DNS/DHCP app no longer sees DNS/DHCP server.

Similar Messages

• New Yorker App No Longer Sees New Issues

  Beginning with the October 7 issue, the New Yorker app on my iPad no longer "knows" about new issues. Before that I used to get notified when a new issue was available and the new issue's cover would appear in the Library.
  In order to download new issues I have to:
  Delete the New Yorker app from my iPad
  Download the New Yorker app from the App Store
  Download the new New Yorker issue
  Redownload any previous issues that I want to have on my iPad.
  Obviously, this is tedious, time consuming and stupid.
  The New Yorker app on my iPhone works fine. I get notified of new issues and new issues appear in the Library.
  I have no other issues with my iPad. I'm on iOS 7.0.2. I'm on WiFi with a decent connection. I have tried restarting the iPad and resetting it. No joy.
  Does anyone else have similar problems?

  Same problem and from the same issue. I'm in India, wonder if it's a geographical issue.

• Remote app no longer sees AppleTV and shares

  I've noticed that the Remote App on my iPhone 4 looks different than it used to, so I guess it's been updated recently. Anyways, now I don't have AirPlay anymore in any video or audio apps. I haven't changed anything in terms of network set up, AppleTV configuration, nor my PC and Mac itunes sharing. Everything is the same.
  The ONLY thing I can think of, other than the Remote app being updated is that I had my wireless router turned off for two weeks while on vacation. However, on returning, EVERYTHING JUST WORKS. iphone wifi access is fine, Apple TV access is fine (been watching podcasts and netflix no problem), and PCs and laptops connect same as always.
  THe ONLY difference is my iphone cannot "see" AppleTV in Remote App and Airplay feature is GONE. My homesharing is still displayed as selectable libraries in the app, but selecting one NEVER CONNECTS. This also used to work perfectly fine.
  I'm quite frustrated at losing such a feature.
  For what it's worth, the AppleTV doesn't seem to "see" my shared library either (under "Computers")

  Welcome to the Apple Community.
  Try the following steps, check whether things are working after each step where appropriate, before trying the next.
  Check AirPlay is turned on on the Apple TV (turn it off and on if it already is)
  Check that both devices are on the same network (Settings > Wifi, on the mobile device and Settings > General > Network, on the Apple TV).
  Restart the Apple TV (Settings > General > Restart).
  Restart the Apple TV by removing ALL the cables for 30 seconds.
  Restart your router. (Also try removing it’s power cord for at least 30 seconds)
  Restart your mobile device.

• DHCP Server with the Static IP fill out DNS information

  When filling out the DHCP Server with the Static IP from ipconfig.exe in the "Preferred DNS server IPv4 address:
  192.168.1.199
  The same as in the static IP.  The IPv6 DNS one validates IPv4 does not.
  I tried using the IPv4 Address and that validated but gave an error at the end: 1059 and 1046.
  Gives an error:
  "The DNS Server at the specified IP address does not support the required TCP protocol."

  Hi,
  Firstly, would you please post the result of running “ipconfig/all” on the DHCP server and domain controller?
  It seems that the DHCP server cannot be authorized in AD DS. Please make sure that the DHCP server is a domain member and try to ping the domain controller on the DHCP server.
  Best regards,
  Susie

• Install keeps installing DNS / DHCP server

  Install kept installing DHCP server - after about 8 attempts shutdown the
  interface (simba) and started again
  now its doing the same with DNS
  is format and start again the only option ?

  simon,
  It appears that in the past few days you have not received a response to your
  posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Visit http://support.novell.com and search the knowledgebase and/or check all
  the other self support options and support programs available.
  - You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://forums.novell.com)
  Be sure to read the forum FAQ about what to expect in the way of responses:
  http://forums.novell.com/faq.php
  If this is a reply to a duplicate posting, please ignore and accept our apologies
  and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://support.novell.com/forums/

• How to migrate DNS, DHCP Server from 2003 to 2012

  Hi all,
  I have one old server running server 2003, and i need to migrate the dns and dhcp server to server 2012.
  I found all the articles, there are only migrate from 2003 to 2008 or 2008 to 2012.
  Is there anyway to migrate it?
  Thanks.

