DB Server on Different subnet
Hi there, We have SP 2010 installed, we are planning to upgrade to 2013. Our database server is on the different subnet that the new SharePoint 2013 Fron-end and application server. Office Web App server is also on different subnet. We have single network
domain through out the firm. The question - Is there any pre-requisite or special configuration needed to setup such SharePoint 2013 environment?
Regards,
Khushi
Khushi
There is nothing wrong with that. The subnet, in that case, does not matter, as the latency and bandwidth are available, and you're not crossing any "distance". Stretched farms are defined as farms spread across data centers. You do not need
to do anything special for your deployment.
Trevor Seward
Follow or contact me at...
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.
Similar Messages
-
PXE boot issue with DHCP and SCCM server on different subnets
I'm working with a client on the operating system deployment module of SCCM.
Their network configuration currently has a single large subnet for client
computers with a DHCP server on the same subnet. The SCCM subnet is
configured on a seperate subnet with no DHCP server on the subnet. We want to
configure client computers to be able to boot using the PXE client to deploy
OS images to the machines but can not get PXE-boot to work correctly.
Also, the client does not want to make changes to their network
infrastructure routers or switches to remedy this problem. Are there settings
on the DHCP or SCCM servers we can implement to make this work? If so, what
needs to be installed or configured on each server. We currently already have
WDS installed on the SCCM server and the SCCM server is configured as a PXE
Service Point within SCCM. Both WDS and the PXE Service Point seem to be working fine.
Any help would be appreciated.
Thanks,
GaryI am Brazilian,
sorry for wrong english
My DHCP is on linux,
in my own structure VLANS
The system center is on the network
10.0.4.0/24
The machines on the network 10.0.5.0/24
The problem is that the machines that
are not on the same network system center
can not boot
I tried configuring / etc/dhcp3/dhcpd.conf
follows
option vendor-class-identifier "PXEClient";
option bootfile-name "\
\ SMSBOOT \ \ x86 \
\ wdsnbp.com";
option tftp-server-name
"10.0.4.101"; ---->
IP server
But it did not work, anyone know
how to configure? -
WDS PXE DHCP, Clients on different subnet
Hello,
We are having a lot of trouble trying to get pxe imaging working from our WDS server on different subnets. We have an existing Zenworking imaging setup working as of right now, but WDS is causing more issues than I care to troubleshoot. I have read
blog after blog, forum post after forum post and everyone says just install it and it works! I guess we have run into some sort of problem that nobody else has.
Enviroment:
2x DC's, Server 2012 R2, both run DNS, 10.5.0.101, 10.5.0.102
1x DHCP Server, 2012 R2, 10.5.0.105
1x WDS Server, 2012 R2, 10.5.0.41
If I put a client on the same subnet as all of the servers it seems to work, except for the fact that it takes a while for the client to get an IP and continue to load wdsnbp.com. I would say around 20-30 seconds. In our zenworks enviroment it takes
no more than 1 second to get an IP. As for the dhcp server itself, clients receive normal dhcp offers instantly. So that part is working properly.
Now when I try an access the WDS pxe server from a different subnet other than the one that all of the servers are on, noting that I do have the ip helper address setup on our layer 3 switch:
interface Vlan2025
ip address 10.200.20.1 255.255.255.0
ip helper-address 10.5.0.105
ip helper-address 10.5.0.41
It always says failed to receive boot file. But as I said earlier, clients in windows receive dhcp leases from 10.5.0.105 without issue.
Setting the client options in the DHCP server with options 66 and 67 works sortof, but we found that it was unreliable and often finicky. Like having the system repeatedly ask to press f12, and even if you did press f12 it would still ask to press f12
again.
So I continued to do a wirehark packet capture on the port where the device was trying to get the dhcp/pxe info from the DHCP / WDS servers. The first packet here is from the DHCP server and the second is from the WDS server.
