Support DirectAccess Clients from local lan?
We've implemented DirectAccess 2012 R2 and are trying to use remote desktop and SCCM remote assistance to support offsite systems connected by DirectAccess.
I can use a DirectAccess remote client to remote desktop to a local windows system, but I cannot use that same local system to connect to the same remote resource. I believe this may be a routing issue on our LAN.
I can Remote Desktop from the direct access server to a DirectAccess remote client.
Pings fail with "Ping request could not find host testhost01. Please check the name and try again."
Tracert fails with "Unable to resolve target system name"
NSlookup returns 3 IPv6 addresses for the host
This is the last piece of the puzzle to have DA working 100%
Any pointers? Places to look?
Thanks!!
Hi,
Do you use IPv6 in your internal network?
If no, it should not be an issue.
If the intranet is only using IPv4, NAT64 and DNS64 will be enabled on the DirectAccess server.
Similar to NAT, the DirectAccess clients are hidden by the NAT64. We can't access a machine behind NAT.
Best Regards.
Steven Lee
TechNet Community Support
Similar Messages
-
WAP321 Isolate guest from local LAN
I have been searching for an easy explanaition on how to create a guest SSID and isolate them from accessing local LAN, however, they need (obviosly) to be able to use the default GW and DNS server on local LAN, as I can not se any way that the WAP321 can act as an dhcp server for individual SSID's and thus use external DNS and act as default GW for independant SSID's.
Please someone tell me straight forward how to do this.
I'd like to do this without using VLAN tagging.
Thks
KristianHello
The ACL should not affect the "non-guest" SSID at all, make shure you have not "assigned" the ACL to non guest.
Prior responcce:
The Switches in this environment is layer 2, thus no VLAN tagging (it is a SOHO environment, actually a resturant) The DNS/DCHP is delivered by the internett router, as I mentioned earlier, if you have seperate DNS/DHCP units, you will have to allow acces to these IP's, you should then limit the TCP/UDP ports to DNS/DHCP port. (I assume that Guest should not have access to domain or domain servers, in your enviroment you will as mentioned have to give access to relevant TCP/UDP ports on the server/DC)
If you have switches VLAN cappable, I'd use VLAN tagging, that would be a "cleaner" and probably more secure solutions
Hope this helps
Br
hkl -
Error in calling EJB Client from Remote Machine.
While running the client from local machine, it works perfectly.
But when I try to run the same client from remote machine it gives me the error.
I deployed the ejb in sun server 1.4 with jndi as "xxx.xxx.xxx.xxx/MyTemperature".
Following is the code snippet from the clint.
Context initial = new InitialContext();
Object objref = initial.lookup("192.168.0.20/MyTemperature");
home = (TemperatureHome) PortableRemoteObject.narrow(objref, TemperatureHome.class);
Temperature degreeConverter = home.create();Following is the error
E:\EJBRemoteTest>java TempClient.TemperatureClient
May 14, 2008 10:00:24 AM com.sun.corba.ee.impl.legacy.connection.SocketFactoryCo
nnectionImpl <init>
WARNING: ORBUTIL.connectFailure
org.omg.CORBA.COMM_FAILURE: vmcid: SUN minor code: 201 completed: No
at com.sun.corba.ee.impl.logging.ORBUtilSystemException.connectFailure(O
RBUtilSystemException.java:1739)
at com.sun.corba.ee.impl.logging.ORBUtilSystemException.connectFailure(O
RBUtilSystemException.java:1757)
at com.sun.corba.ee.impl.legacy.connection.SocketFactoryConnectionImpl.<
init>(SocketFactoryConnectionImpl.java:74)
at com.sun.corba.ee.impl.legacy.connection.SocketFactoryContactInfoImpl.
