Direct Access client getting NameResolutionFailure error
Hi,
I'm trying to setup Direct Access on a Windows 2012 R2 server and I'm running into what is hopefully a pretty easy problem to resolve.
I've followed the instructions to setup a simple setup for DA on a Windows 2012 R2 server with everything all on one server and I'm running behind a TMG 2010 server. On the TMG server I've published the my DA server using a server publishing rule
based on these instructions
http://danstoncloud.com/blogs/simplebydesign/archive/2013/04/04/tmg-can-be-a-good-friend-of-directaccess.aspx
The setup seems pretty straight forward, but now when I'm testing my clients I'm getting the NameResolutionFailure error when I try and connect when I'm not on our internal network.
The problem I'm pretty sure is DNS related because when my test Windows 8.1 client is on our internal network everything works fine.
When I plug the machine into an external network, I get the NameResolutionFailure error for the DA client. If I try and ping anything address on our domain name I get an error that the address is unresolvable. I can ping any other domain name address fine.
On my DA server, on the DNS tab of the Infrastructure Server setup I have the following entries:
mydomain.com fdf3:137e:5133:ce07:1000::127
directaccess.mydomain.com
DirectAccess-NLS.mydomain.com
directaccess.mydomain.com is the publicly resolvable name of my DA 2012 R2 server that is bound the external IP address published on my TMG 2010 server. This name is not resolvable when on any internal machines.
If I execute the get-DNSClientNRPTPolicy command I get this:
Namespace : DirectAccess-NLS.mydomain.com
QueryPolicy :
SecureNameQueryFallback :
DirectAccessIPsecCARestriction :
DirectAccessProxyName :
DirectAccessDnsServers :
DirectAccessEnabled :
DirectAccessProxyType : UseDefault
DirectAccessQueryIPsecEncryption :
DirectAccessQueryIPsecRequired : False
NameServers :
DnsSecIPsecCARestriction :
DnsSecQueryIPsecEncryption :
DnsSecQueryIPsecRequired : False
DnsSecValidationRequired : False
NameEncoding : Utf8WithoutMapping
Namespace : directaccess.mydomain.com
QueryPolicy :
SecureNameQueryFallback :
DirectAccessIPsecCARestriction :
DirectAccessProxyName :
DirectAccessDnsServers :
DirectAccessEnabled :
DirectAccessProxyType : UseDefault
DirectAccessQueryIPsecEncryption :
DirectAccessQueryIPsecRequired : False
NameServers :
DnsSecIPsecCARestriction :
DnsSecQueryIPsecEncryption :
DnsSecQueryIPsecRequired : False
DnsSecValidationRequired : False
NameEncoding : Utf8WithoutMapping
Namespace : .mydomain.com
QueryPolicy :
SecureNameQueryFallback :
DirectAccessIPsecCARestriction :
DirectAccessProxyName :
DirectAccessDnsServers : fdf3:137e:5133:ce07:1000::127
DirectAccessEnabled :
DirectAccessProxyType : NoProxy
DirectAccessQueryIPsecEncryption :
DirectAccessQueryIPsecRequired : False
NameServers :
DnsSecIPsecCARestriction :
DnsSecQueryIPsecEncryption :
DnsSecQueryIPsecRequired : False
DnsSecValidationRequired : False
NameEncoding : Utf8WithoutMapping
So I'm thinking that the issue is related to the fact that the NRPT table says that directaccess.mydomain.com address there is no DNS specified. In fact it seems like that entry shouldn't even be there. When I was configuring DA for the first
time, I got a warning that said:
Warning: The NRPT entry for the DNS suffix .serverdomain.local contains the public name used by client computers to connect to the Remote Access server. Add the name Servername.serverdomain.local as an exemption in the NRPT.
I wasn't sure what this meant at the time but I'm guessing it's relevant to this problem.
Can some one give some help with this?