Bootstrap Protocol
Message type: Boot Reply (2)
Hardware type: Ethernet (0x01)
Hardware address length: 6
Hops: 0
Transaction ID: 0xd6c565d2
Seconds elapsed: 0
Bootp flags: 0x8000 (Broadcast)
Client IP address: 0.0.0.0 (0.0.0.0)
Your (client) IP address: 10.200.20.117 (10.200.20.117)
Next server IP address: 10.5.0.105 (10.5.0.105)
Relay agent IP address: 10.200.20.1 (10.200.20.1)
Client MAC address: Hewlett-_c5:65:d2 (78:e7:d1:c5:65:d2)
Client hardware address padding: 00000000000000000000
Server host name not given
Boot file name not given
Magic cookie: DHCP
Option: (53) DHCP Message Type
Length: 1
DHCP: Offer (2)
Option: (1) Subnet Mask
Length: 4
Subnet Mask: 255.255.255.0 (255.255.255.0)
Option: (58) Renewal Time Value
Length: 4
Renewal Time Value: (21600s) 6 hours
Option: (59) Rebinding Time Value
Length: 4
Rebinding Time Value: (37800s) 10 hours, 30 minutes
Option: (51) IP Address Lease Time
Length: 4
IP Address Lease Time: (43200s) 12 hours
Option: (54) DHCP Server Identifier
Length: 4
DHCP Server Identifier: 10.5.0.105 (10.5.0.105)
Option: (3) Router
Length: 4
Router: 10.200.20.1 (10.200.20.1)
Option: (6) Domain Name Server
Length: 8
Domain Name Server: 10.5.0.101 (10.5.0.101)
Domain Name Server: 10.5.0.102 (10.5.0.102)
Option: (15) Domain Name
Length: 8
Domain Name: domain.com
Option: (255) End
Option End: 255
Bootstrap Protocol
Message type: Boot Reply (2)
Hardware type: Ethernet (0x01)
Hardware address length: 6
Hops: 0
Transaction ID: 0xd2c565d2
Seconds elapsed: 4
Bootp flags: 0x8000 (Broadcast)
Client IP address: 0.0.0.0 (0.0.0.0)
Your (client) IP address: 0.0.0.0 (0.0.0.0)
Next server IP address: 10.5.0.41 (10.5.0.41)
Relay agent IP address: 10.200.20.1 (10.200.20.1)
Client MAC address: Hewlett-_c5:65:d2 (78:e7:d1:c5:65:d2)
Client hardware address padding: 00000000000000000000
Server host name: wds1.domain.com
Boot file name not given
Magic cookie: DHCP
Option: (54) DHCP Server Identifier
Length: 4
DHCP Server Identifier: 10.5.0.41 (10.5.0.41)
Option: (97) UUID/GUID-based Client Identifier
Length: 17
Client Identifier (UUID): eb8daa31-8e62-11df-bbd8-d1c565d278e7
Option: (60) Vendor class identifier
Length: 9
Vendor class identifier: PXEClient
Option: (53) DHCP Message Type
Length: 1
DHCP: Offer (2)
Option: (255) End
Option End: 255
What I find interesting is that the WDS server is not handing out a boot file name:
"Boot file name not given"
Could this be the reason why we receive the no boot file received error when trying to boot a client into pxe?
The other thing that I noticed was that the WDS server is also responding with the:
" Option: (60) Vendor class identifier
Length: 9
Vendor class identifier: PXEClient
Why would it be responding with this, when the dhcp is on a separate server. Is this option only if you have DHCP and WDS on the same server?
Any help would be appreciated as there has been too much time already spent on getting nowhere.
Thanks,
Dan.Dan,
10 months later and not one reply... I'm having the same issue, did you ever figure this out? DHCP server is my Cisco Switch, WDS/PXE is on another network. The WDS and PXE is working fine as I can do so from the same network as the WDS/PXE
server. I can also get the WDS/PXE to work if I have a MS DHCP server on a different network and populate the option 66 and option 67. I cannot get this to work using Cisco ip helper-address for some reason.
Thanks, -
Windows Client Binding Failure in a different subnet - Snow Leopard Server
hi all,
We are running SL 10.6.6 mini mac on a subnetted domain - The svr subnet is 10.20.10.xxx
Clients (mac & win xp) are in subnets 10.20.12.xxx & 10.20.13.xxx
Linux Firewalls separate the subnets although for the purposes of this topic and setup i have set the default policy to accept with no drop rules prior.
The issue is that a win xp client cannot see the SL server. The win XP client does a NETLOGON broadcast i.e. (10.20.13.255 UDP 137) which does not make it to the netlogon service being advertised by the SL Server.
If i put the win xp client in the 10.20.10.xxx (the SL Svr subnet) all works fine and the win xp client authenticates correctly.
