Firewall Connections to vPC Domain

Hi all,
What is the best way to connect a Firewall cluster (Checkpoint FW cluster) to a vPC Domain ?
Current Topology is like as below. We are gonna replace Cat6Ks with N7Ks.
FW#1(Active) ----- keepalive for amongt FWs -------- FW#2 (Standby)
     I                                                                               I
     I                                                                               I
     I                                                                               I
     I                 VLAN 100 HSRP on Cat6K Side               I
     I                                                                               I
     I                                                                               I
Cat6K#2 -------------------peer keepalive------------------------------Cat6K#2
           --------------------- peer link-----------------------------------
I know my options are :
Connect the FWs to an edge switch which supports etherchannel and connects to vPC domain through that port channel.
Connect the FWs through two ports (LACP config) to both N7Ks.
Setup a seperate STP link between N7Ks, configure VLAN 100 on this link and then keep running HSRP on VLAN 100 on both N7ks on this non vPC VLAN.
Setup the links between N7Ks and FWs as routed links and run a dynamic routing protocol in between.
Thanks in advance.
Dumlu

Hello all,
How about the option 1?
Our scenario is as below:
                   DMZ switch ----- PC
                    |             |
                    |             |
                    |             |
                  FW         FW   (Checkpoint with VRRP connecting to N7k using VLAN 16)
                    |             |
                    L2 Switch
                    | |           | |
                N7k-1 ---- N7k-2   (Peer Link Between N7k)
                    | |           | |
                    | |           | |
                   Inside switch ---- Server (VLAN16)
When user ping from DMZ switch PC to Server in the Inside switch, the packet loss and long response time happen intermittently.
But when we ping from Inside switch with another VLAN (VLAN12) to the server, it's okay. VLAN12 and VLAN16's gateway are on N7k with HSRP.
So N7k's inter-vlan routing seems to be okay, but through FW has problem.
L2 switch and Inside switch connect to N7k with vPC. ALL the PC/Server are in VLAN 16 and their default gateway is to N7k.
When user ping from inside to DMZ we can see a icmp redirect message, and I don't know whether it could be the problem to cause the intermittent packet loss?
Thanks.
Peter

Similar Messages

What is the best way to connect a firewall cluster to a VPC domain

Hi All
Can anyone help me decide what is the best way to connect a firewall cluster to a VDC running in a pair of N7K's which is a VPC domain?
Can I configure a VLAN interface on each VDC and use HSRP? I was planning on presenting one 10GB cable from each VDC to each firewall. Would this work OK? HSRP traffic will go across the VPC peer link correct?
thanks all

No, but the one caveat is vpc orphan ports. If the vpc link between the nexus switches fails for any reason, all the vpc ports on the vpc secondary switch will be forced down. So it's recommended to connect single port devices to the primary vpc switch so the connections stay up. But if you're ok with that, then I don't see any problems.
You have a few options, one would be to run a separate link between your nexus switches for non-vpc vlans. These vlans would not be allowed over the vpc peer-link, or forwarded out vpc's.
See here page 49 :
http://www.cisco.com/c/dam/en/us/td/docs/switches/datacenter/sw/design/vpc_design/vpc_best_practices_design_guide.pdf

Win7 Pro ws, connected to Active domain network SBS2K8 server, but firewall Public networks - Connected.

Win7 Pro workstation shows active domain network but firewall thinks it's connected to Public Network.
Other Win7 Pro workstations in the same domain have no problems and show the correct Domain Network: Connected in the firewall panel.
SBS2K8 server can't see security status of, or offer remote assistance to this ws until it's firewall is disabled.
Domain name is correct. Machine IS logged into the domain. User has normal rights / Admin account. Just like everyone else.
This system has current AV, but disabling it (not uninstalling) makes no difference. All the machine have the same AV.
Not a wireless network, standard CAT5. Network connectivity appears normal: Access files on server share, browse internet, etc... all just fine.
Already installed:
http://support.microsoft.com/kb/2524478
I've seen
http://social.technet.microsoft.com/Forums/en-US/7bce7005-b820-4340-a4c8-68025272d3aa/windows-firewall-falsely-shows-connected-to-public-network-when-my-computer-is-joined-to-domain?forum=w7itprosecurity
But this is not a virtual machine. It does run the WinXP mode V but this is happening in the regular Win7 OS.

Went back to the machine today to check your suggestions, and... now it's correct!
Hi,
How many network adapter card do you have of your computer?
Just the one. A Realtek PCIe GBE
Check whether the DNS is the correct one you had deployed
Yes, DNS is set to the 2k8 server IP as primary, and the secondary is OpenDNS.
and update the group policy by using this command ”gpupdate /force”.
Done, didn't appear to log any changes.
Check the registry key at “HKEY_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Group Policy\History\NetworkName”
The NetworkName should be the domain name, when you get this done you will get a domain network profile, then restart your computer.
This key does exist and is the correct domain name.
More information refer to this article:
http://blogs.technet.com/b/networking/archive/2010/09/08/network-location-awareness-nla-and-how-it-relates-to-windows-firewall-profiles.aspx
I think this is the answer you want.
Thanks for that. I've read through it and will keep it on file if the problem returns.
Regards
v-yamliu

The processing of Group Policy failed because of lack of network connectivity to a domain controller

We are setting up a new AD environment with one AD/DC running DNS services, and a secondary DNS server configured with secondary zone. The problem is that none of the machines in the the domain are getting GPO.
When I run a gpupdate /force from a machine, I get the following output:
"Updating Policy...
User Policy update has completed successfully.
Computer policy could not be updated successfully. The following errors were enc
ountered:
The processing of Group Policy failed because of lack of network connectivity to
a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for sever
al hours, then contact your administrator.
To diagnose the failure, review the event log or run GPRESULT /H GPReport.html f
rom the command line to access information about Group Policy results."
While the system event log outputs the following:
"The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy
has succesfully processed. If you do not see a success message for several hours, then contact your administrator."
All the machines that were joined to the domain are able to resolve in forward and reverse lookups, ping the DC and ping each other so I dont understand how the error can be resolved.
Here are few things I have tried:
1. I came across this KB which checked ok for me: http://support.microsoft.com/kb/241515
2. Made a copy of the default GPO, applied to a OU with one machine, and made sure to remove any GPO links from above
3. Enabled the following two local Group policies on a test member:
GP slow link detection
Startup policy processing wait time
4. Modified firewall to allow everything on both member and DC
5. Verified DSN logs, SRV records, access to sysvol ( added authenticated users to sysvol)
I have yet to figure out the reason for this issue. Has anyone seen anything like this before?

1. I checked the NIC, it only has one IP. and I followed your article. I set the primary DNS to its own IP and the secondary DNS to the loopback ip
2. This is a new DC and DNS server. I dont have old records yet. I also check the DNS event logs. No errors
3. I made sure the member server is pointing only to the only DC/DNS server
4. Here is the output from the dcdiag.... everything passed except, the Netlogons part. I'm not sure what means or how to fix it yet:
Starting test: NetLogons
* Warning BUILTIN\Administrators did not have the "Access this
computer
"* from network" right.
[hostname] An net use or LsaPolicy operation failed with error
1, Incorrect function..
......................... hostname failed test NetLogons
Complete output:
> hostname
Server: hostname.domain.local
Address: X.X.X.95
> ^C
C:\Windows\system32>
C:\Windows\system32>nslookup
> set type=all
>
>
>
> _ldap._tcp.dc._msdcs.domainname
_ldap._tcp.dc._msdcs.domain.local SRV service location:
priority = 0
weight = 100
port = 389
svr hostname = hostname.domain.local
hostname.domain.local internet address = X.X.X.95
> ^C
C:\Windows\system32>cd ..
C:\Windows>cd SYSVOL
C:\Windows\SYSVOL>cd sysvol
C:\Windows\SYSVOL\sysvol>dir
Volume in drive C has no label.
Volume Serial Number is F624-CDB2
Directory of C:\Windows\SYSVOL\sysvol
10/29/2014 08:25 PM <DIR> .
10/29/2014 08:25 PM <DIR> ..
10/29/2014 08:25 PM <JUNCTION> domain.local [C:\Windows\SYSVOL\domain]
0 File(s) 0 bytes
3 Dir(s) 63,971,037,184 bytes free
C:\Windows\SYSVOL\sysvol>dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = hostname
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\hostname
Starting test: Connectivity
......................... hostname passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\hostname
Starting test: Advertising
......................... hostname passed test Advertising
Starting test: FrsEvent
......................... hostname passed test FrsEvent
Starting test: DFSREvent
......................... hostname passed test DFSREvent
Starting test: SysVolCheck
......................... hostname passed test SysVolCheck
Starting test: KccEvent
......................... hostname passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... hostname passed test
KnowsOfRoleHolders
Starting test: MachineAccount
......................... hostname passed test MachineAccount
Starting test: NCSecDesc
......................... hostname passed test NCSecDesc
Starting test: NetLogons
* Warning BUILTIN\Administrators did not have the "Access this
computer
"* from network" right.
[hostname] An net use or LsaPolicy operation failed with error
1, Incorrect function..
......................... hostname failed test NetLogons
Starting test: ObjectsReplicated
......................... hostname passed test
ObjectsReplicated
Starting test: Replications
......................... hostname passed test Replications
Starting test: RidManager
......................... hostname passed test RidManager
Starting test: Services
......................... hostname passed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0x000003F6
Time Generated: 03/04/2015 18:23:06
Event String:
Name resolution for the name ctldl.windowsupdate.com timed out after
none of the configured DNS servers responded.
......................... hostname passed test SystemLog
Starting test: VerifyReferences
......................... hostname passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : emcdsm
Starting test: CheckSDRefDom
......................... emcdsm passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... emcdsm passed test CrossRefValidation
Running enterprise tests on : domain.local
Starting test: LocatorCheck
......................... domain.local passed test LocatorCheck
Starting test: Intersite
......................... domain.local passed test Intersite
C:\Windows\SYSVOL\sysvol>

