DHCP in Domain A serving Computers in Domain B
Hi. I have migrated computers from domain A to domain B. Servers remain in domain A. A trust is in place.
In domain A I have a domain controller running DNS & DHCP. DNS is secure only/AD Integrated. DHCP is configured to update DNS using a domain account. DHCP in domain A serves computers migrated to domain B.
I have a domain controller in Domain B running DNS.
All servers are on the same subnet (domain A and domain B) and in the same building.
Forwarders are configured in DNS.
I am no longer able to RDP to computers migrated to domain B by name. I can by IP.
What is the best configuration for my situation to avoid DNS issues?
Should I install DHCP on a member server in Domain B and unauthorize the DHCP server in Domain A?
Kinds Regards,
Phil.
Hi Phil,
I don't think this will confuse the DNS. Because they are different resource records. For example, we have a client named PC1. Then there will be two resource records in the DNS, one is PC1.domainA.local and the other is PC1.domainB.local. Which resource
record will be used depends on the DNS query. Which DNS suffix will be appended to the DNS query depends on the DNS suffix search list.
Hope this helps.
Steven Lee
TechNet Community Support
Similar Messages
-
hi,
'do I have to enable DHCP role on essential server just like sbs server to configure internet and domain name , or that is not really necessary , the router dhcp is enough toconfigure essential server!
thanks
johan
h.davidThe router DHCP is enough to use Essentials server. Essentials is designed to work with router dhcp out of the box, but you can choose to install DHCP role on server if you like. If you decide to do that, check the blog post from
here: http://blogs.technet.com/b/sbs/archive/2013/04/22/running-dhcp-server-on-windows-server-2012-essentials.aspx
Also check the Essentials documentation for more details from here:
http://technet.microsoft.com/en-us/library/cc514417.aspx -
Configuring DNS when clients get DHCP from a Windows server
Hi
I'm getting to grips with OD and have managed to configure a test environment at home with static IPs and all the DNS entries being entered manually for each computer.
However, how do I configure the DNS in an environment where clients get their IPs from a Windows DHCP server (which I have no access to)?
Setting clients to have static IPs is not an option nor enabling DHCP on the Mac server, I suspect.
Your help is really appreciated.
SteveHi
Your suspicion is correct.
To be honest I would what is available on the Windows Server as the basis for your Open Directory deployment. If the Windows Server is already the DHCP Server odds are it is also the DNS Server. DNS can be provided to your clients using the Windows based DHCP service.
If you have no direct access to the windows server you should be able at the least ask the windows administrator to add a Host Record with a Reverse Pointer for the OSX Server. Make sure its resolving correctly first using the relevant tools first then add the IP address of the Windows Server in the network preferences pane on your OSX Server. Thereafter you should be able to promote from Standalone to Open Directory Master without too many problems.
If the Windows Server is using .local as its FQDN then it could scupper any chances you have of providing OSX LDAP services to your mac clients. It can work with .local, its just better if its not used.
Hope this helps – Tony -
ASA Migration of DHCP Scope to a Server
Hello All,
We migrated the DHCP scope from the ASA to a MS DHCP server with this configuration:
group-policy BV-SSL1 internal
group-policy BV-SSL1 attributes
no address-pools value remotepool4 remotepool2 remotepool3
no intercept-dhcp enable
dhcp-network-scope 10.180.49.0
exit
tunnel-group BVVPN10 general-attributes
no address-pool remotepool2
no address-pool remotepool3
no address-pool remotepool4
dhcp-server 10.182.14.55
exit
tunnel-group BV-SSL general-attributes
no address-pool remotepool2
no address-pool remotepool3
no address-pool remotepool4
dhcp-server 10.182.14.55
exit
no vpn-addr-assign aaa
no vpn-addr-assign local
vpn-addr-assign dhcp
This is running good, until we used all 254 addresses that was specified in the dhcp-network-scope.
My question is should i have specified dhcp-network-scope none to allow for all 3 scopes can be used to hand out IP addresses for the remote users?
Thanks,
KimberlyOkay, that's at least a good start. Can you monitor the ULS logs while you attempt to browse to the site to see what form of error(s) you're getting?
Trevor Seward
Follow or contact me at...
  
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs. -
Communication between the DNS/DHCP Manager and OES Server
No communication between the DNS/DHCP Manager Console and OES server (status,start,stop)
The screenshot shows the tab "DHCP (OES Linux)" in the DNS / DHCP Manager console
in the bottom of the image it shows the state of the DHCP servers.
allDHCP.JPG
The dhcp service is started on all these servers
You can see that the status is known only for four servers.
The button "start/stop DHCP service" works fine on this servers and
the dhcp service can be canceled and also restarted
But the status of the "dhcp service" is not recognized for all the other DHCP servers
and so we can not start or stop dhcp service on these servers.
All servers were installed at different times (last three years) with OES11 and
are upgraded to OES11SP2 with all patches.
The server keto (DHCP_keto) is a new installation OES11SP2 few days ago.
All OES servers were set up identically from me. LDAP, LUM, DMS, DHCP works fine.
