SCEP Enrollment failure IOS CA Server

Hi
I am trying to enroll a non IOS SCEP client to a Cisco IOS CA Server. When I put a sniffer, it show me:
HTTP GET/flash/pkiclient.exe?operation=GETCACert&message=ca, but the next packet in the sniffer says HTTP/1.1 404 Not Found.
In the Router Flash there is no pkiclient.exe, so i dont understand from where the client should be get this .exe.
Thank in advance

Hi Marcin
Thanks for you reply.
Actually the non IOS Client (Huawei) is trying to enroll to the url http://ip.address:80 and also http://ip.address but his debug says "invalid url" in both cases. Do you know successful deployments between Cisco IOS CA Server and Non Cisco clients. It is possible to change the default url maybe htttp://ip.address:80/abc123/?
Thanks.

Similar Messages

OS X Server 3 - Profile manager - I can't enroll any iOS devices

OS X Server 3 - Profile manager - I can't enroll any iOS devices
I have OS X Server setup on a Mac Mini and an Airport Extreme.
Airport is 10.0.1.1 and server is 10.0.1.3.
Server is setup to use DNS itself by server.mydomain.com
Airport is setup to use the server as DNS and the server then routes DNS queries onward to the internet.
Essentially anyone on my internal network thinks server.mydomain.com is the server itself. This is what I want.
From the outside, anyone searching for server.mydomain.com get's some page on a free hosting site with "Server is not accessible from the internet"
I also use a self-signed certificate to secure communications. It's valid.
Now this configuration has worked for the past two years. Out of curiosity in Server 3.1.1 I decided to give Profile manager a shot. Set it up, no worries.
Installed the Trust Profile first and then the Enroll profile. Done.
I can enroll and wipe, lock any mac in my firm remotely. Everything works, except iOS devices.
Any iOS device I try it fails at "Installing profile", I tried friend's phones, my own iPad... every iPad in my firm. It fails consistently at the same step, with no error code what so ever.
Is there a checklist I need to go through? Do I need some kind of weird certificate setup?
PS. Is it a problem if my devices are enrolled as development devices, thei UUID is in Apple's device list for beta software and iOS development?

The Problem is your DNS is being pushed locally to the iOS Device from your Airport Extreme and the DNS on your Airport extreme is undoubtedly a public form of DNS that does not recognize your private server's ip address or HQDN, in Airport Utility point the DNS at your server and let your Server provide the public DNS mapping and allow your Router to provide your Server's DNS. This should resolve your issue and allow you to enroll your iOS Devices by logging into the Profile Manager Web Portal from the iOS Device.

PKI/DMVPN - Renaming an IOS CA Server

Hi,
Would anyone know what the impact might be on a DMVPN if I were to rename/recreate the internal IOS CA Server hostname and trustpoint?
I assume I would have to re-create the RSA certs and trustpoint from scratch. And then, I'd have to go to each of the routers (including spokes and headhends) and re-aquire the new root cert, then re-enroll for new router certs which seem like it will bring down the tunnels... and since the CA server is internal, once the tunnels are down, the spokes will not be able to renew unless I configure a temporary pre-shared key crypto tunnel.
Is there a better, simpler way?
If anyone's ever done this in a lab, I'd appreciate any comments...
Thanks

You will have to recreate the RSA certificates and trustpoints if you rename the IOS CA server. You can configure graceful rollover for certificates. Graceful rollover of certificates avoids sudden loss of services in which new connections use the new certificate; existing connections continue to use the old certificate until the connections are closed.

Logging of ios ca server events

Hi all,
Is there a clever way to log e.g. enrollment requests coming in on an IOS ca server?
What I'm trying to do is to get the embedded event manager to email a notification to the admin staff, when an enrollment request arrives at the ios ca server. Thing is, the event manager needs an event to act on...
Anyone out there with experience on this?
:O) Mikkel

That won't really help me. As stated, I need this to trigger the embedded event manager to send an e-mail on arrival of a renewal-request, and I don't relly want to leave my ca server running with any debugging enabled...