  Really confused why the "answer" to this thread states it can't be done, when clearly it can.  This is the official approach (article dated Oct 2013):
  Migrate DHCP Server to Windows Server 2012 R2
  Within, you'll see that it says:
  This guide provides instructions for migration of a DHCP server from a server that is running Windows Server 2003 or a later operating system to a server running Windows Server 2012 R2. Supported operating systems are listed in the following table.
  Mike Crowley | MVP
  My Blog --
  Planet Technologies

• How do I setup 'local' dns lookups for hostnames using DHCP server on WRT610N?

  Said router with latest firmware has DHCP reservation setup with reserved clients names mapped to specific MAC addresses/IP addresses.  I'd like my clients (a mixture of Mac and W7) to access mapped devices via hostnames and not IP addresses.   I have static IP address provided by my ISP configured on the router with it's corresponding ISP DNS server addresses.  FYI, the DHCP server DNS settings on the router are masked out (can't be changed) on the router and looks to be inherited from the Internet setup (in which I've entered the DNS IP addresses of my ISP's DNS).
  On my clients, nslookup (or equivalent) clearly specify that the DHCP is pumping out the DNS servers from the ISP.  Why would it not look for the reserved client hostnames first?
  I know I can setup local /etc/hosts (or equivalents) or override the DNS and point to the router's IP address on the clients but I'd rather not - that's a lot of maintenance.  I can also setup an internal DNS server, but again, overkill. 
  Is this feature available on this router or am I doing something wrong?  An aging integrated Westell 327W DSL model/router used to be able to provide internal network DNS - but this more modern capable WRT610N router does not?  Thoughts?   Thanks.

  Well its not possible to access the storage driver using the host name.. You can access the storage driver using only the IP address. As the Linksys Router doesn't work on a Host Name.

• VPN no longer working after moving DHCP server to router

  I am preparing my SBS 2008 environment for migration to Server 2012 R2 Essentials.  I moved the DHCP server to the router (a Netgear R7000 with standard firmware).  I am able to access RWW and CompanyWeb via the router from external locations. 
  With the VPN, however, I can only connect but cannot access any network resource (including file shares).  The VPN is supported by the SBS server with RRAS.  I didn't change any of the configuration because I didn't think any of it needed to be changed.  The
  router just needs to get it's reservations from a different DHCP server, right?  Anyway, would appreciate if someone can shed some light on what's going on here.
  JeHarry

  Hello JeHarry,
  I would recommend you to follow the TechNet to migrate SBS 2008 to 2012 R2 Essentials. Don't skip any part.
  https://technet.microsoft.com/en-us/library/jj200141.aspx
  Troubleshooting VPN Issues on 2012
  http://blogs.technet.com/b/sbs/archive/2014/06/11/troubleshooting-common-vpn-issues-on-windows-server-2012-r2-essentials.aspx
  Binu Kumar - MCP, MCITP, MCTS , MBA - IT , Director Aarbin Technology Pvt Ltd - Please remember to mark the replies as answers if they help and unmark them if they provide no help.

• Wired ethernet can't communicate with DHCP server

  Hi all
  I have a Mac Mini running Mac OS X Server. I recently changed a bunch of network settings, and since then I can't get the Mac to acquire an address from DHCP through the wired connection.
  The wireless ethernet connects to the same router and acquires it's IP address, DNS, and router information through DHCP without a problem.
  The wired ethernet connection is unable to communicate with the DHCP server. The router detects it, and sees it as having it's self-assigned ip address (169.254.74.247). The subnet mask is wrong (255.255.0.0 vs. 255.255.255.0) as well. Both are greyed out in network preferences when DHCP is selected. I've tried all of the obvious steps (restarting networking, rebooting everything, running the diagnostic tool, disabling wireless airport, etc.) to get it to work, with no change.
  I can get it to connect with a manually assigned IP, but that's not a long term solution for my network.
  I have had this issue with multiple routers. Currently I'm using a gigabit-e router - netgear WNDR3700. Other machines connect to the router just fine through wired ethernet (xbox360 and linkstation mini).
  I'm new to Mac OS, but not new to networking. Any help would be appreciated.