Which service on the OES server is responsible for
communication (status indicator) between the DNS/DHCP Manager and the OES serve?
How the status query is performed by the DNS/DHCP Manager?
How can I test the communication to the server on the client (console)?
Which configurationfiles I should be compare on the server?
Thanks in advance
Gernotgernot,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://www.novell.com/support and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Forums Team
http://forums.novell.com -
Time Capsule as DHCP Router and DNS server for larger network - too taxing?
Ok, let me say first that I'm no networking expert, but I have tried to learn a decent amount over the years. I haven't got quite gotten o the level of combing router event logs, though I intend to do that as my next step. My question here though is if my overall network strategy is flawed.
My setup at home is one that may be a bit more extensive than most users have:
Cable modem -> Time Capsule -> Multiple gigabit switches (business grade) -> Wired Cat5e throughout the house and 2 Airport Extremes. I don't know how many total wired and wireless clients I have, but it may be between 30 and 40 (only a few are computers with the rest being game systems, networked DVRs, audio streamers, NAS, etc)
At the moment, the Time Capsule only backs up one machine - a MBP (I have external HDDs connected directly to the desktops). I don't use the TC's HDD for anything else. Also, I have the network configured so that the TC handles DHCP addressing and NAT. The Airport Extremes are in bridge mode.
For the most part, everything works very well. Internet speeds are good, audio streaming works well, no problems with TC backups, etc. The only issue I've run into are dropouts when streaming video content on the network from one device to another (not form the internet). Basically, the stream will pause and then an error will pop up on screen saying that there was a network problem. Now, I know that the specific devices themselves may have issues of their own, but since it's happened on more than one system, I'm wondering if there is a common network culprit- expecting the Time Capsule to handle its duties especially while it is doing a backup.
Here are a few thoughts I have:
1 - From a technical standpoint, I don't know if all client to client network traffic goes through the TC. I was thinking that communication could happen between devices on the same switch without having to go up to the TC and then back down, but maybe I'm wrong. If I am wrong, that certainly is a bottleneck right there. I'm not segregating the video streamers to their own subnet on a new router to isolate the traffic. I'm also not sure if the bottleneck is impacted by static vs dynamic IP addressing. IOW, I don't know if setting the devices up with static IPs would change the flow of traffic to not have to go through the TC (just flow across the switch) or not.
2 - Long ago in a different network setup, I had allowed the wireless access points to assign IPs. However, I found that doing so sometimes created problems accessing some of those devices from a computer or device on a different subnet. As such, I switched over to having the router connected to the modem do all the IP addressing. Maybe this is a bad idea given the temporary nature that some devices will hop on and off the network.
3 - Additionally, in the interests of getting better wireless coverage over the whole house, I switched to using 2 airport extremes configured to use the same SSID (so that devices moving around the house wouldn't need to specifically change networks in order to get better signal). I guess I could let one of those 2 handle IP addressing while the other is in bridge mode (pointing to the primary Extreme vs the TC).
4 - Kind of getting back to the TC as the bottleneck, maybe it shouldn't handle network wide DHCP and NAT duties. If TC backups take network priority, such that other kinds of traffic could hiccup, then I probably need to rethink where the TC should exist in the network. Or, maybe it would be enough to just have the stream sensitive components be on their own subnet.
I know there are potentially multiple flaws in my current strategy, so any suggestions or attempts at correcting my assumptions would be helpful.
Thanks!
Jeff
Message was edited by: Rgbyhkr
Message was edited by: RgbyhkrWelcome to the discussions!
1 - Everything goes through the router when it is setup to handle DHCP and NAT
2 - You want your main router, the TC, to handle all DHCP and NAT functions. It will handle up to 250+ connections, so 30-40 devices won't be much of a challenge
3 - Keep both AirPort Extremes in bridge mode to allow the TC to handle the things in #2 above. If you setup an Airport Extreme to give out IP addresses, you'll create a Double NAT issue on your network...which can slow down communications between devices...the thing you are trying to avoid. If you use Xbox live or other interactive services, the online features will not function with a Double NAT on your network.
4 - You want the TC to handle all DHCP and NAT functions as in #2. I assume that you have no single run of CAT5e more than 300 feet.
5 - If you want to create separate sub nets correctly (the AirPorts won't allow you to do this as they are designed for basic home networking), you'll need to look at routers for professional and commercial use, like Cisco.
With as many devices as you have, you may be running out of bandwidth at times. If you only notice the issue during Time Machine backups, and you don't need to backup each hour, take a look at Time Machine Editor to setup backups whenever you like, maybe once a day at 2 AM when things on the network are quiet.
My suggestions are of course opinions. Hopefully you'll receive some other possibly differing views. -
Using a NAS as media server that can serve computeres and Apple TV directly
What is the best configuration (performance/price/robustness) to have one single scalable, “backupable” location to store videos and music that can act as a media server accessible by several mac and pc computers as well as several Apple TV within the same house (knowing that the Apple TV would access the location directly not going through a computer).
