Relay Agent Information(option82) :windows server 2012
Hi,
I am trying to integrate a wireless AP which have option82 inbuilt and act as DHCP relay agent ; but I don't know where to find the relay agent information(the hexa decimal value for the AP). If any one know where to find or how can I get this relay agent
information(hexdec value of the AP) will be very help full.
Hi,
There might be some misunderstanding.
Option82 is not necessary for DHCP relay. It is used for DHCP policy in windows server 2012. Since this option is
inserted by a DHCP relay agent, the relay agent information should be set on the DHCP relay agent.
The relay agent information which you configure in the windows DHCP server is used to recognize the relay agent. Then DHCP server can
give customized IP address and configuration options using this option.
How to get the relay agent information
may vary from product to product. You should contact your AP vendor or manufacturer.
Besides, the DHCP Relay Agent is compliant with RFC 1542, "Clarifications and Extensions for the Bootstrap Protocol.". You may refer to the link below,
Clarifications and Extensions for the Bootstrap Protocol
http://tools.ietf.org/html/rfc1542#page-13
Notice: The relay agent information which is configured on relay agent may not be
hexadecimal value, you may converse it into
hexadecimal value.
Hope this helps.
Steven Lee
TechNet Community Support
Similar Messages
-
Windows Server 2012 Pooled Virtual Desktop collection GetVMstate issue
I am trying to create a Pooled Desktop collection with my Powered off VM and it errors out The
virtual desktop must be in a stopped state: Could not identify the state of the virtual desktop. Ensure that the RD virtualisation host server is available on the network and the virtual desktop is shut down
In the debug logs it shows.
Component RdmsModel: GetVMstate for Vm Win7_BaseVM failed with error 16386
Component RDExceptionHandler: Could not identify the state of the virtual desktop. Ensure that the RD Virtualization Host server sunflower-1.HYPERQA.NUTANIX.COM is available on the network and that the virtual
desktop Win7VMSF is shut down.
Please help on resolving this GetVMState issue.Hi Krishna,
Thank you for posting in Windows Server Forum.
When you are configuring RDVH initially, please see that you have meet prerequisites. Remember that you need these pre-requirements:
• Database based on SQL Server 2008 R2
• Static IP Address for all Broker
• Round Robin DNS
• All RD Broker must be members of AD Windows Group (es. RDCB Server Group)
• The group must be insert into SQL Server as sysadmin ONLY for the DB creation. After that DB will be created give the db_owner permission only for their DB
More information.
Windows Server 2012 R2: Unable Add New VDI Template
In addition, we need all RD Broker must have the same SQL Native Client as main SQL Server (es. SQL Server 2012 SP1). The Connection Broker server's computer account MUST be a member of the local administrators group on the Virtual Host (RDS Host) machine and
then reboot the server. Finally check the result.
Windows Server 2012 Virtual Desktop Template Issue
Hope it helps!
Thanks.
Dharmesh Solanki -
VMM Agent install fails on Windows Server 2012 R2 Hyper-V
Hi,
We are unable to install VMM 2012 R2 agent on Windows Server 2012 R2 server either from VMM console or manually on the hyper-v server.
Error on VMM Console:
Error (410)
Agent installation failed on chsicoecdh03.casper.com.
Fatal error during installation (0x80070643)
Recommended Action
Try the operation again. If the problem persists, install the agent locally and then add the managed computer.
==================================================================
Error on Hyper-v server:
MSI (c) (E8:D0) [16:53:24:726]: Windows Installer installed the product. Product Name: Microsoft System Center Virtual Machine Manager Agent (x64). Product Version: 3.2.7510.0. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success
or error status: 1603.
Also, I suspect may be issue with WMI then checked WMI repository and it is in consistent state. winmgmt /verifyrepository.
Please help on this issue.
Any help would be appreciated.
Thanks
Kumaresan LakshmananSo, I've managed to research this some more since Thursday and I've come to the conclusion that Hyper-V does a horrible job of supporting Qualcomm NIC cards. That's the only thing I can conclude as far as where the issue is originating. I've read many
post and walkthroughs but nothing that has helped. The issue wasn't with any settings in the domain controller. The issue was that there really is a slow connection originating at the domain controller that is a VM and has network connectivity through the
virtual switch from Hyper-V. So, next question is, how do I get the DC to have better connectivity through the NIC that Hyper-V won't give it? If hyper-v would allow passthrough, this would be so much simpler. VM-ware is looking really good at this point.
Im disappointed in MS right now. -
Our company recently moved to Office 365 which mean our on premise exchange server went away as well with the move. I am trying to configure my new sql server (OS-Windows Server 2012 R2, DBMS- SQL 2014 Std Edtion). After some searching I found
this article (http://blogs.technet.com/b/meamcs/archive/2013/02/25/how-to-configure-sql-database-mail-so-send-emails-using-office-365-exchange-online-a-walkthrough.aspx) and have followed these steps exactly, but to no avail. I did some further research
on the SMTP relay I setup and found a way to test it (listed here http://technet.microsoft.com/en-us/library/dn592151(v=exchg.150).aspx at the bottom of the article). If I drop the email.txt file in the pickup folder, it gets sent out no problem.
I have configured my db email exactly as describe here(http://blogs.technet.com/b/meamcs/archive/2013/02/25/how-to-configure-sql-database-mail-so-send-emails-using-office-365-exchange-online-a-walkthrough.aspx). But keep getting an unable to connect
to SMTP server error. I have even tried completely shutting down firewall to see if that is the issue and multiple restarts. Any ideas how to get this to work on Office 365?
DB Mail error log:
Date 6/10/2014 10:28:41 PM
Log Database Mail (Database Mail Log)
Log ID 46
Process ID 2196
Mail Item ID 19
Last Modified 6/10/2014 10:28:41 PM
Last Modified By xx
Message
The mail could not be sent to the recipients because of the mail server failure. (Sending Mail using Account 2 (2014-06-10T22:28:41). Exception Message: Cannot send mails to mail server. (Failure sending mail.).Hi,
I followed this blog and got the below error message in the Database Mail Log.
“The mail could not be sent to the recipients because of the mail server failure. (Sending Mail using Account 2 (2014-06-11T19:34:00). Exception Message: Cannot send mails to mail server. (Mailbox unavailable. The server response was: 5.7.1 Unable to relay
for [email protected]).”
If you are getting the same error message, you can try the below steps to resolve the issue.
1. Open the IIS 6.0 management console. Right click on the SMTP server and open the properties window.
2. Click on the Access tab, click Relay button under Relay restrictions. loopback IP address (i.e 127.0.0.1).
Then the email should be sent out from Database Mail without problem.
Thanks.
Tracy Cai
TechNet Community Support -
We have a problem with one of our deployments of Windows Server 2012 Hyper-V with a 2 node cluster connected to a iSCSI SAN.
Our setup:
Hosts - Both run Windows Server 2012 Standard and are clustered.
HP ProLiant G7, 24 GB RAM. This is the primary host and normaly all VMs run on this host.
HP ProLiant G5, 20 GB RAM. This is the secondary host that and is intended to be used in case of failure of the primary host.
We have no antivirus on the hosts and the scheduled ShadowCopy (previous version of files) is switched off.
iSCSI SAN:
QNAP NAS TS-869 Pro, 8 INTEL SSDSA2CW160G3 160 GB i a RAID 5 with a Host Spare. 2 Teamed NIC.
Switch:
DLINK DGS-1210-16 - Both the network cards of the Hosts that are dedicated to the Storage and the Storage itself are connected to the same switch and nothing else is connected to this switch.
Virtual Machines:
3 Windows Server 2012 Standard - 1 DC, 1 FileServer, 1 Application Server.
1 Windows Server 2008 Standard Exchange Server.
All VMs are using dynamic disks (as recommended by Microsoft).
Updates
We have applied the most resent updates to the Hosts, VMs and iSCSI SAN about 3 weeks ago with no change in our problem and we continually update the setup.
Normal operation:
Normally this setup works just fine and we see no real difference in speed in startup, file copy and processing speed in LoB applications of this setup compared to a single host with two 10000 RPM Disks. Normal network speed is 10-200 Mbit, but occasionally
we see speeds up to 400 Mbit/s of combined read/write for instance during file repair.
Our Problem:
Our problem is that for some reason a random VHDX gets copied to System Volume Information by "System" of the Clusterd Shared Storage (i.e. C:\ClusterStorage\Volume1\System Volume Information).
All VMs stops responding or responds very slowly during this copy process and you can for instance not send CTRL-ALT-DEL to a VM in the Hyper-V console, or for instance start task manager when already logged in.
This happens at random and not every day and different VHDX files from different VMs gets copied each time. Some time it happens during daytime wich causes a lot of problems, especially when a 200 GB file gets copied (which take a lot of time).
What it is not:
We thought that this was connected to the backup, but the backup had finished 3 hours before the last time this happended and the backup never uses any of the files in System Volume Information so it is not the backup.
An observation:
When this happend today I switched on ShadowCopy (previous files) and set it to only to use 320 MB of storage and then the Copy Process stopped and the virtual Machines started responding again. This could be unrelated since there is no way to see
how much of the VHDX that is left to be copied, so it might have been finished at the same time as I enabled ShadowCopy (previos files).
Our question:
Why is a VHDX copied to System Volume Information when scheduled ShadowCopy (previous version of files) is switched off? As far as I know, nothing should be copied to this folder when this functionis switched off?
List of VSS Writers:
vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool
(C) Copyright 2001-2012 Microsoft Corp.
Writer name: 'Task Scheduler Writer'
Writer Id: {d61d61c8-d73a-4eee-8cdd-f6f9786b7124}
Writer Instance Id: {1bddd48e-5052-49db-9b07-b96f96727e6b}
State: [1] Stable
Last error: No error
Writer name: 'VSS Metadata Store Writer'
Writer Id: {75dfb225-e2e4-4d39-9ac9-ffaff65ddf06}
Writer Instance Id: {088e7a7d-09a8-4cc6-a609-ad90e75ddc93}
State: [1] Stable
Last error: No error
Writer name: 'Performance Counters Writer'
Writer Id: {0bada1de-01a9-4625-8278-69e735f39dd2}
Writer Instance Id: {f0086dda-9efc-47c5-8eb6-a944c3d09381}
State: [1] Stable
Last error: No error
Writer name: 'System Writer'
Writer Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Instance Id: {7848396d-00b1-47cd-8ba9-769b7ce402d2}
State: [1] Stable
Last error: No error
Writer name: 'Microsoft Hyper-V VSS Writer'
Writer Id: {66841cd4-6ded-4f4b-8f17-fd23f8ddc3de}
Writer Instance Id: {8b6c534a-18dd-4fff-b14e-1d4aebd1db74}
State: [5] Waiting for completion
Last error: No error
Writer name: 'Cluster Shared Volume VSS Writer'
Writer Id: {1072ae1c-e5a7-4ea1-9e4a-6f7964656570}
Writer Instance Id: {d46c6a69-8b4a-4307-afcf-ca3611c7f680}
State: [1] Stable
Last error: No error
Writer name: 'ASR Writer'
Writer Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Writer Instance Id: {fc530484-71db-48c3-af5f-ef398070373e}
State: [1] Stable
Last error: No error
Writer name: 'WMI Writer'
Writer Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Writer Instance Id: {3792e26e-c0d0-4901-b799-2e8d9ffe2085}
State: [1] Stable
Last error: No error
Writer name: 'Registry Writer'
Writer Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
Writer Instance Id: {6ea65f92-e3fd-4a23-9e5f-b23de43bc756}
State: [1] Stable
Last error: No error
Writer name: 'BITS Writer'
Writer Id: {4969d978-be47-48b0-b100-f328f07ac1e0}
Writer Instance Id: {71dc7876-2089-472c-8fed-4b8862037528}
State: [1] Stable
Last error: No error
Writer name: 'Shadow Copy Optimization Writer'
Writer Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Instance Id: {cb0c7fd8-1f5c-41bb-b2cc-82fabbdc466e}
State: [1] Stable
Last error: No error
Writer name: 'Cluster Database'
Writer Id: {41e12264-35d8-479b-8e5c-9b23d1dad37e}
Writer Instance Id: {23320f7e-f165-409d-8456-5d7d8fbaefed}
State: [1] Stable
Last error: No error
Writer name: 'COM+ REGDB Writer'
Writer Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
Writer Instance Id: {f23d0208-e569-48b0-ad30-1addb1a044af}
State: [1] Stable
Last error: No error
Please note:
Please only answer our question and do not offer any general optimization tips that do not directly adress the issue! We want the problem to go away, not to finish a bit faster!Hallo Lawrence!