Is anyone out there running a similar setup (different subnets with Win XP Clients) I'm interested in how you got the binding/auth process working.
Some side info on the SL Svr - Its a PDC domain master which has 2 replica's attached. All instructions appear to have been followed correctly as per 10.6 OD admin guide. I have all the Mac OS server essentials book and have been trolling through them for answers.
I have setup SMB and configured it as per a previous thread http://discussions.apple.com/thread.jspa?threadID=2014572&tstart=0
Any help/thoughts/ pearls of wisdom would be appreciated.
Cheers
CowanProblem Fixed. Windows XP client did not have WINS server IP address is TCP/IP properties.
-
Connection fails if server and clients are in different subnets
Hello,
our Volume License Manager (v2.1) is running in another subnets than the clients (All machines are running under Windows XP-SP2 without Domains or ADS, just workgroups).
The server is in subnet A (192.168.42.0/24), all clients are located in another subnet B (192.168.50.0/24).
Routing is properly configured and is working fine, traffic to the specific hosts is not blocked by a firewall. We can ping every machine,
open telnet connections to the NILM, everything works.
But if the clients try to connect to the remote NILM (both local client NI License Manager and VLM port settings are correct) their connection attempt always
times out with error code "NILM10"
(I already read the mentioned KBs, no solution has helped so far). This is true if clients and server are separated.
For testing purposes, i plugged one client into the server's subnet (server's IP: 192.168.50.250, client 192.168.50.10)
and it worked perfectly. Is there a reason why server and client have to be on the same subnet or is it some other kind of problem that I am not aware of?
Thank you.
ThorstenHello Thorsten,
Did you add the server's domain to the client computer's DNS settings. To do this, complete the following steps on the client computer:
1. Open Local Area Network Settings from the Control Panel (Start»Control Panel»Network Connections»Local Area Connection)
2. Click the Properties button
3. Select Internet Protocol (TCP/IP) from the list of network components
4. Click the Properties button
5. Click the Advanced button
6. Change to the DNS tab
7. Ensure Append these DNS suffixes is selected
8. Click the Add button
9. Enter the domain suffix of the license server and click Add
10. Close any open dialog boxes, choosing OK and Close as necessary.
(http://digital.ni.com/public.nsf/allkb/3AAF37CD7B89A2CD86257070005A075A?OpenDocument)
Further you should check this KBs.
Why is My NI License Manager Slow or Not Responsive with a Configured Network Server on Another Domain?
http://digital.ni.com/public.nsf/allkb/27D6BD8116EF257A862572F2005C2181?OpenDocument
How Can I Access NI Volume License Manager from a Different Network or Behind a Firewall?
http://digital.ni.com/public.nsf/websearch/54E52C3F348B929786256DCD0056B19B?OpenDocument
Regards,
WolfgangZ -
File Server Migration from 2008 Standard to 2012 Standard accross different subnet
Hi
Im going to migrate File server from Windows 2008 Standard server to Windows 2012 Standard . Source and Destination Servers are on different subnets . According to this
http://technet.microsoft.com/en-us/library/jj863566.aspx I cannot use Server migrations tool in-built into 2012 . Im not sure if I can use file server migration toolkit 1.2?.
Also my Domain controllers are mixture of Windows 2003, 2008 , 2008 R2 and I've upgraded the schema level to 2012 R2 . Is there anything else I need to be aware of ?
Can anyone please recommended best way to go about doing this migration . Is file server migration toolkit 1.2 is compatible ? .
Only reason I don't want to use Robocopy to this is because If I miss a small setting etc then I will face unwanted downtime.
I presume Migration toolkit will also create all the Quotas etc on the destination server .
Thanks
mumtazHi mumtaz,
We could use file server migration toolkit 1.2 to migrate file server between the two subnets. In order to maintain security settings after the migration, please ensure the security of files and folders after they are migrated to a target file server, the File
Server Migration Wizard applies permissions that are the same as or more restrictive than they were on the source files and folders, depending on the option you select.
