RV220W RDP and WAN

Similar Messages

• CRL errors in RDP and others

  I've been trying for a couple of days now to troubleshoot revocation list errors in RDP and broken chain problems in VCenter server. I'm sure it's a misconfiguration on the enterprise subordinate CA, but I cannot find out where.
  I've read many other posts and solutions on this forum, but no resolve yet.
  We have an offline standalone Root CA running Windows Server 2012 R2 Standard, and a Domain joined subordinate CA.
  Creating the template and issuing the RDP certs works fine, but upon connection we get a
  "a revocation check could not be performed for the certificate" for internal domain joined clients. Creating certificates for VCenter server also squawks about a broken chain.
  Maybe cert chain is still looking for the RootCA to be online?
  The AIA and CDP locations are http, and reachable from the client. If anyone can help, here is the output from the certutil -verify command from one of the many affected clients:
  C:\temp>certutil -f -urlfetch -verify temp2.cer
  Issuer:
      CN=VSHQECA-SUB-CA
      DC=contoso
      DC=net
  Subject:
      EMPTY (DNS Name=VSHQSPICE.contoso.net)
  Cert Serial Number: 2c000003c02851996be18a72270002000003c0
  dwFlags = CA_VERIFY_FLAGS_ALLOW_UNTRUSTED_ROOT (0x1)
  dwFlags = CA_VERIFY_FLAGS_IGNORE_OFFLINE (0x2)
  dwFlags = CA_VERIFY_FLAGS_FULL_CHAIN_REVOCATION (0x8)
  dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000)
  dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000)
  ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN (0x20000000)
  HCCE_LOCAL_MACHINE
  CERT_CHAIN_POLICY_BASE
  -------- CERT_CHAIN_CONTEXT --------
  ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
  ChainContext.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
  ChainContext.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
  SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
  SimpleChain.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
  SimpleChain.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
  CertContext[0][0]: dwInfoStatus=102 dwErrorStatus=1000040
    Issuer: CN=VSHQECA-SUB-CA, DC=contoso, DC=net
    NotBefore: 05/22/2014 11:26 PM
    NotAfter: 05/22/2015 11:26 PM
    Subject:
    Serial: 2c000003c02851996be18a72270002000003c0
    SubjectAltName: DNS Name=VSHQSPICE.contoso.net
    Template: contosordpCertificate
    bc 41 e9 95 b9 df fe f2 46 87 55 ec 94 84 ff d1 3f b3 00 6d
    Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
    Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
    Element.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
    Element.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
    ----------------  Certificate AIA  ----------------
    No CRL "Certificate (0)" Time: 4
      [0.0] http://vshqeca-sub.contoso.net/CertEnroll/VSHQECA-SUB.contoso.net_VS
  HQECA-SUB-CA(2).crt
    ----------------  Certificate CDP  ----------------
    Expected Base CRL "Delta CRL (43)" Time: 4
      [0.0] http://vshqeca-sub.contoso.net/CertEnroll/VSHQECA-SUB-CA(2).crl
    ----------------  Certificate OCSP  ----------------
    No URLs "None" Time: 0
    Application[0] = 1.3.6.1.4.1.311.54.1.2 Remote Desktop Authentication
  CertContext[0][1]: dwInfoStatus=102 dwErrorStatus=40
    Issuer: CN=VSRMSRootCA
    NotBefore: 03/26/2014 2:27 PM
    NotAfter: 03/23/2024 1:02 PM
    Subject: CN=VSHQECA-SUB-CA, DC=contoso, DC=net
    Serial: 5200000005b0d119bfff437395000000000005
    Template: SubCA
    08 8b cf eb c2 21 5f 4a 75 63 87 34 4b c0 29 bf 14 2b c9 fa
    Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
    Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
    Element.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
    ----------------  Certificate AIA  ----------------
    No URLs "None" Time: 0
    ----------------  Certificate CDP  ----------------
    No URLs "None" Time: 0
    ----------------  Certificate OCSP  ----------------
    No URLs "None" Time: 0
    Issuance[0] = 1.2.3.4.1455.67.89.5
  CertContext[0][2]: dwInfoStatus=10c dwErrorStatus=0
    Issuer: CN=VSRMSRootCA
    NotBefore: 03/23/2014 12:52 PM
    NotAfter: 03/23/2024 1:02 PM
    Subject: CN=VSRMSRootCA
    Serial: 15630f00af95e2a74e493d40cfa5bb62
    15 b9 31 47 68 66 ed 51 a3 ae db 78 14 41 e4 47 c3 fe 67 33
    Element.dwInfoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER (0x4)
    Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8)
    Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
    ----------------  Certificate AIA  ----------------
    No URLs "None" Time: 0
    ----------------  Certificate CDP  ----------------
    No URLs "None" Time: 0
    ----------------  Certificate OCSP  ----------------
    No URLs "None" Time: 0
    Issuance[0] = 1.2.3.4.1455.67.89.5
  Exclude leaf cert:
    46 d2 e8 24 8f d5 4e 9b 8b d5 d5 9a 4b 1f 2d 62 1c 00 69 e7
  Full chain:
    65 ce 56 db 3c 65 6f f5 a7 6a 39 23 03 bb ee fd 9f 15 c5 00
  Verified Issuance Policies: None
  Verified Application Policies:
      1.3.6.1.4.1.311.54.1.2 Remote Desktop Authentication
  ERROR: Verifying leaf certificate revocation status returned The revocation function was unable to check revocation because the revocation server was offline. 0
  x80092013 (-2146885613)
  CertUtil: The revocation function was unable to check revocation because the revocation server was offline.
  CertUtil: -verify command completed successfully.
  Many thanks in advance...
  B
  B

