Server 2012 Built-In IPSec VPN & RAS & HyperV-Switch & Netgear Pro Safe Router, Tunnel Ok, but no Traffic

Similar Messages

• Server 2012 R2 RRAS NAT VPN connectivity issues

  Hello all,
  I'm having trouble making IKEv2 connections to my VPN server from the Internet after changing my home lab network infrastructure to use Server 2012 R2 RRAS NAT routing. Despite all of the appearances of a proper configuration, it appears that NAT-T is not
  working properly.
  Let me preface my questions/issues with some critical infrastructure disclosures/explanations to help troubleshoot this issue:
  1. This is a home lab environment with no impact to corporate production systems in any way. All information garnered from help in this session is understood to be as-is.
  2. The entire environment is on Server 2012 R2 Hyper-V. I’ve configured trunking on all of the layer 2 (Cisco Catalyst switch) etherchannels, and I’ve configured trunking on the Hyper-V vSwitches. I have no issue with internal routing or NAT or with attaching
  to VPN from an internal VLAN, which indicates that routing (Layer 3) is not at issue here since everything goes where it should.
  3. The NAT server and the VPN server are two separate Windows Server 2012 R2 Std. Hyper-V VMs. The NAT server has 1 NAT uplink to/from my ISP and 5 router interfaces (NICs with no gateways specified). I have a static IP, so it’s not an IP changing anywhere.
  I have all of the port forwarding on the public NAT interface configured properly. Email, web, and application access work fine from out-to-in. The VPN server has 2 NICs: one on a VPN VLAN and the other on an internal VLAN.
  4. I ran Netmon from my corporate office and saw that IKEv2 traffic to my host over UDP 500 was successful (I got a response back), but the connection to UDP 4500 was attempted 3 times and then fails. Since UDP 4500 is the NAT-T port, I’m thinking this is
  where the fault is occurring. I also ran Netmon from the NAT router itself and found that traffic was flowing from the Internet to the VPN server up the stack to Layer 3.
  5. As a test, I turned off Windows firewall on both the VPN server and the NAT server. This made no difference, so firewall is not at play here.
  6. My certificates are configured properly with my external VPN address and appropriate SANs pointing to the public IP address. These same certificates worked without issue prior to the migration to Server 2012 R2 RRAS as my NAT router.
  The actual error I'm receiving is Error 809 which indicates a problem with the connectivity to the VPN server, presumably through the NAT router. Prior to the change to virtual routing, I was using a Linksys E3000 with L2TP/PPTP passthrough enabled and had
  no issues connecting to my VPN server remotely.
  Some questions I have specifically regarding Server 2012 R2 RRAS and NAT:
  1. Is NAT-T "turned on" by default? Are there any settings required through netsh or elsewhere that I might have overlooked to enable NAT Traversal?
  2. How can I test if NAT-T is working outside of VPN testing?
  3. Is it Microsoft's recommendation/requirement that VPN and NAT be collocated on the same server? I noticed in the NAT forwarding rules that the pre-defined L2TP forwarder says "L2TP on this server." Does that indicate that L2TP can't pass beyond
  that server? What are the security implications for running VPN from the router?
  Any help would be appreciated. I've been troubleshooting this issue for 2 weeks and cannot seem to find any documentation or help on this issue. I'm hoping if others have similar issues, this post will help point them in the right direction. I have netmon
  captures to assist with troubleshooting if it comes to that. I'm certain this is NAT-T at this point, but I just can't prove it beyond a shadow of a doubt, and I have customers who have asked about using Microsoft RRAS for routing. I can't, in good conscience,
  recommend it if NAT-T is problematic since most companies want some sort of VPN solution for their environment.
  Respectfully yours,
  Ron Arestia

  Hi Ron,
  Please try to create and configure the AssumeUDPEncapsulationContextOnSendRule registry value.
  For detailed information, please refer to the link below:
  http://support.microsoft.com/kb/926179
  Best Regards.
  Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Network Positioning of a Windows Server 2012 R2 Direct Access & VPN Server