Thankyou for youre reply, some comments to help you and others who read this thread:
First of all, we use Windows Server 2012 and the VHDX as I wrote in the headline and in the text in my post. We have not had this problem in similar setups with Windows Server 2008 R2, so the problem seem to be introduced in Windows Server 2012.
These posts that you refer to seem to be outdated and/or do not apply to our configuration:
The post about Dynamic Disks:
http://technet.microsoft.com/en-us/library/ee941151(v=WS.10).aspx is only a recommendation for Windows Server 2008 R2 and the VHD format. Dynamic VHDX is indeed recommended by Microsoft when using Windows Server 2012 (please look in the optimization guide
for Windows Server 2012).
Infact, if we use fixed VHDX then we would have a bigger problem since fixed VHDX are generaly larger then Dynamic Disks, i.e. more data would be copied and that would take longer time = the VMs would be unresponsive for a longer time.
The post "What's the deal with the System Volume Information folder"
http://blogs.msdn.com/b/oldnewthing/archive/2003/11/20/55764.aspx is for Windows XP / Windows Server 2003 and some things has changed since then. for instance In Windows Server 2012, Shadow Copies cannot be controlled by going to Control panel -> System.
Instead you right-click on a Drive (i.e. a Volume, for instance the C drive/Volume) in Computer and then click "Configure Shadow Copies".
Windows Server 2008 R2 Backup problem
http://social.technet.microsoft.com/Forums/en/windowsbackup/thread/0fc53adb-477d-425b-8c99-ad006e132336 - This post is about the Antivirus software trying to scan files used during backup that exists in the System Volume Information folder and we do not
have any antivirus software installed on our hosts as I stated in my post.
Comment that might help us:
So according to “System Volume Information” definition, the operation you mentioned is Volume Shadow Copy. Check event viewer to find Volume Shadow Copy related event logs and post them.
Why?
Furhter investigation suggests that a volume shadow copy is somehow created even though the Schedule for Shadows Copies is turned off for all drives. This happens at random and we have not found any pattern. Yesterday this operation took almost all available
disk space (over 200 GB), but all the disk space was released when I turned on scheduled Shadow Copies for the CSV.
I therefore draw these conclusions:
The CSV Volume has about 600 GB of disk space and since Volume Shadows Copy used 200 GB, or about 33% of the disk space, and the default limit is 10% then I conclude that for some reason the unscheduled Volume Shadow Copy did not have any limit (or ignored
the limit).
When I turned on the Schedule I also change the limit to the minimum amount which is 320 MB and this is probably what released the disk space. That is, the unscheduled Volume Shadow Copy operation was aborted and it adhered to the limit and deleted the
Volume Shadow Copy it had taken.
I have also set the limit for Volume Shadow Copies for all other volumes to 320 MB by using the "Configure Shadow Copies" Window that you open by right clicking on a drive (volume) in Computer and then selecting "Configure Shadow Copies...".
It is important to note that setting a limit for Shadow Copy Storage, and disabaling the Schedule are two different things! It is possible to have unlimited storage for Shadow Copies when the Schedule is disabled, however I do not know if this was the case
Before I enabled Shadow Copies on the CSV since I did not look for this.
I now have defined a limit for Shadow Copy Storage to 320 MB on all drives and then no VHDX should be copied to System Volume Information since they are all larger than 320 MB.
Does this sound about right or am I drawing the wrong conclusions?
Limits for Shadow Copies:
Below we list the limits for our two hosts:
"Primary Host":
C:\>vssadmin list shadowstorage
vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool
(C) Copyright 2001-2012 Microsoft Corp.
Shadow Copy Storage association
For volume: (\\?\Volume{e3ad7feb-178b-11e2-93e8-806e6f6e6963}\)\\?\Volume{e3ad7feb-178b-11e2-93e8-806e6f6e6963}\
Shadow Copy Storage volume: (\\?\Volume{e3ad7feb-178b-11e2-93e8-806e6f6e6963}\)\\?\Volume{e3ad7feb-178b-11e2-93e8-806e6f6e6963}\
Used Shadow Copy Storage space: 0 bytes (0%)
Allocated Shadow Copy Storage space: 0 bytes (0%)
Maximum Shadow Copy Storage space: 320 MB (91%)
Shadow Copy Storage association
For volume: (E:)\\?\Volume{dc0a177b-ab03-44c2-8ff6-499b29c3d5cc}\
Shadow Copy Storage volume: (E:)\\?\Volume{dc0a177b-ab03-44c2-8ff6-499b29c3d5cc}\
Used Shadow Copy Storage space: 0 bytes (0%)
Allocated Shadow Copy Storage space: 0 bytes (0%)
Maximum Shadow Copy Storage space: 320 MB (0%)
Shadow Copy Storage association
For volume: (G:)\\?\Volume{f58dc334-17be-11e2-93ee-9c8e991b7c20}\
Shadow Copy Storage volume: (G:)\\?\Volume{f58dc334-17be-11e2-93ee-9c8e991b7c20}\
Used Shadow Copy Storage space: 0 bytes (0%)
Allocated Shadow Copy Storage space: 0 bytes (0%)
Maximum Shadow Copy Storage space: 320 MB (3%)
Shadow Copy Storage association
For volume: (C:)\\?\Volume{e3ad7fec-178b-11e2-93e8-806e6f6e6963}\
Shadow Copy Storage volume: (C:)\\?\Volume{e3ad7fec-178b-11e2-93e8-806e6f6e6963}\
Used Shadow Copy Storage space: 0 bytes (0%)
Allocated Shadow Copy Storage space: 0 bytes (0%)
Maximum Shadow Copy Storage space: 320 MB (0%)
C:\>cd \ClusterStorage\Volume1
Secondary host:
C:\>vssadmin list shadowstorage
vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool
(C) Copyright 2001-2012 Microsoft Corp.
Shadow Copy Storage association
For volume: (\\?\Volume{b2951138-f01e-11e1-93e8-806e6f6e6963}\)\\?\Volume{b2951138-f01e-11e1-93e8-806e6f6e6963}\
Shadow Copy Storage volume: (\\?\Volume{b2951138-f01e-11e1-93e8-806e6f6e6963}\)\\?\Volume{b2951138-f01e-11e1-93e8-806e6f6e6963}\
Used Shadow Copy Storage space: 0 bytes (0%)
Allocated Shadow Copy Storage space: 0 bytes (0%)
Maximum Shadow Copy Storage space: 35,0 MB (10%)
Shadow Copy Storage association
For volume: (D:)\\?\Volume{5228437e-9a01-4690-bc40-1df85a0e6736}\
Shadow Copy Storage volume: (D:)\\?\Volume{5228437e-9a01-4690-bc40-1df85a0e6736}\
Used Shadow Copy Storage space: 0 bytes (0%)
Allocated Shadow Copy Storage space: 0 bytes (0%)
Maximum Shadow Copy Storage space: 27,3 GB (10%)
Shadow Copy Storage association
For volume: (C:)\\?\Volume{b2951139-f01e-11e1-93e8-806e6f6e6963}\
Shadow Copy Storage volume: (C:)\\?\Volume{b2951139-f01e-11e1-93e8-806e6f6e6963}\
Used Shadow Copy Storage space: 0 bytes (0%)
Allocated Shadow Copy Storage space: 0 bytes (0%)
Maximum Shadow Copy Storage space: 6,80 GB (10%)
C:\>
There is something strange about the limits on the Secondary host!
I have not in any way changed the settings on the Secondary host and as you can see, the Secondary host has a maximum limit of only 35 MB storage on the CSV, but it also shows that this is 10% of the Volume. This is clearly not the case since 10% if 600
GB = 60 GB!
The question is, why does it by default set a too small limit (i.e. < 320 MB) on the CSV and is this the cause of the problem? I.e. is the limit ignored since it is smaller than the smallest amount you can provide using the GUI?
Is the default 35 MB maximum Shadow Copy limit a bug, or is there any logical reason for setting a limit that according to the GUI is too small? -
If DPM 2012 agent installation support to windows server 2012 ?
i have DPM 2012 and i need to install agent on windows server 2012
Yes, you need.
You can refer to these links :
DPM 2010
http://technet.microsoft.com/en-us/library/ff399140.aspx
DPM 2012
http://technet.microsoft.com/en-us/library/jj860400.aspx
Hope this helps.
Note: This posting is provided 'AS IS' with no warranties or guarantees, and confers no rights. Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable. This helps the community, keeps the forums tidy, and
recognises useful contributions. -
Is there a way to change the Windows Update service startup type on Windows Server 2012 R2?
We have a number of newly built 2012 R2 servers that we have HP Operations Manager agent running on that monitors the status of several services and reports if they are "stopped". One of these services is Windows Update. Every day we
get at least one alert saying:
"Service "Windows Update" is not started. Current state is stopped"
Checking the event logs shows that the Windows Update service stops, then a while later it just starts again. Not an error, just an information event.
In Windows 2012 R2 the Windows Update service is set to "Automatic (Trigger Start)", where in previous versions we run (2012/2008R2) it would be set to just "Automatic" or "Automatic (Delayed Start)"
I have come to understand that this behaviour is normal for Windows 2012 R2, and that Trigger Start services by design stop themselves after a period of inactivity. I was unable to find any info on how this works. Our client would like this to
be changed and the Windows Update service stay running all the time, understanding that this impacts performance.
Is there a way to change the Windows Update service in Server 2012 R2 to the old Automatic startup behaviour so that it stays running all the time instead of stopping and starting periodicall? There is no option to do this via the services mmc
gui.
So far I have tried:
Removing the Triggers using the command: sc triggerinfo wuauserv delete
This works temporarily, the service then shows as just Automatic in the services console, however if you restart the server or restart the service it goes right back to being Automatic (Trigger Start).
Any kind of help would be appreciated.This one might help.
Allow configuration of Automatic Updates in Windows 8 and Windows Server 2012
Regards, Dave Patrick ....