Thanks in advance
Nick
Hi,
So here is what I did. First the IP information from my DA server IPHTTPS address from ipconfig /all
Tunnel adapter IPHTTPSInterface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : IPHTTPSInterface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : fdfd:1374:5130:1000::1(Preferred)
IPv6 Address. . . . . . . . . . . : fdfd:1374:5130:1000::2(Preferred)
IPv6 Address. . . . . . . . . . . : fdfd:1374:5130:1000:2400:8f5a:a931:1ff8(Preferred)
Link-local IPv6 Address . . . . . : fe80::2400:8f5a:a931:1ff8%17(Preferred)
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 436207616
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-4F-8E-38-00-15-5D-00-96-05
NetBIOS over Tcpip. . . . . . . . : Disabled
So the address of my IPHTTPS address appears to be -S using this address as the source and going to an internal machine with an IPV6 address and got this:
tracert -S fdfd:1374:5130:1000:2400:8f5a:a931:1ff8 testserver
Tracing route to testserver.mydomain.com [fdfd:1374:5130:ce07:1000::220]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms daserver.mydomain.com [fdfd:1374:5130:1000:2400:8f5a:a931:1ff8]
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14
So it looks like from the IPHTTPS address I can't get to any internal IPV6 addresses on my internal IPV6 network I think right? I did a route print on the DA server and got this:
===========================================================================
Interface List
12...00 15 5d 00 96 05 ......Microsoft Hyper-V Network Adapter
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
16...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
17...00 00 00 00 00 00 00 e0 IPHTTPSInterface
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.16.0.21 172.16.0.127 261
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
172.16.0.0 255.255.240.0 On-link 172.16.0.127 261
172.16.0.127 255.255.255.255 On-link 172.16.0.127 261
172.16.15.255 255.255.255.255 On-link 172.16.0.127 261
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 172.16.0.127 261
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 172.16.0.127 261
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 172.16.0.21 Default
===========================================================================
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 261 ::/0 fdfd:1374:5130:ce07:1000::21
1 306 ::1/128 On-link
12 4205 fdfd:1374:5130::/48 fdfd:1374:5130:ce07:1000::21
17 306 fdfd:1374:5130:1000::/64 On-link
17 306 fdfd:1374:5130:1000::/128 On-link
17 306 fdfd:1374:5130:1000::1/128 On-link
17 306 fdfd:1374:5130:1000::2/128 On-link
17 306 fdfd:1374:5130:1000:2400:8f5a:a931:1ff8/128 On-link
12 261 fdfd:1374:5130:7777::/96 On-link
12 261 fdfd:1374:5130:ce07::/64 On-link
12 261 fdfd:1374:5130:ce07:1000::127/128 On-link
12 261 fdfd:1374:5130:ce07:6b8c:21b9:52b4:e7c5/128 On-link
12 261 fe80::/64 On-link
17 306 fe80::/64 On-link
17 306 fe80::2400:8f5a:a931:1ff8/128 On-link
12 261 fe80::e00f:6c15:fde4:6491/128 On-link
1 306 ff00::/8 On-link
12 261 ff00::/8 On-link
17 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
If Metric Network Destination Gateway
0 4294967295 fdfd:1374:5130:1000::/64 On-link
0 4200 fdfd:1374:5130::/48 fdfd:1374:5130:ce07:1000::21
0 256 fdfd:1374:5130:ce07::/64 On-link
0 4294967295 fdfd:1374:5130:7777::/96 On-link
0 4294967295 ::/0 fdfd:1374:5130:ce07:1000::21
===========================================================================
Am I missing a route here?
Thanks
Similar Messages
-
Ok So I have windows 8.1 with Direct Access Client and it works fine when I am able to check and uncheck proxy settings - which is a bit of a pain and seems unnecessary (I hope). If I take the laptop to a Starbucks I get the error that the proxy server is
not responding so it never redirects for me to "accept" the rules.
If I uncheck my proxy settings it then redirects and connects to their internet wifi and off I go - DA connects and all is well.
I am using a GPO to configure the proxy settings as shown (all options are greyed out for the users)Hi,
Your problem is a classic one when using that kind of proxy settings, unfortunately.
To solve this without the need of user interaction, there are two solutions that will sort this out for you. In your case, if you want to use your corporate connection for internet traffic even over da, I'd opt for alternative 1 or 2 depending on what you are
trying to achieve.
1. WPAD (Web Proxy Auto Discovery protocol http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol) - it actually uses the Automatic browser configuration checkbox on your client and looks for the file wpad.dat on a specific web server that you Pointout
with either dns-record called wpad or DHCP option 252.
2. Auto configuration script (pac script http://en.wikipedia.org/wiki/Proxy_auto-config) - uses the same kind of file as above. The difference is that you get the possiblity, like you want in your scenario to target what users that should get the script.
See this below article for more details on the options you have.
http://technet.microsoft.com/en-us/library/dd361918.aspx
http://techlib.barracuda.com/display/WSFLEXv41/How+to+Configure+Proxy+Settings+Using+Group+Policy+Management
Let us know if you need further assistance!
/Johan
MCT | MCSE: Private Cloud/Server, Desktop Infrastructure -
Windows Server 2012 - Direct Access clients and the Windows 8 firewall
Hi,
We're running a simple proof-of-concept for Server 2012 Direct Access, we have a single DA server behind a firewall using NAT. We have a number of client devices setup for DA and running Windows 8.
Our issue is that we can only get the Windows 8 direct access clients to connect (when outside the corporate network) and work with the windows firewall disabled (public network profile).
With the windows firewall disabled everything works exactly as expected. When outside the corporate network the client detects the network state (public network profile), connects via DA and all internal resources can be accessed successfully...fantastic.
Is there some specific guidance on manually configuring the windows 8 firewall for Direct Access ? We've tried the obvious TCP:443 with edge traversal enabled but without success.
Much of the information we have found relates to UAG rather than Windows 2012 DA.
Any assistance is appreciated.Hi,
There isn’t any specific configuration on the firewall.