  Reposted moved from Windows Server Forums- Security
  Hi
  I'm in the process of creating a new active directory forest with a single domain using AD.Contoso.com to use the Microsoft example. The reason I have decided on AD.XXXXXXXXX.com is to get way from using split horizon (Split Brain) DNS. The requirements
  for our new domain are :-
  2012 R2 AD
  Direct Access & VPN
  Exchange 2013 OWA, Active Sync Outlook Anywhere (Possibly a Hybrid Config where we have on premises mailboxes and some exchange online mailboxes Office 365 etc)
  Lync 2013 ?
  SharePoint 2013 ?
  Microsoft Active Directory Certificate Services
  System Center Configuration Manager 2012 R2
  Two way trusts between old forest and new to enable Transition/Migration
  Ok so that's what I'm aiming for so now the question.
  They are allowing me to purchase a next Generation Firewall may be a Barracuda NG firewall or a Cisco ASA X series so I need some advice on what type of network topology I should configure. I've read that using the two NIC configuration for
  the 2012 R2 Direct Access Server is preferable, one nic on the internal network one on the perimeter. The problem I have with this is that it bridges the internal network and the perimeter bypassing the backend Firewall see image
  The other alternative is to dispense with the perimeter network use the Direct Access server with a single NIC and setup the NG Firewall in a three-legged config with the DA server on the DMZ.
  So all you security experts out there what would be your design for this simple domain? we don't need any HA or Load Balancing.
  Thanks
  Simon

  Ok I'm not sure we are going to get any advice on this subject but one last effort. Our budget can only stretch to one next generation firewall so I'm considering the following three legged firewall design with a two NIC 2012 R2 Direct
  Access server. If someone could validate this configuration or suggest an alternative then I would be grateful.

• Server 2012 built in backup. Lost 4+ months of backups.

  I have been running the built in backup software on a 2012 server. Today I noticed that I only have 3 days of backups.
  The server is 2012 running Hyper-V with 6 VMs.  I had the backup software configured to backup all the VMS and a bare metal backup to an external 2 TB USB drive.  I have been looking at the event logs and search the web without much success up
  to this point.
  The event log does have the following information message:
  Backup started a fresh backup for volume '{00000000-0000-0000-0000-000000000000}' ('Esp') : [Reason: 'Volume size changed']. This may cause loss of older backup versions when backup completes.
  Any help would be appreciated.

  Hi,
  From the error message, could you find any volume size is changed before the first "fresh backup"?
  Sometimes we will see similar issue that previous backups are deleted when lacking of free disk space. Please check the vssadmin list shadowstorage for sure. 
  And please check the backup target folder to see if the previous backup copies are all overwritten by the new backup. Backups files are VHD files so try to check if previous VHD files could be found. 
  If you have any feedback on our support, please send to [email protected]

• RV016 / Windos Server 2012 - Gateway to Gateway Vpn.

  We have two sites and have on one site (main one) windows 2012 server as the DC on the network and it is also a gateway through which employees connect to the company network. On our other site we do not have servers set up and e had purchased RV016 hoping we could set up a continious gateway to gateway vpn connection. We had so far no luck on getting it to work, which begs the question - is it possible? Thank you. 

  tekliu,
  I actually found and tried this solution last night, but below is how my routing table looks on my RV042. When I do a tracert to www.google.com or whatever I can see that the traffic basically hits my router then out through the Comcast modem. If I do anything on the main office subnet 172.16.1.0 then I can see it hit both routers.
  Should I maybe reset the router to default and do this from the start? As you can see below all 0.0.0.0 traffic is set to go out through the Comcast gateway 74.94.253.10.
  Routing Table Entry List
  Destination IP Address
  Subnet Mask
  Default Gateway
  Hop Count
  Interface
  74.94.253.8
  255.255.255.252
  40
  ixp1
  74.94.253.8
  255.255.255.252
  45
  ipsec0
  192.168.3.0
  255.255.255.0
  50
  ixp0
  192.168.2.0
  255.255.255.0
  74.94.253.10
  10
  ipsec0
  192.168.2.0
  255.255.255.0
  50
  ixp0
  172.16.1.0
  255.255.255.0
  50
  ixp0
  default
  0.0.0.0
  74.94.253.10
  40
  ixp1
  I can send you all of my config data when if you need it.
  Thanks!