In the meantime, quota cannot migrate by this tool but we can export and import the quota using dirquota command. Export the templates as xml and then import to new server:
dirquota template export /file:C:\test.xml
dirquota template import /file:C:\test.xml
For more detailed information, please see:
Template Export and Import Scenarios
http://technet.microsoft.com/en-us/library/cc730873(WS.10).aspx
Regards,
Mandy
If you have any feedback on our support, please click
here
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
ASA 5505: VPN Access to Different Subnets
Hi All-
I'm trying to figure out how to configure our ASA so that remote users can have VPN access to two different subnets (office LAN and phone LAN). Currently, I have 3 VLANs setup -- VLAN 1 (inside), VLAN 2 (outside), VLAN 13 (phone LAN). Essentially, remote users should be able to access their PC (192.168.1.0 /24) and also access the office phone system (192.168.254.0 /24). Is this even possible? Below is the configurations on our ASA,
Thanks in advance:
ASA Version 8.2(5)
names
name 10.0.1.0 Net-10
name 20.0.1.0 Net-20
name 192.168.254.0 phones
name 192.168.254.250 PBX
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
switchport access vlan 3
interface Ethernet0/6
interface Ethernet0/7
switchport access vlan 13
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.98 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address X.X.139.79 255.255.255.224
interface Vlan3
no nameif
security-level 50
ip address 192.168.5.1 255.255.255.0
interface Vlan13
nameif phones
security-level 100
ip address 192.168.254.200 255.255.255.0
ftp mode passive
object-group service RDP tcp
port-object eq 3389
object-group service DM_INLINE_SERVICE_1
service-object ip
service-object tcp eq ssh
access-list vpn_nat_inside extended permit ip Net-10 255.255.255.224 192.168.1.0 255.255.255.0
access-list vpn_nat_inside extended permit ip Net-10 255.255.255.224 phones 255.255.255.0
access-list inside_nat0_outbound extended permit ip any Net-10 255.255.255.224
access-list inside_access_in extended permit ip any any
access-list Split_Tunnel_List standard permit Net-10 255.255.255.224
access-list phones_nat0_outbound extended permit ip any Net-10 255.255.255.224
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_1 host Mac any
pager lines 24
logging enable
logging timestamp
logging monitor errors
logging history errors
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu phones 1500
ip local pool SSLClientPool-10 10.0.1.1-10.0.1.20 mask 255.255.255.128
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (inside) 10 interface
global (outside) 1 interface
global (phones) 20 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
nat (outside) 10 access-list vpn_nat_inside outside
nat (phones) 0 access-list phones_nat0_outbound
nat (phones) 1 0.0.0.0 0.0.0.0
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 X.X.139.65 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication enable console LOCAL
aaa authentication ssh console LOCAL
aaa authorization command LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
subject-name CN=pas-asa.null
keypair pasvpnkey
crl configure
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 28800
vpn-sessiondb max-session-limit 10
telnet timeout 5
ssh 192.168.1.100 255.255.255.255 inside
ssh 192.168.1.0 255.255.255.0 inside
ssh Mac 255.255.255.255 outside
ssh timeout 60
console timeout 0
dhcpd auto_config inside
dhcpd address 192.168.1.222-192.168.1.223 inside
dhcpd dns 64.238.96.12 66.180.96.12 interface inside
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ssl trust-point ASDM_TrustPoint0 outside
webvpn
enable outside
anyconnect-essentials
svc image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
svc image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 2
svc enable
tunnel-group-list enable
group-policy SSLClientPolicy internal
group-policy SSLClientPolicy attributes
wins-server none
dns-server value 64.238.96.12 66.180.96.12
vpn-access-hours none
vpn-simultaneous-logins 3
vpn-idle-timeout none
vpn-session-timeout none
ipv6-vpn-filter none
vpn-tunnel-protocol svc
group-lock value PAS-SSL-VPN
default-domain none
vlan none
nac-settings none
webvpn
svc mtu 1200
svc keepalive 60
svc dpd-interval client none
svc dpd-interval gateway none
svc compression none
group-policy DfltGrpPolicy attributes
dns-server value 64.238.96.12 66.180.96.12
vpn-tunnel-protocol IPSec svc webvpn
tunnel-group DefaultRAGroup general-attributes
address-pool SSLClientPool-10
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *****
tunnel-group PAS-SSL-VPN type remote-access
tunnel-group PAS-SSL-VPN general-attributes
address-pool SSLClientPool-10
default-group-policy SSLClientPolicy
tunnel-group PAS-SSL-VPN webvpn-attributes
group-alias PAS_VPN enable
group-url https://X.X.139.79/PAS_VPN enable
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
privilege cmd level 3 mode exec command perfmon
privilege cmd level 3 mode exec command ping
privilege cmd level 3 mode exec command who