Microsoft Certified Professional
Microsoft MVP [Windows]
Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. -
Overlapped I/O error 997 installing SQL Server 2014 Express on Windows Server 2012 R2
I'm attempting to install SQL Server 2014 Express on a Windows Server 2012 R2 system. When I do the install, it fails (several times) with an "Error: 997. Overlapped I/O operation is in progress.". From searching the web, I can see many people
have had this problem with this installer and other non-SQL server installers.
I've tried every solution I can find discussed, but none help with my problems The system is fully updated, with the exception of the KB2538243 (VC 2008 SP1 redist), which is probably failing for the same reason.
I've tried removing several updates mentioned in other articles (KB2918614). I've confirmed that I'm not using a temporary profile.
Does anyone have an idea of how I can solve this issue?
Thanks,
Zack
Partial detail from install log file:
Detailed results:
Feature: Management Tools - Complete
Status: Failed: see logs for details
Reason for failure: An error occurred for a dependency of the feature causing the setup process for the feature to fail.
Next Step: Use the following information to resolve the error, and then try the setup process again.
Component name: Microsoft Visual Studio 2010 Redistributables
Component error code: 997
Component log file: C:\Program Files\Microsoft SQL Server\120\Setup Bootstrap\Log\20150205_151618\VC10Redist_Cpu64_1.log
Error description: Error 997.Overlapped I/O operation is in progress.
Error help link: http://go.microsoft.com/fwlink?LinkId=20476&ProdName=Microsoft+SQL+Server&EvtSrc=setup.rll&EvtID=50000&ProdVer=12.0.2000.8&EvtType=vc_red.msi%40ProcessComponents%40997
Feature: Client Tools Connectivity
Status: Failed: see logs for details
Reason for failure: An error occurred for a dependency of the feature causing the setup process for the feature to fail.
Next Step: Use the following information to resolve the error, and then try the setup process again.
Component name: Microsoft Visual Studio 2010 Redistributables
Component error code: 997
Component log file: C:\Program Files\Microsoft SQL Server\120\Setup Bootstrap\Log\20150205_151618\VC10Redist_Cpu64_1.log
Error description: Error 997.Overlapped I/O operation is in progress.
Error help link: http://go.microsoft.com/fwlink?LinkId=20476&ProdName=Microsoft+SQL+Server&EvtSrc=setup.rll&EvtID=50000&ProdVer=12.0.2000.8&EvtType=vc_red.msi%40ProcessComponents%40997
Partial detail from component log file:
MSI (s) (D8:3C) [15:18:29:173]: Resolving source.
MSI (s) (D8:3C) [15:18:29:173]: Resolving source to launched-from source.
MSI (s) (D8:3C) [15:18:29:173]: Setting launched-from source as last-used.
MSI (s) (D8:3C) [15:18:29:188]: PROPERTY CHANGE: Adding SourceDir property. Its value is 'C:\Users\zerhart\Downloads\SQLEXPRWT_x64_ENU\redist\VisualStudioShell\VC10SP1\x64\'.
MSI (s) (D8:3C) [15:18:29:188]: PROPERTY CHANGE: Adding SOURCEDIR property. Its value is 'C:\Users\zerhart\Downloads\SQLEXPRWT_x64_ENU\redist\VisualStudioShell\VC10SP1\x64\'.
MSI (s) (D8:3C) [15:18:29:188]: PROPERTY CHANGE: Adding SourcedirProduct property. Its value is '{1D8E6291-B0D5-35EC-8441-6616F567A0F7}'.
MSI (s) (D8:3C) [15:18:29:188]: SOURCEDIR ==> C:\Users\zerhart\Downloads\SQLEXPRWT_x64_ENU\redist\VisualStudioShell\VC10SP1\x64\
MSI (s) (D8:3C) [15:18:29:188]: SOURCEDIR product ==> {1D8E6291-B0D5-35EC-8441-6616F567A0F7}
MSI (s) (D8:3C) [15:18:29:188]: SECREPAIR: A general error running CryptAcquireContext
MSI (s) (D8:3C) [15:18:29:188]: Determining source type
MSI (s) (D8:3C) [15:18:29:188]: Source type from package 'VC_RED.MSI': 2
MSI (s) (D8:3C) [15:18:29:188]: SECREPAIR: Hash Database: C:\Windows\Installer\SourceHash{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
MSI (s) (D8:3C) [15:18:29:188]: SECREPAIR: SourceHash database file already exists. Deleting it.
MSI (s) (D8:3C) [15:18:29:204]: Note: 1: 2262 2: SourceHash 3: -2147287038
MSI (s) (D8:3C) [15:18:29:235]: SECREPAIR: New Hash Database creation complete.
MSI (s) (D8:3C) [15:18:29:235]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (D8:3C) [15:18:29:235]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (D8:3C) [15:18:29:235]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (D8:3C) [15:18:29:235]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (D8:3C) [15:18:29:235]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (D8:3C) [15:18:29:235]: SECREPAIR: Crypt Provider not initialized. Error:0
MSI (s) (D8:3C) [15:18:29:235]: SECREPAIR: Crypt Provider not initialized. Error:997
MSI (s) (D8:3C) [15:18:29:235]: SECUREREPAIR: Failed to CreateContentHash of the file: install.res.1040.dll: for computing its hash. Error: 997
MSI (s) (D8:3C) [15:18:29:235]: SECREPAIR: Failed to create hash for the install source files
MSI (s) (D8:3C) [15:18:29:235]: SECUREREPAIR: SecureRepair Failed. Error code: 3e561F257D8
Action start 15:18:29: ProcessComponents.
MSI (s) (D8:3C) [15:19:28:843]:
Error 997.Overlapped I/O operation is in progress.Alberto,
Thanks for your help. Unfortunately, I've already tried that. I did try it again and I get an "This update is not applicable to your computer."
I tried to post the Windows Update log, but it was too large. I've posted some of it below.
Here is the WU log:
2015-02-06 11:24:25:793
5048 50
Misc =========== Logging initialized (build: 7.9.9600.17489, tz: -0500) ===========
2015-02-06 11:24:25:793
5048 50
Misc = Process: C:\Windows\system32\wusa.exe
2015-02-06 11:24:25:793
5048 50
Misc = Module: C:\Windows\System32\wuapi.dll
2015-02-06 11:24:25:793
5048 50
COMAPI ----------- COMAPI: IUpdateServiceManager::AddScanPackageService -----------
2015-02-06 11:24:25:793
5048 50
COMAPI - ServiceName = Windows Update Standalone Installer
2015-02-06 11:24:25:793
5048 50
COMAPI - ScanFileLocation = C:\c5f288db3c43a7e4613232ca1a3c\wsusscan.cab
2015-02-06 11:24:25:808
920 111c
Misc =========== Logging initialized (build: 7.9.9600.17489, tz: -0500) ===========
2015-02-06 11:24:25:808
920 111c
Misc = Process: C:\Windows\system32\svchost.exe
2015-02-06 11:24:25:808
920 111c
Misc = Module: c:\windows\system32\wuaueng.dll
2015-02-06 11:24:25:808
920 111c
Service *************
2015-02-06 11:24:25:808
920 111c
Service ** START ** Service: Service startup
2015-02-06 11:24:25:808
920 111c
Service *********
2015-02-06 11:24:25:824
920 111c
IdleTmr Non-AoAc machine. Aoac operations will be ignored.
2015-02-06 11:24:25:824
920 111c
Agent * WU client version 7.9.9600.17489
2015-02-06 11:24:25:824
920 111c
Agent WARNING: SleepStudyTracker: Machine is non-AOAC. Sleep study tracker disabled.
2015-02-06 11:24:25:824
920 111c
Agent * Base directory: C:\Windows\SoftwareDistribution
2015-02-06 11:24:25:824
920 111c
Agent * Access type: No proxy
2015-02-06 11:24:25:824
920 111c
Service UpdateNetworkState Ipv6, cNetworkInterfaces = 12.
2015-02-06 11:24:25:824
920 111c
Service UpdateNetworkState Ipv4, cNetworkInterfaces = 4.
2015-02-06 11:24:25:824
920 111c
Agent * Network state: Connected
2015-02-06 11:24:25:824
920 111c
Service UpdateNetworkState Ipv6, cNetworkInterfaces = 12.
2015-02-06 11:24:25:824
920 111c
Service UpdateNetworkState Ipv4, cNetworkInterfaces = 4.
2015-02-06 11:24:25:855
920 b64
Misc WARNING: Network Cost is assumed to be not supported as something failed with trying to get handles to wcmapi.dll
2015-02-06 11:24:25:855
920 111c
Agent *********** Agent: Initializing global settings cache ***********
2015-02-06 11:24:25:887
920 111c
Agent * Endpoint Provider: 00000000-0000-0000-0000-000000000000
2015-02-06 11:24:25:887
920 111c
Agent * WSUS server: <NULL>
2015-02-06 11:24:25:887
920 111c
Agent * WSUS status server: <NULL>
2015-02-06 11:24:25:887
920 111c
Agent * Target group: (Unassigned Computers)
2015-02-06 11:24:25:887
920 111c
Agent * Windows Update access disabled: No
2015-02-06 11:24:25:902
920 b64
WuTask WuTaskManager delay initialize completed successfully..