• Vpn connection from administration win server 2012 r2

  hello every one i have win server 2012 for the connection vpn i need make setting as like subnetwork get access to the from main office to the district office?

  Hi,
  Can you ping normally to other server from your server 2012 R2?
  Does user has enough permission for remoting?
  Can you telnet port 3389 and see whether RDP port is opened?
  Please try to perform remote desktop with “mstsc /admin” switch and check the result. Addition try to perform the remote session with IP address specified for that server. Also you can try PowerShell command to enable remote desktop.
  set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 0 
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Re: Windows Server 2012 as host Or Debian Jessie?

  It really depends on what you are most comfortable with but if it was me I wouldn't be looking to use debian just to run Xen.  If you want Xen then run Xenserver, there is really no reason not to these days.  It has the latest kernels and Xen version built into 6.5 and unless you want support it is free.

  I have got a brand new server with 16Tb Hard drive and 64Gb RAM. I have the following two openstions: 
  Option One:
  - Windows Server 2012 as a host and using hyperv run Windows Server 2012 and another debian webserver as a guest. 
  Option Two:
  - Debian Jessie as host and using Xen Windows Server 2012 and another Debian webserver as a guest.  
  I'm familier with both side virtualizations. I already have two Windows server 2012 licenses. But i cannot decide which opetion to choose. 
  This topic first appeared in the Spiceworks Community

• Why does my Cisco router firewall block Windows Server 2012 traffic, but not Windows Server 2008 traffic?

  Hello,
     I run a small business network with five physical servers: three Dell servers running Windows Server 2008 R2, one custom build running 2008, and another custom build running 2012 with Domain Controller Role (same hardware for both custom builds). 
  The Dell servers are all running the Hyper-V role and each has a number of 2008 VMs.  I also have a 2012 VM with the Domain Controller Role on one of the Hyper-V servers and another VM with a completely base install of 2012.
     All servers are plugged into a Cisco SG300-52 switch which is uplinked to a Cisco 881 router which is connected to a cable TWC provided Ubee cable modem.  I have no VLANs setup.  I do have the Firewall on the router configured
  to inspect most traffic.
     Here is my problem:  I cannot connect to most of the internet on ANY 2012 server (and all exhibit the exact same behavior), but I have NO problems connecting to the internet from 2008 servers.  Here is what I already know:
     1.) I can ping the outside world just fine so ICMP is passing to any external host.
     2.) Two of the 2012 servers are DCs running DNS services and they can connect to the internet just fine for DNS requests because they are doing a perfectly good job of providing DNS services to my network.
     3.) Here's where it gets really weird: I can browse in internet explorer to Bing.com and it works.  I can also go to a couple other Microsoft websites (though they are very slow).  If I click on any link in Bing, however, it doesn't
  work and gives me a page not available error.  If I connect to a non-MS website like Google or my company website, I get page not available.
      4.) I have tried to telnet to port 80 at Bing and it works.  I have tried to telnet to port 80 at google.com and it won't connect.  The 2008 servers have no issue telneting to either bing or google on port 80 and none of my client
  PCs on the network do either.
      5.) Windows Update will not connect and neither will any other update service such as AVG (I have AVG Antivirus installed WITHOUT firewall on two of the three servers. The base 2012 VM has no software installed and no roles...I built it
  just to see if it could connect after a fresh install and it still cannot.)
      6.) The network connection does not indicate limited connectivity (probably because ICMP appears to be passing successfully)
       7.) If I connect the server directly to the modem it has full internet access.
       8.) All internal LAN connectivity is perfectly fine and runs at full speed.
       9.) I have scoured the internet trying to find other examples of this particular kind of connectivity issue on 2012 and I have found two TechNet articles that are similar, but they both had the same resolution: changing the router
  worked, but no one knows why. (I would have included the links, but apparently I cannot do that yet)
  My question is this: What is different about Windows Server 2012 networking that would render it unable to communicate through a router that Windows Server 2008 has no problems with?  I ask because, unlike in these two articles where they were
  running personal networking equipment they could easily upgrade, I'm running a Cisco 881 with what should be virtually limitless configuration options and I have no desire to replace it.  I have to assume the issue is somehow related to the firewall configuration,
  which I could fix easily, but I don't know what to change.  If anyone knows what changed in 2012 and why I would be able to browse to bing and other MS sites but no where else, please pass them along.  Thanks.

