Impersonate domain user to call MessageQueue.Create() to create a private queue throw exception "Msmq service is not available".
The code impersonate a domain user to create a private messaging queue on local machine, using MessageQueue.Create(".\\myqueue").
When the current user is a member of local administrators, it works well.
When the current user is a member of local users, it throw exception "Msmq service is not available."
Hi Psun,
In my opinion, this thread is related to MSMQ forum. So please post thread on that forum for more effective response. Thank you for understanding. Please refer to the following link.
http://social.msdn.microsoft.com/Forums/windowsdesktop/en-US/home?forum=msmq
Regards,
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey.
Similar Messages
-
Have a very recent Lenovo Ideapad Laptop running Windows 8.1. Connected via USB port to HP LaserJet Pro CM1415 frw Color MFP Printer. Was able to print fine nearly 2 weeks ago, but something recently happened - either a new windows or office 2013 update
or perhaps I blew away a certain file by mistake. I can see the printer installed but cannot print to it from anything (Word, Notepad, IE, Firefox etc.). The one thing to note is that usually when I plug or unplug a USB related device, Windows 8.1 recognizes
this and makes a certain chime noise, but with the printer USB cable it never makes that noise - making me think that it never fully recognizes the printer. Also when I select the printer (from within the control panel) and right click for properties (via
admin rights) It never lets me fully connect to it.
I have tried all the usual remedies - remove, install all drivers, reinstall printer, Windows update, start/stop print spooler and all other printer related services, etc. Its really annoying because this printer was working fine nearly 2
weeks ago. Looking for any advice now. Thanks.
-ChrisHi Chris,
à
I have tried all the usual remedies - remove, install all drivers, reinstall printer, Windows update, start/stop print spooler and all other printer related services, etc.
I noticed that you had reinstalled the printer. Just a confirmation, when un-install this printer, please check
if this printer still exist in registry. For more details, please refer to following KB.
Registry entries for printing
If printer entry still exist in registry, please delete that printer entry and re-install this printer again,
then check if this issue still exists. (Please backup registry entries before operating registry. It will help us to avoid unexpected issue.)
àand now see
message Active Directory Domain Services is not available
By the way, would you please let me know where/when get this
Active Directory Domain Services is not available error message? Or provide a screenshot of it?
(Please hide all protected or private information) Please check if all services are running correctly on the computer. Meanwhile, please refer to following article and check if can help you.
Printer
Problem: Active Directory Domain Services is currently unavailable – Why does windows say no printers are installed?
Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft
does not guarantee the accuracy of this information.
If any update, please feel free to let me know.
Hope this helps.
Best regards,
Justin Gu -
Call was terminated because the corresponding service is not available
Hi experts,
I've installed SAP NetWeaver 7.01 SR1 ABAP Trial Version. I'm following instructions given and the next step is to log into the system via web gui with this url: http://localhost:8000/sap/bc/gui/sap/its/webgui?sap-client=000. However I'm getting this error:
Service cannot be reached
What has happened?
URL http://localhost:8000/sap/bc/gui/sap/its/webgui call was terminated because the corresponding service is not available.
Note
* The termination occurred in system NSP with error code 403 and for the reason Forbidden.
* The selected virtual host was 0 .
I did some research and from what I've read I should activate a service trough so called SICF. After installation I've got only sap management console in wich I have this main NSP node, below that database instance and SAP system instance, I tried to logon to this system instance choosing "logon" from context menu but always with some errors. Now I'm stuck, please help.
Edited by: kotzi86 on Aug 7, 2010 5:43 PMHi,
You will need to login using SAPGUI for windows first and then execute transaction SICF and from there, activate this service.
Please install SAPGUI first on your machine and login using it.
Regards,
Shitij -
With PS 7
create new
Place two objects on the new file
then you may cut copy and paste
Cs2
create new
place two object on the new file
Cut is not available how does one cut and paste in new fileIf your using File>Place then photoshop cs2 creates what's known as Smart Objects, which photoshop 7 didn't have.
In photoshop cs2 you can rasterize the smart objects and that should make the Cut function available.
Select both placed layers, right click on the area to the right of the tumbnail and select Rasterize Layers.
If in photoshop cs2 you to Help>Photoshop Help and look under Layers>Smart Objects, that should give you a good overview of what smart objects are. -
Create a Service for ESS if standard service is not available
Hi Folks,
How can I create a link in resources if standart resources are not available in ESS?