privilege cmd level 3 mode exec command logging
privilege cmd level 3 mode exec command failover
privilege cmd level 3 mode exec command packet-tracer
privilege show level 5 mode exec command import
privilege show level 5 mode exec command running-config
privilege show level 3 mode exec command reload
privilege show level 3 mode exec command mode
privilege show level 3 mode exec command firewall
privilege show level 3 mode exec command asp
privilege show level 3 mode exec command cpu
privilege show level 3 mode exec command interface
privilege show level 3 mode exec command clock
privilege show level 3 mode exec command dns-hosts
privilege show level 3 mode exec command access-list
privilege show level 3 mode exec command logging
privilege show level 3 mode exec command vlan
privilege show level 3 mode exec command ip
privilege show level 3 mode exec command ipv6
privilege show level 3 mode exec command failover
privilege show level 3 mode exec command asdm
privilege show level 3 mode exec command arp
privilege show level 3 mode exec command route
privilege show level 3 mode exec command ospf
privilege show level 3 mode exec command aaa-server
privilege show level 3 mode exec command aaa
privilege show level 3 mode exec command eigrp
privilege show level 3 mode exec command crypto
privilege show level 3 mode exec command vpn-sessiondb
privilege show level 3 mode exec command ssh
privilege show level 3 mode exec command dhcpd
privilege show level 3 mode exec command vpnclient
privilege show level 3 mode exec command vpn
privilege show level 3 mode exec command blocks
privilege show level 3 mode exec command wccp
privilege show level 3 mode exec command dynamic-filter
privilege show level 3 mode exec command webvpn
privilege show level 3 mode exec command module
privilege show level 3 mode exec command uauth
privilege show level 3 mode exec command compression
privilege show level 3 mode configure command interface
privilege show level 3 mode configure command clock
privilege show level 3 mode configure command access-list
privilege show level 3 mode configure command logging
privilege show level 3 mode configure command ip
privilege show level 3 mode configure command failover
privilege show level 5 mode configure command asdm
privilege show level 3 mode configure command arp
privilege show level 3 mode configure command route
privilege show level 3 mode configure command aaa-server
privilege show level 3 mode configure command aaa
privilege show level 3 mode configure command crypto
privilege show level 3 mode configure command ssh
privilege show level 3 mode configure command dhcpd
privilege show level 5 mode configure command privilege
privilege clear level 3 mode exec command dns-hosts
privilege clear level 3 mode exec command logging
privilege clear level 3 mode exec command arp
privilege clear level 3 mode exec command aaa-server
privilege clear level 3 mode exec command crypto
privilege clear level 3 mode exec command dynamic-filter
privilege cmd level 3 mode configure command failover
privilege clear level 3 mode configure command logging
privilege clear level 3 mode configure command arp
privilege clear level 3 mode configure command crypto
privilege clear level 3 mode configure command aaa-server
prompt hostname context
no call-home reporting anonymousHi Jouni-
Yes, with the current configs remote users only have access to the 'inside' LAN (192.168.1.0). The digital PBX on the 'phone' LAN (192.168.254.0) is not reachable through their VPN session.
Per you recommendation, I removed the following configs from my ASA:
global (phones) 20 interface
... removing this configuration didn't make a difference -- I was still able to ping the inside LAN, but not the phone LAN.
global (inside) 10 interface
nat (outside) 10 access-list vpn_nat_inside outside
.... removing these two configurations caused the inside LAN to be unreachable. The phone LAN was not reachable, either. So, I put the '10' configurations back.
The ASDM syslog is showing the following when I try to ping the PBX (192.168.254.250) through the VPN session:
"portmap translation creation failed for icmp src outside:10.0.1.1 dest phones:PBX (type 8, code 0)"
What do you think?
Thanks! -
Can members in a pool be on different subnets using CSM
Hello. We have recently been investigating load balancing devices, and were almost set on F5. We then overhauled our core network, including replacing one 4507R with 2 6500's, outfitted with Sup720's and FWSM modules.
Now, we are seriously thinking about investing in the CSM or ACE module instead of the F5. I was wondering if the servers in my virtual pool can be on different subnets?
For example, the user is looking for a web server with an IP of 192.168.110.1. This virtual ip is setup on the CSM module, and contains three physical servers, 192.168.110.10, 192.168.110.20, and 10.10.10.1 (server in a different data center, only to be used if the two primary servers go down). Will this work, or do all members in the pool need to be on the same subnet?