  Here's the output of the getreg ca command. I didn't know about that one...
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\VSHQE
  CA-SUB-CA:
  Keys:
    CSP
    EncryptionCSP
    ExitModules
    PolicyModules
  Values:
    DSConfigDN               REG_SZ = CN=Configuration,DC=contoso,DC=net
    DSDomainDN               REG_SZ = DC=contoso,DC=net
    ViewAgeMinutes           REG_DWORD = 10 (16)
    ViewIdleMinutes          REG_DWORD = 8
    CAType                   REG_DWORD = 1
      ENUM_ENTERPRISE_SUBCA -- 1
    UseDS                    REG_DWORD = 1
    ForceTeletex             REG_DWORD = 12 (18)
      ENUM_TELETEX_AUTO -- 2
      ENUM_TELETEX_UTF8 -- 10 (16)
    SignedAttributes         REG_MULTI_SZ =
      0: RequesterName
    EKUOIDsForPublishExpiredCertInCRL REG_MULTI_SZ =
      0: 1.3.6.1.5.5.7.3.3 Code Signing
      1: 1.3.6.1.4.1.311.61.1.1 Kernel Mode Code Signing
    CommonName               REG_SZ = VSHQECA-SUB-CA
    Enabled                  REG_DWORD = 1
    PolicyFlags              REG_DWORD = 0
    CertEnrollCompatible     REG_DWORD = 0
    CRLEditFlags             REG_DWORD = 100 (256)
      EDITF_ENABLEAKIKEYID -- 100 (256)
    CRLFlags                 REG_DWORD = 2
      CRLF_DELETE_EXPIRED_CRLS -- 2
    InterfaceFlags           REG_DWORD = 641 (1601)
      IF_LOCKICERTREQUEST -- 1
      IF_NOREMOTEICERTADMINBACKUP -- 40 (64)
      IF_ENFORCEENCRYPTICERTREQUEST -- 200 (512)
      IF_ENFORCEENCRYPTICERTADMIN -- 400 (1024)
    EnforceX500NameLengths   REG_DWORD = 1
    SubjectTemplate          REG_MULTI_SZ =
      0: EMail
      1: CommonName
      2: OrganizationalUnit
      3: Organization
      4: Locality
      5: State
      6: DomainComponent
      7: Country
      8: UnstructuredName
      9: UnstructuredAddress
      10: DeviceSerialNumber
    ClockSkewMinutes         REG_DWORD = a (10)
    LogLevel                 REG_DWORD = 3
    HighSerial               REG_DWORD = 2c (44)
    CAServerName             REG_SZ = VSHQECA-SUB.contoso.net
    ValidityPeriod           REG_SZ = Years
    ValidityPeriodUnits      REG_DWORD = 5
    KRACertHash              REG_MULTI_SZ =
    KRACertCount             REG_DWORD = 0
    KRAFlags                 REG_DWORD = 0
    CRLPublicationURLs       REG_MULTI_SZ =
      0: 65:C:\Windows\system32\CertSrv\CertEnroll\%3%8.crl
      CSURL_SERVERPUBLISH -- 1
      CSURL_SERVERPUBLISHDELTA -- 40 (64)
      1: 6:http://vshqeca-sub.contoso.net/CertEnroll/%3%8%9.crl
      CSURL_ADDTOCERTCDP -- 2
      CSURL_ADDTOFRESHESTCRL -- 4
      2: 10:ldap:///CN=%7%8,CN=%2,CN=CDP,CN=Public Key Services,CN=Services,%6%10
      CSURL_ADDTOCERTCDP -- 2