Not quite true. Apple TV can access NAS orginated stream if you share library. I have done this with GForce NAS. The problem is somwhere else. Sharing is limited to streaming music only at 128kbs. You can see all music on your NAS. NAS runs DAAP-MT server (linux based music streaming) for this which you likely need to enable manually (GForce NAS has this)
Another nasty limitation is that you cannot share stream movies from NAS.
That is the reason I have just bought Eee Box (PC with Win XP Home) and I hooked up number of USB drives with movies that I stream to Apple TV. This PC is very small and it takes very little power so, it can be placed in some corner (e.g. in kitchen when some appliances make noise anyway or in basement) and run 24x7. It will behave as NAS, but it will provide proper streaming of video (just install iTunes for PC on it). You do not need keyboard, mouse or monitor for this PC. I use Tight VNC to manage it remotely from one of my Mac computers... meaning Tight VNC service is run on Eee Box while Mac has built in VNC viewer that you can invoke from "Go to computer" window using following url:
vnc://ipaddress_of_eeebox
(BTW Tight VNC does not need viewer on any mmachine as it has built-in web interface for screen management - you just need to use browser on port 5800)
To stream to Apple TV you need to enter those keys that are displayed by Apple TV. You do this via VNC. -
Bootpd, DHCP and OS X Server 2.2
I have a Mac Mini running OS X Server in Mountain Lion that I use for imaging via DeployStudio. A couple of days ago, I tried to boot a MacbookPro using Netboot by going to Start-up Disks, and selecting the Netboot image. When the machine restarted, it just sat at the grey screen for about a minute, then it started flashing the globe icon, as it was trying to find the Mini. After about a minute of that, it would give up and then boot back to the OS. I tried this with a NetInstall image, another NetBoot image, another machine, and so on. All of them had the same behavior.
After going through some logs and looking at the documentation, it turned out that the machines really couldn't find the Mini to boot from. Basically, if the DHCP service wasn't turned on, and configured for the same subnet that the Mini was on, then nothing could find the Mini to boot from it. This was bad, really bad, as l work for a large achadimc instatution where they run their own DHCP services for all of the subnets.
The issue turnes out to be that as of 2.2 of OS X Xerver, that the bootpd service doesn't launch by itself anymore. The DHCP service must be running for bootpd to launch. Netboot needs bootpd for the clients to find the host. The solution that I came up with was to modify the /etc/bootpd.plist file.
There are, as of when I am writting this, two versions of Netboot. Netboot 1, or old Netboot, allows the bootpd service to run without DHCP, and Netboot 2 that requires DHCP to be on for bootdp to launch. I went into the /etc/bootpd.plist file and added the following lines to the bottom, just before the closing </dict> tag:
<key>old_netboot_enabled</key>
<array>
<string>en0</string>
</array>
This turns on the old netboot so bootpd could run on its own. You'll have to restart the machine running OS X Server for the change to take affect.
There a couple of downsides to this method. One is if you turn on Internet Sharing in the Sharing system pane, or if you happen to turn on or change the DHCP settings in any way, your changes will be wipped out.
I hope this helps somebody out that that had the same issues that I had.
MicahHi Micah,
I have try your solution but it doesn't work.
First Excuse me for my english writing 'cause I'm french...
So the problem is complex, here is my Situation :
Netboot Server : A brand new mac mini server with 10.8.2 server (late 2012, macmini 6,2), 2 terabyte hard drives of each and DeployStudioServer 1.5.16
The services Netinstall, OpenDirectory (master mode) and AFP file sharing are all ok !
I have an external DHCP (linux) server. The DHCP server is on a vlan and the netboot server and netboot clients are on another clan, so I have
add ip address of my netboot server as a ip-helper address in the cisco router configuration of the dhcp server vlan.
And HERE IS MY PROBLEM :
I have used three kinds of netboot's client :
1. a macbook pro 17" (macbookpro 5,2, 17" early 2009) with mac os 10.6.8
2. a macbook pro 13" (macbookPro 9,2 13" mid 2012) with mac os 10.8.2
3. a Mac mini late 2012 ( macmini 6,1) with mac os 10.8.2
I have generate 2 DeployStudio Netboot sets, one for the macbook pro 13 " (10.8.2) and one for the mac mini late 2012 (10.8.2)
SO, It works without problem when I netboot with macbook pro 17" which use for example the netboot set of macboo pro 13" but the other machines don't net boot ! Why ???