Just confirm that port 443 can be forwarded to DirectAccess server.
Of course, make sure you are using IPsec first.
Check the links:
STEP 6: Test DirectAccess Client Connectivity from Behind a NAT Device
http://technet.microsoft.com/en-us/library/hh831524.aspx#TeredoCLIENT1
DirectAccess for Windows Server 2012 Installation & Configuration Guide
http://syscomlab.blog.com/2012/09/directaccess-for-windows-server-2012-guide/
Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Routing back to Direct Access Clients - is this possible?
Hi,
We have been using direct access for the past few months successfully, however the one problem we are still having is we can't use programs that require a route back to the Direct Access client (such as managing a Hyper-V machine on the local lan), using SourceOffsite
or even using Remote Desktop to remote onto a direct access client or ping the direct access client.
Our local LAN uses Ipv4 and we can route fine to the Direct Access clients from the Direct Access Server where the tunnel terminates but not from any other machine on the network. Do I need to change the direct access configuration to allow this or do I need
to somehow create a route on my LAN for the direct access clients?
Thanks in advance
DavidI found out how to do this in this useful article and tested it and it is working fine - thanks.
http://www.packtpub.com/article/configuring-manage-out-to-directaccess-clients -
When trying to access Itunes get a error code 1202
when trying to access Itunes get a error code 1202
Hello Rick,
Thank you for using Apple Support Communities.
There are a couple of things that could be affecting your ability to connect to the iTunes Store. Take a look at the section on Troubleshooting issues on an iPhone, iPad or iPod touch in the following article:
Can't connect to the iTunes Store - Apple Support
Regards,
Jeff D. -
Facing one issue with only DA client , it connects to Direct access for few seconds and then get disconnected.
Looking at error on Event viewer I see below error
Any help appreciated certificate looks ok on client not sure why IPSEC is still failing.
Main
An IPsec main mode negotiation failed.
Local Endpoint:
Local Principal Name:
Network Address: fd03:c8e4:6dc5:1000:65c3:ec29:19db:d27
Keying Module Port:
500
Remote Endpoint:
Principal Name:
Network Address: fd03:c8e4:6dc5:1000::1
Keying Module Port:
500
Additional Information:
Keying Module Name: IKEv1
Authentication Method: Unknown authentication
Role:
Initiator
Impersonation State:
Not enabled
Main Mode Filter ID:
0
Failure Information:
Failure Point:
Local computer
Failure Reason:
No policy configured
State:
No state
Initiator Cookie:
9859f832aff8f6c2
Responder Cookie:
0000000000000000
Quick
An IPsec quick mode negotiation failed.
Local Endpoint:
Network Address: ::
Network Address mask: 0
Port:
0
Tunnel Endpoint:
fd03:c8e4:6dc5:1000:65c3:ec29:19db:d27
Remote Endpoint:
Network Address: fd03:c8e4:6dc5:7777::405a:e2f2
Address Mask:
0
Port:
0
Tunnel Endpoint:
fd03:c8e4:6dc5:1000::1
Private Address:
0.0.0.0
Additional Information:
Protocol:
0
Keying Module Name: AuthIP
Virtual Interface Tunnel ID: 0
Traffic Selector ID: 0
Mode:
Tunnel
Role:
Initiator
Quick Mode Filter ID:
148975
Main Mode SA ID: 9
Failure Information:
State:
Sent first (SA) payload
Message ID:
3
Failure Point:
Local computer
Failure Reason:
Main mode SA assumed to be invalid because peer stopped responding.my "Personal"
================ Certificate 0 ================
Serial Number: db275ae51a55dc55fbe5
Issuer: CN=Communications Server
NotBefore: 3/27/2015 5:16 PM
NotAfter: 9/23/2015 5:16 PM
Subject: CN=[email protected]
Non-root Certificate
Cert Hash(sha1): b3 1a 83 46 a7 3b 35 81 d5 b8 df 4a cf c7 b5 84 3d 16 4f 19
Key Container = [email protected]
Unique container name: c8d28464bd8e19954e01e055a437dac2_9a8ca7a5-b032-4abe-aa4f-78479e291b9e
Provider = Microsoft Enhanced Cryptographic Provider v1.0
Private key is NOT exportable
Signature test passed
================ Certificate 1 ================
Serial Number: acf56029651a29985555bc204feec2906e0e623c
Issuer: CN=Token Signing Public Key
NotBefore: 11/2/2014 1:10 PM
NotAfter: 11/9/2014 1:10 PM
Subject: CN=8cb8436c5273712d
Non-root Certificate
Cert Hash(sha1): 96 40 a0 e3 d8 d3 a1 83 3d 7d 53 89 78 13 ec ea 14 57 59 e2
Key Container = IDENTITYCRL_CERT_CONTAINER_781dc55f-39ad-4acf-908b-077a9f0892c0
Unique container name: fa2317742ecd4995840a96d529ded279_9a8ca7a5-b032-4abe-aa4f-78479e291b9e
Provider = Microsoft Enhanced Cryptographic Provider v1.0
Encryption test passed
================ Certificate 2 ================
Serial Number: 1ecfdba10000000711f6
Issuer: CN=certificates1.bentley.com, OU=IT, O=Bentley Systems Inc, L=Exton, S=PA, DC=bentley, DC=com, C=US
NotBefore: 10/14/2014 3:00 PM
NotAfter: 10/14/2015 3:00 PM
Subject: E=[email protected], CN= user name
Non-root Certificate
Template: 1.3.6.1.4.1.311.21.8.11654720.1572043.7097246.3836610.15498332.49.1051303.5974672, Bentley User
Cert Hash(sha1): 34 b0 4d a3 c0 ea 3f 91 c4 e8 1f bf bc a3 eb 8d 0e 13 71 3b
Key Container = le-BentleyUser-b08f3f78-54cf-490e-9778-24c8c7bb9c0e
Unique container name: fe0554406294c67f04d3b9898a803d95_9a8ca7a5-b032-4abe-aa4f-78479e291b9e
Provider = Microsoft Software Key Storage Provider
Private key is NOT exportable
Encryption test passed -
Cannot apply Direct Access Client GPO on Windows 8.1 Enterprise client
Hi, I have made a Direct Access environment on Windows Server 2012 R2 Essential.