  This is the IP Config for the 2012 DC:
  Windows IP Configuration
     Host Name . . . . . . . . . . . . : COMPANYDC02
     Primary Dns Suffix  . . . . . . . : company.local
     Node Type . . . . . . . . . . . . : Hybrid
     IP Routing Enabled. . . . . . . . : No
     WINS Proxy Enabled. . . . . . . . : No
     DNS Suffix Search List. . . . . . : company.local
  Ethernet adapter Ethernet:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connection
     Physical Address. . . . . . . . . : 00-25-90-DC-EF-D5
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     Link-local IPv6 Address . . . . . : fe80::81d5:53cf:bd07:14ed%12(Preferred)
     IPv4 Address. . . . . . . . . . . : 10.10.10.202(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Default Gateway . . . . . . . . . : 10.10.10.1
     DHCPv6 IAID . . . . . . . . . . . : 301999504
     DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-96-D5-C3-00-25-90-DC-EF-D5
     DNS Servers . . . . . . . . . . . : 10.10.10.202
                                         10.10.10.221
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Tunnel adapter isatap.{9929D989-8E88-4096-A1CB-61F1DB173FA3}:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft ISATAP Adapter
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter Teredo Tunneling Pseudo-Interface:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  This is the IP Config for the fresh install 2012 VM:
  Windows IP Configuration
     Host Name . . . . . . . . . . . . : WIN-800299O7ES6
     Primary Dns Suffix  . . . . . . . :
     Node Type . . . . . . . . . . . . : Hybrid
     IP Routing Enabled. . . . . . . . : No
     WINS Proxy Enabled. . . . . . . . : No
     DNS Suffix Search List. . . . . . : company.local
  Ethernet adapter Ethernet:
     Connection-specific DNS Suffix  . : company.local
     Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter
     Physical Address. . . . . . . . . : 00-15-5D-0A-5C-02
     DHCP Enabled. . . . . . . . . . . : Yes
     Autoconfiguration Enabled . . . . : Yes
     IPv4 Address. . . . . . . . . . . : 10.10.10.49(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Lease Obtained. . . . . . . . . . : Saturday, August 23, 2014 10:23:01 PM
     Lease Expires . . . . . . . . . . : Wednesday, August 27, 2014 10:23:01 PM
     Default Gateway . . . . . . . . . : 10.10.10.1
     DHCP Server . . . . . . . . . . . : 10.10.10.1
     DNS Servers . . . . . . . . . . . : 10.10.10.220
                                         10.10.10.221
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Tunnel adapter isatap.company.local:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . : company.local
     Description . . . . . . . . . . . : Microsoft ISATAP Adapter
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  NOTE: 10.10.10.220 and 10.10.10.221 are the other domain controllers on my network.  One of them is 2012 and one of them is 2008.  They are both functioning correctly for providing DNS services.  The 2012 Virtual DC, however, still has
  the internet connectivity issue that this whole post was about in the first place.
  NOTE2: When I logged on to COMPANYDC02 this morning, it told me that I had new Windows Updates that needed to be downloaded.   Confused, I checked the most recent time WU had checked for updates at it had successfully checked for updates last night
  at 10pm.  Of course, it failed when trying to download them, but it appears that once in a while, a connection gets through successfully...