In the netinstall logs and when I netboot with macbook pro 17 under 10.6.8, I saw the lines :
b 18 08:43:23 [my-netboot-server] bootpd[2825]: BSDP DISCOVER [en0] 1,0:26:4a:c:d1:8 NetBoot002 arch=i386 sysid=MacBookPro5,2
Feb 18 08:43:23 [my-netboot-server] bootpd[2825]: replyfile /private/tftpboot/NetBoot/NetBootSP0/mbpro-13-1082.nbi/i386/booter
Feb 18 08:43:23 [my-netboot-server] bootpd[2825]: replying to 0.0.0.0
Feb 18 08:43:23 [my-netboot-server]bootpd[2825]: BSDP OFFER sent [1,0:26:4a:c:d1:8] pktsize 360
but when I netboot with macbook pro 13" under 10.8.2, I see only the lines (for example ) :
Feb 18 09:01:07 [my-netboot-server] bootpd[2968]: service time 0.000015 seconds
Feb 18 09:01:40 [my-netboot-server] bootpd[2968]: service time 0.000015 seconds
Feb 18 09:01:40 [my-netboot-server] bootpd[2968]: service time 0.000004 seconds
Feb 18 09:01:52 [my-netboot-server] bootpd[2968]: service time 0.000015 seconds
Feb 18 09:01:52 [my-netboot-server] bootpd[2968]: service time 0.000010 seconds
Feb 18 09:02:08 [my-netboot-server] bootpd[2968]: service time 0.000015 seconds
PLEASE HELP ME, I DON'T UNDERSTAND WHY IT WORKS WITH A "10.6.8" OLD CLIENT AND NOT WITH MY NEW MACS UNDER MOUNTAIN LION ?
HAVE YOU ANY IDEA ?
THANKS IN ADVANCE TO ALL FOR YOUR HELP
BEST REGARDS -
Regarding DHCP on OS provisioning server
When creating the OS Provisioning server, is DHCP server or service installed automatically? Or should I install manually?
If it is installed automatically during creating OS provisioning server, how can I start up DHCP daemon?
How do I check it works properly?
Should I turn on power and push �F12� to turn on networking boot? (sunfire-v20z)
Please tell me regarding DHCP.
Thanks.Hello moonRiver,
the DHCP Server on the OSP machine is set up automatically, you don't have to care about it. It will be activated for a specified amount of time during the provisioning process (I think 5 minutes is the default), so you can check it in the /etc/dhcpd.conf file on the OSP server if your target host appears here.
A good description on troubleshooting and when exactly DHCP is activated and de-activated can be found in the OSP Plugin manual, Chapter 10 ("Troubleshooting").
HTH,
Michael -
With serveradmin tools on Lion Server service administration is easy to assign to junior administrators. How is this done in OSX Server 2.2 with Mountain Lion?
I will. Unfortunately, I need to focus first on getting a collabd/wiki/calendar issue resolved. But, I'll definitely be coming back because I need to set up an admiistrator with restricted rights too. I skipped past Lion and came straight from SLS. I still have that server and may be able to go back and poke around. But, if you used to be able to do with with serveradmin, I'd still think you could, at least from the CLI.
Tim -
Creating domain and Excahnge mailbox , Fax Server etc.. to small busiiness
Hi ,
I would like to create to my costumer who has 2 computer (Win 8.1 on both: one laptop and one is a desktop computer) by his demand a domain which will contain of course his company's name (I did check the domain availability on one of the Domain web
checkers) and of course a mailbox and fax server or fax2mail option which will allow all faxes being sent - to get to his inbox and not to a fax machine.
However I wonder what roles should I add (I guess the the following roles are necessary:
*DHCP
*DNS
*Fax Server
*also there is a need to install the Exchange (maybe on some other computer)
I haven't mentioned that I created a server 2012 on a desktop computer i5 processor, with 10GB RAM, 500GB HD capacity .. Not a "super server" but this server/computer can meanwhile "provides the merchandising"
Please assist here :)
Thanks in Advanved :)Hi,
Based on your description, I understand that you want to set up the Windows Server 2012 as DC and deploy Active
Directory environment. Then, add some roles (DHCP, DNS and Fax Server) and Exchange Server on the Server 2012 DC. If anything I misunderstand, please don’t hesitate to let me know.
Please refer to following threads and articles, then check if can help you.
DNS
Server and DC
Checklist: Add a Domain Controller with
the DNS Server Service
DHCP
Best Practices and DC
DHCP
Server in DCs and DNS Registrations
Fax Server Step-by-Step Guide
For installing exchange server on DC, it is not recommended.
Installing
Exchange on a domain controller is not recommended
In addition, please also refer to following thread and check if provide you more detailed suggestions of roles
installation.
Multi-Role
Domain controller
Hope this helps.
Best regards,
Justin Gu -
SF15K Domain per JET/DHCP fails
When I boot net:dhcp my Domain it gets an IP from the local DHCP server, then retrieves the inetboot file from the BOOT/JET Server but then fails with the message: could not mount filesystem.
Howevr, when I trace I don't see any mount requests. Anybody have an idea what happens after the last block of the inetboot file is retrieved. That's the last packet I see in my trace.
Install Client:
Rebooting with command: boot /pci@21c,700000/pci@1/network@0:dhcp - install - w
Boot device: /pci@21c,700000/pci@1/network@0:dhcp File and args: - install - w
100 Mbps HDX Link up
Timeout waiting for BOOTP/DHCP reply. Retrying ...
Timeout waiting for BOOTP/DHCP reply. Retrying ...
Failed to receive config params
Restarting DHCP process ...
29200 100 Mbps HDX Link up
Requesting Ethernet address for: 10.16.116.1
panic - boot: Could not mount filesystem.