createConnection(SocketFactoryContactInfoImpl.java:77)
at com.sun.corba.ee.impl.protocol.CorbaClientRequestDispatcherImpl.begin
Request(CorbaClientRequestDispatcherImpl.java:152)
at com.sun.corba.ee.impl.protocol.CorbaClientDelegateImpl.request(CorbaC
lientDelegateImpl.java:121)
at com.sun.corba.ee.impl.protocol.CorbaClientDelegateImpl.is_a(CorbaClie
ntDelegateImpl.java:214)
at org.omg.CORBA.portable.ObjectImpl._is_a(ObjectImpl.java:112)
at org.omg.CosNaming.NamingContextHelper.narrow(NamingContextHelper.java
:69)
at com.sun.enterprise.naming.SerialContext.getProvider(SerialContext.jav
a:58)
at com.sun.enterprise.naming.SerialContext.lookup(SerialContext.java:126
at javax.naming.InitialContext.lookup(InitialContext.java:347)
at TempClient.TemperatureClient.main(TemperatureClient.java:17)
Caused by: java.lang.RuntimeException: java.net.ConnectException: Connection ref
used: connect
at com.sun.enterprise.iiop.IIOPSSLSocketFactory.createSocket(IIOPSSLSock
etFactory.java:520)
at com.sun.corba.ee.impl.legacy.connection.SocketFactoryConnectionImpl.<
init>(SocketFactoryConnectionImpl.java:58)
... 10 more
Caused by: java.net.ConnectException: Connection refused: connect
at sun.nio.ch.Net.connect(Native Method)
at sun.nio.ch.SocketChannelImpl.connect(SocketChannelImpl.java:460)
at java.nio.channels.SocketChannel.open(SocketChannel.java:146)
at com.sun.enterprise.iiop.IIOPSSLSocketFactory.createSocket(IIOPSSLSock
etFactory.java:511)
... 11 more
Caught an unexpected Exception!
javax.naming.CommunicationException: Can't find SerialContextProvider [Root exce
ption is org.omg.CORBA.COMM_FAILURE: vmcid: SUN minor code: 201 completed: N
o]
at com.sun.enterprise.naming.SerialContext.getProvider(SerialContext.jav
a:66)
at com.sun.enterprise.naming.SerialContext.lookup(SerialContext.java:126
at javax.naming.InitialContext.lookup(InitialContext.java:347)
at TempClient.TemperatureClient.main(TemperatureClient.java:17)
Caused by: org.omg.CORBA.COMM_FAILURE: vmcid: SUN minor code: 201 completed:
No
at com.sun.corba.ee.impl.logging.ORBUtilSystemException.connectFailure(O
RBUtilSystemException.java:1739)
at com.sun.corba.ee.impl.logging.ORBUtilSystemException.connectFailure(O
RBUtilSystemException.java:1757)
at com.sun.corba.ee.impl.legacy.connection.SocketFactoryConnectionImpl.<
init>(SocketFactoryConnectionImpl.java:74)
at com.sun.corba.ee.impl.legacy.connection.SocketFactoryContactInfoImpl.
createConnection(SocketFactoryContactInfoImpl.java:77)
at com.sun.corba.ee.impl.protocol.CorbaClientRequestDispatcherImpl.begin
Request(CorbaClientRequestDispatcherImpl.java:152)
at com.sun.corba.ee.impl.protocol.CorbaClientDelegateImpl.request(CorbaC
lientDelegateImpl.java:121)
at com.sun.corba.ee.impl.protocol.CorbaClientDelegateImpl.is_a(CorbaClie
ntDelegateImpl.java:214)
at org.omg.CORBA.portable.ObjectImpl._is_a(ObjectImpl.java:112)
at org.omg.CosNaming.NamingContextHelper.narrow(NamingContextHelper.java
:69)
at com.sun.enterprise.naming.SerialContext.getProvider(SerialContext.jav
a:58)
... 3 more
Caused by: java.lang.RuntimeException: java.net.ConnectException: Connection ref
used: connect
at com.sun.enterprise.iiop.IIOPSSLSocketFactory.createSocket(IIOPSSLSock
etFactory.java:520)
at com.sun.corba.ee.impl.legacy.connection.SocketFactoryConnectionImpl.<
init>(SocketFactoryConnectionImpl.java:58)
... 10 more
Caused by: java.net.ConnectException: Connection refused: connect
at sun.nio.ch.Net.connect(Native Method)
at sun.nio.ch.SocketChannelImpl.connect(SocketChannelImpl.java:460)
at java.nio.channels.SocketChannel.open(SocketChannel.java:146)
at com.sun.enterprise.iiop.IIOPSSLSocketFactory.createSocket(IIOPSSLSock
etFactory.java:511)
... 11 moreThis is a stateless session bean.
Can anybody provide me solution for this
I also tried with java.util.Properties class but result is same.You are running on Windows 9x or Me, right? The darn OS has 300 or so bytes allocated for environment by default.