      CSURL_ADDTOCRLCDP -- 8
    CRLPeriod                REG_SZ = Weeks
    CRLPeriodUnits           REG_DWORD = 2
    CRLOverlapPeriod         REG_SZ = Hours
    CRLOverlapUnits          REG_DWORD = 0
    CRLDeltaPeriod           REG_SZ = Days
    CRLDeltaPeriodUnits      REG_DWORD = 1
    CRLDeltaOverlapPeriod    REG_SZ = Minutes
    CRLDeltaOverlapUnits     REG_DWORD = 0
    CAXchgValidityPeriod     REG_SZ = Weeks
    CAXchgValidityPeriodUnits REG_DWORD = 1
    CAXchgOverlapPeriod      REG_SZ = Days
    CAXchgOverlapPeriodUnits REG_DWORD = 1
    MaxIncomingMessageSize   REG_DWORD = 10000 (65536)
    MaxIncomingAllocSize     REG_DWORD = 10000 (65536)
    CACertPublicationURLs    REG_MULTI_SZ =
      0: 2:http://vshqeca-sub.contoso.net/CertEnroll/%1_%3%4.crt
      CSURL_ADDTOCERTCDP -- 2
      1: 0:C:\Windows\system32\CertSrv\CertEnroll\%1_%3%4.crt
      2: 2:ldap:///CN=%7,CN=AIA,CN=Public Key Services,CN=Services,%6%11
      CSURL_ADDTOCERTCDP -- 2
    RequestFileName          REG_SZ = C:\VSHQECA-SUB.contoso.net_contoso-VSHQECA
  -SUB-CA%4.req
    SetupStatus              REG_DWORD = 1
      SETUP_SERVER_FLAG -- 1
    Security                 REG_BINARY =
      Allow CA Administrator      BUILTIN\Administrators
      Allow Certificate Manager   BUILTIN\Administrators
      Allow CA Administrator      contoso\Domain Admins
      Allow Certificate Manager   contoso\Domain Admins
      Allow CA Administrator      contoso\Enterprise Admins
      Allow Certificate Manager   contoso\Enterprise Admins
      Allow Enroll        NT AUTHORITY\Authenticated Users
    CACertHash               REG_MULTI_SZ =
      0: 1e 0a 6c ad 0f 76 07 df 06 93 fc 06 8b cc 08 4e 19 1b 71 0f
      1: 28 22 a0 83 65 b4 28 cf d1 fc 80 ab 1d 47 51 67 60 30 f4 ff
      2: 08 8b cf eb c2 21 5f 4a 75 63 87 34 4b c0 29 bf 14 2b c9 fa
      3: 82 2b 18 53 70 52 57 8b 5c a4 01 a2 07 be 35 7a ba 4e 34 b1
    CRLDeltaNextPublish      REG_BINARY = 05/24/2014 6:59 PM
    CRLOverlapPeriodUnits    REG_DWORD = c (12)
    RequestKeyIndex          REG_DWORD = 2
    RequestKeyContainer      REG_SZ = VSHQECA-SUB-CA(2)
    CRLNextPublish           REG_BINARY = 06/06/2014 6:59 PM
    CAXchgCertHash           REG_MULTI_SZ =
      0: ef 91 d7 19 22 95 69 6f 79 e2 8d ad 80 55 b4 6c 78 ca fa 73
      1: ba 37 08 cd fc cc b9 b6 c9 08 dc 55 e5 fb 0e 3e c4 bc 60 57
      2: fd 9b 26 91 d3 5a 9f c0 f5 26 47 74 2f 7e 85 28 78 6f 1c 4c
      3: da de 90 50 73 51 ee d9 10 3b e4 94 6a a3 5f 9c 71 81 9b 1c
      4: 52 19 e2 b5 ab 73 1c 75 86 7f 1d ad ec c7 38 ff c8 81 2d f4
  CertUtil: -getreg command completed successfully.
  New screengrab of pkiview coming right up...
  B