2015-02-06 11:24:25:902
920 b64
AU Timer: 31DA7559-FE27-4810-8FF6-987195B1FD98, Expires 2015-02-07 08:14:01, not idle-only, not network-only
2015-02-06 11:24:25:902
920 b64
AU Timer: CF1ABEC6-7887-4964-BB93-B2E21B31CEC1, Expires 2015-02-06 19:30:54, not idle-only, not network-only
2015-02-06 11:24:25:902
920 b64
AU Timer: 29A863E7-8609-4D1E-B7CD-5668F857F1DB, Expires 2015-02-06 19:30:54, not idle-only, not network-only
2015-02-06 11:24:25:902
920 b64
Report WARNING: CSerializationHelper:: InitSerialize failed : 0x80070002
2015-02-06 11:24:25:902
920 b64
Report CWERReporter::Init succeeded
2015-02-06 11:24:25:902
920 b64
Agent *********** Agent: Initializing Windows Update Agent ***********
2015-02-06 11:24:25:902
920 b64
DnldMgr Download manager restoring 0 downloads
2015-02-06 11:24:25:902
920 111c
AU ########### AU: Initializing Automatic Updates ###########
2015-02-06 11:24:25:902
920 111c
AU AIR Mode is disabled
2015-02-06 11:24:25:902
920 111c
AU # Approval type: Scheduled (User preference)
2015-02-06 11:24:25:902
920 111c
AU # Auto-install minor updates: Yes (User preference)
2015-02-06 11:24:25:902
920 111c
AU # Will interact with non-admins (Non-admins are elevated (User preference))
2015-02-06 11:24:25:902
920 111c
Misc WARNING: IsSessionRemote: WinStationQueryInformationW(WTSIsRemoteSession) failed for session 2, GetLastError=2250
2015-02-06 11:24:25:918
920 111c
AU WARNING: Failed to get Wu Exemption info from NLM, assuming not exempt, error = 0x80240037
2015-02-06 11:24:25:918
920 111c
AU WARNING: Failed to get Network Cost info from NLM, assuming network is NOT metered, error = 0x80240037
2015-02-06 11:24:25:918
920 111c
AU AU finished delayed initialization
2015-02-06 11:24:25:933
920 111c
AU WARNING: Failed to get Network Cost info from NLM, assuming network is NOT metered, error = 0x80240037
2015-02-06 11:24:25:933
920 111c
AU WARNING: Failed to get Network Cost info from NLM, assuming network is NOT metered, error = 0x80240037
2015-02-06 11:24:25:933
920 b64
Misc Validating signature for C:\Windows\SoftwareDistribution\ScanFile\a487aa0f-3e53-4fee-a784-6171b00254e4\Source.cab with dwProvFlags 0x00000080:
2015-02-06 11:24:25:933
920 111c
AU Adding timer:
2015-02-06 11:24:25:933
920 111c
AU Timer: 31DA7559-FE27-4810-8FF6-987195B1FD98, Expires 2015-02-07 08:14:01, not idle-only, not network-only
2015-02-06 11:24:25:949
920 af0
DnldMgr Asking handlers to reconcile their sandboxes
2015-02-06 11:24:25:949
920 b64
Misc Microsoft signed: Yes
2015-02-06 11:24:26:154
920 b64
DtaStor Default service for AU is {7971F918-A847-4430-9279-4A52D1EFE18D}
2015-02-06 11:24:26:154
920 b64
IdleTmr Incremented idle timer priority operation counter to 1
2015-02-06 11:24:26:154
5048 50
COMAPI - Added scan package service, ServiceID = {A487AA0F-3E53-4FEE-A784-6171B00254E4} Third party service
2015-02-06 11:24:26:154
5048 50
COMAPI -------------
2015-02-06 11:24:26:154
5048 50
COMAPI -- START -- COMAPI: Init Search [ClientId = wusa]
2015-02-06 11:24:26:154
5048 50
COMAPI ---------
2015-02-06 11:24:26:154
5048 50
COMAPI -------------
2015-02-06 11:24:26:154
5048 50
COMAPI -- START -- COMAPI: Search [ClientId = wusa]
2015-02-06 11:24:26:154
5048 50
COMAPI ---------
2015-02-06 11:24:26:169
920 b64
IdleTmr WU operation (CSearchCall::Init ID 1) started; operation # 17; does use network; is not at background priority
2015-02-06 11:24:26:169
920 b64
IdleTmr Incremented idle timer priority operation counter to 2
2015-02-06 11:24:26:341
920 b64
Report *********** Report: Initializing static reporting data ***********
2015-02-06 11:24:26:341
920 b64
Report * OS Version = 6.3.9600.0.0.131344
2015-02-06 11:24:26:341
920 b64
Report * OS Product Type = 0x00000021
2015-02-06 11:24:26:357
920 b64
Report * Computer Brand = PowerSpec
2015-02-06 11:24:26:357
920 b64
Report * Computer Model = S Series
2015-02-06 11:24:26:357
920 b64
Report * Platform Role = 1
2015-02-06 11:24:26:357
920 b64
Report * AlwaysOn/AlwaysConnected (AOAC) = 0
2015-02-06 11:24:26:357
920 b64
Report * Bios Revision = 1.1a
2015-02-06 11:24:26:357
920 b64
Report * Bios Name = 1.1a
2015-02-06 11:24:26:357
920 b64
Report * Bios Release Date = 2013-08-20T00:00:00
2015-02-06 11:24:26:357
920 b64
Report * Bios Sku Number = S Series
2015-02-06 11:24:26:357
920 b64
Report * Bios Vendor = American Megatrends Inc.
2015-02-06 11:24:26:357
920 b64
Report * Bios Family = Server
2015-02-06 11:24:26:357
920 b64
Report * Bios Major Release = 4
2015-02-06 11:24:26:357
920 b64
Report * Bios Minor Release = 6
2015-02-06 11:24:26:357
920 b64
Report * Locale ID = 1033
2015-02-06 11:24:26:357
920 b64
Handler Calculating current update level for this session
[ Omitted data ]
http://support.microsoft.com/?kbid=3000850, timestamp 01d039c57a22c0be
2015-02-06 11:24:28:388
920 b64
Handler Done calculating current update level for this session
2015-02-06 11:24:28:982
920 b64
Agent *** START *** Queueing Finding updates [CallerId = wusa Id = 1]
2015-02-06 11:24:28:982
5048 50
COMAPI <<-- SUBMITTED -- COMAPI: Search [ClientId = wusa]
2015-02-06 11:24:28:982
920 11f4
Agent *** END *** Queueing Finding updates [CallerId = wusa Id = 1]
2015-02-06 11:24:28:982
920 11f4
Agent *************
2015-02-06 11:24:28:982
920 11f4
Agent ** START ** Agent: Finding updates [CallerId = wusa Id = 1]
2015-02-06 11:24:28:982
920 11f4
Agent *********
2015-02-06 11:24:28:982
920 11f4
Agent * Online = Yes; Ignore download priority = No
2015-02-06 11:24:28:982
920 11f4
Agent * Criteria = "DeploymentAction='Installation'"
2015-02-06 11:24:28:982
920 11f4
Agent * ServiceID = {A487AA0F-3E53-4FEE-A784-6171B00254E4} Third party service
2015-02-06 11:24:28:982
920 11f4
Agent * Search Scope = {Machine}
2015-02-06 11:24:28:982
920 11f4
Agent * Caller SID for Applicability: S-1-5-21-3157695610-3447843402-2534478823-500
2015-02-06 11:24:28:982
920 11f4
Agent * RegisterService is set
2015-02-06 11:24:29:185
920 11f4
PT +++++++++++ PT: Synchronizing server updates +++++++++++
2015-02-06 11:24:29:185
920 11f4
PT + Offline serviceId = {A487AA0F-3E53-4FEE-A784-6171B00254E4}
2015-02-06 11:24:29:185
920 11f4
PT WARNING: Cached cookie has expired or new PID is available
2015-02-06 11:24:29:185
920 11f4
Agent Reading cached app categories using lifetime 604800 seconds
2015-02-06 11:24:29:185
920 11f4
Agent Read 0 cached app categories
2015-02-06 11:24:29:185
920 11f4
Agent SyncUpdates adding 0 visited app categories
2015-02-06 11:24:29:294
920 11f4
Agent Reading cached app categories using lifetime 604800 seconds
2015-02-06 11:24:29:294
920 11f4
Agent Read 0 cached app categories
2015-02-06 11:24:29:294
920 11f4
Agent SyncUpdates adding 0 visited app categories
2015-02-06 11:24:29:357
920 11f4
Agent Reading cached app categories using lifetime 604800 seconds
2015-02-06 11:24:29:357
920 11f4
Agent Read 0 cached app categories
2015-02-06 11:24:29:357
920 11f4
Agent SyncUpdates adding 0 visited app categories
2015-02-06 11:24:29:638
920 11f4
Agent Reading cached app categories using lifetime 604800 seconds
2015-02-06 11:24:29:638
920 11f4
Agent Read 0 cached app categories
2015-02-06 11:24:29:638
920 11f4
Agent SyncUpdates adding 0 visited app categories
2015-02-06 11:24:30:013
920 11f4
Agent Reading cached app categories using lifetime 604800 seconds
2015-02-06 11:24:30:013
920 11f4
Agent Read 0 cached app categories
2015-02-06 11:24:30:013
920 11f4
Agent SyncUpdates adding 0 visited app categories
2015-02-06 11:24:30:044
920 11f4
Agent Reading cached app categories using lifetime 604800 seconds
2015-02-06 11:24:30:044
920 11f4
Agent Read 0 cached app categories
2015-02-06 11:24:30:044
920 11f4
Agent SyncUpdates adding 0 visited app categories
2015-02-06 11:24:30:044
920 11f4
PT + SyncUpdates round trips: 5
2015-02-06 11:24:30:076
920 11f4
PT +++++++++++ PT: Synchronizing extended update info +++++++++++
2015-02-06 11:24:30:076
920 11f4
PT + Offline serviceId = {A487AA0F-3E53-4FEE-A784-6171B00254E4}
2015-02-06 11:24:30:138
920 11f4
Agent * Found 0 updates and 54 categories in search; evaluated appl. rules of 126 out of 284 deployed entities
2015-02-06 11:24:30:138
920 11f4
Agent *********
2015-02-06 11:24:30:138
920 11f4
Agent ** END ** Agent: Finding updates [CallerId = wusa Id = 1]
2015-02-06 11:24:30:138
920 11f4
Agent *************
2015-02-06 11:24:30:138
920 11f4
IdleTmr WU operation (CSearchCall::Init ID 1, operation # 17) stopped; does use network; is not at background priority
2015-02-06 11:24:30:138
920 11f4
IdleTmr Decremented idle timer priority operation counter to 1
2015-02-06 11:24:30:154
5048 1428
COMAPI >>-- RESUMED -- COMAPI: Search [ClientId = wusa]
2015-02-06 11:24:30:154
5048 1428
COMAPI - Updates found = 0
2015-02-06 11:24:30:154
5048 1428
COMAPI ---------
2015-02-06 11:24:30:154
5048 1428
COMAPI -- END -- COMAPI: Search [ClientId = wusa]
2015-02-06 11:24:30:154
5048 1428
COMAPI ------------- -
[Forum FAQ] Introduce Backup in Windows Server 2012 R2 Essentials
Windows Server 2012 R2 Essentials provides reliable ways to perform regular backups of your server and backups of your network computers.
1. Server Backup
Description:
Backs up your server running Windows Server Essentials. The data is backed up to an external USB drive. You can also perform full system restore of server.
Operations:
On Dashboard, please select DEVICES and then navigate to the server which you need to backup. Right click the server and select Set up backup. When set up complete, you will be able to
Start a backup for the server. (Figure 1)
Figure 1
More information:
Manage server backup in Windows Server Essentials
Restore or repair your server running Windows Server Essentials3. Microsoft Azure Backup
Descriptions:
Performs an online backup of files or folders on your server. When you use Azure Backup to back up server data, the information is encrypted by using your passphrase before it is uploaded to a secure datacenter on the Internet.
Operations:
1) Open Dashboard and follow the path: HOME-> Get Started-> ADD-INS-> Integrate with Windows Azure Backup. Then as Figure 3 shows, you need to “Click to sign up for Windows Azure Backup” and “Click to download Windows Azure
Backup integration module”.
Figure 3
Please note: when you click to download, you may encounter the issue as Figure 4 shows. If so, please follow the path:
Tools-> Internet Options-> Security->
Trusted sites-> Add this website to the zone and add
http://downlaod.microsoft.com,
https://activedirectory.windowsazure.com in Trusted sites in IE. (Please uncheck
Require server verification (https:) for all sites in this zone). Then please check if you can download as normal.
Figure 4
2) After you download the OnlineBackupAddin, please run it. Then begin to install the add-in. (if any issue occurs in your installation of add-in, please navigate to C:\PrgramData\Microsoft\Windows Server\Logs folder and check
InstallAddin log file if you can find some clues.)
3) During your installation, KB 2873390 may be required. Please download the update package and run it. Then Windows Azure Backup Agent Upgrade Wizard appeared. Please follow it and complete as Figure 5
and Figure 6 show.
Figure 5
Figure 6
4) Then please re-open Dashboard, you will find ONLINE BACKUP option. (Figure 7) There will be three steps that you need to do: (i)
Upload a certificate. (ii) Register your server.
(iii) Configure backup settings.