Try setting the Initial environment to 4096 in the Properties|Memory tab for the batch file. That will get rid of "Out of environment space". The syntax error is another matter; Windows (except NT and derivatives) shells do not allow '=' in an environment variables value. You cannot overcome that. Some software (Sybase for instance) interprets # as = just because of that. Unfortunately, the JVM doesn't take such an approach.
Better, grab copies of Unix utilities for Windows (www.gnu.org) including the wonderful shell 'bash' and write .sh scripts, which are inherently more powerful. -
ASA 5505 & VPN Client blocking access to local lan
I have setup a IPSec vpn client connection to a Cisco ASA 5505, when I connect to the unit it fully authenticates and issues me an ip address on the local lan however when I attempt to connect to any service on the local lan the following message is displayed in the log can you help:
Teardown UDP connection 192.168.110.200 53785 192.168.110.21 53 outside:192.168.110.200/53785(LOCAL\username) to inside 192.168.110/53
See the attached file for a sanitised version of the config.This is a sanitised version of the crypto dump, I have changed the user and IP addresses
ASA5505MAN# debug crypto ikev1 7
ASA5505MAN# debug crypto ipsec 7
ASA5505MAN# Jul 24 15:49:03 [IKEv1]IP = x.x.x.x, IKE_DECODE RECEIVED Message (msgid=fbc167de) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Jul 24 15:49:03 [IKEv1 DEBUG]Group = VPN-Users, Username = username, IP = x.x.x.x, processing hash payload
Jul 24 15:49:03 [IKEv1 DEBUG]Group = VPN-Users, Username = username, IP = x.x.x.x, processing notify payload
Jul 24 15:49:03 [IKEv1 DEBUG]Group = VPN-Users, Username = username, IP = x.x.x.x, Received keep-alive of type DPD R-U-THERE (seq number 0xa6dcb72)
Jul 24 15:49:03 [IKEv1 DEBUG]Group = VPN-Users, Username = username, IP = x.x.x.x, Sending keep-alive of type DPD R-U-THERE-ACK (seq number 0xa6dcb72)
Jul 24 15:49:03 [IKEv1 DEBUG]Group = VPN-Users, Username = username, IP = x.x.x.x, constructing blank hash payload
Jul 24 15:49:03 [IKEv1 DEBUG]Group = VPN-Users, Username = username, IP = x.x.x.x, constructing qm hash payload
Jul 24 15:49:03 [IKEv1]IP = x.x.x.x, IKE_DECODE SENDING Message (msgid=515fbf7e) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Jul 24 15:49:18 [IKEv1]IP = x.x.x.x, IKE_DECODE RECEIVED Message (msgid=2fe7cf10) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Jul 24 15:49:18 [IKEv1 DEBUG]Group = VPN-Users, Username = username, IP = x.x.x.x, processing hash payload
Jul 24 15:49:18 [IKEv1 DEBUG]Group = VPN-Users, Username = username, IP = x.x.x.x, processing notify payload
Jul 24 15:49:18 [IKEv1 DEBUG]Group = VPN-Users, Username = username, IP = x.x.x.x, Received keep-alive of type DPD R-U-THERE (seq number 0xa6dcb73)
Jul 24 15:49:18 [IKEv1 DEBUG]Group = VPN-Users, Username = username, IP = x.x.x.x, Sending keep-alive of type DPD R-U-THERE-ACK (seq number 0xa6dcb73)
Jul 24 15:49:18 [IKEv1 DEBUG]Group = VPN-Users, Username = username, IP = x.x.x.x, constructing blank hash payload
Jul 24 15:49:18 [IKEv1 DEBUG]Group = VPN-Users, Username = username, IP = x.x.x.x, constructing qm hash payload
Jul 24 15:49:18 [IKEv1]IP = x.x.x.x, IKE_DECODE SENDING Message (msgid=e450c971) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Jul 24 15:49:28 [IKEv1]IP = x.x.x.x, IKE_DECODE RECEIVED Message (msgid=e6c212e7) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Jul 24 15:49:28 [IKEv1 DEBUG]Group = VPN-Users, Username = username, IP = x.x.x.x, processing hash payload