IOS8 OTA SCEP enrollment fails on second install

I have a profile and SCEP server that have been working fine for several years now. However on devices running IOS8 or higher the SCEP enrollment fails if it is done a second time (different certificate). The OTA Certificate enrollment process works on IOS7 devices as many times as needed.
relevant IOS7 log for a second certificate installation based on the same config/ca/signing cert etc.:
profiled[1397] <Notice>: (Note ) MC: Retrieving profile from OTA Profile service...
     profiled[1397] <Notice>: (Note ) MC: Received final profile: com.myConfig.profile
     profiled[1397] <Notice>: (Note ) MC: Beginning profile installation...
     <Notice>: (Note ) MC: Profile “com.myConfig.profile” is replacing an existing profile having the same identifier.
     securityd[1349] <Error>: SecDbItemInsertOrReplace INSERT failed: The operation couldn’t be completed. (com.apple.utilities.sqlite3 error 19 - reset: [19] columns ctyp, issr, slnr, agrp, sync are not unique sql: INSERT INTO cert(rowid,cdat,mdat,ctyp,cenc,labl,alis,subj,issr,slnr,skid,pkhh,data,agrp,pdm n,sync,tomb,sha1)VALUES(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?))
     securityd[1349] <Error>: securityd_xpc_dictionary_handler profiled[1397] add The operation couldn’t be completed. (OSStatus error -25299 - duplicate item O,cert,85233947,L,dku,apple,0,ctyp,cenc,labl,subj,issr,slnr,pkhh,v_Data,2015030 3054909.447036Z,CF75A17F)
     profiled[1397] <Error>: SecOSStatusWith error:[-25299] The operation couldn’t be completed. (OSStatus error -25299 - Remote error : The operation couldn‚Äôt be completed. (OSStatus error -25299 - duplicate item O,cert,85233947,L,dku,apple,0,ctyp,cenc,labl,subj,issr,slnr,pkhh,v_Data,2015030 3054909.447036Z,CF75A17F))
     profiled[1397] <Notice>: (Note ) MC: Attempting to retrieve issued certificate...
     securityd[1349] <Error>: CFPropertyListReadFromFile file file:///Users/Library/Developer/CoreSimulator/Devices/9B6A7852-9C11-4FCC-8327-E 1BD33EA7CF5/data/Library/Keychains/accountStatus.plist: The operation couldn’t be completed. (Cocoa error 260.)
     <Notice>: (Note ) MC: Issued certificate received.
     securityd[1349] <Error>: SecDbItemInsertOrReplace INSERT failed: The operation couldn’t be completed. (com.apple.utilities.sqlite3 error 19 - reset: [19] columns kcls, klbl, atag, crtr, type, bsiz, esiz, sdat, edat, agrp, sync are not unique sql: INSERT INTO keys(rowid,cdat,mdat,kcls,labl,alis,perm,priv,modi,klbl,atag,crtr,type,bsiz,esi z,sdat,edat,sens,asen,extr,next,encr,decr,drve,sign,vrfy,snrc,vyrc,wrap,unwp,dat a,agrp,pdmn,sync,tomb,sha1)VALUES(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?, ?,?,?,?,?,?,?,?,?,?,?,?,?))
     securityd[1349] <Error>: securityd_xpc_dictionary_handler profiled[1397] add The operation couldn’t be completed. (OSStatus error -25299 - duplicate item O,keys,0CC69ECD,L,dku,apple,0,kcls,labl,perm,priv,modi,klbl,atag,crtr,type,bsiz ,esiz,sdat,edat,sens,asen,extr,next,encr,decr,drve,sign,vrfy,snrc,vyrc,wrap,unwp ,v_Data,20150303054921.112843Z,344A0836)
     <Error>: SecOSStatusWith error:[-25299] The operation couldn’t be completed. (OSStatus error -25299 - Remote error : The operation couldn‚Äôt be completed. (OSStatus error -25299 - duplicate item O,keys,0CC69ECD,L,dku,apple,0,kcls,labl,perm,priv,modi,klbl,atag,crtr,type,bsiz ,esiz,sdat,edat,sens,asen,extr,next,encr,decr,drve,sign,vrfy,snrc,vyrc,wrap,unwp ,v_Data,20150303054921.112843Z,344A0836))
     profiled[1397] <Notice>: (Note ) MC: Profile “com.myConfig.profile” installed.
     profiled[1397] <Notice>: (Note ) MC: Removing certificate with persistent ID 636572740000000000000005
     securityd[1349] <Error>: CFPropertyListReadFromFile file file:///Users/Library/Developer/CoreSimulator/Devices/9B6A7852-9C11-4FCC-8327-E 1BD33EA7CF5/data/Library/Keychains/accountStatus.plist: The operation couldn’t be completed. (Cocoa error 260.)
     <Notice>: (Note ) MC: Removing certificate with persistent ID 69646e740000000000000006
     profiled[1397] <Notice>: (Note ) MC: Removing certificate with persistent ID 69646e740000000000000007
     profiled[1397] <Notice>: (Note ) MC: Removing certificate with persistent ID 69646e740000000000000001