Program terminated
{100} ok
Notes:
The Install-Client is Domain F (su00050) and should boot:net per ce0 (IB16,Slot 1)) in network 10.16.116.0
The DHCP Server is in 10.16.116.0.
The JET Server is in 192.168.190.0.
The trace from the DHCP Server.
root@su00166 # snoop -ta -i su00050.sno3 |head
1 11:31:23.48737 su00166 -> su00050 DHCP/BOOTP DHCPOFFER
2 11:33:36.81998 su00166 -> su00050 ICMP Echo request (ID: 9 Sequence number: 0)
3 11:33:37.82803 su00166 -> su00050 DHCP/BOOTP DHCPOFFER
4 11:33:45.08202 su00166 -> su00050 DHCP/BOOTP DHCPACK
5 11:33:46.11813 su00050 -> su00156 TFTP Read "inetboot" (octet)
6 11:33:46.21198 su00050 -> su00156 TFTP Ack block 1
7 11:33:46.27475 su00050 -> su00156 TFTP Ack block 2
The trace from the JET Server
beam@su00156:/tftpboot> snoop -ta -i su00050.sno3 |head
1 11:33:46.12344 su00050 -> su00156 TFTP Read "inetboot" (octet)
2 11:33:46.13288 su00156 -> su00050 TFTP Data block 1 (512 bytes)
3 11:33:46.21218 su00050 -> su00156 TFTP Ack block 1
4 11:33:46.21240 su00156 -> su00050 TFTP Data block 2 (512 bytes)
5 11:33:46.27495 su00050 -> su00156 TFTP Ack block 2
6 11:33:46.27510 su00156 -> su00050 TFTP Data block 3 (512 bytes)
7 11:33:46.33169 su00050 -> su00156 TFTP Ack block 3
The Inetboot File on the JET Server
beam@su00156:/tftpboot> ls -l /tftpboot/inetboot
lrwxrwxrwx 1 root other 26 Dec 1 20:34 /tftpboot/inetboot -> inetboot.SUN4U.Solaris_9-1
beam@su00156:/tftpboot> what inetboot.SUN4U.Solaris_9-1
inetboot.SUN4U.Solaris_9-1:
SunOS 5.9 Generic 112233-10 Nov 2003
beam@su00156:/tftpboot> what inetboot.SUN4U.Solaris_9-2
inetboot.SUN4U.Solaris_9-2:
SunOS 5.9 Generic 112233-12 Mar 2004
The DHCP Setup
root@su00166 # dhtadm -P |egrep "^=|Name|su00050|su00166"
Name Type Value
==================================================
su00050 Macro :Include=InstallSrv:SsysidCF="192.168.190.153:/opt/jet/Clients/su00050":
InstallSrv Macro :Include=su00166:BootFile="inetboot":BootSrvA=192.168.190.153:SrootIP4=192.168.190.153:SrootNM="su00156":SrootPTH="/install/media/Solaris_9/Solaris_9/Tools/Boot":SinstIP4=192.168.190.153:SinstNM="su00156":SinstPTH="/install/media/Solaris_9":SjumpsCF="192.168.190.153:/opt/jet":
su00166 Macro :Include=Locale:Timeserv=10.16.116.6:LeaseTim=43200:LeaseNeg:DNSdmain="server.eon-energie.net":DNSserv=10.16.96.10 10.230.162.2 10.230.162.2:Router=10.16.116.1:
root@su00166 # pntadm -P 10.16.116.0
Client ID Flags Client IP Server IP Lease Expiration Macro Comment
01080020E30F2E 00 10.16.116.48 10.16.116.6 12/02/2004 su00050
010003BA52CCF2 00 10.16.116.14 10.16.116.6 10/08/2004 su00154Solution:
I added the missing Vendor Class for the SF15K platform to the DHCP Symbols in my dhcptab.
Then it worked like a charm.