Figure 7
(i). Upload a certificate. (In this example, we use the second option: Upload certificate to Windows Azure Backup vault)
Please logon Windows Azure, select RECOVERY SERVICES and click
NEW. Follow the path: RECOVERY SERVICES-> BACKUP VAULT->
QUICK CREATE. Please type NAME and select
REGION, then click CREATE VAULT. When create completes, please click the name of this new recovery service that you create. As Figure 8 shows. Then select Manage Certificate to add or update the certificate file (.cer) that contains
a public key for the vault. The certificate is used to register servers with the vault.
Figure 8
(ii). Register your server
On Dashboard, navigate to Online Backup and click Register. (Figure 9)
Figure 9
Then it will check the certificate. And then you need to set a passphrase to secure your data. (Figure 10)
Figure 10
When you set passphrase complete, please click Next to continue. When register successfully. You will see Figure 11.
Figure 11
(iii). Configure backup settings
When register completes, please click Configure Online Backup. Then you can follow the Configure Online Backup wizard to configure online backup (add folders), specify the backup schedule, specify the backup retention policy and choose bandwidth usage. The
all process will be shown in Figure 12-16.
Figure 12
Figure 13
Figure 14
Figure 15
Figure 16
After all configurations complete, you will be able to see that the server integrates with Windows Azure Backup. (Figure 17)
Figure 17
On the Dashboard in server essentials, you will be able to start backup online. (Figure 18)
Figure 18
After backup online, you will see the protected data as Figure 19 and Figure 20 show in Dashboard and Windows Azure.
Figure 19
Figure 20
More information:
Manage Online Backup in Windows Server Essentials -
How to apply hotfix 3000847 to Windows Server 2012 & BizTalk Server 2013 R2
Hi
I have a environment get the same issue as:
http://support.microsoft.com/en-us/kb/3000847. But this hotfix can't be used in my environment.
The environment information:
We are using Windows Server 2012 Standard, BizTalk Server 2013 R2 Enterprise Edition. And the Version of Microsoft Enterprise Single Sign-On is 9.0.2096. It's the same as the article.
Here is the article content:
Prerequisites
To apply this hotfix, you must have Enterprise Single Sign-On V5 (9.0.2096) installed.
Best regards,
Glen Qu (Fareast\v-zuqu)Have you tried installing it? Are you getting any error?
Ideally you should not face any issue while installing this hotfix.
Pre-requisites-
1) User account should be member BizTalk Server Administrators Group and have SydAdmin privileges on SQL Server
2) Stop all the host instances
3) Stop SQL Agent
4) Stop App Pools if any webservices is posting messages in BizTalk
Please refer the below article Information about BizTalk hotfixes and Cumulative Update support(Uninstall and rollback if required).
http://support.microsoft.com/kb/2003907
Thanks,
Prashant
Please mark this post accordingly if it answers your query or is helpful. -
Windows deployment services in windows server 2012 : operating system not found
Hello,
In order of learning WDS in Windows Server 2012, I created a simple test environment composed of :
A Domain controler running WS 2K12 and hosting both DHCP and WDS services. (with the option of not listening port 67 checked while installing WDS)
A test computer, with no operating system
I also added a Windows Server 2012 Standard WIM file and added also (located in [DVD]\sources\install.wim), boot file image (located in [DVD]\sources\boot.wim)
But now, when i start the client, it gives the following error:
While i don't find any reliable solution on Internet, Im looking for your help if ever, anyone faced this problem and found a solution for it or not
Thanks in advance!
Lotfi BOUCHERITI find it strange that client and server IP are the same. Is there any sort of DHCP relay agent running on your WDS server ?
-
Learning Windows server 2012 R2 & 2012 core
Hi,
How do i configure a fast and standard solution with 1domain (Windows
Server 2012 R2) and 1subdomain(Windows Server 2012 Core) implemented with a webserver and security for dns?
ThxHi
Maybe this can help,
Nslookup test:
cmd => nslookup => set type=mx => host.net.
Organizational unit:.be
Active directory users and computers openen => rmb op domeinnaam => new => organtizational unit aanmaken => Protection uitvinken
Computer Manueel toevoegen aan domein:
1)DNS veranderen naar 192.168.1.1 van het domein zelf
2)Add-Computer -domainname host -cred administrator@host -passthru -verbose
GPO voor chrome installeren:
1)Group policy management => in OU PC's => new policy aanmaken
2)rmb policy en klik edit
3)onder computer => software => new package => pad ingeven waar je msi bestand hebt gezet van chrome => \\S1\netlogon\msi\chrome.msi
4)client heropstarten en aanmelden met domeingebruiker => powershell => Restart-Computer
5)mapje waar MSI in zit => security => domain controller (user) toevoegen met volledig beheer
GPO voor browser block chrome:
3)block listed urls..
4)op client gpupdate
Failed login events:
1)Group policy instellen op OU Servers: Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\ ==> Failed logins aanzetten
2)gpupdate /force
1)powershell
2)get-windowsfeature => install-windowsfeature SMTP-Server
3)Internet information services => S1 => Domain RMB => properties => Acces tab => Relay => Add => Group computers => IP: 192.168.1.1 subnet 255.255.255.0 => Ok => ok
3b)Eens afmelden en aanmelden met fout wachtwoord zodat er een log geschreven wordt met audit failure in de security log van event viewer
4)Eventviewer security log => op failed audit log RMB => attach => Geef andere naam => next => next start program => program: powershell.exe =>
open the propery dialog aanvinken
5)Run wheter user is logged in or not aanvinken => tabke conditions: start the task only if AC power afvinken! => ok => paswoord administrator ingeven
6)powershell: get-executionpolicy => resultaat moet remotesigned zijn => view tabke => script pane aanzetten =>
Script geven: $smtpServer = ìsmtp2.school.beî
$msg = New-Object Net.Mail.MailMessage
$smtp = New-Object Net.Mail.SmtpClient($smtpServer)
$msg.From = ì[email protected]î
$msg.ReplyTo = [email protected]î
$msg.To.Add([email protected]î)
$msg.subject = ìhacking attempt?î
$msg.body = ìlogin/pwd failure on S1.î
$smtp.Send($msg)
7)Script opslaan in mapje op C schijf => powershell cd naar mapje met script => ls commandoTo configure the time source for the forest
8)Task scheduler openen => naar event viewer tasks => login => rmb properties => actions => powershell.exe edit => add arguments: -command "C:\Script\login.ps1" => ok => password admin ingeven
9)Testen
*Op welke manier kan je je MX records controleren met NSLOOKUP
cmd => nslookup => set type=mx => host.net.
*Commando powershell om Client toe te voegen aan het domein:
Add-Computer -domainname host -cred administrator@host -passthru -verbose
Best practice analyzer:
1)Server manager => klik op dns en op ADDS => Scroll naar onder tot bij BPA => Task start scan => bekijk resultaten:
Vraagje: Welke suggesties zou je kunnen oplossen:
DNS server should have scavenging enabled
De PDC emulator master moet geconfigureerd worden
1)To configure a domain controller in the parent domain as a reliable time source
*W32tm /config /reliable:yes /update
2)To configure the time source for the forest
*w32tm /config /computer:s1.host.net /manualpeerlist:ntp.belnet.be /syncfromflags:manual /update
Tijd moet gelijk zijn van S1 en S2!!
Corefig opstarten in powershell:
1)cd C:\corefig
2)execution policy aanpassen: Set-ExecutionPolicy bypass
3).\corefig.ps1
4)naam veranderen in corefig
Commando om S2 toe te voegen aan het domein in de OU servers:
1)DNS instellen
Set-DnsClientServerAddress -InterfaceAlias "Ethernet" -ServerAddresses 192.168.1.1
2)Toevoegen aan OU servers
Add-Computer -domainname sdhost -cred administrator@host -OUPath "OU=Servers,OU=OU,DC=Host,DC=net"
Herstarten
OPPASSEN HIERMEE ALS S2 ZELF DC MOET WORDEN!
Voorzie je server van de DNS-rol via windows powershell:
1)Import-Module Servermanager
2)Get-WindowsFeature
2)Add-WindowsFeature "DNS" -restart
Remoteaccess:
S1 remote access geven voor administrators bij active directory
view => advanced features enablen
=> Remote management users => HOST\Administrator toevoegen met full rechten
=> Remote Desktop users => HOST\Administrator toevoegen met full rechten
Bekijk welke firewall regel op dit moment Remote Management nog blokkeert en laat
die communicatie toe:
1)Op S2 in powershell: Configure-SMRemoting.exe -enable
2)op S1 => Server manager => manage => add servers => S2 ingeven => ok
3)Active directory installeren op s2 via add roles (via S1)
4)S2 promoveren to domain controller
5)credentials van s1 gebruiken => naam subdomain 'premium'
6)DSRM passwoord: P0wnerken
7)PREMIUM
DNS instellen van s2 zelf
Set-DnsClientServerAddress -InterfaceAlias "Ethernet" -ServerAddresses 192.168.1.2
C2)DNS server instellen op S2 : 192.168.1.2
Toevoegen aan domein premium.host.net => inloggen met admin account van s2 domein
herstarten van C2
Maak†van†deze†tweede†server†nu†een†domeincontroller†voor†het†nieuwe†domein
ìpremiumî.†Daar†zijn†twee†werkwijzen†voor.†Zoek†deze†methodes†op†en†noteer†deze
summier†hieronder:
- Werken met DCPROMO.exe
- Werken met GUI vanop S1
Je†mag†zelf†kiezen†welke†methode†je†toepast.†Noteer†hier†wel†de†commandoís†die†je
toepast:
Werken met GUI: new existing domain to current forest => naam PREMIUM
Netwerkkaarten toevoegen:
VCLOUD => Niet customizen!!!
Firewall disablen S2:
netsh firewall set opmode disable
Op S1 => chrome => ip in url : https://192.168.1.150:446 => proceed => logingegevens:
naam: openfiler
pass: password
Services => CIFS / NFS => Enable => Start
manage volumes => 1GB volume => start cyl = 1, end cyl = 128 => ongeveer 1GB
Add volume group => NFS als naam en 1GB volume toevoegen => Add volume => naar onder scrollen:
Naam: NFS
Bestandssysteem: EXT4 kiezen
*Add new physical volume 10GB: MINSTENS 35 CYLINDERS TUSSENLATEN!!!!
Start cyl = 164, end cyl = 1469, is ongeveer 10GB
Volume groups => Nieuwe aanmaken met SMB als naam => Add volume => volume selecteren en toevoegen => naar uw smb volume group gaan
=> SMB volume kiezen => naam: SMB => MAX Geheugen => EXT4 bestandssysteem
1)Clocksettings zetten via ntp server: ntp.belnet.be (Moet gelijk zijn met domaincontroller waarin je hem toevoegd)
2)DNS zetten van S2
Hostname: of
Primary DNS: 192.168.1.2
Secondary DNS: 192.168.1.1
Gateway: 192.168.1.254
3)Accounts:
Expert view!