Thanks!Hi David,
To create a resource you need to go to Homepage Frame work from SPRO -> Cross Application Components
But make sure that before creating the Resource in R/3 you have created an iView or Page or Workset since when are creating the resource you also give the URL of the PCD.
Regards
Vijay -
Create Web Service Option not available for BAPI Functional Module
Hello Experts
I am trying to create a web service from a standard BAPI functional module referring following document
http://help.sap.com/saphelp_nw04/Helpdata/EN/e9/ae1b9a5d2cef4ea4b579f19d902871/content.htm
I am facing the same issue as mentioned in this thread (But for me answer is not OK)
Web Service Creation
When I click the FLIGHT Business Object and navigate to the Tools tab, I cannot see Create Web Service option.
Also when I try to start the web service wizard from (SE37 -> BAPI_FLIGHT_GETLIST) Utilities Menu, after specifying all the details, after clicking Finish, I get an error "Access Refused"
I verified the authorization to current user and gave him all the authorization required viz. (SAP_BC_WEBSERVICE_ADMIN, SAP_BC_WEBSERVICE_ADMIN_BIZ, SAP_BC_WEBSERVICE_CONSUMER etc) all 7 of them.
My system is ECC 6.0 700 Release
Thanks
PareshHello,
For creating Web service definition, you have to be a registered developer. In SAP Service Market place, you will get developer access key. This should be entered in DEVACCESS table by creating any development object.
Thanks,
Venu -
Creating InfoPackage: Data Targets not available for selection. Any hints?
Hi,
I have 5 ODSes which by design are to feed a 6th ODS. I created 5 update rules, using each of the 5 ODSes, separately as infosources.
The problem is that under the Infosource tree, I see the system generated InfoSouce but while creating the Infopackage, under Data Targets tab, my 5 ODSes are not available. Infact, it gives me no data targets for selection.
Any hints on what I might be missing in the steps?
Thankshi Amanda,
say you have zods1 to zods6, and zods6 is feed by zods1-zods5,
under infosource tree, you create infopackage from which ods's generated infosource ? i guess zods6,
then yes you wont see any ods in data target, since zods6 has no further update to any data target,
you will see zods6 in generated infosource of zods1,zods2,zods3,zods4,and zods5.
you won't see all zods1-zods5 in one infosource unless they have update rules for all zods1-zods5 with same infosource.
you will need to go one by one infosource for each ods's infosource.
hope this helps.
note : it seems recently you only reward 'solved' for the last reply, please note you can reward more than one star -
How Create Task (Create related incident from Template )
Dear ;
I want Create Task like (Create related incident) but open incident template list like service request not default incident form
how I can do that ?I created Custom incident Form by follow the below link
http://z3br1.wordpress.com/2014/02/18/how-to-deal-with-annoying-square-brackets-in-custom-forms/
https://dynamicdatacenter.wordpress.com/2012/10/03/add-custom-service-request-forms-in-servicemanager2012/
and it woks good
but when want to use create related incident it open default incident form
i want to create task (Create related incident from template ) to allow them to Select new form
It should use the custom form also when creating incident based on a template. There must be something wrong with your implementation. Can you provide some screenshots of what it is you are doing so that there is no confusion in that regard?
http://codebeaver.blogspot.dk/ -
From here [url http://e-docs.bea.com/aldsp/docs30/admin/security.html#wp1090018]
I found that only a "domain user" can do what I am trying to do. However, the only user account created during creation of the domain is "weblogic" which appears not to be a domain user, but merely an administrator. I was not prompted to create a domain user when I created the domain. So, can someone tell me how to do this?
Thanks,
JeffA "domain user" is simply a user in the domain. The "weblogic" account is a "domain user".
To create more "domain users", go to the documentation for WebLogic Server, and search on : create a user
http://edocs.bea.com/wls/docs92/index.html -
Domain\User Name is not able to connect to Database
We have a service account and we want to run the report using the service account. Users will be accessing the report using their windows authentication, while on connecting to data source service account needs to be used.
We have added the service account in database server and also on physical server as "Allow logon as locally".
While creating the datasource, we are getting this error "logon failed for user domain\username".
We tried with the first checkbox "Use as windows credentials when connecting to the data source", but the error is "Logon Failed. Ensure the username and password are correct".