All setting seems to be ok, but i'm completely stuck when i have to export the DA client GPO to the client computer.
The client computer is a Win8.1 Enterprise, already joined to the domain.
When execute the command gpupdate /force, it complete successfully but when i do a gpresult /R i have nothing in the "Applied Group Policy Object" field (N/A) while i should have the Default domain GPO and the DA client GPO.
What is wrong at this state ?
ThanksMy user1 is in the "DirectAccess" group.
In all the tutorial i saw, i have never seen you have to add the computer object to this group but only the user.
Anyway, i have just add it to the group.
From my first post, here is what i did.
ran a Group Policy Result, from the DC to the client.
It give me the error RPC unavailable.
So i open the local policies on the client > Computer Configuration > Administrative Templates > Network > Network Connections > Windows Firewall >
Domain Profile > double click on "Windows Firewall: Allow inbound remote administration exception" > tick enable
I reran the Group Policy Results, and it work this time.
Now i have the result for the User1 on TECH2 client pc.
On details pane > Denied GPOs
The DA client setting is deny with the reason "access denied" ...
Now on the client computer after a GPRESULT /R
Computer settings
Applied Group Policy Object
Default Domain Policy
Local Group Policy
The following GPOs were not applied because they were filtered out
DirectAccess Client Setting
Filtering: Denied (Security)
DirectAccess Server Settings
Filtering: Denied (Security) -> normal -
If use MSSQ , when oracle rac node reboot, client get TPEOS error
Hi, all
in my tuxedo applicaton, if we use Single Server, Single Queue mode , when reboot any Oracle RAC node, our application is ok, client can get correct result. but if we use MSSQ(Multi Server, Single Queue) , if Oracle RAC node is ok , our application also is ok. but if we reboot any Oracle RAC node, client program can continue run, get correct result, but always get TPEOS error , for this situation, server can get client request, but client can not get server reply, only get TPEOS error.
our enviroment is :
oracle RAC ,10g 10.2.0.4 , two instances ,rac1 rac2, and two DTP services s1 and s2, set s1 and s2 services TAF is basic
tuxedo 10R3 , two nodes ,work in MP model ,use XA access oracle rac database,services have Transaction and not Transaction
OS is linux AS4 U5, 64bits
service program use OCI
can any one encounter this problem ?Hi, first thanks you
in ULOG file , only have failover information, not any other error message, in client side also has no other error.