• How to reduce the IPSec VPN connection establishment time

  Hi,
  I set up an IPSec VPN with NAT-T between two cisco router 871. In particular one router acts as a SERVER and the other one as  a CLIENT. All the traffic coming from the hosts connected to the CLIENT-router is sent over the VPN (no split tunnel). Everything works perfectly.
  The only problem is the amount of time the VPN takes to establish the first connection between the two routers. In particular it takes about two minutes.
  Could anybody tell me if this amount of time can be reduced (with a partcular configuration instruction)?
  Or this is the minimum amount of time required for the first connection establishment?
  Thank you for your help.

  Sara,
  Two minutes sound like a lot of time even with a super slow Internet connection. Could you share your configs to see if there is anything on the VPN config that is adding such a huge delay? The connection stablishment shouldnt take more than a few seconds.
  Thanks,
  Raga

• Server 2012 restrict active directory dynamic ports

  Hello,
  Has anyone encountered issues with restricting the Active Directory dynamic ports for Netlogon and NTDS in Server 2012?  I have followed the added the typical registry entries as described below but I still see my RDS gateway in the DMZ trying to communicate
  to my internal DC over other ephemeral ports (49158).  I have rebooted the DC after the registry changes and still no effect.  Are the reg entries the same in 2012?  Any help would be appreciated.  Thank you
  Registry key 1 
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters 
  Registry value: TCP/IP Port 
  Value type: REG_DWORD 
  Value data: 49152 (This value needs to be specified in decimal format)
  Registry key 2 
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters 
  Registry value: DCTcpipPort 
  Value type: REG_DWORD 
  Value data: 49153 (This value needs to be specified in decimal format)
  Eddie Espino | Secure Data Solutions | Miami, Florida | Microsoft Partner

  Hi,
  There are at least two options that can be used to allow replication when there are network traffic filters (aka firewall) in the network, across two DCs:
  1. Use registry keys on the DCs to force communication over specific ports
  2. Use IPsec to restrict the traffic to two ports only (IP 50 and IP 51)
  I tried to find some relevant documents, but could not find support for restricting the Active Directory dynamic ports for Netlogon and NTDS in Server 2012. You could refer to the following article, it may help you to solve your issues:
  Restricting AD Replication Traffic between DCs to only a few ports
  http://blogs.technet.com/b/luistog/archive/2012/05/08/restricting-ad-replication-traffic-between-dcs-to-only-a-few-ports.aspx
  Regards,
  Mandy Ye

• VirtualDisk on Windows Server 2012 R2 Storage Pool stuck in "Warning: In Service" state and all file transfers to and from is awfully slow