When we tried with the second checkbox "impersonate authenticated user after the connection has been made to the data source", but the error is "Login Failed for user domain\username".
We have even tried to add this domain\username as execution account in reporting services configuration and its failing.
Kindly let me know wat needs to be done to run the report as a service account and not as windows integrated or sql account.Hi CrazySam81,
Per my understanding that when you are using one service account to access the report server to run the report you got some error, right?
I assumed that the use have grant the correct permission to access the report server, so the issue can be caused by use don't have grant the right permission to access the datasource or the setting of the credential is not correct.
Use stored credentials or prompted credentials to query external data sources for report data. The credentials can be either a Windows domain account or a database login.
In your scenario, please make use the service account is the Windows domain account or a database login account. please also check details information below:
make sure you have done the setting like below and test connection to see if the username and password is correct:
Go to SQL Server Reporting Services Configuration Manager, make sure the service account have the correct password and username.
Go to Database, Verify that the service account can connect to the database.
More details information about the grant of permission reference to:
How to: Store Credentials for a Data Source (Report Manager)
pecify Credential and Connection Information for Report Data Sources
If your problem still exists, please try to provide more details informaiton in the log file which path like:
C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\LogFiles
Regafrds,
Vicky Liu
Vicky Liu
TechNet Community Support -
DC on VM Restored after crash - Does Not allow PCs to Join Domain, or Domain Users to Log in
We currently had a RAID array crash and rebuilt our main server which housed VMs for our Web and DC.
The main server was restored from a bare-metal backup from 6 months prior to the latest backup of the VMs (not sure if pertinent)
Since the Restore, Domain computers cannot access file shares on the main server or VMs - "unspecified network error
0x80004005
Removed the main server from the Domain to re-join it due to some issues with logging in (even with a Domain Admin account) - Found that any PC removed from the domain was no longer able
to rejoin - Receive (Network path was not found error)
Domain Users cannot log in to their computers - Error reads "The trust relationship between this computer and the domain has been lost" - Domain Admin accounts can log in without
problem.
Have been working on it for two weeks and tried most of the things that I have found in others questions for related
DCDIAG results (run on DC VM) - More errors appear if run on the Server (Locator DcGetDcName(GC_Server_Required) call failed, error 1722 (same for PDC, TIME, GOOD_TIME, and KDC)
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = DC1
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\DC1
Starting test: Connectivity
......................... DC1 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\DC1
Starting test: Advertising
......................... DC1 passed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... DC1 failed test FrsEvent
Starting test: DFSREvent
......................... DC1 passed test DFSREvent
Starting test: SysVolCheck
......................... DC1 passed test SysVolCheck
Starting test: KccEvent
......................... DC1 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... DC1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... DC1 passed test MachineAccount
Starting test: NCSecDesc
......................... DC1 passed test NCSecDesc
Starting test: NetLogons
......................... DC1 passed test NetLogons
Starting test: ObjectsReplicated
......................... DC1 passed test ObjectsReplicated
Starting test: Replications
......................... DC1 passed test Replications
Starting test: RidManager
......................... DC1 passed test RidManager
Starting test: Services
......................... DC1 passed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0x80040022
Time Generated: 01/15/2015 19:32:28
Event String:
The driver disabled the write cache on device \Device\Harddisk0\DR0.
A warning event occurred. EventID: 0x80040022
Time Generated: 01/15/2015 19:32:28
Event String:
The driver disabled the write cache on device \Device\Harddisk0\DR0.
A warning event occurred. EventID: 0x80040022
Time Generated: 01/15/2015 19:32:28
Event String:
The driver disabled the write cache on device \Device\Harddisk0\DR0.
A warning event occurred. EventID: 0x000003F6
Time Generated: 01/15/2015 19:32:52
Event String:
Name resolution for the name DC1.Home.xxx.com timed out after none of the configured DNS servers responded.
An error event occurred. EventID: 0xC00038D6
Time Generated: 01/15/2015 19:33:25
Event String:
The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.
A warning event occurred. EventID: 0x00000420
Time Generated: 01/15/2015 19:33:29
Event String:
The DHCP service has detected that it is running on a DC and has no credentials configured for use with Dynamic DNS registrations initiated by the DHCP service. This is not a recommended security configuration.