root@su00166 # dhtadm -P
Name Type Value
==================================================
su00050 Macro :Include=InstallSrv:SsysidCF="192.168.190.153:/opt/jet/Clients/su00050":
su00153 Macro :Include=InstallSrv:SsysidCF="192.168.190.153:/opt/jet/Clients/su00153":
su00154 Macro :Include=InstallSrv:SsysidCF="192.168.190.153:/opt/jet/Clients/su00154":
InstallSrv Macro :Include=su00166:BootFile="inetboot":BootSrvA=192.168.190.153:SrootIP4=192.168.190.153:SrootNM="su00156":SrootPTH="/install/media/Solaris_9/Solaris_9/Tools/Boot":SinstIP4=192.168.190.153:SinstNM="su00156":SinstPTH="/install/media/Solaris_9":SjumpsCF="192.168.190.153:/opt/jet":
su00166 Macro :Include=Locale:Timeserv=10.16.116.6:LeaseTim=43200:LeaseNeg:DNSdmain="server.my-domain.de":DNSserv=10.16.96.10 10.230.162.2 10.230.162.2:Router=10.16.116.1:
Locale Macro :UTCoffst=3600:
Sterm Symbol Vendor=SUNW.Sun-Fire-V240 SUNW.Sun-Fire-V440 SUNW.Sun-Fire-V480 SUNW.Sun-Fire-15000,15,ASCII,1,0
SjumpsCF Symbol Vendor=SUNW.Sun-Fire-V240 SUNW.Sun-Fire-V440 SUNW.Sun-Fire-V480 SUNW.Sun-Fire-15000,14,ASCII,1,0
SsysidCF Symbol Vendor=SUNW.Sun-Fire-V240 SUNW.Sun-Fire-V440 SUNW.Sun-Fire-V480 SUNW.Sun-Fire-15000,13,ASCII,1,0
SinstPTH Symbol Vendor=SUNW.Sun-Fire-V240 SUNW.Sun-Fire-V440 SUNW.Sun-Fire-V480 SUNW.Sun-Fire-15000,12,ASCII,1,0
SinstNM Symbol Vendor=SUNW.Sun-Fire-V240 SUNW.Sun-Fire-V440 SUNW.Sun-Fire-V480 SUNW.Sun-Fire-15000,11,ASCII,1,0
SinstIP4 Symbol Vendor=SUNW.Sun-Fire-V240 SUNW.Sun-Fire-V440 SUNW.Sun-Fire-V480 SUNW.Sun-Fire-15000,10,IP,1,1
SbootRS Symbol Vendor=SUNW.Sun-Fire-V240 SUNW.Sun-Fire-V440 SUNW.Sun-Fire-V480 SUNW.Sun-Fire-15000,9,NUMBER,2,1
Stz Symbol Vendor=SUNW.Sun-Fire-V240 SUNW.Sun-Fire-V440 SUNW.Sun-Fire-V480 SUNW.Sun-Fire-15000,8,ASCII,1,0
SbootFIL Symbol Vendor=SUNW.Sun-Fire-V240 SUNW.Sun-Fire-V440 SUNW.Sun-Fire-V480 SUNW.Sun-Fire-15000,7,ASCII,1,0
SswapPTH Symbol Vendor=SUNW.Sun-Fire-V240 SUNW.Sun-Fire-V440 SUNW.Sun-Fire-V480 SUNW.Sun-Fire-15000,6,ASCII,1,0
SswapIP4 Symbol Vendor=SUNW.Sun-Fire-V240 SUNW.Sun-Fire-V440 SUNW.Sun-Fire-V480 SUNW.Sun-Fire-15000,5,IP,1,0
SrootPTH Symbol Vendor=SUNW.Sun-Fire-V240 SUNW.Sun-Fire-V440 SUNW.Sun-Fire-V480 SUNW.Sun-Fire-15000,4,ASCII,1,0
SrootNM Symbol Vendor=SUNW.Sun-Fire-V240 SUNW.Sun-Fire-V440 SUNW.Sun-Fire-V480 SUNW.Sun-Fire-15000,3,ASCII,1,0
SrootIP4 Symbol Vendor=SUNW.Sun-Fire-V240 SUNW.Sun-Fire-V440 SUNW.Sun-Fire-V480 SUNW.Sun-Fire-15000,2,IP,1,1
SrootOpt Symbol Vendor=SUNW.Sun-Fire-V240 SUNW.Sun-Fire-V440 SUNW.Sun-Fire-V480 SUNW.Sun-Fire-15000,1,ASCII,1,0 -
Unable to browse internet on a domain user's computer through ASA 5503 Firewall
Dear All,
I am trying to configure my new firewall for the last one month but still unable to fix it. I have a domain in windows 2012 standard edition and the firewall with unlimited license. Here is the output of show startup-config. Please note that prpgb.org is my local domain.
prpgbasa# show startup-config
: Saved
: Written by enable_15 at 02:50:45.169 PKT Thu Nov 20 2014
ASA Version 8.2(5)
hostname prpgbasa
domain-name prpgb.org
enable password AExqpLntfuzsVQrq encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 10.0.0.1 255.0.0.0
interface Vlan2
nameif outside
security-level 0
ip address 202.142.XXX.YY 255.255.255.252
ftp mode passive
clock timezone PKT 5
dns server-group DefaultDNS
domain-name prpgb.org
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 202.142.XXX.YZ 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 10.0.0.0 255.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet 10.0.0.0 255.0.0.0 inside
telnet timeout 5
ssh 10.0.0.0 255.0.0.0 inside
ssh timeout 5
console timeout 0
dhcpd dns 10.0.0.2 255.0.0.0
dhcpd dns 208.67.222.222 208.67.220.220 interface inside
dhcpd lease 86400 interface inside
dhcpd domain prpgb.org interface inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:23c0af4b2ddf9e925f83ce13909ab900
prpgbasa#
You all are requested to have a look into the problem and suggest me the modifications.
ThanksDear All,
I have solved the issue. I have done the following in-order to browse internet on domain user computers. Here are the steps
1. I have disabled my internal DHCP server in the domain.
2. Then I have configured the ASA DHCP server in the default IP address scheme i.e. 192.168.1.100-200
3. I have Connected my ASA to a switch first then from there I connected a cable to my Domain's Server WAN interface. The LAN (192.168.1.2)interface of the Domain server is also plugged into the same switch.