  This might be an old discussion but it was helpful to me.  Well, almost.  After reading this discussion, I arrived the same place that xoofoo above did.  After some poking around, I was able to find the answers.  (Feel free to correct me if I'm wrong, please!)
  Here's what I did:
  Launch "Server Admin" in Applications/Server folder
  Open the list of services by clicking on the triangle next to the Server listed in the left pane.
  Click on "Firewall"
  Click on "Settings" tab
  Click on "Editing services for" and select "192.168-net" (or if necessary, select "any".)
  In the window below, go down the list and tick both "DHCP and Netboot client" and "DHCPDISCOVER".  (hint, this list is sorted by ports number, go down and look for port 68).
  Click "Save".
  That should do the trick!  Hope this is helpful to others in the future.

• Can I use my WRT54G as a DHCP server only? I've got 5 dynamic IP's from Time Warner..

  Hi everyone, I'm wondering if I can use my WRT54G as a DHCP server only only my network, without having to have any of my PC's plugged into it's router ports?  I looked at the settings but I couldn't get it to work.
  Here's why:  I just got Time Warner Business Class cable internet which comes with 5 dynamic IP's.  I want each computer, well 4 of them at least and 1 for the WRT54G, to have a unique IP when accessing the internet, and the other computers (5 more computers) to use the DHCP server in the WRT54G to get a NAT IP for use on the internet.
  We play Diablo II on the internet and only 4 computers can be connected through 1 IP, so that limits us in my current configuration.
  Current Equipment: One WRT54G, one Netgear GS116 16 port gigabit non-managed switch.  One Time Warner Cable modem.  Also attached to the network is one HP network printer, a Buffalo LinkStation NAS and a Zensonic Network DVD player.
  Current config:  Cable modem -->  WRT54G --> Netgear switch.
  Ideal config: Cable modem -->  Netgear switch -->  WRT54G.
  With my current config, I am not taking advantage of the 5 dynamic IP's, but all the computers connected to the Netgear switch or the WRT54G can connect to the internet and the NAS. 
  So my ideal config (where I don't have to buy anything and where all the computers can print and access the NAS) is to connect all the computers and devices to the Netgear Switch and somehow force 4 of the computers and the WRT54G to get a dynamic IP from the cable modem, while the other computers and devices use the DHCP server on the WRT54G to get to the internet. 
  Is this possible?
  I called Time Warner Cable and they weren't any help.  I called the Linksys sales department and they weren't of much help either. 
  I suppose that I could purchase a new 8 port switch and attach 4 computers, the cable modem and the WRT54G to it.  Then attach the Netgear to the WRT54G to accomodate the printer, NAS, and the other 5 computers.  But in that senario, the 4  computers connected to the new switch can't print and can't reach the NAS.  And geez, some computers would have to go through 3 devices to reach the internet, which has got to slow them down.
  I did read about the Linksys EFG120 which has a DHCP server, but at $400 and only 120 gigs, it doesn't work for me. 
  I called Time Warner and the cost of more dynamic IP's is prohibitive, I'm already paying $79 a month for this internet and they want another $50 a month for 7 more dynamic IP's and that wouldn't help my NAS or my printer.
  The cost of a 16 port gigabit switch with DHCP is an amazing $800 or so, which is out of the question. 
  Sorry for being so long winded and thanks for reading this far.  I'm looking forward to any replies. 