not use MSSQ, ubb file about MSSQ config
SERVERS
DEFAULT:
CLOPT="-A "
sinUpdate_server SRVGRP=GROUP11 SRVID=80 MIN=10 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y
sinUpdate_server SRVGRP=GROUP12 SRVID=160 MIN=10 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y
sinCount_server SRVGRP=GROUP11 SRVID=240 MIN=10 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y
sinCount_server SRVGRP=GROUP12 SRVID=320 MIN=10 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y
sinSelect_server SRVGRP=GROUP11 SRVID=360 MIN=10 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y
sinSelect_server SRVGRP=GROUP12 SRVID=400 MIN=10 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y
sinInsert_server SRVGRP=GROUP11 SRVID=520 MIN=10 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y
sinInsert_server SRVGRP=GROUP12 SRVID=560 MIN=10 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y
sinDelete_server SRVGRP=GROUP11 SRVID=600 MIN=10 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y
sinDelete_server SRVGRP=GROUP12 SRVID=640 MIN=10 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y
sinDdl_server SRVGRP=GROUP11 SRVID=700 MIN=5 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y
sinDdl_server SRVGRP=GROUP12 SRVID=740 MIN=5 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y
lockselect_server SRVGRP=GROUP11 SRVID=800 MIN=10 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y
lockselect_server SRVGRP=GROUP12 SRVID=840 MIN=10 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y
#mulup_server SRVGRP=GROUP11 SRVID=1 MIN=2 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y
#mulup_server SRVGRP=GROUP12 SRVID=60 MIN=2 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y
sinUpdate_server SRVGRP=GROUP13 SRVID=83 MIN=10 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y
sinUpdate_server SRVGRP=GROUP14 SRVID=164 MIN=10 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y
sinCount_server SRVGRP=GROUP13 SRVID=243 MIN=10 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y
sinCount_server SRVGRP=GROUP14 SRVID=324 MIN=10 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y
sinSelect_server SRVGRP=GROUP13 SRVID=363 MIN=10 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y
sinSelect_server SRVGRP=GROUP14 SRVID=404 MIN=10 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y
sinInsert_server SRVGRP=GROUP13 SRVID=523 MIN=10 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y
sinInsert_server SRVGRP=GROUP14 SRVID=564 MIN=10 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y
sinDelete_server SRVGRP=GROUP13 SRVID=603 MIN=10 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y
sinDelete_server SRVGRP=GROUP14 SRVID=644 MIN=10 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y
sinDdl_server SRVGRP=GROUP13 SRVID=703 MIN=5 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y
sinDdl_server SRVGRP=GROUP14 SRVID=744 MIN=5 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y
lockselect_server SRVGRP=GROUP13 SRVID=803 MIN=10 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y
lockselect_server SRVGRP=GROUP14 SRVID=844 MIN=10 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y
#mulup_server SRVGRP=GROUP13 SRVID=13 MIN=2 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y
#mulup_server SRVGRP=GROUP14 SRVID=64 MIN=2 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y
WSL SRVGRP=GROUP11 SRVID=1000
CLOPT="-A -- -n//120.3.8.237:7200 -I 60 -T 60 -w WSH -m 50 -M 100 -x 6 -N 3600"
WSL SRVGRP=GROUP12 SRVID=1001
CLOPT="-A -- -n//120.3.8.238:7200 -I 60 -T 60 -w WSH -m 50 -M 100 -x 6 -N 3600"
WSL SRVGRP=GROUP13 SRVID=1003
CLOPT="-A -- -n//120.3.8.237:7203 -I 60 -T 60 -w WSH -m 50 -M 100 -x 6 -N 3600"
WSL SRVGRP=GROUP14 SRVID=1004
CLOPT="-A -- -n//120.3.8.238:7204 -I 60 -T 60 -w WSH -m 50 -M 100 -x 6 -N 3600"
if we use MSSQ ,ubb file about MSSQ config is
*SERVERS
DEFAULT:
CLOPT="-A -p 1,60:1,30"
sinUpdate_server SRVGRP=GROUP11 SRVID=80 MIN=10 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y RQADDR=sinUpdate11 REPLYQ=Y
sinUpdate_server SRVGRP=GROUP12 SRVID=160 MIN=10 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y RQADDR=sinUpdate12 REPLYQ=Y
sinCount_server SRVGRP=GROUP11 SRVID=240 MIN=10 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y RQADDR=sinCount11 REPLYQ=Y
sinCount_server SRVGRP=GROUP12 SRVID=320 MIN=10 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y RQADDR=sinCount12 REPLYQ=Y
sinSelect_server SRVGRP=GROUP11 SRVID=360 MIN=10 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y RQADDR=sinSelec11 REPLYQ=Y
sinSelect_server SRVGRP=GROUP12 SRVID=400 MIN=10 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y RQADDR=sinSelect12 REPLYQ=Y
sinInsert_server SRVGRP=GROUP11 SRVID=520 MIN=10 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y RQADDR=sinInsert11 REPLYQ=Y
sinInsert_server SRVGRP=GROUP12 SRVID=560 MIN=10 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y RQADDR=sinInsert12 REPLYQ=Y
sinDelete_server SRVGRP=GROUP11 SRVID=600 MIN=10 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y RQADDR=sinDelete11 REPLYQ=Y