Jul 24 15:49:28 [IKEv1 DEBUG]Group = VPN-Users, Username = username, IP = x.x.x.x, processing notify payload
Jul 24 15:49:28 [IKEv1 DEBUG]Group = VPN-Users, Username = username, IP = x.x.x.x, Received keep-alive of type DPD R-U-THERE (seq number 0xa6dcb74)
Jul 24 15:49:28 [IKEv1 DEBUG]Group = VPN-Users, Username = username, IP = x.x.x.x, Sending keep-alive of type DPD R-U-THERE-ACK (seq number 0xa6dcb74)
Jul 24 15:49:28 [IKEv1 DEBUG]Group = VPN-Users, Username = username, IP = x.x.x.x, constructing blank hash payload
Jul 24 15:49:28 [IKEv1 DEBUG]Group = VPN-Users, Username = username, IP = x.x.x.x, constructing qm hash payload
Jul 24 15:49:28 [IKEv1]IP = x.x.x.x, IKE_DECODE SENDING Message (msgid=af5953c7) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
This is the isakmp dump
ASA5505MAN# show crypto isakmp
IKEv1 SAs:
Active SA: 2
Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 2
1 IKE Peer: x.x.x.x
Type : L2L Role : initiator
Rekey : no State : MM_ACTIVE
2 IKE Peer: x.x.x.x
Type : user Role : responder
Rekey : no State : AM_ACTIVE
There are no IKEv2 SAs
Global IKEv1 Statistics
Active Tunnels: 1
Previous Tunnels: 40
In Octets: 322076
In Packets: 2060
In Drop Packets: 84
In Notifys: 1072
In P2 Exchanges: 35
In P2 Exchange Invalids: 0
In P2 Exchange Rejects: 0
In P2 Sa Delete Requests: 24
Out Octets: 591896
Out Packets: 3481
Out Drop Packets: 0
Out Notifys: 2101
Out P2 Exchanges: 275
Out P2 Exchange Invalids: 0
Out P2 Exchange Rejects: 0
Out P2 Sa Delete Requests: 284
Initiator Tunnels: 231
Initiator Fails: 221
Responder Fails: 76
System Capacity Fails: 0
Auth Fails: 54
Decrypt Fails: 0
Hash Valid Fails: 0
No Sa Fails: 30
Global IKEv2 Statistics
Active Tunnels: 0
Previous Tunnels: 0
In Octets: 0
In Packets: 0
In Drop Packets: 0
In Drop Fragments: 0
In Notifys: 0
In P2 Exchange: 0
In P2 Exchange Invalids: 0
In P2 Exchange Rejects: 0
In IPSEC Delete: 0
In IKE Delete: 0
Out Octets: 0
Out Packets: 0
Out Drop Packets: 0
Out Drop Fragments: 0
Out Notifys: 0
Out P2 Exchange: 0
Out P2 Exchange Invalids: 0
Out P2 Exchange Rejects: 0
Out IPSEC Delete: 0
Out IKE Delete: 0
SAs Locally Initiated: 0
SAs Locally Initiated Failed: 0
SAs Remotely Initiated: 0
SAs Remotely Initiated Failed: 0
System Capacity Failures: 0
Authentication Failures: 0
Decrypt Failures: 0
Hash Failures: 0
Invalid SPI: 0
In Configs: 0
Out Configs: 0
In Configs Rejects: 0
Out Configs Rejects: 0
Previous Tunnels: 0
Previous Tunnels Wraps: 0
In DPD Messages: 0
Out DPD Messages: 0
Out NAT Keepalives: 0
IKE Rekey Locally Initiated: 0
IKE Rekey Remotely Initiated: 0
CHILD Rekey Locally Initiated: 0
CHILD Rekey Remotely Initiated: 0
IKEV2 Call Admission Statistics
Max Active SAs: No Limit
Max In-Negotiation SAs: 12
Cookie Challenge Threshold: Never
Active SAs: 0
In-Negotiation SAs: 0
Incoming Requests: 0
Incoming Requests Accepted: 0
Incoming Requests Rejected: 0
Outgoing Requests: 0
Outgoing Requests Accepted: 0
Outgoing Requests Rejected: 0
Rejected Requests: 0
Rejected Over Max SA limit: 0
Rejected Low Resources: 0
Rejected Reboot In Progress: 0
Cookie Challenges: 0
Cookie Challenges Passed: 0
Cookie Challenges Failed: 0
Global IKEv1 IPSec over TCP Statistics
Embryonic connections: 0
Active connections: 0
Previous connections: 0
Inbound packets: 0
Inbound dropped packets: 0
Outbound packets: 0
Outbound dropped packets: 0
RST packets: 0
Recevied ACK heart-beat packets: 0
Bad headers: 0
Bad trailers: 0
Timer failures: 0
Checksum errors: 0
Internal errors: 0