Best Practice for VPC Domain failover with One M2 per N7K switch and 2 sups

I Have been testing some failover scenarios with 4 nexus 7000 switches with an M2 and an F2 card in each. Each Nexus has two supervisor modules.
I have 3 VDC's Admin, F2 and M2
all ports in the M2 are in the M2 VDC and all ports on the F2 are in the F2 VDC.
All vPC's are connected on the M2 cards, configured in the M2 VDC
We have 2 Nexus representing each "site"
In one site we have a vPC domain "100"
The vPC Peer link is connected on ports E1/3 and E1/4 in Port channel 100
The peer-keepalive is configured to use the management ports. This is patched in both Sups into our 3750s. (this is will eventually be on a management out of band switch)
Please see the diagram.
There are 2 vPC's 1&2 connected at each site which represent the virtual port channels that connect back to a pair of 3750X's (the layer 2 switch icons in the diagram.)
There is also the third vPC that connects the 4 Nexus's together. (po172)
We are stretching vlan 900 across the "sites" and would like to keep spanning tree out of this as much as we can, and minimise outages based on link failures, module failures, switch failures, sup failures etc..
ONLY the management vlan (100,101) is allowed on the port-channel between the 3750's, so vlan 900 spanning tree shouldnt have to make this decision.
We are only concerned about layer two for this part of the testing.
As we are connecting the vPC peer link to only one module in each switch (a sinlge) M2 we have configured object tracking as follows:
n7k-1(config)#track 1 interface ethernet 1/1 line-protocol
n7k-1(config)#track 2 interface ethernet 1/2 line-protocol
n7k-1(config)#track 5 interface ethernet 1/5 line-protocol
track 101 list boolean OR
n7k-1(config-track)# object 1
n7k-1(config-track)# object 2
n7k-1(config-track)# object 5
n7k-1(config-track)# end
n7k-1(config)# vpc domain 101
n7k-1(config-vpc-domain)# track 101
The other site is the same, just 100 instead of 101.
We are not tracking port channel 101, not the member interfaces of this port channel as this is the peer link and apparently tracking upstream interfaces and the peer link is only necessary when you have ONE link and one module per switch.
As the interfaces we are tracking are member ports of a vPC, is this a chicken and egg scenario when seeing if these 3 interfaces are up? or is line-protocol purely layer 1 - so that the vPC isnt downing these member ports at layer 2 when it sees a local vPC domain failure, so that the track fails?
I see most people are monitoring upstream layer3 ports that connect back to a core? what about what we are doing monitoring upstream(the 3750's) & downstream layer2 (the other site) - that are part of the very vPC we are trying to protect?
We wanted all 3 of these to be down, for example if the local M2 card failed, the keepalive would send the message to the remote peer to take over.
What are the best practices here? Which objects should we be tracking? Should we also track the perr-link Port channel101?
We saw minimal outages using this design. when reloading the M2 modules, usually 1 -3 pings lost between the laptops in the diff sites across the stretched vlan. Obviously no outages when breaking any link in a vPC
Any wisdom would be greatly appreciated.
Nick

Nick,
I was not talking about the mgmt0 interface. The vlan that you are testing will have a link blocked between the two 3750 port-channel if the root is on the nexus vPC pair.
Logically your topology is like this:
| |
| Nexus Pair |
3750-1-----------------------3750-2
Since you have this triangle setup one of the links will be in blocking state for any vlan configured on these devices.
When you are talking about vPC and L3 are you talking about L3 routing protocols or just intervaln routing.
Intervlan routing is fine. Running L3 routing protocols over the peer-link and forming an adjaceny with an router upstream using L2 links is not recommended. Teh following link should give you an idea about what I am talking here:
http://bradhedlund.com/2010/12/16/routing-over-nexus-7000-vpc-peer-link-yes-and-no/
HSRP is fine.
As mentioned tracking feature purpose is to avoid block hole of traffic. It completely depends on your network setup. Don't think you would be needing to track all the interfaces.
JayaKrishna

Can I disable spanning-tree in a vpc domain ?

i have two N7718s in a vpc domain and each have a vpc connection to 300+ TORs(non cisco switch).
each 7718 have 300+ trunk port and a trunk port carring 80 vlans . so the logical port number is 300*80 = 24000
the problem is n7k r-pvst logical ports limit is 16000,it causes the vpc primary 7718 ping latancy time exceed 1000ms
2 ways to solve this problem : use mst instead of rpvst or disable spanning-tree
if i use mst , the logical ports limit is 90000, the problem will appear one day
so i want to disable spanning-tree . 7718s' vpc link to TOR use lacp ,it will prevent some layer2 loops. can i do it?

I have the same problem. :)

"Peer-switch" command on vPC domain and spanning-tree priority interaction

Hi guy,
We have 2 N7K (N7KA and N7KB) which will be running vPC in hybird and pure vPC environment.
I have a question about the Hybird and pure vPC environment. With the "peer-switch" command enable, should i tune the spanning-tree priority to be the same for all the vlan running on vPC on both N7KA and N7KB? This way, when i enter the "sh spanning-tree vlan X(vPC vlan) detail" command on N7K, it will list both N7K announc itself as "We are the root of the spanning tree".Also the switch running spanning-tree with N7K vPC vlan (Hybird), will see both N7K has the same priority (4096), and it is not desirable for a spanning-tree environment. Therefore, i used the "spanning-tree pseudo-information" on N7KB to tune the spanning-tree priority to "8192" and the switch running spanning-tree with N7K will list N7KB has a priority of 8192(perfect).
However, I notice some strange "show" output on the switch running Port-channel with the N7KA and N7KB. The "Designated bridge" priority is flapping as show on the switch. It is constantly changing between "4096 and 8192" with the same vPC system wide mac address.
Entering the "sh spanning-tree vlan X detail" command repeatly on switch with port-channel toward N7KA and N7KB.
>>sh spanning-tree vlan 10 detail
Port 65 (Port-channel1) of VLAN10 is root forwarding
Port path cost 3, Port priority 128, Port Identifier 128.65.
Designated root has priority 4106, address 0013.05ee.bac8
Designated bridge has priority 4106, address 0013.05ee.bac8
Designated port id is 144.2999, designated path cost 0
Timers: message age 15, forward delay 0, hold 0
Number of transitions to forwarding state: 1
Link type is point-to-point by default
BPDU: sent 5, received 603
one sec later.
>>sh spanning-tree vlan 10 detail
Port 65 (Port-channel1) of VLAN10 is root forwarding Port path cost 3, Port priority 128, Port Identifier 128.65. Designated root has priority 4106, address 0013.05ee.bac8 Designated bridge has priority 8202, address 0013.05ee.bac8 Designated port id is 144.2999, designated path cost 0 Timers: message age 15, forward delay 0, hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default BPDU: sent 5, received 603
Configuration:
N7KA
spanning-tree vlan 1-10 priority 4096
vpc domain 200
peer-switch
N7KB
spanning-tree vlan 1-10 priority 4096spanning-tree pseudo-information vlan 1-10 designated priority 8192
vpc domain 200
peer-switch

We have a issue similar to this in our environment. I am trying to upgrade the existing 3750 stack router with 2 Nexus 5596 running VPC between them. For the transition I have planned to create a channel between 3750 stack and 5596's. Once this environment is set, my plan is to migrate all the access switches to N5k.
The issue is when I connect the 3750 port channel to both N5Ks, all the Vlans on 3750 started to flap. If I connect the port channel to only one N5K everything is normal; but when I connect the port channel to both N5K running VPC, vlans are flapping. Any idea what is going wrong here? Am I missing something?