*Use windows domain controller and authentication aanvinken
Security Mode: Active directory
Domain / workgroup: PREMIUM
Domain controllers: s2.premium.VAhost.net
ADS realm: PREMIUM.HOST.NET
Join domain: aanvinken
Administrator username: Administrator
Administrator password: Azerty123
*Naar onder scrollen tot kerberos 5: Aanvinken
Realm: premium.host.net
KDC: s2.premium.host.net
Admin server: s2.premium.VAhost.net
Share aanmaken:
1)Shares => klikken op SMB / NFS => Nieuwe subfolder aanmaken: SMBshare / NFSshare
2)subfolder klikken => maak share => bij rechten naar beneden scrollen => Domain admins: PG & RW, Domain users: RO
3)Update
Systeem beveiliging:
1)system => Network access configuration => Nieuw netwerk toevoegen
Name: Sharenetwork
Network/host: 192.168.1.0
Netmask: 255.255.255.0
Type: Share
2)Update
Protocol aanzetten:
Shares => subfolder smbshared => Volledig vanonder scrollen => SMB/CIFS protocol op rw zetten
Connect to share met:
root
Azerty123
Connect Z-schijf met SMB share:
1)RMB op SMB share
2)Map network drive
3)Pad SMB share intypen
4)connecten met share account of finish 1)Private storage en manueel ip adres ingeven
Beveiliging backup:
1)Active directory van S1
2)OP s1 zelf volledig nieuwe OU: "TEMP Accounts" aanmaken => accidentally delete afzetten!!
3)2USers aanmaken die lid zijn van de groep ("member of") Guest
4)Op S1 => C schijf => nieuwe map map aanmaken en delen
5)Op advanced sharing van gedeelde map => Guest 1 Full control => Everyone alleen read rechten
6)Testen op client of je op Guest1 tekstbestand kan aanmaken en via Guest2 op die share map niet.
7)Als het werkt Guest1 verwijderen en bekijk sharing permissions op Guest1 map
*Wat stel je vast bij verwijderen Guest1 via active directory:
De guest account wordt vervangen door een ander account met een lange naam
die full control heeft over de map
8)Guest1 terug opnieuw aanmaken, wat stel je vast?
Guest1 heeft geen rechten meer over de map en de aangemaakte account blijft staan
Recycle BIN:
1)Open Active directory administrative center
2)Klik op uw domein links
3)Rechts => enable Recycle Bin
4)Verwijder Guest1 op AD
5)Guest1 komt te staan bij deleted users/objects op Recycle Bin
6)Mogelijkheid om te restoren
7)Delete OU Temp accounts => Lukt niet onmiddellijk => Omdat er nog objecten in zitten
*Zoek op welke technieken je kan toepassen om een backup te nemen van je Active Directory. Bekijk uiteraard ook welke 2 manieren
er zijn om een backup van je AD terug te plaatsen (Authoritative en non-authoritative):
-13.1.1 Authoritative Restore
Dit proces herstelt de AD na bc een wijziging die ongedaan gemaakt moet worden.
AD wordt hersteld vanaf de backup, de backup overschrijft dan alle andere DC's met eventuele nieuwere informatie.
-13.1.2 Non-Authoritative Restore
Terugzetten van gegevens van de backup. Nadien ontvangt de DC updates van andere DC's die gemaakt zijn sinds de backup.
Backup S1:
Eerst probleem openfiler oplossen:
1)openfiler opstarten vanuit vmcloud
2)cd /etc/samba
3)vim smb.conf (toevoegen: strict allocate = yes) => eerst i voor insert => opt einde escape => :wq voor opslaan
4)/etc/init.d/smb restart
Backup zelf
1)Install windows backup in server manager => add roles => features
2)Open windows backup
3)Action => backup once
4)Different options => Custom kiezen => System State backuppen
5)Remote disk kiezen
6)pad share: \\of\smb.smb.SMBshare
7)Als backup mislukt, de aangemaakte files door de backup manueel verwijderen en backup terug opnieuw proberen
!!!Als openfiler ineens verdwijnd van domein, moet je de tijd nakijken van beiden systemen (moeten gelijk zijn met max 5min verschil)
Restore backup (authoritatief ingesteld)
http://technet.microsoft.com/ru-ru/library/cc816878(v=ws.10).aspx
1)Herstart de domeincontroller in Directory Services Restore Mode Remotely
=> run => Msconfig.msc => stapkes staan in url: http://technet.microsoft.com/ru-ru/library/cc794729(v=ws.10).aspx
2)Restore uw ADDS van je backup a.d.h.v. een non-authoritatieve restore.
Dit zorgt ervoor dat de domeincontroller terug in de staat komt waarop de objecten die verwijderd zijn
er terug bijstaan.
http://technet.microsoft.com/ru-ru/library/cc794755(v=ws.10).aspx
in cmd:
=>wbadmin get versions -backuptarget:\\of\smb.smb.SMBshare
=>wbadmin start systemstaterecovery -version:12/03/2013-12:37 -backuptarget:\\of\smb.smb.SMBshare -quiet
3)Markeer objecten als authoritatief zodat ze niet worden overschreven bij het restoren door synchronisatiefouten
tussen de verschillende domeinen.
http://technet.microsoft.com/ru-ru/library/cc816813(v=ws.10).aspx <== hieraan beginnen
=> open run => ntdsutil
=> activate instance ntds => enter
=> authoritative restore => enter
=> restore subtree "OU=Stagiairs,DC=Host,DC=net" => enter
=> quit => enter
=> Start terug op met de domaincontroller in normale modus dus dsrm opstartmode uitschakelen: Safe boot uitvinken
Nakijken of beide OU's Stagiairs en Guests er nog staan
(In dit geval is OU guests wel verwijderd doordat we maar 1 DC hebben dus de informatie
wordt niet gesynchroniseerd met een 2de DC)
- Debian Machine toevoegen:
Netwerkgegevens: NIC0 / Private management network / static - manual / IP = 192.168.1.3
Als Machine aangemaakt is, nieuwe netwerkkaart toevoegen:
NIC1 / Private storage network / static - manual / IP = 172.16.0.13
op Debian machine:
1)su - => enter => pass: Azerty123 => enter
2)commando: pico /etc/network/interfaces
Voeg volgende lijntjes toe aan het bestand
iface eth0 inet static
address 192.168.1.3
netmask 255.255.255.0
gateway 192.168.1.254
iface eth1 inet static
address 172.16.0.13
netmask 255.255.255.0
CTRL + O (opslaan) => CTRL + X (afsluiten)
3)pico /etc/resolv.conf
veranderd de bestaande lijntjes naar deze:
domain host.net
search host.net
nameserver 192.168.1.1
4)ifdown / ifup van eth0/eth1
IPV6 instellen:
Zelf gekozen ULA subnet:
fdac:1fff:b0b0 (tot dit gedeelte mag random gegenereerd worden vanaf 'fd')
Subnet 1: fdac:1fff:b0b0:4bd0:: /64
Subnet 2: fdac:1fff:b0b0:4bd1:: /64
/sbin/ip
Remote settings toewijzen voor domain users aan clients (en eventueel toevoegen aan domein als dit nog niet gebeurt is)
IPV6 instellen via Netwerkinstellingen (Default gateway openlaten)
NIC0 NIC1
S1: fdac:1fff:b0b0:4bd0::1 /64 fdac:1fff:b0b0:4bd1::11 /64
dns: ::1 dns: fdac:1fff:b0b0:4bd1::11
S2: fdac:1fff:b0b0:4bd0::2 /64 fdac:1fff:b0b0:4bd1::12 /64
(dns: ::1) (dns: fdac:1fff:b0b0:4bd1::12)
Openfiler: fdac:1fff:b0b0:4bd0::150 /64 fdac:1fff:b0b0:4bd1::1 /64
S3: fdac:1fff:b0b0:4bd0::3 /64 fdac:1fff:b0b0:4bd1::13 /64
C1: fdac:1fff:b0b0:4bd0::101 /64
dns: S1
C2: fdac:1fff:b0b0:4bd0::102 /64
dns: S2
Voor windows server core:
*powershell
netsh interface ipv6 add address "Ethernet" fdac:1fff:b0b0:4bd0::2
netsh interface ipv6 add address "Ethernet 2" fdac:1fff:b0b0:4bd1::12
Voor linux: (zowel openfiler als debian)
VOOR DEBIAN 7 (alleen ifup commando gebruiken niet ifdown):
/sbin/ip -6 addr add fdac:1fff:b0b0:4bd0::3/64 dev eth0 (voor debian)
/sbin/ip -6 addr add fdac:1fff:b0b0:4bd1::13/64 dev eth1 (voor debian)
of statisch in /etc/network/interfaces:
iface eth0 inet6 static
address fdac:1fff:b0b0:4bd0::3
netmask 64
iface eth1 inet6 static
address fdac:1fff:b0b0:4bd1::13
netmask 64
pico /etc/resolv.conf => lijntjes toevoegen
=> domain host.net
=> search host.net
=> nameserver 192.168.1.1
=> nameserver fdac:1fff:b0b0:4bd0::1
VOOR OPENFILER eth0: vim /etc/sysconfig/network-scripts/ifcfg-eth0
=> IPV6_AUTOCONF=no
=> IPV6INIT=yes
=> Toevoegen: fdac:1fff:b0b0:4bd0::150/64
VOOR OPENFILER eth1: vim /etc/sysconfig/network-scripts/ifcfg-eth1
=> IPV6_AUTOCONF=no
=> IPV6INIT=yes
=> Toevoegen: fdac:1fff:b0b0:4bd1::1/64
~~ /sbin/ip -6 addr add fdac:1fff:b0b0:4bd0::150/64 dev eth0 (voor openfiler)
~~ /sbin/ip -6 addr add fdac:1fff:b0b0:4bd1::1/64 dev eth1 (voor openfiler)
Risico's gedeelde application pool:
-1 proces per application pool (=>zwaar proces dat veel resources nodig heeft)
(als dit proces vastloopt alle websites geimpacteerd)
-gebruikers kunnen in principe aan elkaars bestanden
1)IIS installeren op S2 via server manager op S1
2)Role services in setup, volledig vanonder => management service aanvinken (dit staat remote management toe)
3)Op S1 Web server zoeken en enkel van IIS de management console installeren zodat IIS van S2 beheerbaar is
4)Powershell op S2:
Invoke-command -ScriptBlock{Set-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\WebManagement\Server -Name EnableRemoteManagement -Value 1}
Invoke-command -ScriptBlock {Set-Service -name WMSVC -StartupType Automatic}
Invoke-command -ScriptBlock {Start-service WMSVC}
In IIS manager op S1 => Add connection => S2.premium.sdhost.net => account: administrator van S2
In IIS Manager => Sites => new Website, 2 website aanmaken
-'klant1.sdhost.net' Physical path => C:\inetpub\wwwroot\Klant1 => hostname = Klant1.host.net
-'klant2.sdhost.net' Physical path => C:\inetpub\wwwroot\Klant2 => hostname = Klant2.host.net
In DNS A-record toevoegen:
-hostname: www
-IP: 192.168.1.2
Voor toegang via IPv6 ook een AAAA-record toevoegen:
-hostname: www
-IP: fdac:1fff:b0b0:4bd0::2
Voor elke site ook een een CNAME-record aanmaken:
-Alias name: klant1, FQDN: www.host.net
-Alias name: klant2, FQDN: www.host.net
In deze standaardopstelling schuilen enkele risicoís. Geef twee risicoís die de huidige
configuratie (gedeelde application pool) met zich mee kan brengen:
- Als je een website hebt die zwaar CPU belastend is (zoals foto's herschalen) heeft dit ook effect op je andere websites
- Omdat je websites binnen dezelfde apppool zitten hebben ze eenzelfde identiteit en kun je geen aparte permissies opzetten.