Credentials for Dynamic DNS registrations may be configured using the command line "netsh dhcp server set dnscredentials" or via the DHCP Administrative tool.
A warning event occurred. EventID: 0x00002724
Time Generated: 01/15/2015 19:33:33
Event String:
This computer has at least one dynamically assigned IPv6 address.For reliable DHCPv6 server operation, you should use only static IPv6 addresses.
A warning event occurred. EventID: 0x000727AA
Time Generated: 01/15/2015 19:36:34
Event String:
The WinRM service failed to create the following SPNs: WSMAN/DC1.Home.xxx.com; WSMAN/DC1.
A warning event occurred. EventID: 0x00001695
Time Generated: 01/15/2015 19:59:52
Event String:
Dynamic registration or deletion of one or more DNS records associated with DNS domain 'Home.xxx.com.' failed. These records are used by other computers to locate this server as a domain controller (if the specified
domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).
A warning event occurred. EventID: 0x00001695
Time Generated: 01/15/2015 19:59:52
Event String:
Dynamic registration or deletion of one or more DNS records associated with DNS domain 'DomainDnsZones.Home.xxx.com.' failed. These records are used by other computers to locate this server as a domain controller
(if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).
A warning event occurred. EventID: 0x00001695
Time Generated: 01/15/2015 19:59:52
Event String:
Dynamic registration or deletion of one or more DNS records associated with DNS domain 'ForestDnsZones.Home.xxx.com.' failed. These records are used by other computers to locate this server as a domain controller
(if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).
A warning event occurred. EventID: 0x00000420
Time Generated: 01/15/2015 20:20:21
Event String:
The DHCP service has detected that it is running on a DC and has no credentials configured for use with Dynamic DNS registrations initiated by the DHCP service. This is not a recommended security configuration.
Credentials for Dynamic DNS registrations may be configured using the command line "netsh dhcp server set dnscredentials" or via the DHCP Administrative tool.
A warning event occurred. EventID: 0x00002724
Time Generated: 01/15/2015 20:20:25
Event String:
This computer has at least one dynamically assigned IPv6 address.For reliable DHCPv6 server operation, you should use only static IPv6 addresses.
......................... DC1 failed test SystemLog
Starting test: VerifyReferences
......................... DC1 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : Home
Starting test: CheckSDRefDom
......................... Home passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Home passed test CrossRefValidation
Running enterprise tests on : Home.xxx.com
Starting test: LocatorCheck
......................... Home.xxx.com passed test LocatorCheck
Starting test: Intersite
......................... Home.xxx.com passed test Intersite
All PCs can ping the DC, and get name resolution. Checked IPs, DNS on both WS and DC (DC points to its own IP address with no other DNS), Forwarders for DNS appear to be working,
as normal DNS name resolution and internet access works on all PCs. Have tried disabling NIC card and installing another NIC. All searches keep pointing back at the same things that I have tried. I feel like I am missing something stupid.
Please helpThe backup you used is too old. That is why your clients are experiencing trust relationship failures: the computer passwords are no longer matching so they are failing to connect to AD. You need to disjoin and join them again.
I understand that this is the only DC you have so please make sure that the DC is not multihomed, that it points to its private IP address as primary DNS server and 127.0.0.1 as secondary one. Also, you might need to rebuild your SYSVOL folder if you keep
getting the SYSVOL errors: https://support.microsoft.com/kb/315457?wa=wsignin1.0
This posting is provided AS IS with no warranties or guarantees , and confers no rights.
Ahmed MALEK
My Website Link
My Linkedin Profile
My MVP Profile -
Non-domain user authentication against SSAS on Active/Passive Cluster
Hello,
We have an Active/Passive SQL Server setup (DB1 & DB2 Servers) connected to a cluster for SQL & SSAS. I have a web server not on the same domain that I am trying to authenticate with SSAS. This works OK if I set the website to impersonate
myUser and I add local account myUser as an Admin on SSAS for the active server (DB1). But when this fails over to DB2 then it fails to authenticate. SSAS won't allow us to add myUser as an admin for local accounts on both DB1 & DB2 as it errors
adding the second one. Could anyone advise how such a scenario should be approached?
We have tried creating a domain user too which DB1 & DB2 can of course both share but I don't think the web server can impersonate this with being not part of the domain.
Thanks.Hi Jcorker,
According to your description, you need to access the SQL Serve Analysis Services database which is configured as cluster for SQL & SSAS from another domain, right?