I have an old external drive with a firewall connection-How do I use this on my Mac with it's USB3 ports?

I have an old external drive with a firewall connection-How do I use this on my Mac with it's USB3 ports?

Does your Mac have ThunderBolt ports?
There are ThunderBolt to FireWire adapters.
As far as I know there are no FireWire to USB 3 adapters.
Allan

Problem while connecting the Weblogic Domain to MySql5.

Hi,
I would like to send you the entire stacktrace..
JAVA Memory arguments: -Xms256m -Xmx768m -XX:CompileThreshold=8000 -XX:PermSize=128m -XX:MaxPermSize=192m
WLS Start Mode=Development
CLASSPATH=;C:\WEBLOG~1\patch_wlw1030\profiles\default\sys_manifest_classpath\weblogic_patch.jar;C:\WEBLOG~1\patch_wls1030\profiles\default\sys_manifest_classpath\weblogic_patch.jar;C:\WEBLOG~1\patch_wlp1030\profiles\default\sys_manifest_classpath\weblogic_patch.jar;C:\WEBLOG~1\patch_cie670\profiles\default\sys_manifest_classpath\weblogic_patch.jar;C:\WEBLOG~1\patch_cie660\profiles\default\sys_manifest_classpath\weblogic_patch.jar;C:\WEBLOG~1\JDK160~1\lib\tools.jar;C:\WEBLOG~1\WLSERV~1.3\server\lib\weblogic_sp.jar;C:\WEBLOG~1\WLSERV~1.3\server\lib\weblogic.jar;C:\WEBLOG~1\modules\features\weblogic.server.modules_10.3.0.0.jar;C:\WEBLOG~1\WLSERV~1.3\server\lib\webservices.jar;C:\WEBLOG~1\modules\ORGAPA~1.5/lib/ant-all.jar;C:\WEBLOG~1\modules\NETSFA~1.0_1/lib/ant-contrib.jar;;C:\WEBLOG~1\WLSERV~1.3\common\eval\pointbase\lib\pbclient57.jar;C:\WEBLOG~1\WLSERV~1.3\server\lib\xqrl.jar;C:\WEBLOG~1\WLSERV~1.3\server\lib\xquery.jar;C:\WEBLOG~1\WLSERV~1.3\server\lib\binxml.jar;
PATH=C:\WEBLOG~1\patch_wlw1030\profiles\default\native;C:\WEBLOG~1\patch_wls1030\profiles\default\native;C:\WEBLOG~1\patch_wlp1030\profiles\default\native;C:\WEBLOG~1\patch_cie670\profiles\default\native;C:\WEBLOG~1\patch_cie660\profiles\default\native;C:\WEBLOG~1\WLSERV~1.3\server\native\win\32;C:\WEBLOG~1\WLSERV~1.3\server\bin;C:\WEBLOG~1\modules\ORGAPA~1.5\bin;C:\WEBLOG~1\JDK160~1\jre\bin;C:\WEBLOG~1\JDK160~1\bin;C:\WebLogicBea\jrockit_160_05\jre\bin;E:\Oracle\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;F:\Oracle\Ora81\bin;C:\Program Files\Oracle\jre\1.1.7\bin;F:\Oracle\Ora81\orb\bin;C:\Program Files\Java\jdk1.5.0_06\bin;E:\Oracle\orb\bin;C:\WEBLOG~1\WLSERV~1.3\server\native\win\32\oci920_8
* To start WebLogic Server, use a username and *
* password assigned to an admin-level user. For *
* server administration, use the WebLogic Server *
* console at http:\\hostname:port\console *
starting weblogic with Java version:
Cleaning up license and uid files
Starting Autonomy with CONTENT_SEARCH_OPTION = full
Autonomy Distributed Search Handler engine started.
java version "1.6.0_05"
Java(TM) SE Runtime Environment (build 1.6.0_05-b13)
Java HotSpot(TM) Client VM (build 10.0-b19, mixed mode)
Starting WLS with line:
C:\WEBLOG~1\JDK160~1\bin\java -client -Xms256m -Xmx768m -XX:CompileThreshold=8000 -XX:PermSize=128m -XX:MaxPermSize=192m -Xverify:none -da -Dplatform.home=C:\WEBLOG~1\WLSERV~1.3 -Dwls.home=C:\WEBLOG~1\WLSERV~1.3\server -Dweblogic.home=C:\WEBLOG~1\WLSERV~1.3\server -Dweblogic.wsee.bind.suppressDeployErrorMessage=true -Dweblogic.wsee.skip.async.response=true -Dweblogic.management.discover=true -Dwlw.iterativeDev=true -Dwlw.testConsole=true -Dwlw.logErrorsToConsole=true -Dweblogic.ext.dirs=C:\WEBLOG~1\patch_wlw1030\profiles\default\sysext_manifest_classpath;C:\WEBLOG~1\patch_wls1030\profiles\default\sysext_manifest_classpath;C:\WEBLOG~1\patch_wlp1030\profiles\default\sysext_manifest_classpath;C:\WEBLOG~1\patch_cie670\profiles\default\sysext_manifest_classpath;C:\WEBLOG~1\patch_cie660\profiles\default\sysext_manifest_classpath;C:\WebLogicBea\wlportal_10.3\p13n\lib\system;C:\WebLogicBea\wlportal_10.3\light-portal\lib\system;C:\WebLogicBea\wlportal_10.3\portal\lib\system;C:\WebLogicBea\wlportal_10.3\info-mgmt\lib\system;C:\WebLogicBea\wlportal_10.3\analytics\lib\system;C:\WebLogicBea\wlportal_10.3\apps\lib\system;C:\WebLogicBea\wlportal_10.3\info-mgmt\deprecated\lib\system;C:\WebLogicBea\wlportal_10.3\content-mgmt\lib\system -Dweblogic.alternateTypesDirectory=C:\WebLogicBea\wlportal_10.3\portal\lib\security -Dweblogic.Name=AdminServer -Djava.security.policy=C:\WEBLOG~1\WLSERV~1.3\server\lib\weblogic.policy weblogic.Server
<Oct 27, 2009 11:15:35 AM IST> <Notice> <WebLogicServer> <BEA-000395> <Following extensions directory contents added to the end of the classpath:
C:\WebLogicBea\wlportal_10.3\analytics\lib\system\analytics_sys.jar;C:\WebLogicBea\wlportal_10.3\apps\lib\system\groupspace_system.jar;C:\WebLogicBea\wlportal_10.3\content-mgmt\lib\system\content_system.jar;C:\WebLogicBea\wlportal_10.3\info-mgmt\deprecated\lib\system\commerce_system.jar;C:\WebLogicBea\wlportal_10.3\info-mgmt\lib\system\wlp-schemas.jar;C:\WebLogicBea\wlportal_10.3\info-mgmt\lib\system\wlp_content_system.jar;C:\WebLogicBea\wlportal_10.3\info-mgmt\lib\system\wps_system.jar;C:\WebLogicBea\wlportal_10.3\light-portal\lib\system\netuix_common.jar;C:\WebLogicBea\wlportal_10.3\light-portal\lib\system\netuix_schemas.jar;C:\WebLogicBea\wlportal_10.3\light-portal\lib\system\netuix_system.jar;C:\WebLogicBea\wlportal_10.3\light-portal\lib\system\wsrp-client.jar;C:\WebLogicBea\wlportal_10.3\light-portal\lib\system\wsrp-common.jar;C:\WebLogicBea\wlportal_10.3\p13n\lib\system\p13n-schemas.jar;C:\WebLogicBea\wlportal_10.3\p13n\lib\system\p13n_common.jar;C:\WebLogicBea\wlportal_10.3\p13n\lib\system\p13n_system.jar;C:\WebLogicBea\wlportal_10.3\p13n\lib\system\wlp_services.jar;C:\WebLogicBea\wlportal_10.3\portal\lib\system\netuix_system-full.jar>
<Oct 27, 2009 11:15:35 AM IST> <Info> <WebLogicServer> <BEA-000377> <Starting WebLogic Server with Java HotSpot(TM) Client VM Version 10.0-b19 from Sun Microsystems Inc.>
<Oct 27, 2009 11:15:36 AM IST> <Info> <Management> <BEA-141107> <Version: WebLogic Server Temporary Patch for CR376251 Wed Aug 06 09:19:34 PDT 2008
WebLogic Server Temporary Patch for CR371247 Sat Aug 09 20:10:38 PDT 2008
WebLogic Server Temporary Patch for CR377673 Tue Aug 12 20:39:50 EDT 2008
WebLogic Server Temporary Patch for CR377673 Tue Aug 12 20:39:50 EDT 2008
WebLogic Server Temporary Patch for CR376759 Thu Aug 14 14:53:02 PDT 2008
WebLogic Server 10.3 Fri Jul 25 16:30:05 EDT 2008 1137967 >
<Oct 27, 2009 11:15:42 AM IST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
<Oct 27, 2009 11:15:42 AM IST> <Info> <WorkManager> <BEA-002900> <Initializing self-tuning thread pool>
<Oct 27, 2009 11:15:42 AM IST> <Notice> <Log Management> <BEA-170019> <The server log file C:\WebLogicBea\user_projects\domains\zarDbDomain\zarDbDomain\servers\AdminServer\logs\AdminServer.log is opened. All server side log events will be written to this file.>
<Oct 27, 2009 11:15:57 AM IST> <Notice> <Security> <BEA-090082> <Security initializing using security realm myrealm.>
<Oct 27, 2009 11:16:10 AM IST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STANDBY>
<Oct 27, 2009 11:16:10 AM IST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
<Oct 27, 2009 11:16:40 AM IST> <Notice> <Log Management> <BEA-170027> <The Server has established connection with the Domain level Diagnostic Service successfully.>
<Oct 27, 2009 11:16:41 AM IST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to ADMIN>
<Oct 27, 2009 11:16:41 AM IST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RESUMING>
<Oct 27, 2009 11:16:41 AM IST> <Notice> <Server> <BEA-002613> <Channel "Default" is now listening on 192.9.200.236:7001 for protocols iiop, t3, ldap, snmp, http.>
<Oct 27, 2009 11:16:41 AM IST> <Warning> <Server> <BEA-002611> <Hostname "ZieF.pl", maps to multiple IP addresses: 192.9.200.236, 127.0.0.1>
<Oct 27, 2009 11:16:41 AM IST> <Notice> <Server> <BEA-002613> <Channel "Default[1]" is now listening on 127.0.0.1:7001 for protocols iiop, t3, ldap, snmp, http.>
<Oct 27, 2009 11:16:41 AM IST> <Notice> <WebLogicServer> <BEA-000331> <Started WebLogic Admin Server "AdminServer" for domain "zarDbDomain" running in Development Mode>
<Oct 27, 2009 11:16:41 AM IST> <Warning> <Server> <BEA-002611> <Hostname "192.9.200.236", maps to multiple IP addresses: 192.9.200.236, 127.0.0.1>
<Oct 27, 2009 11:16:41 AM IST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RUNNING>
<Oct 27, 2009 11:16:41 AM IST> <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>
<Oct 27, 2009 11:17:18 AM IST> <Error> <Security> <BEA-090064> <The DeployableAuthorizer "myrealm_weblogic.security.providers.xacml.authorization.XACMLAuthorizationProviderImpl" returned an error: weblogic.security.spi.ResourceCreationException: Security:090310Failed to create resource.>
<Oct 27, 2009 11:17:20 AM IST> <Error> <Deployer> <BEA-149265> <Failure occurred in the execution of deployment request with ID '1256622425468' for task '0'. Error is: 'weblogic.application.ModuleException: Exception preparing module: EJBModule(netuix.jar)
Unable to deploy EJB: ProxyPagePersistenceManager from netuix.jar:
Exception while attempting to deploy Security Policy: weblogic.security.service.ResourceCreationException: weblogic.security.spi.ResourceCreationException: Security:090310Failed to create resource
weblogic.application.ModuleException: Exception preparing module: EJBModule(netuix.jar)
Unable to deploy EJB: ProxyPagePersistenceManager from netuix.jar:
Exception while attempting to deploy Security Policy: weblogic.security.service.ResourceCreationException: weblogic.security.spi.ResourceCreationException: Security:090310Failed to create resource
at weblogic.ejb.container.deployer.EJBModule.prepare(EJBModule.java:452)
at weblogic.application.internal.flow.ModuleListenerInvoker.prepare(ModuleListenerInvoker.java:93)
at weblogic.application.internal.flow.DeploymentCallbackFlow$1.next(DeploymentCallbackFlow.java:387)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:37)
at weblogic.application.internal.flow.DeploymentCallbackFlow.prepare(DeploymentCallbackFlow.java:58)
Truncated. see log file for complete stacktrace
weblogic.ejb20.interfaces.PrincipalNotFoundException: Exception while attempting to deploy Security Policy: weblogic.security.service.ResourceCreationException: weblogic.security.spi.ResourceCreationException: Security:090310Failed to create resource
at weblogic.ejb.container.internal.SecurityHelperWLS.deployPolicy(SecurityHelperWLS.java:357)
at weblogic.ejb.container.internal.SecurityHelper.deployPolicy(SecurityHelper.java:306)
at weblogic.ejb.container.internal.SecurityHelper.deployPolicy(SecurityHelper.java:294)
at weblogic.ejb.container.internal.SecurityHelper.deployAllPolicies(SecurityHelper.java:249)
at weblogic.ejb.container.internal.SecurityHelper.deployAllPolicies(SecurityHelper.java:228)
Truncated. see log file for complete stacktrace
<Oct 27, 2009 11:17:20 AM IST> <Warning> <Deployer> <BEA-149004> <Failures were detected while initiating deploy task for application 'myPortalEAR'.>
<Oct 27, 2009 11:17:20 AM IST> <Warning> <Deployer> <BEA-149078> <Stack trace for message 149004
weblogic.application.ModuleException: Exception preparing module: EJBModule(netuix.jar)
Unable to deploy EJB: ProxyPagePersistenceManager from netuix.jar:
Exception while attempting to deploy Security Policy: weblogic.security.service.ResourceCreationException: weblogic.security.spi.ResourceCreationException: Security:090310Failed to create resource
at weblogic.ejb.container.deployer.EJBModule.prepare(EJBModule.java:452)
at weblogic.application.internal.flow.ModuleListenerInvoker.prepare(ModuleListenerInvoker.java:93)
at weblogic.application.internal.flow.DeploymentCallbackFlow$1.next(DeploymentCallbackFlow.java:387)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:37)
at weblogic.application.internal.flow.DeploymentCallbackFlow.prepare(DeploymentCallbackFlow.java:58)
Truncated. see log file for complete stacktrace
weblogic.ejb20.interfaces.PrincipalNotFoundException: Exception while attempting to deploy Security Policy: weblogic.security.service.ResourceCreationException: weblogic.security.spi.ResourceCreationException: Security:090310Failed to create resource
at weblogic.ejb.container.internal.SecurityHelperWLS.deployPolicy(SecurityHelperWLS.java:357)
at weblogic.ejb.container.internal.SecurityHelper.deployPolicy(SecurityHelper.java:306)
at weblogic.ejb.container.internal.SecurityHelper.deployPolicy(SecurityHelper.java:294)
at weblogic.ejb.container.internal.SecurityHelper.deployAllPolicies(SecurityHelper.java:249)
at weblogic.ejb.container.internal.SecurityHelper.deployAllPolicies(SecurityHelper.java:228)
Truncated. see log file for complete stacktrace
There is around 140 Tables created in mysql database...
Is there anything wrong ?
Regards
Zarrakh