4. I am using my Domain Server's DNS for name resolution and forward queries which are not served by my domain to open dns server.
It works perfectly so far but before applying or setting up the entire netowrk i want your help to look into the configuration file for corrections if i am making any mistakes. Thanks again for your help and here is the output of show confing.
prpgbasa# show startup
: Saved
: Written by Ghaffar at 02:11:24.319 PKT Mon Dec 8 2014
ASA Version 8.2(5)
hostname prpgbasa
domain-name prpgb.org
enable password AExqpLntfuzsVQrq encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ddns update hostname PRPGB.ORG
dhcp client update dns server both
ip address 192.168.1.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 202.142.XXX.YY 255.255.255.252
ftp mode passive
clock timezone PKT 5
dns domain-lookup inside
dns server-group DefaultDNS
name-server 192.168.1.2
domain-name prpgb.org
object-group network obj_any
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 202.142.XXX.YY 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
aaa authentication serial console LOCAL
aaa authentication enable console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet 192.168.1.0 255.255.255.0 inside
telnet timeout 5
ssh 192.168.1.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.100-192.168.1.200 inside
dhcpd dns 192.168.1.2 interface inside
dhcpd lease 86400 interface inside
dhcpd domain prpgb.org interface inside
dhcpd update dns both interface inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username ABC password FL01QCj0LaLWTID0 encrypted privilege 15
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:7c4930a079158c0cb10a42813d3690cd
prpgbasa#
Please suggest me if there are any recomendations.
Thanks in advance.
Ghaffar -
DHCP Server does not work after Exporting and Importing Using Netsh Command
Hello Friends :
I had two dhcp servers in windows server 2003 server , I have upgraded one of them to windows server 2008 32 bit and again i installed a windows server 2008 R2 as an additional Domain Controller , the last scenario was like this :
srv-1 : windows server 2003 + DHCP = working with no problem
srv-2 : windows server 2003 + DC + DHCP = Worked without problem
srv-3 : windows server 2008 R2 + DC = worked without any problems
I exported the DHCP server configuration on the srv-2 using netsh dhcp server export and Imported them to srv-3 using the
netsh dhcp server import command , the command completed successfully and i can see all of the scopes without any problems and errors , i have authorized the new server without any problem , all scopes are activated without any problem so i
disabled the srv-2 DHCP service and unauthorized it from active directory , the problem is that the new server semms that does not lease any address to clients !!!
1- I have authorized it
2- I used Rogue Checker tool in client computers they see authorized server without any problems
3- The same tool in workgroup only shows srv-1 as the DHCP server and does not see other DHCP servers
4- Bindings are OK and DHCP servers only have one NIC installed on them
What can i do to make sure my srv-3 DHCP server will work on the network ?
thanks ...
MIMOAre the clients on another network so you need to configure a DHCP relay agent?
If you load up perfmon on the dhcp server and remove all counters and then add DHCP counters. Do you see any dhcprequests when you reboot your dhcp clients? This will determine if your server actually receives any dhcp requests.
Have you check event viewer for any warnings or errors?
And the classic one restarted the dhcp server service (or reboot)?
Regards Per-Torben Sørensen http://pertorben.wordpress.com/ -
Home Server Set Up - DNS, DHCP etc
Hi
I'm looking to set up a Mountain Lion Server at home.
I have a Lion Server but I think I will wipe it and start again, mainly because I didn't use a particularly good name to begin with. I've read the We Got Served Mountain Lion Server book, Mountain Lion Server for Dummies and Apples Documentation.
I am planning to set up in the following way:
Turn my Virgin Media router 'Modem Only' mode on.
Turn on my AirPort Extreme and set it up as the DHCP server.
I will set up a pool of IP addresses.
Question 1 - I think the best way is to make a reserved IP address for my server within this pool rather than a static IP address outside of the pool (but within the subnet). Any comments on this?
Question 2 - I need to boot my Lion Server to get the MAC address for the reservation. Should I set the reservation IP as the IP the DHCP server provides or set it up to an unused IP address? I will set up DHCP to distribute DNS server names.
Question 3 - Because I want my Mountain Lion Server to provide Directory Services I need to set up the Mountain Lion Server as a DNS server. Is this correct?
The DNS servers I will get the DHCP server to provide in the following order:
1 My Mountain Lion Server
2 My 1st Virgin Media DNS Server
3 My 2nd Virgin Media DNS Server (not sure I can set up a 3rd DNS server)
I am not going to use a Google DNS or another open DNS because they are located in the US and this affects caching of internet content.
When I set up my Mountain Lion Server I am in two minds about going for a public internet registered domain or a private domain.
Question 4 - Are there any limitations in using the registered public domain as opposed to a private domain with VPN. If I need access to any of my machines remotely I tend to use LogMeIn form my iPad. But I am tempted (just because its there) to set up a public internet address and using it. If I did go for the public domain I would need to use a dynamic DNS service (like Dyn.com) because I don't have a static IP. However if I didn't I would only need to change my public DNS entry if I rebooted my router (and I may not even then as its IP address may not be reassigned).