  Greetings,
  I'm having some trouble with my Windows Storage Pool and my VirtualDisk running on a Windows Server 2012 R2 installation. It consists of 8x Western Digital RE-4 2TB drives + 2x Western Digital Black Edition 2TB drives and have been configured in a single-disk
  parity setup and the virtual disk is running fixed provisioning (max size) and is formatted with ReFS.
  It's been running solid for months besides some awful write-speeds at times, it seems like the write performance running ReFS compared to NTFS is not that good.
  I was recommended to add SSD's for journalling in order to boost write-performance. Sadly I seemed to screw up this part, you need to due this through PowerShell and it needs to be done before creating the virtualdisk. I managed to add my SSD to the Storage
  Pool and then remove it.
  This seem to have caused some awkward issues, I'm not quite sure of why as the virtualdisk is "fixed" so adding the SSD to the Storage Pool shouldn't really do anything, right? But after I did this my virtual disk have been stuck in "Warning:
  In Service" and it seems to be stuck? It's been 4-5 days and it's still the same and the performance is currently horrible. Moving 40GB of data off the virtual disk took me about 20 hours or so. Launching files under 1mb of the virtual disk takes several
  minutes etc.. It's pretty much useless.
  The GUI is not providing any useful information about what's going on. What does "Warning: In Service" actually imply? How am I supposed to know how long this is supposed to take? Running Get-Virtualdisk in PowerShell does not provide any useful
  information either. I did try to do a repair through the Server Manager GUI but it goes to about 21% within 2-3 hours but drops back down to 10%. I have had the repair running for days but it wont go past 21% without dropping back down again.
  Running repair through PowerShell yields the same results, but if I detach the virtual disk and then try to repair through PowerShell (the GUI wont let me do repair on detached virtual disks) it will just run for a split second and then close.
  After doing some "Googeling" I've seen people mentioning that the repair is not able to finish unless I have at least the same amount of free space in the Storage Pool as the largest drive in my Storage Pool is housing so I added a 4TB drive as
  due to me running fixed provisioning I had used all the space in the pool but the repair is still not able to go past 21%.
  As am running "fixed provisioning" I guess adding a extra drive to the pool doesn't do much difference as it's not available for the virtual disk? So I went ahead and deleted 3 TB of data on the virtual disk so now I've got about 4 TB free space
  on the virtual disk so there should be plenty of room for Windows Server 2012 R2 to re-build the parity or whatever it's trying to do but it's still the same, the repair wont move past 21% and the virtual disk is still stuck in "Warning: In Service"
  mode and the performance keeps being horrible so taking a backup will take forever at these speeds...
  Am I missing something here? All the drives in the pool is working fine. I have verified using various bootable tools so why is this happening and what can I do to get the virtual disk running at full state again? Why doesn't the GUI prompt you with any
  kind of usable information?
  Best regards, Thomas Andre

  Hi,
  Please run chkdsk /f /r command on the virtual disk to have a try. In the meantime, run the following commands in PowerShell to share the output.
  get-virtualdisk -friendlyname <name> | get-physicaldisk | fl
  get-virtualdisk -friendlyname <name> |fl
  Best Regards,
  Mandy
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Server 2012 R2 SMB - The process cannot access the file '\\server\share\test.txt' because it is being used by another process.

  Hi,
  We are having issues with Server 2012 R2 SMB shares.
  We try to write some changes to a file, but we first create a temporary backup in case the write fails. After the backup is created we write the changes to the file and then we get an error:
  The process cannot access the file '\\server\share\test.txt' because it is being used by another process.
  It looks like the backup process keeps the original file in use.
  The problem doesn't always occur the first time, but almost everytime after 2 or 3 changes. I have provided some code below to reproduce the problem, you can run this in a loop to reproduce.
  The problem is that once the error arises, the file remains 'in use' for a while, so you cannot retry but have to wait at least several minutes. 
  I've already used Process Explorer to analyze, but there are no open file handles. 
  To reproduce the problem: create two Server 2012 R2 machines and run the below code from one server accessing an SMB share on the other server.
  Below is the code I use for testing, if you reproduce the scenario, I'm sure you get the same error.
  We are not looking for an alternative way to solve this, but wonder if this is a bug that needs to be reported?
  Anybody seen this behavior before or know what's causing it?
  The code:
  string file =
  @"\\server\share\test.txt";
  if (File.Exists(file))
  File.Copy(file, file +
  ".bak", true);
  File.WriteAllText(file,
  "Testje",
  Encoding.UTF8);
  The error:
   System.IO.IOException: The process cannot access the file '\\server\share\test.txt' because it is being used by another process.