Thanks.I would recommend the following test results published by veritest
http://www.lionbridge.com/NR/rdonlyres/5518CDEC-0D57-446E-8E3D-2AE73DCB7EEF/0/csm_comparison.pdf
Gilles. -
WRV200 IPSEC VPN to a remote site with 2 different subnets
Hi,
My old WRV54G had no problem with this! I'm trying to connect an IPSEC tunnel back to a router at my main office, there are two Subnets there 192.168.0.0/24 and 10.171.131.0/24. In my old router I would set up two tunnels to the same gateway with different subnets and everything would work fine.
When I do this with the WRV200 both tunnels come up but in the view of the VPN status they both have the remote network listed as 192.168.0.0 /24 and I can't seem to get them both to work. If I delete the 192.168.0.0/24 tunnel (tunnel #A) and just use the tunnel#B I can connect to the 10 network.
Anyone been able to get this working?Hi,
Ok, so the first thing you will have to think about is the encryption domain of the existing L2L VPN. Since your aim is to publish a Web server from another site through a L2L VPN connections you have to consider what the source addresses for the Web server connections can be?
It might be that you would need to have the source address for the L2L VPN in DC1 as "any" and naturally on DC2 the destination would be "any".
Though in that case it would probably cause problems if the Web server would need to use the DC2 Internet connections for something. This is because we would have now defined that traffic from the Web server to "any" destination IP address should be tunneled to the L2L VPN.
One other option might be that you actually configure DC1 site so that all incoming traffic from the Internet towards the 111.111.111.111 will have their source address translated to a single IP address (to be decided) before entering the L2L VPN. This would eliminate the need to use the "any" in the L2L VPN configurations because the Web server would see all connections come from a single IP address and therefore would not cause problems for the DC2 Web server IF it needs to access or be accessed through the local DC2 Internet connection.
Judging by your examples it would seem that you are using a 8.2 or older software level. Would you be willing to share some current configurations (with masked public IP addresses) or should I just give you some example configurations?
Most important ones would naturally be current NAT configurations and configuration related to the L2L VPN connection.
- Jouni -
Using DHCP with a cFP-20XX across a different subnet
I have a cFP-2010 that will work great when set up with a static IP or DHCP as long as it is on the same subnet. If I set it for DHCP then move it to a different subnet, MAX can no longer find it. Do I have to use a static IP when going across subnets, or is there something I'm missing?
Thanks,
SteveSelmore,
Not 100% sure this will work for FieldPoint controllers, but for some
other NI controllers (e.g. CompactRIO) if you give a name to the
controller in MAX and set it to use DHCP, then when its IP address is
assigned by the DHCP server its name is registered as a DNS name. That
means you can use that name to communicate to it from a different
subnet. By using ping commands you should be able to demonstrate if
this works for FieldPoint or not; I believe it should.
Hope my answer is clear enough and helps.
JMota -
Printing to a shared printer on a different subnet
I have 2 macs:
1 on a wired on subnet 1 (10.0.0.xxx) = SERVER
I have my Powerbook on a second (wireless) network (10.0.2.xxx) = CLIENT
The 10.0.2.xxx router is plugged into the 10.0.0.xxx router so I can see (ping and map drives on) the SERVER from the CLIENT
The problem I am having is I cannot see any shared printers on my SERVER because it am on a different subnet than the CLIENT.
Is there a way I can tell the CLIENT machine how to find the shared printer on the SERVER?
PowerMac G4 & Powerbook G4 Mac OS X (10.3.9)Is there a reason you want to keep the two subnet arrangement?
The second router is what's preventing the connection.
Your easiest fix would be to change your use of the second router to wireless access point - where the second router's functions except wireless are turned off (No DHCP, no firewall, no NAT).
It is possible (depending on router setup functions) that you can use port forwarding to direct port 631 (IPP printer sharing) to the IP address of the wireless computer and get this working as is. Won't hurt to try. This would be on the 2nd router only. -
ACE load balancing servers on different subnets...
Hello,
I have the following issue.... need to load balance traffic between two servers already working in two different subnets (vlans), at this point is highly desirable to avoid changing IP addresses. Is it possible to accomplish this goal using ACE? routed or bridged mode? is it strictly necessary to have all servers belonging to a serverfarm in the same subnet?