     profiled[1397] <Notice>: (Note ) MC: Removing certificate with persistent ID 69646e740000000000000004
Under IOS8 the initial enrollment and profile installation works. However on any subsequent enrollments the following error is thrown:
profiled[2253]: (Note ) MC: Checking for MDM installation...
    profiled[2253]: (Note ) MC: ...finished checking for MDM installation.
    profiled[2253]: (Note ) MC: Enrolling in OTA Profile service...
    profiled[2253]: SecTrustEvaluate [leaf AnchorTrusted]
    securityd[1617]: securityd_xpc_dictionary_handler profiled[2253] add The operation couldn’t be completed. (OSStatus error -25299 - duplicate item O,cert,688B8CB6,L,dku,com.apple.certificates,0,ctyp,cenc,labl,subj,issr,slnr,pk hh,v_Data,20150303080953.465563Z,6CDCA2CB)
    profiled[2253]: SecOSStatusWith error:[-25299] The operation couldn’t be completed. (OSStatus error -25299 - Remote error : The operation couldn‚Äôt be completed. (OSStatus error -25299 - duplicate item O,cert,688B8CB6,L,dku,com.apple.certificates,0,ctyp,cenc,labl,subj,issr,slnr,pk hh,v_Data,20150303080953.465563Z,6CDCA2CB))
    profiled[2253]: SecTrustEvaluate [leaf AnchorTrusted]
    profiled[2253]: (Note ) MC: Attempting to retrieve issued certificate...
    profiled[2253]: SecTrustEvaluate [leaf AnchorTrusted ValidLeaf ValidRoot]
    profiled[2253]: (Note ) MC: Issued certificate received.
    securityd[1617]: securityd_xpc_dictionary_handler profiled[2253] add The operation couldn’t be completed. (OSStatus error -25299 - duplicate item O,cert,B7CCBFFA,L,dku,com.apple.identities,0,ctyp,cenc,labl,subj,issr,slnr,pkhh ,v_Data,20150303080954.973098Z,0A162218)
    profiled[2253]: SecOSStatusWith error:[-25299] The operation couldn’t be completed. (OSStatus error -25299 - Remote error : The operation couldn‚Äôt be completed. (OSStatus error -25299 - duplicate item O,cert,B7CCBFFA,L,dku,com.apple.identities,0,ctyp,cenc,labl,subj,issr,slnr,pkhh ,v_Data,20150303080954.973098Z,0A162218))
    profiled[2253]: *** Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: '*** setObjectForKey: key cannot be nil'
    *** First throw call stack:
    0   CoreFoundation                      0x00000001057cff35 __exceptionPreprocess + 165
    1   libobjc.A.dylib                     0x0000000107deebb7 objc_exception_throw + 45
    2   CoreFoundation                      0x00000001056d6998 -[__NSDictionaryM setObject:forKey:] + 968
    3   profiled                            0x0000000105222227 profiled + 209447
    4   profiled                            0x000000010522297a profiled + 211322
    5   libdispatch.dylib                   0x0000000108554af4 _dispatch_client_callout + 8
    6   libdispatch.dylib                   0x000000010853eabb _dispatch_barrier_sync_f_invoke + 76
    7   profiled                            0x00000001052228f7 profiled + 211191
    8   profiled                            0x00000001052360e0 profiled + 291040
    9   profiled                            0x0000000105236a4d profiled + 293453
    10 profiled                            0x000000010523c60b profiled + 316939
    11 profiled                            0x00000001051f29ef profiled + 14831
    12 libdispatch.dylib                   0x000000010853aaf6 _dispatch_call_block_and_release + 12
    13 libdispatch.dylib                   0x0000000108554af4 _dispatch_client_callout + 8
    14 libdispatch.dylib                   0x000000010853f8cf _dispatch_queue_drain + 733
    15 libdispatch.dylib                   0x000000010853f494 _dispatch_queue_invoke + 217
    16 libdispatch.dylib                   0x00000001085413fa _dispatch_root_queue_drain + 479
    17 libdispatch.dylib                   0x00000001085422c9 _dispatch_worker_thread3 + 98
    18 libsystem_pthread.dylib             0x00000001088d4637 _pthread_wqthread + 729
    19 libsystem_pthread.dylib             0x00000001088d240d start_wqthread + 13
The error occurs as the SCEP server sends the IOS8 device the response to GetCaCert which is a static ca cert that doesn't change. I also tried deleting the installed profile before installing again but this doesn't change the observed behavior. Only a reset will allow the profile installation to succeed.
Does anybody have any ideas?