Well.. When i runned the script for mysql from the weblogic domain configuration and compared the pointbase and mysql database.. i found that there are few tables, views and triggers that are missing in mysql db.. Could you telll me how can i create this missing tables, views and triggeres
Regards

Windows 8.1 Pro workstation will not connect to our domain

My situation has me puzzled.
I've got a workstation that I want to be added to the domain. I got it added no problems. When I go to login on my own user account on the domain, it works as it should.
As I hand off this workstation over to a user and had them log into it, they mention that "There are currently no logon servers available to service the logon request."
I checked their group policies on the domain controller and its setup exactly like the others.
Most of our machines are windows 7 pro, and they all are able to login to the domain just fine; including the person in question from before on a windows 7 pro machine. For some reason however, using the same credentials and same everything else, it refuses
to attempt to try to connect to our domain.
If I'm able to connect using windows 8.1 pro on my account, while a normal user can't, I suspect its a group policy issue? The user is a member of "domain user" group so I'd think that would be the only real ticket they would need. Again they can
use their own credentials under windows 7 pro and connect up fine, and my very own credentials for windows 8.1 pro machine logged in and carried out group policy information as well.
Well now here is something, just as I was typing this up, I made a test account that has domain admin rights and low and behold, it was able to log in though it doesn't appear that group policy mapped drives or shortcuts were placed.
I guess the question now is what would a domain admin have over a domain user that would allow a domain admin to log in and not a domain user that is specific to windows 8.1 pro.

Hi
Check your DNS settings on the machine. Are you using static entries at all?
Can you ping the DC from that machine? Also try turning off UAC and check your firewalls.
Hope this helps. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Windows Server 2012 Foundation, in a Workgroup - "The server did not finish checking the license compliance. If the server is joined to a domain, make sure that the server can connect to a domain controller"...