• Lan and Wan port on Airport express

  Hi guys I am wondering if you could help me out with my airport express.
  I recently bought an airport express and have it set up as the following:
  Router--->ethernet cable in to the Wan of Airport express--->ethernet from Airport Express Lan to computer
  This is so that I have hardwired internet to my gaming computer and wifi in my room for all my devices. The problem is, however, next year I will not be in a situation that allows me the same setup. I will be too far away to run an ethernet cable from the router to the airport express. So I have decided I shall use it to join the network wirelessly and relay internet through both the Wan and Lan port (think this is called bridge mode?). I was also intending on connecting an ethernet hub to one of the ports so that I can connect multiple devices, smart tv, macbook, ps3 etc. But having one of the ports exclusively to my gaming pc.
  My question is, with both Lan and Wan ports relaying internet to multiple devices, would I see a drop in performance, in particular in regard to my compter? Or is the airport express able to join both the 2.4GHz or 5GHz and relay each connection to a specific lan port?
  Unfortunately I am not in a position to test this yet, lacking a 5GHz connection in my halls, so I would appreciate if anyone could help shed some light.
  Thank you

  is the main router also an apple product? if so, then yes you can extend wirelessly, but if the main router is an apple product, why are you bothering to extend wirelessly at all when the main router's signals should be strong enough?
  if the main router is NOT an apple router, then you wil NOT be able to extend it wirelessly period.
  in my experience, there are very FEW places you NEED to extend a network wirelessly, and i always recommend against it since there is a big performance decrease.
  In the case of a wirelessly extended network, throughput may be reduced to less than 60 percent of that of a single device.
  http://support.apple.com/kb/HT4145

• WCCP and WAN optimisation via Layer 3 connection

  Hi There,
  I need some help with WCCP, however with Riverbeds instead of WAAS.
  The topology of the set up is as follows:
  WAN - R1 - LAN - L3 Switch - Riverbed
  The clients reside on the WAN side and the servers reside on the LAN side.
  My business wishes to enable WCCP on two separate WAN routers to the single Riverbed. One router is fuly managed service, and the other rout the is managed by the business IT team.
  All the articles that I have come across talk about enabling WCCP on the router whereby the WAN optimisation appliance is directly connected to a interface router. I need to configure WCCP to a Riverbed that is connected to a subnet that is a single hop away via a Layer 3 switch.
  My plan is to enable WCCP in the inbound directions on both the LAN and WAN interfaces, however my concern is that this design will mean the traffic passing through the LAN side interface will be optimised twice.
  Can any one confirm if this would happen? If it could happen can it potentially be stopped by placing a "ip wccp redirect exclude out" command on the LAN interface.
  Thanks is advance for your help.