In SSAS we can use the solution below achieve the requirement.
1.Create new domain account and impersonate the web site with that.
2.Create local user account on the analysis service with same exact username/password as like domain account created in the previous step.
However, you cannot create a local account with the same name on both servers. I have tested it on my local environemnt, we can create the same local account with the same name on both servers. In your scenario, if DB1 and DB2 on different server, you can
create a local account with the same name on both servers. Please post the detail errors, so that we can make further analysis.
Besides, SSAS only allows users of the same domain or trusted domains and it does not allow users from any domain except from these two. You can configure the trust relationship between the domains.
http://technet.microsoft.com/en-us/library/cc961481.aspx
Regards,
Charlie Liao
If you have any feedback on our support, please click
here.
Charlie Liao
TechNet Community Support -
User DOMAIN / user has no access authorization for computer IP_address
Dear Forum,
When running a function module FTP_CONNECT with RFC destination SAPFTPA (in SM59). I always get a message "User <DOMAIN>/<user> has no access authorization for computer <IP_address>". Trying it with IE, I have no problem.
There is always an event viewer security failure log when I try it:
===========================================
Logon Failure:
Reason: Unknown user name or bad password
User Name: <user>
Domain: <DOMAIN>
Logon Type: 8
Logon Process: IIS
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: GDCS009D
Caller User Name: GDCS009D$
Caller Domain: ERP
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 968
Transited Services: -
Source Network Address: -
Source Port: -
For more information, see Help and Support Center at
===========================================
Please help....
Regards,
AgoesHi ,
Each and every SAP client ( as it is client dependent)
Go to SE16
Table name : SAPFTP_SERVERS
Go to Menu TABLE ---> Create new entries
FTP SERVER NAME *
FTP SERVER PORT 21
Save
Regards
Venkat -
Java SE Ver 7 Uxx locking out domain user account failing Kerberos PreAuth
Java SE Ver 7 all updates are failing Kerberos Pre_Auth and locking domain user accounts because of truncated UDP packets.
When a user opens a page that uses JavaScript their domain account gets a bad password, subsequent openings in the lockout threshold window (5 in 30 minutes for us) results in a domain account lockout.
I have done extensive troubleshooting of this issue and have root caused and been able to prevent it with a less desirable solution. Oracle fixes for the bug below (basically same issue) do not work for me or i'm implementing them incorrectly.
This effects XP\Win7 (32Bit browsers with IE 8 and 9).
Java SE Ver 7 U21 and lesser updates are failing Kerberos Pre_Auth (KRB5KDC_ERR_PREAUTH_FAILED)due to the use of UDP instead of TCP. Starting with the SRV request, UDP exceeds MTU and gets truncated enroute to the KDC. This results in the eventual response from the KDC as bad credential and eventual account lockout if user repeats call for Java.
We have been able to force TCP by blocking UDP 88 on a test station's windows firewall. This prevents the bad password, but injects a delay while kerberos times out UDP and fails to TCP.
Java BUG 8009875 lists the "udp_preference_limit=1" value that forces Java to use TCP, but i can't get this working with a KRB5.config or KRB5.ini file in the c:\windows directory. Even utilizing an environment variable KRB5_CONFIG does not work.
Our expected result is to force Java 7 to use TCP for Kerberos transactions and not UDP. This will be a stop gap until the release of Version 8 next year, which BUG 8009875 says corrects the default UDP call to TCP.I had this same issue. My fix was to create a custom jass config file that specific to not use the local tgt cache.
If you would like I could provide you with this setup. 1.7 uses GSS/SPNEGO as the first method of auth, this will essentially disable this method of single-sign on.
Http Authentication
GSS/SPNEGO -> Digest -> NTLM -> Basic
It looks like you got a fix so this post could be worthless -
Unable to browse internet on a domain user's computer through ASA 5503 Firewall
Dear All,
I am trying to configure my new firewall for the last one month but still unable to fix it. I have a domain in windows 2012 standard edition and the firewall with unlimited license. Here is the output of show startup-config. Please note that prpgb.org is my local domain.