  That is a hell of a setup. I don't know if it would be easier and cheaper to either buy a real router like a Cisco, get fixed IP addresses and a RV042, or buy 4 network cards for the four of the five computers which need the internet access for gaming.
  O.K. First your setup:
  1. You wire the modem to the 6-port switch.
  2. You connect the remaining 5 ports with the WAN ports of 5 WRTs with DHCP on the WAN interface.
  3. You configure each WRT with unique LAN IP addresses in the same subnet, e.g. 192.168.1.1/255.255.255.0, 192.168.1.2, 192.168.1.3, 192.168.1.4, 192.168.1.5.
  4. You turn off all DHCP servers except on one, e.g. 192.168.1.1. That router will be the default router and internet connection for any client which gets dynamic LAN addresses (as fallback or guests, I would not configure the NAS or printer with DHCP addresses if you have everything else on static IP addresses). You can certainly disable all DHCP servers if you want, too.
  5. Now you connect all WRTs with each other.
  5a. You connect port 1 of the 1st WRT with port 1 of the 2nd.
  You connect port 2 of the 2nd with port 1 of the 3rd.
  Port 2 of the 3rd with port 1 of the 4th.
  Port 2 of the 4th with port 1 of the 5th.
  (Do not create a loop connecting port 2 of the 5th with port 2 of the 1st!!)
  5b. You buy another switch and connect each port 1 of each router with this switch. This has the advantage that you don't have a long cascade between the 1st and the 5th router like in 5a.
  6. You connect all devices to the LAN.
  6a. If you did 5a, you will probably put each computer to the router which internet connection it uses. The NAS and printer could go anywhere.
  6b. If you did 5b, you hopefully bought a 16 or 24 port switch. Then you plug simply everything into that switch. Otherwise you can certainly use the free ports of the WRTs like in 6a.
  7. You configure all your devices with static IP addresses. For instance,
  IP 192.168.1.11
  netmask 255.255.255.0
  gateway 192.168.1.1
  For the DNS servers I would highly recommend to use the DNS servers of your ISP directly and not use the relay on 192.168.1.1.
  The gateway address defines through which router the computer connects to the internet.
  8. You may still have to configure port forwardings on the router to the game computer if required for the game.
  An interesting alternative to this setup might be to buy 4/5 network cards for the 4/5 computers with direct internet access. Then you use the one network card to connect to your single LAN behind your single WRT. The other network card goes into the switch behind the modem and has direct internet access. You then have to tell Windows which of the network cards has the default gateway for the internet connection (to prevent routing all traffic through the LAN and the WRT to the internet). One game computer would have to be behind the WRT.

• How to replace DHCP server from domainA with DHCP from domainB?

  Hello fellow Administrators,
  We have one remote site with one subnet. There's domainA domain controller and about 100 domainA's client computers in that subnet. We're about to send 100 domainB's client computers there as well.
  There's also domainA's DHCP server running on the same subnet. DHCP scope options include domainA's domain name, gw and domainA's DNS server addresses.
  DomainA and DomainB belongs to separate forests and there's two-way trust between them. DomainA DNS has stubzone for DomainB and DomainB has stubzone for domainA. That's how
  clients can resolve hostnames of other domain.
  All domainA's clients in remote site will be replaced gradually with domainB's client computers, but this can take a long time.
  I want to note, that I cannot create second subnet for domainB at the moment.
  At some point, we need to deploy DHCP server to domainB's member server in the remote site. What are the steps I should take to replace existing domainA's DHCP server with domainB's DHCP server while still allowing clients from domainA and domainB to successfully
  find domain controller of their own domain and being able to resolve hostnames from both domains?

  When the devices on your network first request an IP address or reach the end of their leases (or you force them to check their lease is still valid) they will simply
  broadcast a request for a DHCP server, and will accept an offer from the first DHCP server
  to reply. 
  Multiple DHCP servers PT 1: Spanning multiple subnets.
  If you have several VLANs or physical network segments that are separated into different subnets, and you want to provide a DHCP service to devices in all those subnets then there are two ways of doing this.
  If the router / layer 3 switch separating them can act as a BOOTP/DHCP relay agent, then you can continue to keep all your DHCP server(s) in one or two central parts of your network and configure your DHCP server(s) to support multiple ranges of addresses.
  In order to support this, your router or layer 3 switch must support the BOOTP relay agent specification covered in section
  4 of RFC 1542.
  If your router does not support RFC 1542 BOOTP relay agents, or if some of your network segments are geographically dispersed over slow links, then you will need to place one or more DHCP server in each subnet. This ‘local’ DHCP server will only serve its own
  local segment’s requirements, and there is no interaction between it and other DHCP servers. If this is what you want then you can simply configure each DHCP server as a standalone server, with the details of the address pool for its own subnet, and not worry
  about any other DHCP servers on other parts of the network. This is the most basic example of having more than one DHCP server on the same network.
  http://www.arabitpro.com

• Script to query DHCP server for computer name if IP address is known

  I run vulnerability scans of my company’s network. After scanning my network I have a lists of IP addresses with no computer names. Most of them appear to be VTC or telephony
  systems so they are don’t respond to NBTSTAT. I can manually
  find them in my DHCP server but the lists is quite long. Does anyone know of a script that I can run against the IP address lists that would query the DHCP server and return the associated machine name that is listed in the DHCP server? 