Every few days we see two dialogs with the following messages:
Dialog 1, title: Check for Licensing Compliance is Incomplete
The server did not finish checking the license compliance. If the server is joined to a domain, make sure that the server can connect to a domain controller.
Dialog 2, title: Check for Licensing Compliance is Incomplete
The server did not finish checking the license compliance. If the server is joined to a domain, make sure that the server can connect to a domain controller. If the license compliance check cannot be completed, the server will automatically shut
down in 8 day(s) 23 hour(s) 0 minute(s).
The server is not (and never has been) joined to a domain or had any DC roles installed. In fact its still connected to the default Workgroup.
The server was configured in our office and never showed this message until it was installed on site. The main difference from what I can see is that when installed on site it was given a static IP address and does not have any DNS settings in the network
adapter properties.
I have scoured a number of forums on this error but in almost every other instance of this error message the servers are connected to a Domain Controller and the solutions generally are linked to dis-joining and rejoining the domain. Unfortunately this is
not an option for this scenario.
I initially thought that adding some relevant DNS server IP address may resolve the issue, however, we have the exact same model server configured exactly the same running at a different site that does not experience this problem. This server also has no
DNS server configured.
I have seen a post that suggests turning off the servers "Foundation Checking", but I'm unsure how to do this.

Thanks for your response Vivian.
I can confirm that this server is not (and never has been) a member of any active directory, it is configured as a Workgroup server. It was initially configured on a network that does have an active directory, but was never joined to it. During that time it
never displayed these messages.
The server was moved into production on a different site and network and setup with a static IP address.The site network does have its own active directory but the server was not joined to it. It is whilst on this new network that these messages began.
Since my original post DNS servers have been added and the Microsoft activation has been verified, however, the messages are still appearing.
There are only 2 user accounts configured on this server. The local admin account and another local admin user.
The remote desktop services roles have been installed but not yet configured. I don't think that has any bearing on this scenario though.
The description of this error in the above "Introduction to Windows Server 2012 Foundation" link states:
This error occurs when the server cannot finish checking the requirements for the root domain, forest trust configuration, or both. It usually happens when the server cannot connect to a domain controller. If the situation persists, the server will
shut down 10 days after the first time the compliance check failed. Each time this error message occurs, it will state the actual time remaining before the server will shut down. If you restart the server after it has shut down because of non-compliance, the
server will shut itself down again in 3 days.
The above description leads me to the following question - In a Workgroup environment, does the server still try to contact a domain controller to establish a level of trust? If this is the case could it be that the server can no longer see the initial DC
on its new network and this is what is triggering the messages?
Am I clutching at straws here?

Why do I get error "The LDAP server is unavailable" while connecting to external domain via sync connection in SharePoint UPSA ?

Hello,
I am trying to connect to external domain via UPS Account having "Replicate Directory changes" permission on external domain while creating sync connection in UPSA.
I have checked below URLS :
http://social.technet.microsoft.com/Forums/en-US/1912bf88-8fec-4b5d-9d1e-a42db8318e33/ldap-server-is-unavailable-sharepoint-2010-user-synchronization?forum=sharepointadminprevious
http://social.technet.microsoft.com/Forums/en-US/6525d3aa-9197-42a2-aea0-190b84ac8356/the-ldap-server-is-unavailable?forum=sharepointadminprevious
And looks like its network connectivity issue - and hence I have verified that port 389 is open by infra team.
Note : I am able to connect to local AD , does it make sense that port is not open for external domain ?
Can anyone please let me know what can be the issue ?
Your help will be highly appreciated as I am struggling to fix this issue since quite long time but no luck yet.
Thank you in advance.
Kind regards,
Dipti Chhatrapati

Hi Dipti,
If you have Two-Way trust relationship then not sure if you have tried below:
Create a folder on the SharePoint server
Go to Folder properties - Security tab
Try adding user of the external domain on the folder
Please let us know if you are able to add the user or not. If you are able to add then it means that the connection and trust is proper and you should be able to create sync connection in UPA without any issues or else there is some issue with the connectivity
or the trust which is configured.
Please also make sure that you have given permissions to sync account as per below TechNet:
http://technet.microsoft.com/en-us/library/hh296982(v=office.15).aspx
Replicate Directory changes permissions are also required on cn=configuration container, below are the steps:
Grant Replicate Directory Changes permission on the cn=configuration container
Use this procedure to grant Replicate Directory Changes permission on the cn=configuration container to an account.
To grant Replicate Directory Changes permission on the cn=configuration container
On the domain controller, click Start, click Run, type adsiedit.msc, and then click OK.
If the Configuration node is not already present, do the following:
In the navigation pane, click ADSI Edit.
On the Action menu, click Connect to.
In the Connection Point area of the Connection Settings dialog box, click Select
a well know Naming Context, select Configuration from the drop-down list, and then click OK.
Expand the Configuration node, right-click the CN=Configuration... node, and then click Properties.
In the Properties dialog box, click the Security tab.
In the Group or user names section, click Add.
Type the name of the synchronization account, and then click OK.
In the Group or user names section, select the synchronization account.
In the Permissions section, select the Allow check box next to the Replicating
Directory Changes (Replicate Directory Changes on Windows Server 2003) permission, and then click OK.
Kind regards,
Bhavik K Jain
Please ensure that you mark a question as Answered once you receive a satisfactory response.

Firefox on Linux doesnt connect to .local domains

Hello,
im running FF 3.6.18 on Ubuntu (64bit, 32bit) and im not able to connect to any domain ending in .local (for example: apple.fruits.local). Name resolution is working, prefetching and fixup is disabled. Using FF on windows works without a problem with the same domain name - only in Linux it fails.

Hi!
Thats quite simpel:
.local domains belong to the zeroconf system ( linux: avahi, apple: bonjour, windows: zeroconf) - so if you enter a www.dummy.local than the request is not forwarded to the DNS server it is forwarded to the MDNS and in many networks simply not resolvable.
Turn of the avahi, bonjour or zeroconf service or daemon and it will work again
regards
Martin

Oracle 8i: Problem with connectong trough firewall/connection manager

Hello.
i've been trying to make this work for I think 2 weeks now. with no luck. if I go around the firewall/connection manager. everything works fine.
it runs on win xp. port 1521 and port 1630 has been forwarded.
conn manager log:
(TIMESTAMP=22-JUN-2010 16:35:27)(EVENT=10)(VERSION=8.1.7.0.0)
(TIMESTAMP=22-JUN-2010 16:35:27)(EVENT=36)(rule_list= (rule=(src=xx.xx.46.145)(dst=oracle-server)(srv=*)(act=accept)))
(TIMESTAMP=22-JUN-2010 16:35:27)(EVENT=32)(PARAMETER_LIST=(MAXIMUM_RELAYS=1024)(RELAY_STATISTICS=yes)(AUTHENTICATION_LEVEL=0)(LOG_LEVEL=4)(SHOW_TNS_INFO=yes)(ANSWER_TIMEOUT=0)(MAXIMUM_CONNECT_DATA=1024)(USE_ASYNC_CALL=yes)(TRACING=no)(TRACE_DIRECTORY=default)(MAX_FREELIST_BUFFERS=0)(REMOTE_ADMIN=no))
(TIMESTAMP=22-JUN-2010 16:35:27)(EVENT=34)(ADDRESS_LIST= (ADDRESS=(PROTOCOL=tcp)(HOST=oracle-server)(PORT=1630)(QUEUESIZE=32)))
(TIMESTAMP=22-JUN-2010 16:35:31)(EVENT=102)(RLYNO=0)(ADDRESS=(PROTOCOL=tcp)(HOST=xx.xx.46.145)(PORT=11473))
(TIMESTAMP=22-JUN-2010 16:35:31)(EVENT=20)(RLYNO=0)(REASON=16)(ADDRESS=(PROTOCOL=tcp)(HOST=xx.xx.46.145)(PORT=11473))
listener ora:
# LISTENER.ORA Network Configuration File: C:\oracle\ora81\NETWORK\ADMIN\listener.ora
# Generated by Oracle configuration tools.
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC0))
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = oracle-server)(PORT = 1521))
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = oracle-server)(PORT = 2481))
(PROTOCOL_STACK =
(PRESENTATION = GIOP)
(SESSION = RAW)
SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC =
(SID_NAME = PLSExtProc)
(ORACLE_HOME = C:\oracle\ora81)
(PROGRAM = extproc)
(SID_DESC =
(GLOBAL_DBNAME = ifs)
(ORACLE_HOME = C:\oracle\ora81)
(SID_NAME = ifs)
names ora:
ifs=
(DESCRIPTION=
(SOURCE_ROUTE=yes)
(ADDRESS=
(PROTOCOL=tcp)
(HOST=oracle-server)
(PORT=1630))
(ADDRESS=
(PROTOCOL=tcp)
(HOST=oracle-server)
(PORT=1521))
(CONNECT_DATA=
(SERVICE_NAME=ifs)))
INST1_HTTP =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = oracle-server)(PORT = 1521))
(CONNECT_DATA =
(SERVER = SHARED)
(SERVICE_NAME = ifs)
(PRESENTATION = http://admin)
EXTPROC_CONNECTION_DATA =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = IPC)(Key = EXTPROC0))
(CONNECT_DATA =
(SID = PLSExtProc)
(PRESENTATION = RO)
We're very close to go with ms sql istead. help would be greatly apreciatet.
Morten
Denmark