  Hi Andreas,
  "ip wccp redirect exclude out" only makes sense if you have a "ip wccp redirect out"
  on a L3 interface on the router.
  It's purpose is to avoid redirecting an already optimised packet, comming from a L3-interface where the WAAS/Riverbed device is connected, once more.
  A double redirect will, in a WAAS setup, cause the WAAS device to drop the packet, because
  it suspects a routing loop... don't know what Riverbed does.
  Running only with "ip wccp redirect in" on both the WAN and LAN interface will cause :
  1) a packet comming in from the LAN, is supposed to be unoptimised, and will be redirected
  2) a packet comming in from the WAN, is supposed to be optimised, and will also redirected
  3) an IP-interface with only the WAAS/Riverbed connected should NEVER be redirected !
  If you cannot isolate your WAAr/Riverbed in it's own L3 subnet (subinterface/VLAN),
  and therefore have to place it in the "ordinary" LAN subnet, packets from the WAAS/Riverbed will becomes candidates for redirection (even with "ip wccp redirect in"), you'll need to use "WCCP negotiated Return", but don't know whether Riverbed supports this,
  Riverbed normally uses "tunnels" on the WAN side, and this makes the WCCP setup somewhat different.
  You should really consult the Riverbed documentation or their support
  ... or migrate to Cisco WAAS ;-)
  Best regards
  Finn Poulsen

• Which Monitoring Tool is best to monitor LAN and WAN

  Hi,
  CAN ANYONE TELL ME Which Monitoring Tool is best to monitor LAN and WAN.
  Waiting for immediate response.
  Thanks
  Irshad

  To start with HP open, this is SNMP-based as well. As it is around for quite a while and delivers support for many vendors, it has become sort of an industry standard. Many other vendors deliver add-ons (even CiscoWorks) to support their products via HP open. That functionality however comes with a price. If you have plenty of money an a large network to manage, HP open might be your best choice.
  Cisco Works and other -start-with-C- products are typically used to manage Cisco devices. If you have a fair share of non-cisco boxes around you will find that you cannot see or do everything with them that you might want.
  One special thing about CiscoWorks is that it lacks a grapical real-time overview of the network. In my opinion this is a weakness in the product. On the other hand, it has many nice features to manage all kinds of Cisco devices.
  My ideal solution is to use both a generic SNMP manager, SNMPc in my case, and CiscoWorks 2000. With SNMPc I can quickly see network node status and do some bandwidth management (baselining). CW2k serves mainly to execute changes (NetConfig) and as a syslogger. It is also used to perform IOS upgrades and to store config files.
  I guess this could be done with HP open as well, but our money does not reach far enough to pay for both. SNMPc costs a lot less, both in purchase and in maintenance.
  Hope this clarifies things a bit.
  Regards,
  Leo

• Public LAN and WAN Addresses

  Hi Guys
  I am slightly confused about public lan and wan ips. We have a circuit that was installed a few months ago as a backup failover but we now want to start using it so I phoned my ISP for the public range for that circuit.
  Now our internal IP subnet is a 192.168.150.xx 
  I was expecting the ISP to provide me with one public range maybe a /30 so I can assign an public ip to my routers external interface and PAT to that address.
  The ISP instead gave me a public LAN and WAN address range both of which are public IPs. Can anyone explain what these are where in my type of network will they fit it
  Thanks