  Surely you have a DNS server and this is all set up and you're not relying on NetBIOS broadcasts or a WINS server?
  PowerShell:
  ([Net.Dns]::GetHostByAddress("123.123.123.123")).HostName
  -- Bill Stewart [Bill_Stewart]

• Disable dhcp proxy for PPP VPN (outside DHCP server + NPS)

  Hi,
  Our VPN setup is to authenticate / authorize via RADIUS to a Microsoft NPS server / Active Directory and use our internal DHCP server to receive its information. We are running a Cisco 2811, with firmware release k9 15.1- 4.M5.
  However, we have been having some issues with our setup for a dial-in VPN. We managed to get almost everything working.
  The user can dial in and authenticate and it even builds the proper PPTP tunnel. However, the client machine when it sends out a DHCP requests seems to get forced to proxy through the Cisco router. Thus what the DHCP server sees is a encoded MAC address from the cisco all the time and sees the client as being the cisco router not the VPN client/user. This is rather frustrating, as in Active directory DNS tables it will show up as the router having x number of different IP addresses and the end client doesn't show up at all.
  I have tried utilizing a bunch of different configuration options to test, all with the same outcome.
  Utilizing "ip helper-address <dhcp server>", didn't work to forward correct. Thent trying to turn of all DHCP services, with the global command of "no service dhcp", didn't change any result. Neither did setting a global command of "ip dhcp-server <dhcp server>".
  What i am trying to acchive is that the cisco does NOT mess with the dhcp request and just allows it to pass through.
  Anyone have any idea?
  Here are the parts of the current configuration in respect to this:
  no service dhcp
  aaa new-model
  aaa authentication login CONSOLE local
  aaa authentication ppp default group radius local
  aaa authorization network default if-authenticated
  aaa session-id common
  no ip domain lookup
  ip domain name <domain>
  ip name-server xxx.xxx.xxx.xxx
  ip dhcp-server xxx.xxx.xxx.xxx
  vpdn enable
  vpdn-group 1
  ! Default PPTP VPDN group
  accept-dialin
    protocol pptp
    virtual-template 1
  interface Virtual-Template1
  ip unnumbered FastEthernet0/1    <-Internal Interface
  no ip proxy-arp
  ip nat inside
  no ip virtual-reassembly in
  peer default ip address dhcp
  ppp encrypt mppe auto required
  ppp authentication pap chap ms-chap ms-chap-v2
  radius-server host xxx.xxx.xxx.xxx
  radius-server key <private key>
  And the problem that i am seeing when running a debug on dhcp:
  *Jan 15 09:01:46.558: DHCP: proxy allocate request
  *Jan 15 09:01:46.558: DHCP: new entry. add to queue, interface Virtual-Access5
  *Jan 15 09:01:46.558: DHCP: Client socket is opened
  *Jan 15 09:01:46.558: DHCP: SDiscover attempt # 1 for entry:
  *Jan 15 09:01:46.558: DHCP: SDiscover: sending 284 byte length DHCP packet
  *Jan 15 09:01:46.558: DHCP: SDiscover 284 bytes
  *Jan 15 09:01:46.562: DHCP: XID MATCH in dhcpc_for_us()
  *Jan 15 09:01:46.990: DHCP: Received a BOOTREP pkt
  *Jan 15 09:01:46.990: DHCP: offer received from <DHCP SERVER>
  *Jan 15 09:01:46.990: DHCP: SRequest attempt # 1 for entry:
  *Jan 15 09:01:46.990: DHCP: SRequest- Server ID option: <DHCP SERVER>
  *Jan 15 09:01:46.990: DHCP: SRequest- Requested IP addr option: 192.168.10.100
  *Jan 15 09:01:46.990: DHCP: SRequest: 296 bytes
  *Jan 15 09:01:46.990: DHCP: SRequest: 296 bytes
  *Jan 15 09:01:46.994: DHCP: XID MATCH in dhcpc_for_us()
  *Jan 15 09:01:46.994: DHCP: Received a BOOTREP pkt
  *Jan 15 09:01:46.994: DHCP: Sending notification of ASSIGNMENT:
  *Jan 15 09:01:46.994:   Address 0.0.0.0 mask 0.0.0.0
  *Jan 15 09:01:46.994: DHCP Proxy Client Pooling: ***Allocated IP address: 192.168.10.100
  *Jan 15 09:01:46.994: DHCP: look up prim DNS for Vi5 from lease good ret: <DNS server 1>
  *Jan 15 09:01:46.998: DHCP: look up prim NBNS for Vi5 from lease any ret: fail
  *Jan 15 09:01:46.998: DHCP: look up sec DNS for Vi5 from lease good ret: <DHCP Server>
  *Jan 15 09:01:46.998: DHCP: look up sec NBNS for Vi5 from lease any ret: fail
  *Jan 15 09:01:47.018: DHCP: look up prim DNS for Vi5 from lease good ret: <DNS server 1>
  *Jan 15 09:01:47.018: DHCP: look up sec DNS for Vi5 from lease good ret: <DHCP Server>
  *Jan 15 09:01:47.038: DHCP: look up prim DNS for Vi5 from lease good ret: <DNS server 1>
  *Jan 15 09:01:47.038: DHCP: look up sec DNS for Vi5 from lease good ret: <DHCP Server>
  *Jan 15 09:01:56.826: DHCP: Interface Virtual-Access5 going down. Releasing: 192.168.10.100
  *Jan 15 09:01:56.826: DHCP: start holddown for 192.168.10.100
  *Jan 15 09:01:56.826: DHCP: Holddown and T1 remain 1792 sec
  As one can see even with the configuration to turn of any proxy or dhcp, the cisco router still try's to interject and proxy the request, aka:
  DHCP: proxy allocate request
  If anyone has any idea, please let me know
  Thanks
  S.