sinDelete_server SRVGRP=GROUP12 SRVID=640 MIN=10 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y RQADDR=sinDelete12 REPLYQ=Y
sinDdl_server SRVGRP=GROUP11 SRVID=700 MIN=5 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y RQADDR=sinDdl11 REPLYQ=Y
sinDdl_server SRVGRP=GROUP12 SRVID=740 MIN=5 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y RQADDR=sinDdl12 REPLYQ=Y
lockselect_server SRVGRP=GROUP11 SRVID=800 MIN=10 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y RQADDR=lockselect11 REPLYQ=Y
lockselect_server SRVGRP=GROUP12 SRVID=840 MIN=10 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y RQADDR=lockselect12 REPLYQ=Y
#mulup_server SRVGRP=GROUP11 SRVID=1 MIN=2 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y RQADDR=mulup11 REPLYQ=Y
#mulup_server SRVGRP=GROUP12 SRVID=60 MIN=2 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y RQADDR=mulup12 REPLYQ=Y
sinUpdate_server SRVGRP=GROUP13 SRVID=83 MIN=10 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y RQADDR=sinUpdate13 REPLYQ=Y
sinUpdate_server SRVGRP=GROUP14 SRVID=164 MIN=10 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y RQADDR=sinUpdate14 REPLYQ=Y
sinCount_server SRVGRP=GROUP13 SRVID=243 MIN=10 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y RQADDR=sinCount13 REPLYQ=Y
sinCount_server SRVGRP=GROUP14 SRVID=324 MIN=10 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y RQADDR=sinCount14 REPLYQ=Y
sinSelect_server SRVGRP=GROUP13 SRVID=363 MIN=10 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y RQADDR=sinSelec13 REPLYQ=Y
sinSelect_server SRVGRP=GROUP14 SRVID=404 MIN=10 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y RQADDR=sinSelect14 REPLYQ=Y
sinInsert_server SRVGRP=GROUP13 SRVID=523 MIN=10 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y RQADDR=sinInsert13 REPLYQ=Y
sinInsert_server SRVGRP=GROUP14 SRVID=564 MIN=10 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y RQADDR=sinInsert14 REPLYQ=Y
sinDelete_server SRVGRP=GROUP13 SRVID=603 MIN=10 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y RQADDR=sinDelete13 REPLYQ=Y
sinDelete_server SRVGRP=GROUP14 SRVID=644 MIN=10 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y RQADDR=sinDelete14 REPLYQ=Y
sinDdl_server SRVGRP=GROUP13 SRVID=703 MIN=5 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y RQADDR=sinDdl13 REPLYQ=Y
sinDdl_server SRVGRP=GROUP14 SRVID=744 MIN=5 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y RQADDR=sinDdl14 REPLYQ=Y
lockselect_server SRVGRP=GROUP13 SRVID=803 MIN=10 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y RQADDR=lockselect13 REPLYQ=Y
lockselect_server SRVGRP=GROUP14 SRVID=844 MIN=10 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y RQADDR=lockselect14 REPLYQ=Y
#mulup_server SRVGRP=GROUP13 SRVID=13 MIN=2 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y RQADDR=mulup13 REPLYQ=Y
#mulup_server SRVGRP=GROUP14 SRVID=64 MIN=2 MAX=30 MAXGEN=10 GRACE=10 RESTART=Y RQADDR=mulup14 REPLYQ=Y
WSL SRVGRP=GROUP11 SRVID=1000
CLOPT="-A -- -n//120.3.8.237:7200 -I 60 -T 60 -w WSH -m 50 -M 100 -x 6 -N 3600"
WSL SRVGRP=GROUP12 SRVID=1001
CLOPT="-A -- -n//120.3.8.238:7200 -I 60 -T 60 -w WSH -m 50 -M 100 -x 6 -N 3600"
WSL SRVGRP=GROUP13 SRVID=1003
CLOPT="-A -- -n//120.3.8.237:7203 -I 60 -T 60 -w WSH -m 50 -M 100 -x 6 -N 3600"
WSL SRVGRP=GROUP14 SRVID=1004
CLOPT="-A -- -n//120.3.8.238:7204 -I 60 -T 60 -w WSH -m 50 -M 100 -x 6 -N 3600"
about above ubb file ,has any error ? or not correct use MSSQ
look forward to you answer,thanks. -
Cannot connect to direct access clients from management servers
I have direct access setup on a Server 2012 machine and I have successfully added clients to it. Clients can reach internal resources and everything seems to be working great inbound. However, I am having some trouble with outbound management.
From the Direct Access server I can ping, RDP, browse files, etc... From the management server I have defined in the DA setup I can only ping the machines and nothing else.
I had worked with some MS tech support to get to this point, and they had me configure my DA server and the few management server with status IPv6 addresses. I'm not sure if this is necessary or if outbound managment should work using ISATAP?
My DA server is Server 2012, and the clients are Windows 8 and Windows 8.1.You should be able to make outbound management work using either ISATAP or native IPv6. If you have configured native IPv6 and it's not working, there may be some kind of routing issue with the way that IPv6 is setup in your environment, or even a piece
of networking equipment that is not IPv6 capable.
If you're interested in trying the ISATAP route to see if you can get it working that way, Chapter 3 in this is dedicated to the setting up of ISATAP: http://www.packtpub.com/microsoft-directaccess-best-practices-and-troubleshooting/book
(sorry, not trying to be self-serving, but these kinds of questions are exactly the reason why I put the book together) -
Win8.1 Direct Access Client Stuck at "Connecting"
I'm experimenting with Direct Access in a lab setting with 1 client and 3 2012 R2 servers. The client is running Windows 8.1 Enterprise.