Rebooting seemed to fix everything ;-)

Can I use DHCP snooping and IOS DHCP server on the same switch stack

Hello,
I am shortly going to be deploying a Cisco CallManager solution for a customer whose network comprises stacks of Catalyst 3850 switches.
There is no separate core/server farm switch so the CallManager servers, voice gateways and IP phones will all plug into the same stack and be in the same VLAN (not my choice!).
For security we want to enable DHCP snooping and were planning on using the IOS DHCP server on the Catalyst switch stack.
Will this work? - when I enable DHCP snooping in networks with separate access layer switches I set the uplinks to the core as trusted links.
I am not sure whether DHCP snooping will work in this case. Do I need to set the VLAN interface on the switch as trusted, is this even possible?
Unfortunately I do not have access to a layer 3 switch to test this at the moment.
Thanks

Nope. That's the issue.
They'll sync on a third device acting as a hotspot, but the device sending a signal is not "on" the network it creates so the airport is all by itself on that network. At least that is what it looks like to me. Anyone have another take on it? Seems pretty silly that an iPad can put out a wifi signal, an Airport Express can receive a wifi signal, and yet there is no simple way to get them to communicate under this particular condition.

Failure installing Sql Server 2012 x64

Hello,
I am trying to install Sql Server 2012 x64 with SP1, but I am running into the following error(s). It occurs almost immediately after I run "setup.exe":
<error>
TITLE: SQL Server Setup failure.
SQL Server Setup has encountered the following error:
There was a failure to initialize a setting from type Microsoft.SqlServer.Configuration.SetupExtension.InstallSharedDirSetting.
Error code 0x8564000E.
For help, click: http://go.microsoft.com/fwlink?LinkID=20476&ProdName=Microsoft%20SQL%20Server&EvtSrc=setup.rll&EvtID=50000&EvtType=0x9F9575BA%25400x38AD03A5
BUTTONS:
OK
</error>
Any ideas what else I can do to get past this?

Well... Don't know when I downloaded the original ISO image file. I re-downloaded, and now it extracted, and I ran it, which now I get the expected SQL Server Installation Center.

Is IOS FTP server rfc959 compliant?

I'm having some problems getting a Siemens application and a Cisco IOS FTP server communicating. I think it may be because neither has implemented RFC959 correctly. My question to you is about the Cisco IOS server.
I'm using the Cisco IOS server i.e.:
ftp-server enable
ftp-server topdir <whatever>
I notice that if I use the Microsoft DOS command line FTP client, and issue an 'ls' command to the Cisco IOS FTP server then, among other commands, the relevant FTP command sent by DOS is 'NLST'. According to RFC959 this should send a simple stream of filenames separated by CR/LF and no other information. However DOS displays the fully formatted results i.e. with attributes, dates, file size etc. This is more like what I'd expect from the 'LIST' FTP command.
So the question is, does the Cisco IOS FTP server comply with RFC959 NLST command? Or am I interpreting things wrong (I haven't done a full protocol analysis yet)?
IOS is (C1841-BROADBAND-M), Version 12.4(1a).