  Hello Stephen.
  How is this behaviour in 7.5? It's weird because in the individual interfaces you might change the value, but it doesn't get accepted. So it still seems that it's a global setting... but then: why showing this item to be changed on each interface?
  Kind regards,
  Flavio.

• Remote access VPN with ASA 5510 using DHCP server

  Hi,
  Can someone please share your knowledge to help me find why I am not able to receive an IP address on remote access VPN connection while I can get an IP address on local DHCP pool?
  I am trying to setup remote access VPN with ASA 5510. It works with local dhcp pool but doesn't seem to work when I tried using an existing DHCP server. It is being tested in an internal network as follows:
  ASA Version 8.2(5)
  interface Ethernet0/1
  nameif inside
  security-level 100
  ip address 10.6.0.12 255.255.254.0
  ip local pool testpool 10.6.240.150-10.6.240.159 mask 255.255.248.0 !(worked with this)
  route inside 0.0.0.0 0.0.0.0 10.6.0.1 1
  crypto ipsec transform-set FirstSet esp-3des esp-md5-hmac
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto dynamic-map dyn1 1 set transform-set FirstSet
  crypto map mymap 1 ipsec-isakmp dynamic dyn1
  crypto map mymap interface inside
  crypto isakmp enable inside
  crypto isakmp policy 1
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 43200
  vpn-addr-assign aaa
  vpn-addr-assign dhcp
  group-policy testgroup internal
  group-policy testgroup attributes
  dhcp-network-scope 10.6.192.1
  ipsec-udp enable
  ipsec-udp-port 10000
  username testlay password *********** encrypted
  tunnel-group testgroup type remote-access
  tunnel-group testgroup general-attributes
  default-group-policy testgroup
  dhcp-server 10.6.20.3
  tunnel-group testgroup ipsec-attributes
  pre-shared-key *****
  I got following output when I test connect to ASA with Cisco VPN client 5.0
  Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + VENDO
  4024 bytesR copied in 3.41 0 secs (1341 by(tes/sec)13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 853
  Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing SA payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing ke payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing ISA_KE payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing nonce payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing ID payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received xauth V6 VID
  Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received DPD VID
  Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received Fragmentation VID
  Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, IKE Peer included IKE fragmentation capability flags:  Main Mode:        True  Aggressive Mode:  False
  Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received NAT-Traversal ver 02 VID
  Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, processing VID payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: IP = 10.15.200.108, Received Cisco Unity client VID
  Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, Connection landed on tunnel_group testgroup
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing IKE SA payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, IKE SA Proposal # 1, Transform # 9 acceptable  Matches global IKE entry # 1
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing ISAKMP SA payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing ke payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing nonce payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Generating keys for Responder...
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing ID payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing hash payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Computing hash for ISAKMP
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing Cisco Unity VID payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing xauth V6 VID payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing dpd vid payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing NAT-Traversal VID ver 02 payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing NAT-Discovery payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, computing NAT Discovery hash
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing NAT-Discovery payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, computing NAT Discovery hash
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing Fragmentation VID + extended capabilities payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing VID payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
  Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + HASH (8) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (130) + NAT-D (130) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 440
  Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + HASH (8) + NOTIFY (11) + NAT-D (130) + NAT-D (130) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 168
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing hash payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Computing hash for ISAKMP
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing notify payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing NAT-Discovery payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, computing NAT Discovery hash
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing NAT-Discovery payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, computing NAT Discovery hash
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing VID payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Processing IOS/PIX Vendor ID payload (version: 1.0.0, capabilities: 00000408)
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, processing VID payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Received Cisco Unity client VID
  Jan 16 15:39:21 [IKEv1]: Group = testgroup, I
  [OK]
  kens-mgmt-012# P = 10.15.200.108, Automatic NAT Detection Status:     Remote end is NOT behind a NAT device     This   end is NOT behind a NAT device
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing blank hash payload