tracing connection manager:
--- TRACE CONFIGURATION INFORMATION FOLLOWS ---
New trace stream is C:\oracle\ora81\network\trace\cman_3280.trc
New trace level is 16
--- TRACE CONFIGURATION INFORMATION ENDS ---
nfpglsn: entry
nslisten: entry
nsc2addr: entry
nttbnd2addr: entry
nttbnd2addr: port resolved to 1630
nttbnd2addr: looking up IP addr for host: oracle-server
nttbnd2addr: exit
nsc2addr: normal exit
nsopen: entry
nsmal: entry
nsmal: 420 bytes at 0xf19a68
nsmal: normal exit
nsopenmplx: entry
nsmal: entry
nsmal: 1712 bytes at 0xf19c18
nsmal: normal exit
nsopenmplx: normal exit
nsopen: opening transport...
nttcon: entry
nttcon: toc = 2
nttcnp: entry
ntvlin: entry
ntvllt: entry
ntvllt: No PROTOCOL.ORA file is found
ntvllt: exit
ntvlin: exit
nttcnp: Validnode Table IN use; err 0x0
nttcnp: creating a socket.
nttcnp: binding an address to a socket.
nttcnp: listening on a bound socket (queue size = 32).
nttcnp: getting sockname
nttcnp: exit
nttcon: exit
nsopen: transport is open
nsoptions: entry
nsoptions: lcl[0]=0x0, lcl[1]=0x2150, gbl[0]=0x0, gbl[1]=0x2001, cha=0x0
nsoptions: lcl[0]=0x1fefff, lcl[1]=0x2150, gbl[0]=0x783f, gbl[1]=0x2001
nsoptions: normal exit
nsopen: global context check-in (to slot 0) complete
nsopen: lcl[0]=0x1fefff, lcl[1]=0x2150, gbl[0]=0x783f, gbl[1]=0x2001, tdu=32767, sdu=8192
nsopen: Caller is Interchange; telling adapter
nttctl: entry
nsdo: entry
nsdo: cid=0, opcode=65, bl=0, what=0, uflgs=0x0, cflgs=0x2
nsdo: rank=64, nsctxrnk=0
nsdo: nsctx: state=7, flg=0x4202, mvd=0
nsbal: entry
nsbgetfl: entry
nsbgetfl: normal exit
nsmal: entry
nsmal: 44 bytes at 0x3ce9a0
nsmal: normal exit
nsbal: normal exit
nsdo: nsctxrnk=0
nsdo: normal exit
nsopen: normal exit
nslisten: normal exit
nsevreg: entry
nsevreg: begin registration process for 0
nsevregPrePost: entry
nsevregPrePost: normal exit
nsevreg: sgt=0, evn=1, evt[2]=0x0
nsevreg: begin notification process for 0
nsevregAffectNotif: entry
nsevregAffectNotif: exit (0)
nsevreg: rdm=0, sgt=0, evt[0]=0x1, [1]=0x1, [2]=0x0, nrg=0
nsevreg: registering for 0x1
nsevreg: normal exit
nfpglsn: exit
nscall: entry
nsmal: entry
nsmal: 140 bytes at 0xf19650
nsmal: normal exit
nscall: connecting...
nsc2addr: entry
nttbnd2addr: entry
nttbnd2addr: port resolved to 1830
nttbnd2addr: looking up IP addr for host: oracle-server
nttbnd2addr: exit
nsc2addr: normal exit
nsopen: entry
nsmal: entry
nsmal: 420 bytes at 0xf1d3b8
nsmal: normal exit
nsopenmplx: entry
nsmal: entry
nsmal: 1712 bytes at 0xf1d568
nsmal: normal exit
nsopenmplx: normal exit
nsopen: opening transport...
nttcon: entry
nttcon: toc = 1
nttcnp: entry
ntvlin: entry
ntvlin: exit
nttcnp: Validnode Table IN use; err 0x0
nttcnp: creating a socket.
nttcnp: exit
nttcni: entry
nttcni: trying to connect to socket 220.
nttcni: exit
nttcon: NT layer TCP/IP connection has been established.
nttcon: set TCP_NODELAY on 220
nttcon: exit
nsopen: transport is open
nsnainit: entry
nsnainit: call
nsnainit: NA not wanted - disabling and returning
nsoptions: entry
nsoptions: lcl[0]=0x0, lcl[1]=0x10, gbl[0]=0x0, gbl[1]=0x0, cha=0x0
nsoptions: lcl[0]=0x1fefff, lcl[1]=0x10, gbl[0]=0xf83f, gbl[1]=0x0
nsoptions: normal exit
nsopen: global context check-in (to slot 1) complete
nsopen: lcl[0]=0x1fefff, lcl[1]=0x10, gbl[0]=0xf83f, gbl[1]=0x0, tdu=32767, sdu=2048
nsdo: entry
nsdo: cid=1, opcode=65, bl=0, what=0, uflgs=0x0, cflgs=0x2
nsdo: rank=64, nsctxrnk=0
nsdo: nsctx: state=7, flg=0x4201, mvd=0
nsbal: entry
nsbgetfl: entry
nsbgetfl: normal exit
nsmal: entry
nsmal: 44 bytes at 0xf191c8
nsmal: normal exit
nsbal: normal exit
nsbal: entry
nsbgetfl: entry
nsbgetfl: normal exit
nsmal: entry
nsmal: 44 bytes at 0xf19200
nsmal: normal exit
nsbal: normal exit
nsepcIniCFI: entry
nlidg8: entry
nlidg8: exit
nsepcIniCFI: normal exit
nsdo: nsctxrnk=0
nsdo: normal exit
nsopen: normal exit
nsdo: entry
nsdo: cid=1, opcode=67, bl=0, what=8, uflgs=0x0, cflgs=0x3
nsdo: rank=64, nsctxrnk=0
nsdo: nsctx: state=14, flg=0x4205, mvd=0
nsdo: gtn=0, gtc=0, ptn=10, ptc=2019
nscon: entry
nscon: doing connect handshake...
nscon: sending NSPTCN packet
nspsend: entry
nspsend: plen=58, type=1
nttwr: entry
nttwr: socket 220 had bytes written=58
nttwr: exit
nspsend: 58 bytes to transport
nspsend: packet dump
nspsend: 00 3A 00 00 01 00 00 00 |.:......|
nspsend: 01 36 01 2C 00 00 08 00 |.6.,....|
nspsend: 7F FF A3 0A 00 00 01 00 |........|
nspsend: 00 00 00 3A 00 00 00 00 |...:....|
nspsend: 00 00 00 00 00 00 00 00 |........|
nspsend: 00 00 00 00 0E A0 00 00 |........|
nspsend: 00 00 00 00 00 00 00 00 |........|
nspsend: 00 00 00 00 00 00 00 00 |........|
nspsend: normal exit
nscon: exit (0)
nsdo: nsctxrnk=0
nsdo: normal exit
nsdo: entry
nsdo: cid=1, opcode=68, bl=256, what=9, uflgs=0x2000, cflgs=0x3
nsdo: rank=64, nsctxrnk=0
nsdo: nsctx: state=2, flg=0x4205, mvd=0
nsdo: gtn=0, gtc=0, ptn=10, ptc=2019
nscon: entry
nscon: recving a packet
nsprecv: entry
nsbal: entry
nsbgetfl: entry
nsbgetfl: normal exit
nsmal: entry
nsmal: 44 bytes at 0xf19238
nsmal: normal exit
nsbal: normal exit
nsprecv: reading from transport...
nttrd: entry
nttrd: socket 220 had bytes read=32
nttrd: exit
nsprecv: 32 bytes from transport
nsprecv: tlen=32, plen=32, type=2
nsprecv: packet dump
nsprecv: 00 20 00 00 02 00 00 00 |. ......|
nsprecv: 01 36 00 00 08 00 7F FF |.6......|
nsprecv: 01 00 00 00 00 20 00 00 |..... ..|
nsprecv: 00 00 00 00 00 00 00 00 |........|
nsprecv: normal exit
nscon: got NSPTAC packet
nsconneg: entry
nsconneg: vsn=310, gbl=0x0, sdu=2048, tdu=32767
nsconneg: normal exit
nscon: no connect data
nscon: doing connect handshake...
nscon: nsctxinf[0]=0x0, [1]=0x0
nscon: normal exit
nsdo: nsctxrnk=0
nsdo: normal exit
nsnaconn: entry
nsnainconn: entry
nsnainconn: inf->nsinfflg[0]: 0x0 inf->nsinfflg[1]: 0x0
nsnainconn: "or" info flags: 0x0
nsnainconn: "and" info flags: 0x0