If I don’t need remote access to my server very often then this would be acceptable.
Question 5 - If I did go the full internet way (as opposed to the .private domain) what do I register at dyn.com? Just my domain, then add a record for the server.
1. Register ‘example.com’
2. Add a record at Dyn.com for ‘server.example.com’.
3. On my server set up put ‘server’ in the Computer Name field
4. On the ‘Host Name’ field enter ‘server.example.com’.
Question 6 – Bonjour and DNS. Aside from whether I go for a public registered domain or a private domain (and access via VPN or LogMeIn) how do these settings affect the Bonjour set up? My understanding is the Bonjour uses .local. So what is the resolution path? If I set up a DNS server on my Mountain Lion Server do I need to enter a record for each local laptop in the house or can I leave that to Bonjour? My understanding is the Bonjour will continue for all local address resolution and the Mountain Lion DNS will take care of resolving the server name (for Directory Services and any other services). Is this right will DNS be used for file and print services on the server?
Any thoughts/answers/comments/casual abuse welcome.
ThanksHi
I'm looking to set up a Mountain Lion Server at home.
I have a Lion Server but I think I will wipe it and start again, mainly because I didn't use a particularly good name to begin with. I've read the We Got Served Mountain Lion Server book, Mountain Lion Server for Dummies and Apples Documentation.
I am planning to set up in the following way:
Turn my Virgin Media router 'Modem Only' mode on.
Turn on my AirPort Extreme and set it up as the DHCP server.
I will set up a pool of IP addresses.
Question 1 - I think the best way is to make a reserved IP address for my server within this pool rather than a static IP address outside of the pool (but within the subnet). Any comments on this?
Question 2 - I need to boot my Lion Server to get the MAC address for the reservation. Should I set the reservation IP as the IP the DHCP server provides or set it up to an unused IP address? I will set up DHCP to distribute DNS server names.
Question 3 - Because I want my Mountain Lion Server to provide Directory Services I need to set up the Mountain Lion Server as a DNS server. Is this correct?
The DNS servers I will get the DHCP server to provide in the following order:
1 My Mountain Lion Server
2 My 1st Virgin Media DNS Server
3 My 2nd Virgin Media DNS Server (not sure I can set up a 3rd DNS server)
I am not going to use a Google DNS or another open DNS because they are located in the US and this affects caching of internet content.
When I set up my Mountain Lion Server I am in two minds about going for a public internet registered domain or a private domain.
Question 4 - Are there any limitations in using the registered public domain as opposed to a private domain with VPN. If I need access to any of my machines remotely I tend to use LogMeIn form my iPad. But I am tempted (just because its there) to set up a public internet address and using it. If I did go for the public domain I would need to use a dynamic DNS service (like Dyn.com) because I don't have a static IP. However if I didn't I would only need to change my public DNS entry if I rebooted my router (and I may not even then as its IP address may not be reassigned).
If I don’t need remote access to my server very often then this would be acceptable.
Question 5 - If I did go the full internet way (as opposed to the .private domain) what do I register at dyn.com? Just my domain, then add a record for the server.
1. Register ‘example.com’
2. Add a record at Dyn.com for ‘server.example.com’.
3. On my server set up put ‘server’ in the Computer Name field
4. On the ‘Host Name’ field enter ‘server.example.com’.
Question 6 – Bonjour and DNS. Aside from whether I go for a public registered domain or a private domain (and access via VPN or LogMeIn) how do these settings affect the Bonjour set up? My understanding is the Bonjour uses .local. So what is the resolution path? If I set up a DNS server on my Mountain Lion Server do I need to enter a record for each local laptop in the house or can I leave that to Bonjour? My understanding is the Bonjour will continue for all local address resolution and the Mountain Lion DNS will take care of resolving the server name (for Directory Services and any other services). Is this right will DNS be used for file and print services on the server?
Any thoughts/answers/comments/casual abuse welcome.
Thanks
Maybe you are looking for
-
Two finder icons in my dock and other issues
For some reason, in my dock, two finder icons are appearing. The default finder icon, which is not running and has no white indicator under it, and a default application style icon that launches right after login with the label "Finder" which is basi
-
I Can No Longer Connect Wirelessly With My iPad!
About 2 days ago my iPad suddenly stopped connecting wirelessly to my BT HomeHub. I have deleted all of the networks available to me and reinstated them, I have carried out a full Restore of my iPad and I have switched all of my equipment off and bac
-
Problems installing on Fedora Core 3, NoClassDefFoundError:PermissionID
Hello, I tried to install JMF on fresh Fedora Core 3 Linux installation. First I installed JDK 1.5.0. While trying to install JMF i got the exception: java.lang.NoClassDefFoundError: com/ms/security/PermissionID I've beed using JMF on RH9 linux and F
-
TV only comes in in black & white
my TV only comes in in black/white. I'm not able to get it in color.
-
HT1399 how can my song tracks be played in the orginal order of when i purchased the album
i bought a music album and it isn't playing the song in the order the songs are listed?