  Jan 16 15:39:21 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, constructing qm hash payload
  Jan 16 15:39:21 [IKEv1]: IP = 10.15.200.108, IKE_DECODE SENDING Message (msgid=d4ca48e4) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 72
  Jan 16 15:39:26 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=d4ca48e4) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 87
  Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, process_attr(): Enter!
  Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, IP = 10.15.200.108, Processing MODE_CFG Reply attributes.
  Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: primary DNS = cleared
  Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: secondary DNS = cleared
  Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: primary WINS = cleared
  Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: secondary WINS = cleared
  Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: IP Compression = disabled
  Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: Split Tunneling Policy = Disabled
  Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: Browser Proxy Setting = no-modify
  Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKEGetUserAttributes: Browser Proxy Bypass Local = disable
  Jan 16 15:39:26 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, User (testlay) authenticated.
  Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing blank hash payload
  Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing qm hash payload
  Jan 16 15:39:26 [IKEv1]: IP = 10.15.200.108, IKE_DECODE SENDING Message (msgid=6b1b471) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 64
  Jan 16 15:39:26 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=6b1b471) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 60
  Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, process_attr(): Enter!
  Jan 16 15:39:26 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Processing cfg ACK attributes
  Jan 16 15:39:27 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=49ae1bb8) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 182
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, process_attr(): Enter!
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Processing cfg Request attributes
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for IPV4 address!
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for IPV4 net mask!
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for DNS server address!
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for WINS server address!
  Jan 16 15:39:27 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Received unsupported transaction mode attribute: 5
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Banner!
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Save PW setting!
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Default Domain Name!
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Split Tunnel List!
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Split DNS!
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for PFS setting!
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Client Browser Proxy Setting!
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for backup ip-sec peer list!
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Client Smartcard Removal Disconnect Setting!
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for Application Version!
  Jan 16 15:39:27 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Client Type: WinNT  Client Application Version: 5.0.07.0440
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for FWTYPE!
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for DHCP hostname for DDNS is: DEC20128!
  Jan 16 15:39:27 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, MODE_CFG: Received request for UDP Port!
  Jan 16 15:39:32 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Duplicate Phase 2 packet detected.  No last packet to retransmit.
  Jan 16 15:39:37 [IKEv1]: IP = 10.15.200.108, IKE_DECODE RECEIVED Message (msgid=b04e830f) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
  Jan 16 15:39:37 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, processing hash payload
  Jan 16 15:39:37 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, processing notify payload
  Jan 16 15:39:37 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Duplicate Phase 2 packet detected.  No last packet to retransmit.
  Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKE received response of type [] to a request from the IP address utility
  Jan 16 15:39:39 [IKEv1]: Group = testgroup, Username = testlay, IP = 10.15.200.108, Cannot obtain an IP address for remote peer
  Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKE TM V6 FSM error history (struct &0xd8030048)  <state>, <event>:  TM_DONE, EV_ERROR-->TM_BLD_REPLY, EV_IP_FAIL-->TM_BLD_REPLY, NullEvent-->TM_BLD_REPLY, EV_GET_IP-->TM_BLD_REPLY, EV_NEED_IP-->TM_WAIT_REQ, EV_PROC_MSG-->TM_WAIT_REQ, EV_HASH_OK-->TM_WAIT_REQ, NullEvent
  Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKE AM Responder FSM error history (struct &0xd82b6740)  <state>, <event>:  AM_DONE, EV_ERROR-->AM_TM_INIT_MODECFG_V6H, EV_TM_FAIL-->AM_TM_INIT_MODECFG_V6H, NullEvent-->AM_TM_INIT_MODECFG, EV_WAIT-->AM_TM_INIT_XAUTH_V6H, EV_CHECK_QM_MSG-->AM_TM_INIT_XAUTH_V6H, EV_TM_XAUTH_OK-->AM_TM_INIT_XAUTH_V6H, NullEvent-->AM_TM_INIT_XAUTH_V6H, EV_ACTIVATE_NEW_SA
  Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, IKE SA AM:bd3a9a4b terminating:  flags 0x0945c001, refcnt 0, tuncnt 0
  Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, sending delete/delete with reason message
  Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing blank hash payload
  Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing IKE delete payload
  Jan 16 15:39:39 [IKEv1 DEBUG]: Group = testgroup, Username = testlay, IP = 10.15.200.108, constructing qm hash payload
  Jan 16 15:39:39 [IKEv1]: IP = 10.15.200.108, IKE_DECODE SENDING Message (msgid=9de30522) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 80
  Regards,
  Lay