  Hi,
  There is someone else having the same issue with yours. You could try code in the article below:
  “The process cannot access the file because it is being used by another process”
  http://blogs.msdn.com/b/shawncao/archive/2010/06/04/the-process-cannot-access-the-file-because-it-is-being-used-by-another-process.aspx
  If you wonder the root cause of the issue, the .NET Framework Class Libraries forum can help.
  Best Regards,
  Mandy 
  If you have any feedback on our support, please click
  here .
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Hyper-V Server 2012 Migration Questions

  Hello All,
  This is my first post here, but I have used these forums many times for information. Sorry in advance for the long post.
  I have a few questions regarding migration to Hyper-V server 2012 for my production environment. I have done quite a bit of reading, but I have a few direct questions and I would like to get some direct answers.
  My current production environment consists of one PowerEdge 2900 with 2 Xeon X5460 Quad Core 3.16GHz CPUs, 24 GB of RAM and a RAID 10 consisting of 8, 500 GB HDDs for a total of 2TB of storage. I am currently running Server 2008 R2 Enterprise w/ GUI as the
  Hyper-V host OS. I have 4 virtual machines all also running Server 2008 R2 Enterprise. The 4 virtual machines consist of 1 domain controller, 1 Exchange Server with Exchange 2010 Standard, 1 Server running SharePoint 2010 Enterprise and the remaining server
  running IIS with FTP and HTTP.
  The network topology is as follows….
  Hopefully it is clear from my diagram that the Hyper-V host OS is connected to the same physical network as the domain, but is not a joined to the domain. I set it up this way because I had concerns about connectivity and manageability because the domain
  controller is a guest VM. Also, the IIS server is on a completely different physical network independent of the domain.
  What I would like to accomplish is the migration of the above environment to Hyper-V Server 2012 as is. I want to keep my existing guest VMs unchanged and running Server 2008 R2 for now as well as keep the existing network topology intact.
  I have 3 additional servers in a separate test environment that would be able to serve as temporary storage or whatever is needed for the migration process.
  Here are the two main things I would like to accomplish with this migration…
  1. Make the transition from Server 2008 R2 to Hyper-V Server 2012 as a host OS.
  2. Migrate virtual hard disks from .VHD to the new .VHDX format.
  All that being said, I have finally come to my questions regarding this process.
  First and foremost, I would obviously need to back up my current setup in case something goes horribly wrong during the migration. My question regarding the initial backup is would it be better to do a bare metal backup of the Hyper-V host or should I do
  individual backups (bare-metal?) of the Guest VMs from within their operating systems?
  Second, since I plan to use Hyper-V Server 2012, I will have to manage the host OS using the RSAT from a domain joined client running Windows 7 Professional. How much of a pain is it going to be to setup RSAT and manage the non-domain joined host from a
  domain joined client? Is there a better way without using SCVMM or using Server 2012 w/ a GUI as the host OS?
  Third, are there any concerns I should have, precautions I should take or procedures I need to do before, during or after the migration regarding the existing VMs and the new virtualized hardware environment on the same physical host?
  Forth, should I use the trial version of SCVMM 2012 SP1 (or another previous version) to perform the migration? What should I be aware of using SCVMM for the migration and then discontinuing its use after the migration is complete and moving to management
  using the RSAT?
  Fifth, if I don’t use SCVMM for the migration, what is the best procedure for moving the VMs? Should I just copy the VHDs to a temporary storage location, install Hyper-V server 2012, copy the VHDs back, create new VMs and attach the VHDs or should I use
  the export/import process?
  Number six, when is the best time to migrate the VHDs to VHDX format and what would be the best method?
  And finally, do I need to worry about USN rollback with a single domain controller? From my reading, this seems to be a point of disagreement. Some people say it could happen while others say it won’t. Is there any point during the migration process where
  it could occur either during the copying of VHDs or from the switch to VHDX?
  Again, sorry for the long post and thanks for staying with me this far. Any information would be much appreciated