Thanks in advanced for your support.Hi,
You can do this, but you have to use client-NAT (Source-NAT) to force the return traffic to pass back through the ACE. You also then need static routes in the ACE context to point at each server. PBR is an alternative approach but I have not implemented that in a live network. The important thing is that the ACE sees both sides of the conversation.
The following extract from a configuration shows the basic principle:
rserver host master
ip address 10.199.95.2
inservice
rserver host slave
ip address 10.199.38.68
inservice
serverfarm host FARM-web2-Master
description Serverfarm Master
probe PROBE-web2
rserver master
inservice
serverfarm host FARM-web2-Slave
description Serverfarm Slave
probe PROBE-web2
rserver slave
inservice
class-map match-any L4VIPCLASS
2 match virtual-address 10.199.80.12 tcp eq www
3 match virtual-address 10.199.80.12 tcp eq https
policy-map type management first-match REMOTE-MGMT-ALLOW-POLICY
class REMOTE-ACCESS
permit
policy-map type loadbalance first-match LB-POLICY
class class-default
serverfarm FARM-web2-Master backup FARM-web2-Slave
policy-map multi-match L4POLICY
class L4VIPCLASS
loadbalance vip inservice
loadbalance policy LB-POLICY
loadbalance vip icmp-reply active
loadbalance vip advertise
nat dynamic 1 vlan 384
service-policy input L4POLICY
interface vlan 383
description ACE-web2-Clientside
ip address 10.199.80.13 255.255.255.248
alias 10.199.80.12 255.255.255.248
peer ip address 10.199.80.14 255.255.255.248
access-group input ACL-IN
access-group output PERMIT-ALL
no shutdown
interface vlan 384
description ACE-web2-Serverside
ip address 10.199.80.18 255.255.255.240
alias 10.199.80.17 255.255.255.240
peer ip address 10.199.80.19 255.255.255.240
access-group input PERMIT-ALL
access-group output PERMIT-ALL
nat-pool 1 10.199.80.20 10.199.80.20 netmask 255.255.255.240 pat
no shutdown
ip route 0.0.0.0 0.0.0.0 10.199.80.9
ip route 10.199.95.2 255.255.255.255 10.199.80.21
ip route 10.199.38.68 255.255.255.255 10.199.80.21
HTH
Cathy -
Hi Everyone,
I'm just about to connect up two SBS 2011 Servers with the same server name but on different subnets & domains over a VPN.
So for example both servers will have the name Server01, one would have an ip address of 192.168.85.5, the other 192.168.86.5, they both then would be connected over a VPN.
Can anyone foresee any issues with this configuration, like DNS & DHCP requests, adding new machines to the domain, mapping drives etc.
Many thanks,
NickHi Larry & Strike First,
Thank you for your responses. I understand that this is an unusual situation. Basically I've recently taken over the IT support for this client. The client has just had a new phone system installed
& are asking if they can speak to each office internally, which can easily be done once I setup the VPN.
However I noticed whilst looking at this further that the Server names are the same, hence my question?
Am I right in saying that providing the workstations have a trust relationship with their own domain controllers through their individual domains on separate subnets, that hopefully there shouldn't be any DNS issues between the two domains and Servers?
I could build a new VM if you feel it would be better practice to do so?
Many thanks for your assistance,
Nick -
TNS:operation timed out - on different subnets
I am having a problem with Oracle on a companys local network. The problem is manifested by
TNS-12535: TNS:operation timed out
error which happens when client repetitively makes connection to Oracle instance located on a different subnet (going via the network backbone). To illustrate this problem I wrote a simple batch file using SQLPLUS. The attached files:
pingconnect.cmd, this command file executes a single SQL query in an infinite loop :
@echo off
:a
sqlplus -S scott/tiger@oratns @seldual.sql
goto a:
seldual.sql - simple query that gets executed in the loop:
select * from dual;
exit
sqlnet.log error
Fatal NI connect error 12535, connecting to:
(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=host)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=svcname)(CID=(PROGRAM=C:\oracle\ora92\bin\SQLPLUS.EXE)(HOST=ADMITRIYLTW2K)(USER=user))))
VERSION INFORMATION:
TNS for 32-bit Windows: Version 9.2.0.5.0 - Production
Windows NT TCP/IP NT Protocol Adapter for 32-bit Windows: Version 9.2.0.5.0 - Production
Time: 29-APR-2004 10:21:07
Tracing not turned on.