The client is always able to connect to the Direct Access server but is unable to ping or connect to the 2 servers that don't have RAS installed. Moreover, this behavior migrates to whichever server is running Remote Access Server: So, if I remove the role
and install on another server, the client is able to communicate with the new server, but not the old.
The connection from the client to the server is via IP-HTTPS (only option available to me in this environment). The client is able to reliably determine when it's on the Internet versus the intranet. However, when on the Internet, it stays in a "Connecting"
state and never connects, but I'm still able to access the DA server.
Does anyone have any ideas on how to resolve this?I managed to resolve the issue. I'm posting here in the hope that this may help another newbie to DA.
Here's what caused my issue: As I mentioned, this was a lab environment where the limited number of machines were fulfilling multiple roles. In particular, the DA Server was also a backup domain controller running DNS. In my research, I came across a comment
on http://directaccessguide.com that mentioned that the DA Server runs DNS64 to support clients; that made me suspicious that the regular DNS server was in some way conflicting. And, in fact, before this server was
made a backup DC, DA was functioning just fine. Removing the backup DC role resolved the issue.
So the takeaway is this: Don't run the regular DNS service on the DA Server; if you do, you will get DA client connectivity only to the DA Server. -
Some Access Forms getting an error
I used OMWB to extract the DDL and data from an Access app to an Oracle 10g database -- works well!. I also allowed the OMWB to update the access app to convert the local tables into linked tables -- also worked well!
My question is this: While I can open the linked tables by double clicking on them in the tables tab in Access, I cannot open the form built on the table. I get an error stating 'You can't go to the specified record'.
Does anyone have a suggestion as to what to look at/for? About half of the forms open fine and the others don't. I've looked for any pattern of what's different, but haven't found on.
Thanks for any insights/suggestions....A couple of new facts that maybe will help in a solution:
1. I used OMWB to migrate and load tables from Access 2003 to Oracle 10g.
2. I used OMWB to change Access to use a database link to access the newly created tables.
3. I can insert data into all tables in Oracle from sql*plus.
4. I can insert data into SOME of the tables in Oracle from Access through the linked table.
5. I cannot insert data into SOME of the tables in Oracle from Access through the linked table.
6. I am using the same user for the ODBC connection for all tables
What would cause two tables that are the same in nature (no fk, no nothing) to behave differently.
Any ideas why the differing behavior? -
Direct Access client DNS Registration q.
Hi All,
We have Direct Access installed, configured and mostly working on Windows 2012 R2 server supporting WIN 8.1 clients (only).
All internal resources are accessible and have good name resolution, etc.
However, I now have to enable "manage out" functionality. SCCM based Remote Assistance etc.
There are various guides and I think manage out is working correctly. There is a major sticking point in that the clients are attempted to register DNS names on the local DHCP server (home/office) router and registration never reaches corporate DNS servers.
I have enable "secure only" DNS registration by Group Policy.
We use split tunneling for clients.
The Direct Access server is behind a NAT firewall. (CISCO) So the only effective transition tech is IP-HTTPS.
Many thanks for any assistance in pointing me in the right direction.Hi,
>>There is a major sticking point in that the clients are attempted to register DNS names on the local DHCP server (home/office) router and registration never reaches corporate DNS servers.
Did you deploy the IPv6 in your corpnet? If no, it's normal.
If we use the IPv4 in the corpnet, the NAT64 and DNS64 will be enabled on the DirectAccess server. When the DirectAccess client sends the DNS update packet, according to the NRPT, the packet will be sent to the DirectAccess server. DirectAccess
server will on behalf of the client to register the AAAA record.
Best Regards.
Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
New windows 8.1 clients getting certificate error
We are running exchange 2010 and one of our end-users just recently purchased a windows 8.1 laptop. When he tries to connect to exchange using the built-in mail app, he gets the error, "To connect to this account, you need a valid certificate
on this PC. Contact your system administrator for more info"
I searched a lot online and found a suggestion of signing into OWA and exporting the root level certificate, then installling it. I did that, but still receive the error on his machine.
Any suggestions?Hi,
Supplementing a blog for your reference:
Supporting Windows Mail 8.1 in your organization
http://blogs.technet.com/b/exchange/archive/2013/10/18/supporting-windows-mail-8-1-in-your-organization.aspx
Hope it is helpful
Thanks
Mavis
Mavis Huang
TechNet Community Support -
Converter Web Client: get compiler error when run URL
When I try to run the Converter's web client with the the URL:
http://localhost:8000/converter
I got a compiler error on the lines:
import Converter;
import ConverterHome;
The J2EE server wants to have a "." after the Converter and ConverterHome.
Any one has any idea?