  For RADIUS you need a aaa-server-definition:
  aaa-server NPS-RADIUS protocol radius
  aaa-server NPS-RADIUS (inside) host 10.10.18.12
    key *****   
    authentication-port 1812
    accounting-port 1813
  and tell your tunnel-group to ask that server:
  tunnel-group VPN general-attributes
    authentication-server-group NPS-RADIUS LOCAL
  Don't stop after you've improved your network! Improve the world by lending money to the working poor:
  http://www.kiva.org/invitedby/karsteni

• DNS Router & Server Setup Issues

  I'm running a Mac OS X Server on my local network. I have a D-Link 655 router that connects the machines and conencts to the internet.
  I'd like to use OS X Server's DNS instead of my ISP's. In the D-Link Router I've set the DNS to the OSX server in the WAN section. Unfortunately it doesn't allow my clients on the network to connect to the internet when I do this.
  If I set the DNS on the client to the OS X server it works fine. Or if I set the DNS on the router to my ISP's (or Google's) it works fine too.
  Is this a route configuration issue? Or is this an OS X Server issue?
  Any thoughts on how I might figure out where the problem lies and how to solve it?
  Thanks in advance

  Your DHCP server needs to pass out the IP address of your DNS server (only).  
  In general, you should not include any references your ISP DNS servers anywhere on your network.  Not in your DHCP server, not in your clients, and not as a forwarder within your own DNS server configuration.
  When you make the change, renew the leases of the devices that have the old address if needed, and alter the hard-set DNS server settings in the devices that don't use DHCP.
  The one sort-of exception to this: your DNS server should have its Network settings DNS server address set as 127.0.0.1; as the localhost address.  Not as its IP address.
  And in general, routers don't do DNS.  (Though it's common for folks to refer to devices that provide routing, NAT firewall, potentially VPN servers and other services as a "router", technically routers don't typically include DNS services.  And very few gateway devices - even the fancy ones and expensive ones - implement DNS services.)  Routers (and particularly the usual sorts of network gateways) can generallty have a DNS configuration for two reasons; to forward DNS requests to an upstream DNS server(s), and to have a DNS server address for an embedded DHCP server to pass out to DHCP clients.
  In your particular case, the IP network connectivity is very likely present in both of your test configurations, it's that your clients aren't getting DNS translations.
  Probably more than you ever cared to learn about setting up DNS services on OS X Server.