GROUP MANAGEMENT SERVICE ACCOUNT:
New-ADServiceAccount IISPool1 -DNSHostName s1.amhost.net -PrincipalsAllowedToRetrieveManagedPassword Administrator -KerberosEncryptionType RC4, AES128, AES256
Install-ADServiceAccount IISPool1
Maybe you can do this tutorial to, it is a tuto for learning DFS & DNSSEC..
Wat betekent de optie “dnssecok”
-> Deze optie stelt de dnssecOK bit in voor deze query
-> Dit verteld de server that de client dnssec verstaat en dat deze server hiervan gebruik kan maken met deze client
Krijg je een bevestiging dat dit een secure antwoord is? (RRSIG)
-> Neen want de zone is nog niet gesigneerd
Controleer of de client C1 ingesteld is om secure responses af te dwingen bij zijn DNS
caching server: get-dnsclientnrptpolicy. Resultaat?
-> Het resultaat is niks, vermoedelijk omdat er geen instellingen zijn hiervoor
Probeer opnieuw een request op C1 voor S1 met ResolveDNSName. Is het signeren
van de zone voldoende om secure antwoorden te krijgen op de client?
-> Er komt opnieuw geen RSIG record dus dit is niet voldoende
Om secure DNS responses op de client voor het domein securezone.lab af te dwingen
wordt in het domein Host.net een GPO ingesteld. (nieuwe GPO voor hele domein).
zoek op en stel deze GPO in voor responses van securezone.lab.
-> default domain policy -> Edit => -> Computer Configuration > Policies > Windows Settings > Name Resolution Policy.
"In the details pane, under Create Rules and To which part of the namespace does this rule apply, choose Suffix from the drop-down list and type sec.contoso.com next to Suffix."
"On the DNSSEC tab, select the Enable DNSSEC in this rule checkbox and then under Validation select the Require DNS clients to check that name and address data has been validated by the DNS server checkbox."
"In the bottom right corner, click Create and then verify that a rule for sec.contoso.com was added under Name Resolution Policy Table."
=> GPupdate /force uitvoeren
=> Dan kan de policy bekeken worden
Je zorgt er uiteraard ook voor dat deze policy toegepast werd op de client (C1) en controleer dit opnieuw met get-dnsclientnrptpolicy.
=> GPupdate /force
=> get-dnsclientnrptpolicy => levert hetzelfde resultaat als op de server
Opnieuw: ResolveDnsName s1.securezone.lab server S1 dnssecok Wat krijg je als antwoord te zien? Wat is de oorzaak?
(Distribueer) Kopieer de trust achor data van de secure.lab zone op S2 naar S1 en importeer die op de DNS van S1 als trusted anchor. (keysetsecurezone.lab)
http://technet.microsoft.com/en-us/library/hh831411.aspx
opnieuw: ResolveDnsName s1.securezone.lab server S1 dnssecok Krijg je nu een (beveiligd antwoord)?
->Ik krijg nu een beveiligd antwoord van de DNS server gesigneerd door securezone.lab met geldigheidstermijn
p23 Distributed File System
Installeer op beide server de “file services role”.
-> Add roles and features
-> File services
-> DFS
Maak een namespace aan (DOCUMENTATION) in je domein hOst.net. Stel de sharepermissions zo in dat de groep ‘auteurs’ schrijfrechten heeft. gewone gebruikers
mogen enkel leesrechten hebben.
-> DFS manager
-> Namespaces => Add namespace
maak een folder aan in de namespace DOCUMENTATION met als naam PDF
-> Add folder
maak een tweede target aan voor de PDF folder
-> Add target to folder
stel replicatie in tussen de twee folder targets. De inhoud wordt vanaf nu dus gesynct.
-> Automatisch bij 2de target volg de wizard
Welke andere stappen zijn nodig om een volledig redundant DFS systeem op te zetten?
-> De folder moeten via DFS geschared staan
-> De replicatie moet ingesteld worden
maak een diagnostisch raport aan over hoe replicatie gebeurt, en corrigeer eventue vastgestelde problemen.
-> Rechtermuisknop op de replication object
-> Create diagnostic report
-> kies de reports
stel quota’s in. In de map PDF maak je een subfolder CATALOGS aan, maar zorg dat die niet groter dan 10MB kan worden. Stel hiervoor een harde limiet in.
-> install FSRM bij file services
-> klik quotas => add quota => kies het bestand
-> nieuwe quota => 10mb hard aanvinken
-> save
http://technet.microsoft.com/en-us/library/cc875787(v=ws.10).aspx
omdat we willen vermijden dat de volledige bandbreedte ingenomen wordt door DFS,beperken we de replication speed tot 2MBps.
-> Klik op de replication -> rechterkolom kies vor edit replication group
-> Stel de 2MBps in -
ASA and RADUIS on Windows server 2012
hi i have ASA5505 i want to get the Authentication from Raduis Server using NPS on windows Server 2012 i test the Raduis Server over "Kerio Control VMware Virtual Appliance" its work Perfect for testing my Setting on Raduis but with the ASA5505 i get this message "Error authentication rejected aaa failure"
Running Config
: Saved
ASA Version 9.1(3)
hostname NazcoFW
domain-name default.domain.invalid
enable password XgEKS9WizHnI9IUJ encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd XgEKS9WizHnI9IUJ encrypted
names
interface Ethernet0/0
switchport access vlan 22
interface Ethernet0/1
interface Ethernet0/2
switchport access vlan 12
interface Ethernet0/3
interface Ethernet0/4
shutdown
interface Ethernet0/5
shutdown
interface Ethernet0/6
shutdown
interface Ethernet0/7
switchport access vlan 32
shutdown
interface Vlan1
nameif NAZCO
security-level 100
ddns update hostname OSI
dhcp client update dns server both
ip address 172.16.200.1 255.255.255.0
interface Vlan12
nameif outside4
security-level 0
ip address 172.16.4.254 255.255.255.0
interface Vlan22
nameif Outside20
security-level 0
ip address 172.16.20.254 255.255.255.0
boot system disk0:/asa913-k8.bin
ftp mode passive
dns domain-lookup NAZCO
dns server-group DefaultDNS
name-server 10.1.1.1
name-server 10.1.2.1
domain-name default.domain.invalid
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network HP5220
host 10.10.10.105
object network ak20
host 10.10.10.110
object network hp5520
host 192.168.2.105
object network HP7000
host 192.168.2.106
object network HP5520
host 192.168.2.105
object network ak04
host 10.10.10.110
object network HP400
host 192.168.2.107
object network out04
range 192.168.2.200 192.168.2.220
object network AK04
host 10.10.10.110
object network oooo
subnet 10.10.10.0 255.255.255.0
object network 444
host 10.10.10.110
object network OSITOINT
subnet 10.10.10.0 255.255.255.0
object-group network OSItoOUT04
network-object object out04
access-list outside20_access_in extended permit icmp any4 any4
pager lines 24
logging enable
logging asdm-buffer-size 512
logging trap informational
logging asdm informational
logging host NAZCO 10.10.10.10 17/6161
logging debug-trace
logging permit-hostdown
mtu NAZCO 1500
mtu Outside20 1500
mtu outside4 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-721.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (NAZCO,outside4) source dynamic any interface dns
nat (NAZCO,Outside20) source dynamic any interface dns
route Outside20 0.0.0.0 0.0.0.0 172.16.20.1 1
route outside4 0.0.0.0 0.0.0.0 172.16.4.1 11
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server Keefa-Raduis protocol radius
aaa-server Keefa-Raduis (NAZCO) host 172.16.200.10
key *****
radius-common-pw *****
user-identity default-domain LOCAL
aaa authentication enable console LOCAL
aaa authentication http console LOCAL
aaa authentication serial console LOCAL
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
http server enable
http 0.0.0.0 0.0.0.0 NAZCO
snmp-server host NAZCO 10.10.10.196 community ***** version 2c
no snmp-server location
no snmp-server contact
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown
snmp-server enable traps syslog
snmp-server enable traps ipsec start stop
snmp-server enable traps entity fru-insert
snmp-server enable traps remote-access session-threshold-exceeded
snmp-server enable traps connection-limit-reached
snmp-server enable traps cpu threshold rising
snmp-server enable traps ikev2 start stop
snmp-server enable traps nat packet-discard
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpoint _SmartCallHome_ServerCA
crl configure
crypto ca trustpool policy
crypto ca certificate chain _SmartCallHome_ServerCA
certificate ca 6ecc7aa5a7032009b8cebcf4e952d491
308205ec 308204d4 a0030201 0202106e cc7aa5a7 032009b8 cebcf4e9 52d49130
0d06092a 864886f7 0d010105 05003081 ca310b30 09060355 04061302 55533117
30150603 55040a13 0e566572 69536967 6e2c2049 6e632e31 1f301d06 0355040b
13165665 72695369 676e2054 72757374 204e6574 776f726b 313a3038 06035504
0b133128 63292032 30303620 56657269 5369676e 2c20496e 632e202d 20466f72
20617574 686f7269 7a656420 75736520 6f6e6c79 31453043 06035504 03133c56
65726953 69676e20 436c6173 73203320 5075626c 69632050 72696d61 72792043
65727469 66696361 74696f6e 20417574 686f7269 7479202d 20473530 1e170d31
30303230 38303030 3030305a 170d3230 30323037 32333539 35395a30 81b5310b
30090603 55040613 02555331 17301506 0355040a 130e5665 72695369 676e2c20
496e632e 311f301d 06035504 0b131656 65726953 69676e20 54727573 74204e65
74776f72 6b313b30 39060355 040b1332 5465726d 73206f66 20757365 20617420
68747470 733a2f2f 7777772e 76657269 7369676e 2e636f6d 2f727061 20286329
3130312f 302d0603 55040313 26566572 69536967 6e20436c 61737320 33205365
63757265 20536572 76657220 4341202d 20473330 82012230 0d06092a 864886f7
0d010101 05000382 010f0030 82010a02 82010100 b187841f c20c45f5 bcab2597
a7ada23e 9cbaf6c1 39b88bca c2ac56c6 e5bb658e 444f4dce 6fed094a d4af4e10
9c688b2e 957b899b 13cae234 34c1f35b f3497b62 83488174 d188786c 0253f9bc
7f432657 5833833b 330a17b0 d04e9124 ad867d64 12dc744a 34a11d0a ea961d0b
15fca34b 3bce6388 d0f82d0c 948610ca b69a3dca eb379c00 48358629 5078e845
63cd1941 4ff595ec 7b98d4c4 71b350be 28b38fa0 b9539cf5 ca2c23a9 fd1406e8
18b49ae8 3c6e81fd e4cd3536 b351d369 ec12ba56 6e6f9b57 c58b14e7 0ec79ced
4a546ac9 4dc5bf11 b1ae1c67 81cb4455 33997f24 9b3f5345 7f861af3 3cfa6d7f
81f5b84a d3f58537 1cb5a6d0 09e4187b 384efa0f 02030100 01a38201 df308201
db303406 082b0601 05050701 01042830 26302406 082b0601 05050730 01861868
7474703a 2f2f6f63 73702e76 65726973 69676e2e 636f6d30 12060355 1d130101
ff040830 060101ff 02010030 70060355 1d200469 30673065 060b6086 480186f8
45010717 03305630 2806082b 06010505 07020116 1c687474 70733a2f 2f777777
2e766572 69736967 6e2e636f 6d2f6370 73302a06 082b0601 05050702 02301e1a
1c687474 70733a2f 2f777777 2e766572 69736967 6e2e636f 6d2f7270 61303406
03551d1f 042d302b 3029a027 a0258623 68747470 3a2f2f63 726c2e76 65726973
69676e2e 636f6d2f 70636133 2d67352e 63726c30 0e060355 1d0f0101 ff040403
02010630 6d06082b 06010505 07010c04 61305fa1 5da05b30 59305730 55160969
6d616765 2f676966 3021301f 30070605 2b0e0302 1a04148f e5d31a86 ac8d8e6b
c3cf806a d448182c 7b192e30 25162368 7474703a 2f2f6c6f 676f2e76 65726973
69676e2e 636f6d2f 76736c6f 676f2e67 69663028 0603551d 11042130 1fa41d30
1b311930 17060355 04031310 56657269 5369676e 4d504b49 2d322d36 301d0603
551d0e04 1604140d 445c1653 44c1827e 1d20ab25 f40163d8 be79a530 1f060355
1d230418 30168014 7fd365a7 c2ddecbb f03009f3 4339fa02 af333133 300d0609
2a864886 f70d0101 05050003 82010100 0c8324ef ddc30cd9 589cfe36 b6eb8a80
4bd1a3f7 9df3cc53 ef829ea3 a1e697c1 589d756c e01d1b4c fad1c12d 05c0ea6e
b2227055 d9203340 3307c265 83fa8f43 379bea0e 9a6c70ee f69c803b d937f47a
6decd018 7d494aca 99c71928 a2bed877 24f78526 866d8705 404167d1 273aeddc
481d22cd 0b0b8bbc f4b17bfd b499a8e9 762ae11a 2d876e74 d388dd1e 22c6df16
b62b8214 0a945cf2 50ecafce ff62370d ad65d306 4153ed02 14c8b558 28a1ace0
5becb37f 954afb03 c8ad26db e6667812 4ad99f42 fbe198e6 42839b8f 8f6724e8
6119b5dd cdb50b26 058ec36e c4c875b8 46cfe218 065ea9ae a8819a47 16de0c28
6c2527b9 deb78458 c61f381e a4c4cb66
quit
telnet timeout 5
ssh scopy enable
ssh 172.16.200.0 255.255.255.0 NAZCO
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
management-access NAZCO
dhcp-client update dns server both
dhcpd dns
dhcpd update dns both
dhcpd address 172.16.200.20-172.16.200.89 NAZCO
dhcpd dns 172.16.20.1 172.16.4.1 interface NAZCO
dhcpd lease 1048575 interface NAZCO
dhcpd update dns both interface NAZCO
dhcpd enable NAZCO
threat-detection basic-threat
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
username admin password bZmVDHuxUzzxS3yz encrypted privilege 15
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
inspect icmp error
class class-default
user-statistics accounting
service-policy global_policy global
prompt hostname context
service call-home
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
hpm topN enable
Cryptochecksum:357b7c6f861e8aa9bb3a3674a789b39b
: end
asdm image disk0:/asdm-721.bin
no asdm history enableHi
Looks like the AAA configuration is set for local
aaa authentication enable console LOCAL
aaa authentication http console LOCAL
aaa authentication serial console LOCAL
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
Change it to Radius
aaa-server Keefa-Raduis protocol radius
aaa-server Keefa-Raduis (NAZCO) host 172.16.200.10
key *****
radius-common-pw *****
for example :
aaa authentication telnet console Keefa-Raduis LOCAL
Now when you will do telnet to using Radius credentials, Its Should work, If radius goes down you can use LOCAL username and password as fallback method.