nsnainconn: no native services in use - returning
nsnainconn: signalling that calling function should not continue
nsnainconn: normal exit
nsnaconn: normal exit
nscall: normal exit
nsdo: entry
nsdo: cid=1, opcode=67, bl=116, what=1, uflgs=0x2, cflgs=0x3
nsdo: rank=64, nsctxrnk=0
nsdo: nsctx: state=8, flg=0x420d, mvd=0
nsdo: gtn=32, gtc=32, ptn=10, ptc=2019
nsdo: 116 bytes to NS buffer
nsdoacts: entry
nsdofls: entry
nsdofls: DATA flags: 0x0
nsdofls: sending NSPTDA packet
nspsend: entry
nspsend: plen=126, type=6
nttwr: entry
nttwr: socket 220 had bytes written=126
nttwr: exit
nspsend: 126 bytes to transport
nspsend: packet dump
nspsend: 00 7E 00 00 06 00 00 00 |.~......|
nspsend: 00 00 30 31 31 32 28 43 |..0112(C|
nspsend: 4D 41 4E 5F 52 45 43 4F |MAN_RECO|
nspsend: 52 44 3D 28 43 4F 4D 4D |RD=(COMM|
nspsend: 41 4E 44 3D 31 30 31 29 |AND=101)|
nspsend: 28 41 44 44 52 45 53 53 |(ADDRESS|
nspsend: 5F 4C 49 53 54 3D 20 28 |_LIST= (|
nspsend: 41 44 44 52 45 53 53 3D |ADDRESS=|
nspsend: 28 50 52 4F 54 4F 43 4F |(PROTOCO|
nspsend: 4C 3D 74 63 70 29 28 48 |L=tcp)(H|
nspsend: 4F 53 54 3D 6F 72 61 63 |OST=orac|
nspsend: 6C 65 2D 73 65 72 76 65 |le-serve|
nspsend: 72 29 28 50 4F 52 54 3D |r)(PORT=|
nspsend: 31 36 33 30 29 28 51 55 |1630)(QU|
nspsend: 45 55 45 53 49 5A 45 3D |EUESIZE=|
nspsend: 33 32 29 29 29 29 00 00 |32))))..|
nspsend: normal exit
nsdofls: exit (0)
nsdoacts: flushing transport
nttctl: entry
nsdoacts: normal exit
nsdo: nsctxrnk=0
nsdo: normal exit
nsdisc: entry
nsclose: entry
nstimarmed: entry
nstimarmed: no timer allocated
nstimarmed: normal exit
nsdo: entry
nsdo: cid=1, opcode=98, bl=0, what=0, uflgs=0x40, cflgs=0x2
nsdo: rank=64, nsctxrnk=0
nsdo: nsctx: state=8, flg=0x4209, mvd=0
nsbfr: entry
nsbaddfl: entry
nsbaddfl: normal exit
nsbfr: normal exit
nsbfr: entry
nsbaddfl: entry
nsbaddfl: normal exit
nsbfr: normal exit
nsdo: nsctxrnk=0
nsdo: normal exit
nsclose: closing transport
nttdisc: entry
nttdisc: Closed socket 220
nttdisc: exit
nsclose: global context check-out (from slot 1) complete
nsnadisc: entry
nsbfr: entry
nsbaddfl: entry
nsbaddfl: normal exit
nsbfr: normal exit
nsmfr: entry
nsmfr: 1712 bytes at 0xf1d568
nsmfr: normal exit
nsmfr: entry
nsmfr: 140 bytes at 0xf19650
nsmfr: normal exit
nsmfr: entry
nsmfr: 420 bytes at 0xf1d3b8
nsmfr: normal exit
nsclose: normal exit
nsdisc: exit (0)
nfpgsev: entry
nfpgsev: waiting for an event
nsevwait: entry
nsevwait: 1 registered connection(s)
nsevwait: 0 added to NT list for 0x8
nsevwait: 0 pre-posted event(s)
nsevwait: waiting for transport event (0 thru 0)...
ntctst: size of NTTEST list is 1 - not calling poll
sntseltst: Testing for CONNECTIONS on socket 192
sntseltst: FOUND: connection request on socket 192
nsevwait: 1 newly-posted event(s)
nsevfnt: cxd: 0xf19348 stage 0: NT events set:
     CONNECTION REQUEST
nsevfnt: cxd: 0xf19348 stage 0: NS events set:
     INCOMING CALL
nsevwait: event is 0x1, on 0
nsevwait: 1 posted event(s)
nsevwait: exit (0)
nfpgsev: # event connections = 1
nfpgevh: entry
nfpgevh: event on cxd 0xf19348 (or cid 0)
nfpgevh: event flags = 0x1
nsanswer: entry
nsopen: entry
nsmal: entry
nsmal: 420 bytes at 0xf1d3b8
nsmal: normal exit
nsopenmplx: entry
nsmal: entry
nsmal: 1712 bytes at 0xf2fa08
nsmal: normal exit
nsopenmplx: normal exit
nsopen: opening transport...
nttcon: entry
nttcon: toc = 3
nttcnp: entry
ntvlin: entry
ntvlin: exit
nttcnp: Validnode Table IN use; err 0x0
nttcnp: getting sockname
nttcnp: exit
nttcnr: entry
nttcnr: waiting to accept a connection.
nttcnr: getting sockname
nttvlser: entry
nttvlser: valid node check on incoming node 85.81.46.145
nttvlser: Accepted Entry: 85.81.46.145
nttcnr: exit
nttcon: NT layer TCP/IP connection has been established.
nttcon: set TCP_NODELAY on 220
nttcon: exit
nsopen: transport is open
nsnainit: entry
nsnainit: normal exit
nsopen: global context check-in (to slot 1) complete
nsopen: lcl[0]=0x1fefff, lcl[1]=0x2153, gbl[0]=0x783f, gbl[1]=0x2001, tdu=32767, sdu=8192
nsopen: Caller is Interchange; telling adapter
nttctl: entry
nsdo: entry
nsdo: cid=1, opcode=65, bl=0, what=0, uflgs=0x0, cflgs=0x2
nsdo: rank=64, nsctxrnk=0
nsdo: nsctx: state=7, flg=0x4200, mvd=0
nsbal: entry
nsbgetfl: entry
nsbgetfl: normal exit
nsmal: entry
nsmal: 44 bytes at 0xf30e48
nsmal: normal exit
nsbal: normal exit
nsbal: entry
nsbgetfl: entry
nsbgetfl: normal exit
nsmal: entry
nsmal: 44 bytes at 0xf1de68
nsmal: normal exit
nsbal: normal exit
nsdo: nsctxrnk=0
nsdo: normal exit
nsopen: normal exit
nsanswer: deferring connect attempt; at stage 5
nsanswer: normal exit
nfpgevh: client side cid = 0x1
nsevreg: entry
nsevreg: begin registration process for 1
nsevregPrePost: entry
nsevregPrePost: normal exit
nsevreg: sgt=0, evn=1, evt[2]=0x0
nsevreg: begin notification process for 1
nsevregAffectNotif: entry
nsevregAffectNotif: exit (0)
nsevreg: rdm=0, sgt=0, evt[0]=0x20, [1]=0x20, [2]=0x0, nrg=0
nsevreg: registering for 0x20
nsevreg: normal exit
nfpgevh: event 0x20 registered for cid 1
nfpgevh: exit
nfpgsev: waiting for an event
nsevwait: entry
nsevwait: 2 registered connection(s)
nsevwait: 0 added to NT list for 0x8
nsevwait: 1 added to NT list for 0x2
nsevwait: 0 pre-posted event(s)
nsevwait: waiting for transport event (0 thru 1)...
ntctst: size of NTTEST list is 1 - not calling poll
sntseltst: Testing for CONNECTIONS on socket 192
sntseltst: Testing for DATA on socket 220
sntseltst: FOUND: read request on socket 220
nsevwait: 1 newly-posted event(s)
nsevfnt: cxd: 0x12a007c stage 5: NT events set:
     READ
nsevfnt: cxd: 0x12a007c stage 5: NS events set:
     OUTGOING CALL COMPLETE
nsprecv: entry
nsbal: entry
nsbgetfl: entry
nsbgetfl: normal exit
nsmal: entry
nsmal: 44 bytes at 0xf1dea0
nsmal: normal exit
nsbal: normal exit
nsprecv: reading from transport...
nttrd: entry
nttrd: socket 220 had bytes read=270