  As Peter says it is worth talking to your ISP but LAN addresses are usually simply another public IP block you are free to use however you want.
  You don't have to use them and you certainly don't need to allocate them to physical devices on your LAN. The ISP doesn't really care how you use them either, they will simpy route traffic to those address to your edge device (see below for more details).
  They can be useful if you host a lot of servers/applications accessible from the internet for example.
  It does depend on the devices you have ie.
  LAN -> firewall -> ISP router
  in the above you use the WAN addressing for the link between the firewall and the ISP router and then you can just use the LAN address range for NAT on your firewall. Non of the LAN IPs need to be actually assigned to any interface
  LAN -> firewall -> router -> ISP router
  here you have your own router on the outside of the firewall. The WAN addressing would be used between your router and the ISP router. The LAN addressing would be used for the firewall to your router connection and any spare IPs can be used for NAT (usually done on the firewall).
  Note that usually the LAN addressing is a larger subnet than the WAN addressing and as you say the WAN addressing is usually a /30.  So the ISP uses one of the IPs from the WAN range and you use the other.
  If you have been allocated LAN addresses then the ISP will route traffic to these addresses to the WAN IP you have used so make sure you use the WAN IP on either -
  a) in the first example above the outside interface of your firewall
  or
  b) in the second example above the outside interface of your router, the one connecting to the ISP router.
  Hope that makes sense.
  Jon

• _WAN Optimisation and WAN Accelarators

  WAN Optimisation and WAN Accelarators
  I would be interested on your thoughts and experiences of using a
  Distributed SCCM infrastructure that involves remote DP's at branch sites that
  have WAN optimisation appliances such as RiverBed and more importantly Cisco
  WAAS and the recommended approach around these. I have read briefly around
  Cisco WAAS having to exclude CIFS traffic. Please advise as I have a client who who has these appliances and my intial thoughts were for traffic to be bypassed if at all possible?

  I have encountered RiverBed but not Cisco WAAS. In my experience RiverBed WAN accelerators and ConfigMgr do NOT place nice together. Anomalies are introduced to the environment which are not obvious in log files and can be impossible to solve.
  I agree. The ConfigMgr traffic should by-pass the appliances (and I've had to do this).
  Gerry Hampson | Blog:
  www.gerryhampsoncm.blogspot.ie | LinkedIn:
  Gerry Hampson | Twitter:
  @gerryhampson

• Data package size-LAN and WAN

  HI Experts,
  Could anybody give explanation/Document for the  below query?
  When transfering R/3 to BW.How the data pacakage size is determined.?Would the size of data packets be different over LAN and WAN? Why?
  Thanks
  Pradeep

  In transaction SBIW -> General Settings -> Maintain Control Parameters for Data Transfer (in the OLTP System), you can see and edit the default values for the source system.
  If you display the infopackage in the BW system and click on the menu option Scheduler -> DataS. Default Data Transfer, you will be able to edit the settings for the infopackage and also see what's the default configuration for the source system.
  You may also consult the following SAP Notes for more information (including exceptions):
  [417307 - Extractor package size: Collective note for applications.|https://websmp107.sap-ag.de/sap/support/notes/417307]
  [409641 - Examples of packet size dependency on ROIDOCPRMS.|https://websmp107.sap-ag.de/sap/support/notes/409641]
  I don't see what difference it could have over LAN or WAN, though...

• Load balance on routers LAN and WAN

  Hi ;
  I have a setup where i need to implement load balance on 2 routers in both sides ,LAN and WAN , and there is ASA in the LAN side , my question is that when do load blance in LAN side using GLBP how the 2 ASA's will act on this because they will have only 1 default gateway IP address .
  Thanks

  Not Harbi
  Not entirely sure i understand the question but i'll try to answer based on a few assumptions.
  It sounds like you have a pair of ASA devices on the LAN side. Assuming they are in active / failover then they will appear as one IP address to the routers - a VRRP address. When the ASA arps out for the default gateway address they will get one of the virtual mac addresses back from the AVG.
  They will send traffic to that mac address ie. they won't load balance.
  The load balancing aspect comes in when another host on the LAN then arps out for the default gateway and the AVG assigns it a different virtual mac address tied to a different router. But as the ASA pair always appear as one host entity they will always be tied to one of the routers at any one time.
  Hope this covers what you were asking
  Jon

• Why would i connect a external hardrive to the airport extreme and what is the difference between LAN and WAN gigabit ethernet?

