI.@schema1, line 88, char 173 ): Prefix: 'q2' can not be resolved to a URI.@schema1, line 88, char 173 ): Type not found in :CustomerResponse.StatusCode.@schema1, line 36, char 181 ): Prefix: 'q1' can not be resolved to a URI.@schema1, line 36, char 181 ): Prefix: 'q1' can not be resolved to a URI.@schema1, line 36, char 181 ): Prefix: 'q1' can not be resolved to a URI.@schema1, line 36, char 181 ): Type not found in :CustomerResponse.StatusCode.@schema1, line 118, char 206 ): Prefix: 'q3' can not be resolved to a URI.@schema1, line 118, char 206 ): Prefix: 'q3' can not be resolved to a URI.@schema1, line 118, char 206 ): Prefix: 'q3' can not be resolved to a URI.@schema1, line 118, char 206 ): Type not found in :Response.

쉐라톤워커힐카지노 る【QWAS888。COM】る／카지노사이트≤／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／바카라사이트に／온라인바카라ト／카지노사이트つ／

WRT400N configured but clients can't get out?

I'm a longtime Linksys user who just replaced an old WRT54G with a WRT400N (alongside a D-Link 628). I ran through all the usual steps by connecting to the 400N with my main computer, updating its firmware to the latest, keeping most everything default to start, turned off wireless for now, and set a new password. Didn't go nuts setting up esoteric policies, static IPs, etc. Just set it to handle DHCP and hooked it up.
My ISP does not require any PPOE or other and you simply plug into their modem and it gives the router what it needs (works flawlessly with all past Linksys and the new D-Link when I use that). In fact, all clients on my network (three desktops, two laptops) all get the necessary IP info from the 400N including their own IP, DNS info, etc (all checked with ipconfig /all) and they all have the correct info.
Unfortunately, the clients can't get out. They try but the router will not pass through anything to the Internet. No ping, tracert, ftp, browsers fail, etc. Have reset to factory defaults and tried three or four times now and nothing. Swapped back in the WRT54G and D-Link (both set to factory defaults, wireless off, and simply hooked into the modem) and both allow immediate access to the Internet for all clients.
All three routers pass the same information to the clients (checked with ipconfig /all) so all three modems are configured and set up the same and, according to me, correctly. Only the 400N won't connect to anything.
Since both the WRT54G and the D-Link immediately allow client access to the Internet but the 400N won't, there must be an odd setting I am missing but I can't see it at all. I have gone through the setup 4 times, following the instructions to the letter (it's not that difficult as Linksys routers configuration pages are so simple to use) but each time results in clients receiving their information correctly yet not being able to get out.
Can anyone point me to the right settings to check? I've looked through the FAQs and tried a bunch of suggestions but so far nothing.
Thanks for the help,
Robert

Oh yeah, been there and done that. I have gone so far as to completely shut down the router, plug in each of my other routers (D-Link DIR-628 and Linksys WRT54G) and powered them all up from scratch (cycled power to the cable modem too and started everything up in sequence) and confirmed they get all the same information from the modem including DNS, gateway, etc. and that the same information is passed to the clients. In each case I wrote down the numbers to compare and they were all the same including what was reported on the WRT400N!
So, after several days of experimentation, power cycling, hooking up, etc. the WRT400N magically let me access the internet. I guarantee you I did not change any settings from default on any of the routers (other than turning the radios off) and just merely plugged them in and started everything up!
This is very unusual. It took about 20 restarts and tests before I could access the internet. During that time I was able to connect to any of my internal clients (media player, spare computer, NAS, etc.) as they properly got IPs but no one could get out until a night ago when it suddenly worked.
I can't explain it. This is frustrating since there's no obvious change (all default settings, mind you). Of course, NOW that it gets out, I went through and set up all my usual changes such as MAC address filtering, access policy for the daughter's computer, and fixed IPs for the non-changing peripherals and it all seems to work correctly (save for one other problem I'll post later.)
So this is "solved" but for no apparent reason.
Thanks for the suggestion,
Robert

DA Client can't be resolved internally

Similar Messages

Maybe you are looking for