nttrd: exit
nsprecv: 270 bytes from transport
nsprecv: tlen=270, plen=270, type=1
nsprecv: normal exit
nsevfnt: cxd: 0x12a007c stage 5: NT events set:
     READ
nsevfnt: cxd: 0x12a007c stage 5: NS events set:
     OUTGOING CALL COMPLETE
nsevdansw: entry
nsevdansw: at STAGE 5
nsdo: entry
nsdo: cid=1, opcode=68, bl=1024, what=8, uflgs=0x0, cflgs=0x3
nsdo: rank=64, nsctxrnk=0
nsdo: nsctx: state=14, flg=0x4204, mvd=0
nsdo: gtn=0, gtc=0, ptn=10, ptc=8163
nscon: entry
nscon: doing connect handshake...
nscon: recving a packet
nsprecv: entry
nsprecv: 270 bytes from leftover
nsprecv: tlen=270, plen=270, type=1
nsprecv: packet dump
nsprecv: 01 0E 00 00 01 00 00 00 |........|
nsprecv: 01 39 01 2C 00 00 08 00 |.9.,....|
nsprecv: 7F FF C6 0E 00 00 01 00 |........|
nsprecv: 00 D4 00 3A 00 00 02 00 |...:....|
nsprecv: 61 61 00 00 00 00 00 00 |aa......|
nsprecv: 00 00 00 00 00 00 00 00 |........|
nsprecv: 00 00 00 00 00 00 00 00 |........|
nsprecv: 00 00 28 44 45 53 43 52 |..(DESCR|
nsprecv: 49 50 54 49 4F 4E 3D 28 |IPTION=(|
nsprecv: 43 4F 4E 4E 45 43 54 5F |CONNECT_|
nsprecv: 44 41 54 41 3D 28 53 45 |DATA=(SE|
nsprecv: 52 56 49 43 45 5F 4E 41 |RVICE_NA|
nsprecv: 4D 45 3D 69 66 73 29 28 |ME=ifs)(|
nsprecv: 43 49 44 3D 28 50 52 4F |CID=(PRO|
nsprecv: 47 52 41 4D 3D 43 3A 5C |GRAM=C:\|
nsprecv: 50 72 6F 67 72 61 6D 20 |Program |
nsprecv: 46 69 6C 65 73 5C 4D 69 |Files\Mi|
nsprecv: 63 72 6F 73 6F 66 74 20 |crosoft |
nsprecv: 56 69 73 75 61 6C 20 53 |Visual S|
nsprecv: 74 75 64 69 6F 20 31 30 |tudio 10|
nsprecv: 2E 30 5C 43 6F 6D 6D 6F |.0\Commo|
nsprecv: 6E 37 5C 49 44 45 5C 64 |n7\IDE\d|
nsprecv: 65 76 65 6E 76 2E 65 78 |evenv.ex|
nsprecv: 65 29 28 48 4F 53 54 3D |e)(HOST=|
nsprecv: 4D 4F 52 54 45 4E 53 29 |MORTENS)|
nsprecv: 28 55 53 45 52 3D 6D 6F |(USER=mo|
nsprecv: 72 74 65 6E 29 29 29 28 |rten)))(|
nsprecv: 41 44 44 52 45 53 53 3D |ADDRESS=|
nsprecv: 28 50 52 4F 54 4F 43 4F |(PROTOCO|
nsprecv: 4C 3D 54 43 50 29 28 48 |L=TCP)(H|
nsprecv: 4F 53 54 3D 38 35 2E 38 |OST=85.8|
nsprecv: 31 2E 34 36 2E 31 34 35 |1.46.145|
nsprecv: 29 28 50 4F 52 54 3D 31 |)(PORT=1|
nsprecv: 36 33 30 29 29 29 00 00 |630)))..|
nsprecv: normal exit
nscon: got NSPTCN packet
nsconneg: entry
nsconneg: vsn=313, lov=300, opt=0x0, sdu=2048, tdu=32767, ntc=0xc60e
nsconneg: vsn=310, gbl=0x1, sdu=2048, tdu=32767
nsconneg: normal exit
nscon: got 212 bytes connect data
nscon: exit (0)
nsdo: nsctxrnk=0
nsdo: normal exit
nsevdansw: exit
nttctl: entry
nttctl: Clearing non-blocking mode
nsevwait: event is 0x20, on 1
nsevwait: 1 posted event(s)
nsevwait: exit (0)
nfpgsev: # event connections = 1
nfpgevh: entry
nfpgevh: event on cxd 0x12a007c (or cid 1)
nfpgevh: event flags = 0x20
nfpgevh: async nsanswer is complete
nttaddr2bnd: entry
nttaddr2bnd: exit
nsrefuse: entry
nsdo: entry
nsdo: cid=1, opcode=67, bl=0, what=10, uflgs=0x0, cflgs=0x3
nsdo: rank=64, nsctxrnk=0
nsdo: nsctx: state=2, flg=0x4204, mvd=0
nsdo: gtn=270, gtc=270, ptn=10, ptc=8163
nscon: entry
nscon: sending NSPTRF packet
nspsend: entry
nspsend: plen=12, type=4
nttwr: entry
nttwr: socket 220 had bytes written=12
nttwr: exit
nspsend: 12 bytes to transport
nspsend: packet dump
nspsend: 00 0C 00 00 04 00 00 00 |........|
nspsend: 22 00 00 00 00 00 00 00 |".......|
nspsend: normal exit
nscon: exit (0)
nsdo: nsctxrnk=0
nsdo: normal exit
nsclose: entry
nstimarmed: entry
nstimarmed: no timer allocated
nstimarmed: normal exit
nsdo: entry
nsdo: cid=1, opcode=66, *bl=0, *what=0, uflgs=0x0, cflgs=0x2
nsdo: rank=64, nsctxrnk=0
nsdo: nsctx: state=2, flg=0x4200, mvd=0
nsevunreg: entry
nsevunreg: cid=1, sgt=0, rdm=0
nsrah: entry
nsevunreg: 1 registered connection(s)
nsevunreg: normal exit
nsbfr: entry
nsbaddfl: entry
nsbaddfl: normal exit
nsbfr: normal exit
nsbfr: entry
nsbaddfl: entry
nsbaddfl: normal exit
nsbfr: normal exit
nsdo: nsctxrnk=0
nsdo: normal exit
nsclose: closing transport
nttdisc: entry
nttdisc: Closed socket 220
nttdisc: exit
nsclose: global context check-out (from slot 1) complete
nsnadisc: entry
nsbfr: entry
nsbaddfl: entry
nsbaddfl: normal exit
nsbfr: normal exit
nsmfr: entry
nsmfr: 1712 bytes at 0xf2fa08
nsmfr: normal exit
nsmfr: entry
nsmfr: 420 bytes at 0xf1d3b8
nsmfr: normal exit
nsclose: normal exit
nsrefuse: exit (0)
nfpgevh: exit
nfpgsev: waiting for an event
nsevwait: entry
nsevwait: 1 registered connection(s)
nsevwait: 0 added to NT list for 0x8
nsevwait: 0 pre-posted event(s)
nsevwait: waiting for transport event (0 thru 0)...
ntctst: size of NTTEST list is 1 - not calling poll
sntseltst: Testing for CONNECTIONS on socket 192

Losing connection to the Domain Controllers at a remote site

We have a remote site with a IPsec tunnel for a site to site connection and there are about a dozen window 7 systems on site. Every 3 to 5 weeks, the systems start to lose the ability to log into the domain. Running some tests, the DNS names
keep resolving, their subnet is setup in Sites and Services to the group with the DC's and they are setup correctly for IP settings but seems like they still can't connect back to the DC's. From there, under network profiles, it says the domain network
is unauthenticated.
The only way we have found to fix this is to dis-join the computer from the domain and rejoin it.
Is there a way from the computer to force it to re-authenticate without having to do this or a better fix?

Hello Technsopyder,
Do you means all the Windows 7 use the IPsec will lose connection to the Domain Controllers every 3 to 5 weeks?
Do you receive the error code 5719 and 3210? Could you please provide the whole error message?
Please check if you need to change the password before this issue as Brano Lukic mentioned.
Best regards,
Fangzhou CHEN
Fangzhou CHEN
TechNet Community Support

Firewall Connections to vPC Domain

Similar Messages

Maybe you are looking for