According to the following statements,a cisco IOS FTP server complies with RFC 959.
FTP
-ether2.ip.tcp.ftp
File Transfer Protocol Control Port; an FTP client initiates an FTP control connection by sending FTP commands from user port (U) to this port./RFC 959
The above statement is mentioned in the following URL:
http://www.cisco.com/en/US/products/sw/cscowork/ps2197/products_quick_reference_guide09186a00800f1ffc.html

FRM-92101: There was a failure in forms server during startup

Hi All,
I installed application server 10g R2 couple of days ago. I am facing FRM-92101: There was a failure in forms server during startup. This could happen due to invalid configuration. Please look into the web server log file for the details.
I am getting this message while calling report on a Form. I have created a button on my main form to call a report and when i press that button i get the above error.
Do i need to do any configuration of application server to call reports.
11/07/05 12:45:44 West Asia Standard Time]::Client Status [ConnId=0, PID=6696]
     >> ERROR: Abnormal termination, Error Code: C0000005 ACCESS_VIOLATION
======================= STACK DUMP =======================
Fault address: 6092983C 01:0005883C
Module: L:\oracle\ora10gAS\bin\oranls10.dll
System Information:
Operating System: Windows NT Version 5.0 Build 2195 Service Pack 4
Command line: frmweb server webfile=HTTP-0,0,0,frmtest,192.168.0.13
FORM/BLOCK/FIELD: MAIN_FORM:BLOCK2.ITEM6
Last Trigger: WHEN-BUTTON-PRESSED - (In Progress)
Last Builtin: RUN_REPORT_OBJECT - (In Progress)
Registers:
EAX:0012C048
EBX:00DA2078
ECX:00DACA08
EDX:00000000
ESI:0012C048
EDI:0000000E
CS:EIP:001B:6092983C
SS:ESP:0023:0012BFC8 EBP:0012BFCC
DS:0023 ES:0023 FS:0038 GS:0000
Flags:00210246
------------------- Call Stack Trace ---------------------
Frameptr RetAddr Param#1 Param#2 Param#3 Param#4 Function Name
0x0012bfcc 6648f0fa 0012c048 00000000 00daca08 00da280c _lxscop+4c
------------------- End of Stack Trace -------------------
above is the error dump
Any Idea?[

Could you post the block that does the run_report_object?
The server O/S is using what locale?
Also, try running the same report on the command line on the server using rwrun.

FRM-92101 there was a failure in form server during startup

we are using R12, All the instance started successfully, but when i get in to the form server in application side the error comes like FRM-92101 there was a failure in form server during startup. this could happen due to invalid configuration. please look into web server log for details ,
it comes for all the three instances in this particular server , so what is the problem , and where is the web log server present ,
please give solutions ,
Thanks
Edited by: user12235518 on Mar 3, 2012 11:54 PM

12/03/06 05:24:57.339 formsweb: Forms session <3> aborted: runtime process failed during startup with errors /R12/d01/oracle/R12I/apps/tech_st/10.1.2/bin/frmweb: error
while loading shared libraries: libXm.so.2: cannot open shared object file: No such file or directory
12/03/06 05:24:57.339 formsweb: Forms session <3> exception stack trace:
oracle.forms.engine.RunformException: Forms session <3> failed during startup: no response from runtime process
at oracle.forms.servlet.RunformProcess.connect(Unknown Source)
at oracle.forms.servlet.RunformProcess.dataToRunform(Unknown Source)
at oracle.forms.servlet.RunformSession.dataToRunform(Unknown Source)
at oracle.forms.servlet.ListenerServlet.doPost(Unknown Source)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:763)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:713)
at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:370)
at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:871)
at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:453)
This error s coming for both new instance and cloned instance
Edited by: user12235518 on Mar 6, 2012 4:17 AM

ERROR while enrolling the iOS developer program

Hello there,
I've been trying all day long to enroll the iOS developer program, but I keep getting the same error over and over again.
I've double-checked my details multiple times, I've confirmed my email and everything they request, my Apple ID is also confirmed and active.
Here's what happens:
1) I get to step #3 of the enrollment process ("Review and Submit"). See screenshot:
2) When I click on the CONTINUE button, I *always* get the following error:
In short: I cannot get past from step #3 ("Review and Submit") into step #4 ("Agree to License"). I always get prompted the same error no matter what. I've been trying all day long.
Any ideas?
Thank you very much in advance!