The error messages are:
HTTP Status 500 -
type Exception report
message
description The server encountered an internal error () that prevented it from fulfilling this request.
exception
org.apache.jasper.JasperException: Unable to compile class for JSP
An error occurred at line: -1 in the jsp file: null
Generated servlet error:
[javac] Compiling 1 source file
C:\app\j2sdkee1.4\web\repository\Standard-Engine\localhost\converter\index_jsp.java:7: '.' expected
import Converter;
^
C:\app\j2sdkee1.4\web\repository\Standard-Engine\localhost\converter\index_jsp.java:8: '.' expected
import ConverterHome;
^
C:\app\j2sdkee1.4\web\repository\Standard-Engine\localhost\converter\index_jsp.java:20: cannot resolve symbol
symbol : class Converter
location: class org.apache.jsp.index_jsp
private Converter converter = null;
^
C:\app\j2sdkee1.4\web\repository\Standard-Engine\localhost\converter\index_jsp.java:26: cannot resolve symbol
symbol : class ConverterHome
location: class org.apache.jsp.index_jsp
ConverterHome home = (ConverterHome)PortableRemoteObject.narrow(objRef, ConverterHome.class);
^
C:\app\j2sdkee1.4\web\repository\Standard-Engine\localhost\converter\index_jsp.java:26: cannot resolve symbol
symbol : class ConverterHome
location: class org.apache.jsp.index_jsp
ConverterHome home = (ConverterHome)PortableRemoteObject.narrow(objRef, ConverterHome.class);
^
C:\app\j2sdkee1.4\web\repository\Standard-Engine\localhost\converter\index_jsp.java:26: cannot resolve symbol
symbol : class ConverterHome
location: class org.apache.jsp.index_jsp
ConverterHome home = (ConverterHome)PortableRemoteObject.narrow(objRef, ConverterHome.class);
^
6 errors
at org.apache.jasper.compiler.DefaultErrorHandler.javacError(DefaultErrorHandler.java:125)
at org.apache.jasper.compiler.ErrorDispatcher.javacError(ErrorDispatcher.java:293)
at org.apache.jasper.compiler.Compiler.generateClass(Compiler.java:387)
at org.apache.jasper.compiler.Compiler.compile(Compiler.java:410)
at org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:570)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:295)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:289)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:240)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.catalina.util.SecurityUtil$1.run(SecurityUtil.java:200)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:499)
at org.apache.catalina.util.SecurityUtil.execute(SecurityUtil.java:210)
at org.apache.catalina.util.SecurityUtil.doAsPrivilege(SecurityUtil.java:147)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:274)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:99)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:177)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:271)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:246)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2505)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:170)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at com.sun.enterprise.webservice.EjbWebServiceValve.invoke(EjbWebServiceValve.java:133)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:383)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:469)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:223)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:405)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:380)
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:508)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:533)
at java.lang.Thread.run(Thread.java:536)
Apache Tomcat/5.0I have exactly the same error.
Me too, I'm running on Win XP. And I have had lots of trouble to deploy the converter.
I cannot install J2EE 1.3 as I am supposed to write a report on how Web Services may help my company. By the moment I can only say it takes me much more time than expected to run the J2EE 1.3 tutorial. As SUN didn't deliver a tutorial one can use.
So by the moment if anyone can HELP me to finish this converter tutorial I will be thankful.
Bye
Manuel Acevedo -
Whenever I try open my mail in Lotus Domino web Access I get an error message
'''Domino Web Access Warning. Sorry, we were unable to process your request at this time. If you are unable to continue working in your mail file, please dismiss this warning and then select View, Reload from your browser's menu. ''' Even when I reload the page I get the same error. I need a solution to this pleaseI currently upgraded to Firefox 8.0
Clear the cache and the cookies from sites that cause problems.
"Clear the Cache":
* Tools > Options > Advanced > Network > Offline Storage (Cache): "Clear Now"
"Remove Cookies" from sites causing problems:
* Tools > Options > Privacy > Cookies: "Show Cookies"
Maybe you are looking for
-
Satellite P10-504 shows just a black screen
Currently my Toshiba is acting a little odd. It boots and runs fine except there is no display on the LCD (I am currently using my TV as a monitor). The screen is on, but its black oddly adjusting the contrast (using Fn+F6 & F7) changes the shade of
-
Hi, We had created a custom BAPI. This BAPI is having a method, which in turn calls a custom FM (RFC enabled). This was working fine but due to some requirement we had to change the structure of one of the parameter used in the interface of the FM. T
-
I just bought a Mac Book Air that did not have iPhoto. I downloaded from App store and downloaded the camera driver. It is stil not reading my camera. Can anyone help. I am hours into this and so frustrated. Alicia
-
How do you get a merged CHM to open in the same window as the master? (RH8)
We have a problem where everytime you click on a topic from a merged CHM in the master TOC, it opens a new window exlusive to the chm where the topic resides. We have more than one master chm and this is the only one that does it, it is also the onl
-
Hi, I have a JSP-Struts application. By the default generation, JDeveloper build a main.html Page. This page have many Frames and one Frame is "navFrame". On this frame I have a link for a JSP Page : Browse. The call is OK. No Problems. No I have ano