Cheers!
Minakshi(Do rate the helpful post) -
Server Manager Error, Windows Server 2012 Standed
Windows
Server 2012 on my desktop
and I've been in it then
open Server Manager "ServerManager.exe - This application could not be started"
error this time. In it,
the option is YES and
NO. YES is open
to the side of .net.
Please help me as soon as possible.Hi,
Please check the event viewer to get more detailed error information about this issue.
You can also remotely access it from another server by adding this server in the server manager of the remote server, and try to access the roles and features from the remote server, and tackle the problem from there.
I hope this helps. -
We have a problem with one of our deployments of Windows Server 2012 Hyper-V with a 2 node cluster connected to a iSCSI SAN.
Our setup:
Hosts - Both run Windows Server 2012 Standard and are clustered.
HP ProLiant G7, 24 GB RAM, 2 teamed NIC dedicated to Virtual Machines and Management, 2 teamed NIC dedicated to iSCSI storage. - This is the primary host and normaly all VMs run on this host.
HP ProLiant G5, 20 GB RAM, 1 NIC dedicated to Virtual Machines and Management, 2 teamed NIC dedicated to iSCSI storage. - This is the secondary host that and is intended to be used in case of failure of the primary host.
We have no antivirus on the hosts and the scheduled ShadowCopy (previous version of files) is switched of.
iSCSI SAN:
QNAP NAS TS-869 Pro, 8 INTEL SSDSA2CW160G3 160 GB i a RAID 5 with a Host Spare. 2 Teamed NIC.
Switch:
DLINK DGS-1210-16 - Both the network cards of the Hosts that are dedicated to the Storage and the Storage itself are connected to the same switch and nothing else is connected to this switch.
Virtual Machines:
3 Windows Server 2012 Standard - 1 DC, 1 FileServer, 1 Application Server.
1 Windows Server 2008 Standard Exchange Server.
All VMs are using dynamic disks (as recommended by Microsoft).
Updates
We have applied the most resent updates to the Hosts, WMs and iSCSI SAN about 3 weeks ago with no change in our problem and we continually update the setup.
Normal operation
Normally this setup works just fine and we see no real difference in speed in startup, file copy and processing speed in LoB applications of this setup compared to a single host with 2 10000 RPM Disks. Normal network speed is 10-200 Mbit, but occasionally
we see speeds up to 400 Mbit/s of combined read/write for instance during file repair
Our Problem
Our problem is that for some reason all of the VMs stops responding or responds very slowly and you can for instance not send CTRL-ALT-DEL to a VM in the Hyper-V console, or for instance start task manager when already logged in.
Symptoms (i.e. this happens, or does not happen, at the same time)
I we look at resource monitor on the host then we see that there is often an extensive read from a VHDX of one of the VMs (40-60 Mbyte/s) and a combined write speed to many files in \HarddiskVolume5\System Volume Information\{<someguid and no file extension>}.
See iamge below.
The combined network speed to the iSCSI SAN is about 500-600 Mbit/s.
When this happens it is usually during and after a VSS ShadowCopy backup, but has also happens during hours where no backup should be running (i.e. during daytime when the backup has finished hours ago according to the log files). There is however
not that extensive writes to the backup file that is created on an external hard drive and this does not seem to happen during all backups (we have manually checked a few times, but it is hard to say since this error does not seem leave any traces in event
viewer).
We cannot find any indication that the VMs themself detect any problem and we see no increase of errors (for example storage related errors) in the eventlog inside the VMs.
The QNAP uses about 50% processing Power on all cores.
We see no dropped packets on the switch.
(I have split the image to save horizontal space).
Unable to recreate the problem / find definitive trigger
We have not succeeded in recreating the problem manually by, for instance, running chkdsk or defrag in VM and Hosts, copy and remove large files to VMs, running CPU and Disk intensive operations inside a VM (for instance scan and repair a database file).
Questions
Why does all VMs stop responding and why is there such intensive Read/Writes to the iSCSI SAN?
Could it be anything in our setup that cannot handle all the read/write requests? For instance the iSCSI SAN, the hosts, etc?
What can we do about this? Should we use MultiPath IO instead of NIC teaming to the SAN, limit bandwith to the SAN, etc?Hi,
> All VMs are using dynamic disks (as recommended by Microsoft).
If this is a testing environment, it’s okay, but if this a production environment, it’s not recommended. Fixed VHDs are recommended for production instead of dynamically expanding or differencing VHDs.
Hyper-V: Dynamic virtual hard disks are not recommended for virtual machines that run server workloads in a production environment
http://technet.microsoft.com/en-us/library/ee941151(v=WS.10).aspx
> This is the primary host and normaly all VMs run on this host.
According to your posting, we know that you have Cluster Shared Volumes in the Hyper-V cluster, but why not distribute your VMs into two Hyper-V hosts.
Use Cluster Shared Volumes in a Windows Server 2012 Failover Cluster
http://technet.microsoft.com/en-us/library/jj612868.aspx
> 2 teamed NIC dedicated to iSCSI storage.
Use Microsoft MultiPath IO (MPIO) to manage multiple paths to iSCSI storage. Microsoft does not support teaming on network adapters that are used to connect to iSCSI-based storage devices. (At least it’s not supported until Windows Server 2008 R2. Although
Windows Server 2012 has built-in network teaming feature, I don’t article which declare that Windows Server 2012 network teaming support iSCSI connection)
Understanding Requirements for Failover Clusters
http://technet.microsoft.com/en-us/library/cc771404.aspx
> I have seen using MPIO suggests using different subnets, is this a requirement for using MPIO
> or is this just a way to make sure that you do not run out of IP adressess?
What I found is: if it is possible, isolate the iSCSI and data networks that reside on the same switch infrastructure through the use of VLANs and separate subnets. Redundant network paths from the server to the storage system via MPIO will maximize availability
and performance. Of course you can set these two NICs in separate subnets, but I don’t think it is necessary.
> Why should it be better to not have dedicated wireing for iSCSI and Management?
It is recommended that the iSCSI SAN network be separated (logically or physically) from the data network workloads. This ‘best practice’ network configuration optimizes performance and reliability.
Check that and modify cluster configuration, monitor it and give us feedback for further troubleshooting.
For more information please refer to following MS articles:
Volume Shadow Copy Service
http://technet.microsoft.com/en-us/library/ee923636(WS.10).aspx
Support for Multipath I/O (MPIO)
http://technet.microsoft.com/en-us/library/cc770294.aspx
Deployments and Tests in an iSCSI SAN
http://technet.microsoft.com/en-US/library/bb649502(v=SQL.90).aspx
Hope this helps!
TechNet Subscriber Support
If you are
TechNet Subscription user and have any feedback on our support quality, please send your feedback
here.
Lawrence
TechNet Community Support
Maybe you are looking for
-
Print Preview Purchase Order with release strategy
Hi gurus, With release stratregy you can not print a PO before release through ME9F. The system will give error message 'No corrosponding document found'. However, you can print PO through 'Print Preview' by clicking on Print icon in ME22N, we need t
-
Visio 2007 saved as WEB page don't scale correctly in Internet Explorer 11
For many years I've been working With Visio 2007 files and saving them as web pages. My customers have then been using the HTML Versions in their versions of Internet Explorer. This has worked fine until IE 11. Now the scaling don't work as it used t
-
How can I EXCLUDE particular folders/files from being included in the Lightroom 5 catalog?
How can I EXCLUDE particular folders/files from being included in the Lightroom 5 catalog? I want to be able to specify paths and/or filename patterns that should NEVER be indexed in the catalog: not that they don't show up under certain circumstance
-
How can I split a document using separator sheets?
Hi there, as I use s SnapScan-Scanner which is not capable to split a heap of scanned documents at any separator shett in-between I want to create a (apple)script that doese this. Has anybody an idea how to get to the goal?
-
How to remove Path in Save As action?
I have some deifned actions in CS4. At one point I would like to save the file at a pre-defined quality. When I record that Save As part it also stores the path where to save the file to. I would like to remove that path. How can I do it?