Thanks for reply.
I re-downloaded and its working now.
thanks alot
parry

N WIKI: 'A failure on the server has appeared when reading the settings'

Hallo,
I get the following notice of failure after opening Server WIKI: 'A failure on the server has appeared when reading the settings'. I've no idea WHY, WHAT, HOW, and WHERE - is there somebody who can help me? Anything else is working.
Regards Jergan

What OS are you running? Is it 10.5 as noted in your profile? Also, is it the Server version?
If so, try these forums: Mac OS X v10.5 Leopard, Mac OS X Server v10.5

Trying to enroll as iOS developer.It shows my name incorrectly.

Hi.
Trying to enroll as iOS developer. It shows my name as "Testowski Testator", but it should be "Karol Depka Pradzinski" as in Apple ID.
Even when I change it in Apple ID profile, the change does not propagate to what Developer enrollment displays.
In one place, only one part of the name got propagated.
Tried looking for other ways to change it, but no luck.
Also changed back and forth to force it. No luck.
Any hints appreciated!

Thanks. But apparently it is connected to Apple ID even before enrolling, because the web page says:
Enter your contact information.
Legal Name
To edit your name, visit My Apple ID.
Name:
Testowski Testator

Apple just denied my enrollment for ios developer program.

Apple just denied my enrollment for ios developer program. Apple denied my application because they could not verify my identity but still went ahead with charging my card. Apple did not even explain why they could not verify my identity so i could fix it

Is the credit card in your name?

Serving static AAAA records with IOS' DNS server

Hi guys,
Has anyone managed to get IOS to serve statically defined AAAA records? I do this just fine with A records as such :
On the router :
ip dns server
ip host ns.example.com 1.1.1.1
ip host somehost.example.com 1.1.1.2
ip dns primary example.org soa ns.example.org [email protected] 21600 900 7776000 86400
From the Linux box :
unixhost$ dig @1.1.1.1 somehost.example.com
; <<>> DiG 9.8.1-P1 <<>> @1.1.1.1 somehost.example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32168
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;somehost.example.com.        IN    A
;; ANSWER SECTION:
somehost.example.com.    10    IN    A   1.1.1.2
;; Query time: 1 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Wed Aug 15 00:42:11 2012
;; MSG SIZE rcvd: 50
Interestingly whenever I add a static ipv6 entry, I get the SOA as an answer instead of the actual AAAA record. But from the router itself, it can use the statically defined hosts just fine.
On the router :
ipv6 host somehost.example.com 2001:1:1:1::2
From the Linux box :
unixhost$ dig -t AAAA @1.1.1.1 somehost.example.com
; <<>> DiG 9.8.1-P1 <<>> -t AAAA @1.1.1.1 somehost.example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53347
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;somehost.example.com.        IN    AAAA
;; AUTHORITY SECTION:
somehost.example.com.        86400    IN    SOA ns.example.com. [email protected]. 3553994542 21600 900 7776000 86400
;; Query time: 1 msec
;; SERVER: 192.168.200.252#53(192.168.200.252)
;; WHEN: Wed Aug 15 00:42:22 2012
;; MSG SIZE rcvd: 108
But from the router, it works just fine :
router#ping ipv6 somehost.example.com
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:1:1:1::2, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/1/4 ms
I'm running 15.2(2)T1.
Thanks,
Eric Lauriault

Hello Everyone,
in case someone runs into this thread: In our case it turned out that the problem was related to the DNS Server service. Regardless of the above configuration settings on the NIC and in the registry, the DNS server will always register in DNS using
all of its IPs that the service is listening on. To change this behaviour you can tell the DNS service to only register individual IPS in the registry:
HKLM\SYSTEM\CurrentControlSet\Services\DNS\Parameters
      Add a Reg_Multi_SZ called "PublishAddresses" and specify the list of IPs
In our case we added just one of the three configured IPs and from then on the server only registered this address and not the other ones.
Regards
HarryNew

SCEP Enrollment failure IOS CA Server

Similar Messages

Maybe you are looking for