  Hey just wanted to know what is the reason i would connect my external hardrive to the extreme and what is the difference between LAN and WAN ehternet. I know one is local and other is wide but can someone explain in simpler terms.

  Connecting a hard drive to the Airport Extreme makes it available to be shared across all the computers on your network.
  WAN (Wide Area Network) is your connection to the internet
  LAN (Local Area Network) is your internal (or local) ethernet connections (computers, printers, etc...)
  AirPort Base Station: About the WAN and LAN Ports

• Strange problem with RDP and mouse, only solved after minimize/maximize

  Good day,
  We have this very annoying problem with a RDP Terminal Server. It is Windows Server 2008 R2 SP1.
  This server has the Session Host role installed, with local RDP user licenses.
  We only have this issue when running a certain application.
  This application is called Rockwell FactoryTalk View and this in an application to display industrial processes.
  It will take the Full Screen in a fixed resolution and will display buttons, objects, values... The application also uses Internet Explorer cache so I think it uses ActiveX, Flash or Java, I don't know.
  What sometimes happens is this:
  - The mouse point is able to move in the entire screen (good)
  - The mouse button will only work in 1 certain area of the screen (which is a small rectangle)
  - The mouse "hovering" above objects will also only highlight items that are in this rectangle
  - The keyboard remains functional and with alt-tab other objects or other applications can get focus, but still no mouse clicking
  The problem can be solved by:
  - Minimizing the RDP window and maximizing it again
  - Or: Sending a message to the session using task manager, after clicking "OK" on that message the problem is gone
  Normally, about 5 users will have this application opened in their session, the "crash" is only effecting 1 session.
  The problem seems to happen randomly and we don't know if we should point to the FactoryTalk application, or to Terminal Services/RDP. The end users have no rights to minimize/maximize, this is not the solution. 
  Is it possible to have any input on this please?
  Thank you.

  Hi,
  Thank you for posting in Windows Server Forum.
  Firstly please check with the application support team whether the application is fully supported by Windows Server 2008 R2 in remote session. In addition, suggest you to update the client RDP version to RDP 8.1 and check the result for better feature and functionality. 
  Apart from this, there is Hotfix for the issue. Please download, install and check the result.
  Cause:
  The issue occurs because the remote desktop ActiveX object does not deactivate the focus of the remote desktop session when the focus is lost. Because the focus is still activated, the remote desktop ActiveX object cannot set the focus of the remote desktop
  session again when you change the focus back to the session.
  A remote desktop session does not respond to keyboard input or mouse input after it loses the focus in Windows 7 or in Windows Server 2008 R2
  http://support.microsoft.com/kb/2579381
  Hope it helps!
  Thanks.
  Dharmesh Solanki

• RDP and Java not playing well together

  I have a Windows 8.1 Pro machine set up for RDP that connects to a field device network. The field network is not accessible from the Internet, so the only method I have to connect to the field devices is RDP through the machine. The devices use
  Java for their GUI. When I log onto one of the devices in the field via RDP, the amount of memory Java uses goes up and stays up. Every time I log onto a field device, the memory usage goes up and stays up to the point if I hit 25 or so field devices, I get
  an Out of Memory error and Java shuts down the main application running on the machine. However, if I log onto the devices directly from the machine, not using RDP, the amount of memory Java uses doesn't go up. The machine has 6Gb of RAM, rebooting it is the
  only way to clear out the memory, which gets it back down to a more normal 14%. 
  Any ideas? 