  1) As Jens said below with Windows Server 2012 you can simple copy the configuration files and VHDs from a 2008 R2 server to a 2012 server and import them - they one caveat to this is that any vlan configuration is lost and you have to simply re-create it. 
  Optionally you can also export the virtual machines from Windows Server 2008 R2 and then import them on Windows Server 2012.
  2) Remote management in a workgroup does have some caveat's associated with it - take a look at
  http://blogs.technet.com/b/jhoward/archive/2009/08/07/hvremote-refresh.aspx.  Generally I would recommend joining the Hyper-V management operating system to the domain - not just because of these issues but for a number of other features to work properly
  (see below)
  3) I always recommend validating the hardware and environment after the installation before migrating critical workloads to it - testing networking, backup etc... to make sure they function as expected.  Also ensure that you upgrade the integration
  components in the VM's after the migration.
  4) That is an option - though you might find you like SCVMM
  5) Recreating VM's using existing VHD's has some issues for example the BIOS GUID changes, all of the NIC's are re-plug and played etc... When possible copying the configuration or using export is much better.
  6) The sooner the better - VHDx has a number of significant advantages, you can do the migration using the Hyper-V manager UI (edit disk) or via powershell with Convert-VHD.  Do keep in mind that during the conversation you need 2x the space (for the
  original and the new VHDx).
  7) In the past you could get into trouble if you for example snapshotted an AD virtual machine and than reverted it - taking one offline and then brining it back online was never a problem.  In Windows Server 2012 we addressed this with a feature called
  generation ID's.
  Domain considerations...  A few things to keep in mind regarding the choice to not domain join the Hyper-V server.
  - You can't live migrate virtual machines
  - You can't utilize Hyper-V over SMB
  - Management is more difficult and less secure
  -Taylor Brown -Program Manager, Hyper-V -http://blogs.msdn.com/taylorb

• Windows Server 2012 R2 GPO Loginscript is executed with more than 2 minutes delay after login

  Hi everybody
  A strange problem came up in a new Windows Active Directory Domain (one single DC with Windows Server 2012 R2 Essentials): after configuring a User GPO with a Powershell Loginscript and applying the GPO to an User OU, the following happens:  when a
  User logs into a PC or Server, the Loginscript does not run within the first 120 - 150 seconds, and then suddenly the Scripts runs and completes within seconds. What could be the reason for such a long delay?
  When I run the Powershell Script manually it runs immediately and finishes within seconds. But assigned through a GPO it takes really long to run. I also tried a very "simple" Loginscript with only one command (map a network share) - but this Script
  also runs with a long delay. So the script does not seem to be the problem but the Logon Procedure. I even tried the same script with a locally defined GPO on a Windows Server 2012 R2 (just to check whether it might be a NETLOGON/SYSVOL share problem), but
  no luck - it takes 2 to 3 minutes until the Script is run. I went a bit further and realized that the problem is only related to the latest OS Windows 8 (8.1) / Windows Server 2012 (R2) but not to older windows system. So what changed in the logon process
  of the new Windows versions? Why are GPO applied with a such a long delay?
  Any ideas?
  Mark

  Other people have reported similar issues
  http://www.edugeek.net/forums/windows-8/128421-group-policy-logon-scripts-delayed-5-minutes-windows-8-1-design.html
  Rgds
  Milos

• Ipsec VPN site to site, best settings for optimal data transfer

  I have a ISA570 at work and have set up an ipsec VPN site to site connection with my router at home which is a RV180. I'm trying to do large backups from my office to my home storage. Can you tell me what are the most efficient settings as far as the VPN connection is concerned to optimize the transfer rate? Also any settings that I may make on my Windows 7 workstation at work. I'm transferring from a worstation to the terrastation that I have at my home.

  Hi Daniel,
  I noticed that your post was located in the VPN Site to Site instead of the Small Business Security area. I have moved your post to the correct area so that you will get some help.  As a Cisco customer with a service contract, you can call the small business support center to speak with an engineer.  The phone numbers are located here:
  https://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html
  Regards,
  Cindy Toy
  Cisco Small Business Community Manager
  for Cisco Small Business Products
  www.cisco.com/go/smallbizsupport
  twitter: CiscoSBsupport