Tns error struct:
nr err code: 0
ns main err code: 12535
TNS-12535: TNS:operation timed out
ns secondary err code: 12560
nt main err code: 505
TNS-00505: Operation timed out
nt secondary err code: 60
nt OS err code: 0
When I ran several (for example 7) instances of pingconnect.cmd, it runs for about 3-5 minutes and then fails with error TNS-12535 (see sqlnet.log). This happens with both Oracle 9i and 8i. This only happens when the client and server are located on the different subnets. This is confirmed by a network engineer who worked with me while I was performing tests on various network configurations.
I am looking for the Oracle network tuning parameters to eliminate this problem. Any suggestions?Is it related?I can not say it is related with 100% certainty.
You can conclude I had a REALLY lucky guess or there is high correlation between VM & having TNS-12535 error.
It is your system & you are free to (ab)use it any way you choose to do so.
We both know SQL*Net can & does work as advertised, but requires a properly configured OS & Network underneath it. -
Remote content crawler on a file directory in a different subnet
I'm trying to crawl a file directory that is on our company network but in a different subnet. It seems to be set up correctly, because I have managed to import most of the documents to the knowledge directory. However, when running the job a few times, sometimes it succeeds and sometimes it fails, without consistency. The main thing I notice is that it doesn't import the larger files (>5 MB), but our maximum allowed is 100 MB. Even when the job runs "successfully" there is a message in the job log:
Feb 21, 2006 12:08:14 PM- com.plumtree.openfoundation.util.XPNullPointerException: Error in function PTDataSource.ImportDocumentEx (vDocumentLocationBagAsXML == <?xml version="1.0" encoding="ucs-2"?><PTBAG V="1.1" xml:space="preserve"><S N="PTC_DOC_ID">s2dC33967209AEE4710C5ED073C04B3EDCF_1.pdf</S><I N="PTC_DTM_SECT">1000</I><I N="PTC_PBAGFORMAT">2000</I><S N="PTC_UNIQUE">\\10.105.1.33\digitaldocs\s2dC33967209AEE4710C5ED073C04B3EDCF_1.pdf</S><S N="PTC_CDLANG"></S><S N="PTC_FOLDER_NAME">s2dC33967209AEE4710C5ED073C04B3EDCF_1.pdf</S></PTBAG>, pDocumentType == com.plumtree.server.impl.directory.PTDocumentType@285d14, pCard == com.plumtree.server.impl.directory.PTCard@1f6ef01, bSummarize == false, pProvider == [email protected]4)ImportDocumentExfailed for document "s2dC33967209AEE4710C5ED073C04B3EDCF_1.pdf"
When the job fails, there is a different message:
*** Job Operation #1 failed: Crawl has timed out (exception java.lang.Exception: Too many empty batches.)(282610)
I tried increasing the time out periods for the crawler web service and the crawler job. That didn't seem to work. Any suggestions?Hi Dave,
Did you fix this issue? I'm having the same error.
Thanks!
Maybe you are looking for
-
Unable to get Quick time movies to play on my imac. This is the error message I allways get. "The document "4-20130701090400-7.mp4" could not be opened. The movie is not in a format that QuickTime Player understands.You may need to install additional
-
Is there any documentation on how to nest IF or IFThen in Fin Reports
I'm trying to nest now but can't find any documentation on the proper syntax. Here is my logic. I'm in column D in my grid. IF C < 0 and B = 0 then -1 ELSEIF C = 0 then 0 ELSEIF B < 0 then ( C / B ) * -1 ELSE C / B Can you help? I'm stumped and on de
-
Suggestions on replacement hard drive
I'm needing a replacement hard drive for a 733MHz 128MB 40G Quicksilver. Anyone with experience on certain brands? Thanks, Jason
-
Hi I want to hide an error message with the code JBO-33035 How can I do this? Hiding the message box does not work because this time the other error messages will not be shown either. Is there a way to only hide the messages we want. I would be grate
-
Re: Withholding Tax Configuration.
Hi Experts, We have almost completed Implementation of Company In Bangladesh. Now the Client wants T.D.S Configuration for Bangladesh. along with Callahan Remittance.I gone through Sap Note given in market place but no such configuration is availabl