  Hi,
  What is the result if we connect to a normal Windows system via RDP? We should first find out whether this is a RDP side issue or a JAVA issue.
  And for high memory issue, we have a tool named RAMMap to view the detailed memory usage
  RAMMap
  http://technet.microsoft.com/en-us/sysinternals/ff700229.aspx
  Introduction to the new Sysinternals tool: RAMMap
  http://blogs.technet.com/b/askperf/archive/2010/08/13/introduction-to-the-new-sysinternals-tool-rammap.aspx
  Regards
  Yolanda Zhu
  TechNet Community Support

• RV320 DHCP and WAN questions

  Hello all,
  So far I love the RV320 its super fast and works really good (with 2 WAN connections).          
  I though have a few questions hoping someone could tell me:
  1) Under DHCP Server it gives the option of to use DNS from ISP or DNS Proxy, what is the main difference between those two options?
  Right now I have this set to DNS from ISP.
  2) What are the pros and cons of enabling IPV6 DHCP and what is the best setting for that (Yes both ISPs I have suppor IPV6)?
  3) What is the best option to set as client lease time for DHCP? (its set to 1440 default).
  4) On the System Summary page I see both WAN1 and WAN2 connected (i set it to
  Load Balance (Auto Mode) but for WAN2 i always see: Connected (Inactive)
  Why does it say inactive?
  Thank you!

  Found answers to most things now except for:
  4) On the System Summary page I see both WAN1 and WAN2 connected (i set it to
  Load Balance (Auto Mode) but for WAN2 i always see: Connected (Inactive)
  Why does it say inactive?

• Can't recognize airport via lan and wan cables??

  Trying to add airport extreme to present set up of G4 desktop that presently is hooked up to an external high speed modem.
  Want to hard wire to desktop and use airport extreme for laptop. I'm not simple but do not know much about setting up wireless.
  Here is my presnet set up.
  High speed modem to airport extreme via wan cable.
  Airpirt extreme to g4 mac via lan cable.
  Computer won't recognize airport. can't use setup utility, can't get to internet.
  Trying to locate pppoe message and then mothing.
  Please...any suggestions for someone not very wireless savy
  power mac g4 dual 450   Mac OS X (10.4.1)  

  This has been very helpful.
  I used airport setup asst. for windows and now have configured a secure wireless connection for my dell (dude). I used PPPoe since my internet provider uses it. Can't wait until Feb when I will be getting my power book.
  But I have the problem that the G4 dual 450 desktop will not recognize the aebs when i have connected to it via the lan port. I want to be able to configure it this way so I don't have to put a card in it. Wired to desktop, wireless to laptop.
  Also, it looks like the desktop is only compatible with airport and not airport express. Not sure where could find a card.
  You have been very helpful through this so thank you very much.
  Do you have any last advice?
  Gord
  power mac g4 dual 450 Mac OS X (10.4.1)

• New ASA5512- 5515: content filter and WAN load balancing

  Hi,
  it's possible to make the content filter with the new models of asa?
  One of our customers would like to have content filter with the possibiliy to monitor the single client activity (log).
  It' s possible also make the load balancing between 2 WAN?
  Now in HQ they have 2 WAN with WAN backup (ASA5505) and VPN to another site.
  Thanks in advance,
  Paolo.

  I saw that you can add CX feature:
  CX - Context Aware Security Feature:
  Cisco  ASA CX Context-Aware Security is a modular security service that  extends the ASA platform with next-generation capabilities. It is  available with SSD purchase for model such as 5512-X, 5515-X, 5525-X,  55545-X and 5555-X.
  Application Visibility Control (AVC):
  This  is additional feature in CX. Activation of this feature require  seperate license. This is the feature that do deep packet inspection for  Application recognition. provide context-aware firewall security.
  Web Security Essentials (WSE):
  This  is additional feature in CX. Activation of this feature require  seperate license. It deliver features like "URL Filtering" and "Global  Threat Intelligence".
  Can somebody confirm that?
  Have somebody already used and configured this features?
  Thank you,
  Paolo.