prpgbasa# show startup-config
: Saved
: Written by enable_15 at 02:50:45.169 PKT Thu Nov 20 2014
ASA Version 8.2(5)
hostname prpgbasa
domain-name prpgb.org
enable password AExqpLntfuzsVQrq encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 10.0.0.1 255.0.0.0
interface Vlan2
nameif outside
security-level 0
ip address 202.142.XXX.YY 255.255.255.252
ftp mode passive
clock timezone PKT 5
dns server-group DefaultDNS
domain-name prpgb.org
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 202.142.XXX.YZ 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 10.0.0.0 255.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet 10.0.0.0 255.0.0.0 inside
telnet timeout 5
ssh 10.0.0.0 255.0.0.0 inside
ssh timeout 5
console timeout 0
dhcpd dns 10.0.0.2 255.0.0.0
dhcpd dns 208.67.222.222 208.67.220.220 interface inside
dhcpd lease 86400 interface inside
dhcpd domain prpgb.org interface inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:23c0af4b2ddf9e925f83ce13909ab900
prpgbasa#
You all are requested to have a look into the problem and suggest me the modifications.
ThanksDear All,
I have solved the issue. I have done the following in-order to browse internet on domain user computers. Here are the steps
1. I have disabled my internal DHCP server in the domain.
2. Then I have configured the ASA DHCP server in the default IP address scheme i.e. 192.168.1.100-200
3. I have Connected my ASA to a switch first then from there I connected a cable to my Domain's Server WAN interface. The LAN (192.168.1.2)interface of the Domain server is also plugged into the same switch.
4. I am using my Domain Server's DNS for name resolution and forward queries which are not served by my domain to open dns server.
It works perfectly so far but before applying or setting up the entire netowrk i want your help to look into the configuration file for corrections if i am making any mistakes. Thanks again for your help and here is the output of show confing.
prpgbasa# show startup
: Saved
: Written by Ghaffar at 02:11:24.319 PKT Mon Dec 8 2014
ASA Version 8.2(5)
hostname prpgbasa
domain-name prpgb.org
enable password AExqpLntfuzsVQrq encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ddns update hostname PRPGB.ORG
dhcp client update dns server both
ip address 192.168.1.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 202.142.XXX.YY 255.255.255.252
ftp mode passive
clock timezone PKT 5
dns domain-lookup inside
dns server-group DefaultDNS
name-server 192.168.1.2
domain-name prpgb.org
object-group network obj_any
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 202.142.XXX.YY 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
aaa authentication serial console LOCAL
aaa authentication enable console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet 192.168.1.0 255.255.255.0 inside
telnet timeout 5
ssh 192.168.1.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.100-192.168.1.200 inside
dhcpd dns 192.168.1.2 interface inside
dhcpd lease 86400 interface inside
dhcpd domain prpgb.org interface inside
dhcpd update dns both interface inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username ABC password FL01QCj0LaLWTID0 encrypted privilege 15
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:7c4930a079158c0cb10a42813d3690cd
prpgbasa#
Please suggest me if there are any recomendations.
Thanks in advance.
Ghaffar
Maybe you are looking for
-
Mac pro 2.66 Quad Core - boot drive mirrored, replace?
All, I have a Mac Pro 2.66 Quad Core system. I got all 'sexy' when I set it up - loaded four 1-TB drives in the 4 bays, Mirrored the boot set, also mirrored the secondary set for data. I am getting ready to have these guys filled up (I do lots of vid
-
Need help to recover my windows 7 home premium
Hi, Hope someone can help me by providing me Windows 7 home premium (64bit) installer so that i can use again my product key on my Lenovo IdeaPAd Z560 since my hard disk and i replaced it with new disk. Appreciated if someone can help me. Thanks, Set
-
New G/L Information / Presentation
Dear all, I'm looking for more information about the new G/L in 6.0. I need to inform myself and present it to my client and users. Can anyone help me with some good presentations or documents about new G/L? Thanks in advance, Marlies
-
Bug report: Wrong As Shot White Balance for Nikon D50 NEF in Camera Raw 7, Lightroom 4
For Nikon D50 cameras Adobe Creative Suite 6 does not read "As Shot" white balance data whether it's specified or not. It defaults to "Automatic". We have the problem only for Nikon D50 and only in Photoshop CS6, Adobe Camera Raw 7.3 and Photoshop Li
-
In SEM-BPS, I have a layout for manually entering data. The purpose is to enter values for a list of cost centers. This list of cost centers should change according to a SKF (statistical key figure) entered in the layout's header. The list of cost ce