ASA5505MAN#
and this is the ipsec dump
ASA5505MAN# show crypto ipsec sa
interface: outside
Crypto map tag: SYSTEM_DEFAULT_CRYPTO_MAP, seq num: 65535, local addr: x.x.x.x
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
remote ident (addr/mask/prot/port): (192.168.110.200/255.255.255.255/0/0)
current_peer: x.x.x.x, username: username
dynamic allocated peer ip: 192.168.110.200
#pkts encaps: 778, #pkts encrypt: 778, #pkts digest: 778
#pkts decaps: 1959, #pkts decrypt: 1959, #pkts verify: 1959
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 778, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#TFC rcvd: 0, #TFC sent: 0
#Valid ICMP Errors rcvd: 0, #Invalid ICMP Errors rcvd: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: x.x.x.x/4500, remote crypto endpt.: x.x.x.x/54599
path mtu 1500, ipsec overhead 82(52), media mtu 1500
PMTU time remaining (sec): 0, DF policy: copy-df
ICMP error validation: disabled, TFC packets: disabled
current outbound spi: 532B60D0
current inbound spi : 472C8AE7
inbound esp sas:
spi: 0x472C8AE7 (1194101479)
transform: esp-aes esp-sha-hmac no compression
in use settings ={RA, Tunnel, NAT-T-Encaps, IKEv1, }
slot: 0, conn_id: 241664, crypto-map: SYSTEM_DEFAULT_CRYPTO_MAP
sa timing: remaining key lifetime (sec): 26551
IV size: 16 bytes
replay detection support: Y
Anti replay bitmap:
0xFFFFFFFF 0xFFFFFFFF
outbound esp sas:
spi: 0x532B60D0 (1395351760)
transform: esp-aes esp-sha-hmac no compression
in use settings ={RA, Tunnel, NAT-T-Encaps, IKEv1, }
slot: 0, conn_id: 241664, crypto-map: SYSTEM_DEFAULT_CRYPTO_MAP
sa timing: remaining key lifetime (sec): 26551
IV size: 16 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
Crypto map tag: outside_map0, seq num: 1, local addr: x.x.x.x
access-list outside_cryptomap_1 extended permit ip 192.168.110.0 255.255.255.0 192.168.0.0 255.255.0.0
local ident (addr/mask/prot/port): (192.168.110.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.0.0/255.255.0.0/0/0)
current_peer: x.x.x.x
#pkts encaps: 39333117, #pkts encrypt: 39333117, #pkts digest: 39333117
#pkts decaps: 24914965, #pkts decrypt: 24914965, #pkts verify: 24914965
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 39333117, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#TFC rcvd: 0, #TFC sent: 0
#Valid ICMP Errors rcvd: 0, #Invalid ICMP Errors rcvd: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: x.x.x.x/0, remote crypto endpt.: x.x.x.x/0
path mtu 1500, ipsec overhead 58(36), media mtu 1500
PMTU time remaining (sec): 0, DF policy: copy-df
ICMP error validation: disabled, TFC packets: disabled
current outbound spi: F6943017
current inbound spi : E6CDF924
inbound esp sas:
spi: 0xE6CDF924 (3872258340)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, IKEv1, }
slot: 0, conn_id: 163840, crypto-map: outside_map0
sa timing: remaining key lifetime (kB/sec): (3651601/15931)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0xFFFFFFFF 0xFFFFFFFF
outbound esp sas:
spi: 0xF6943017 (4136906775)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, IKEv1, }
slot: 0, conn_id: 163840, crypto-map: outside_map0
sa timing: remaining key lifetime (kB/sec): (3561355/15931)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
ASA5505MAN# -
How to download file from server to client's local ??
How to download a file from the server to the client's local machine in a particular folder without users intervention ie. 'Save As" prompt of the browser should be avoided and if the client clicks on "Download" button, the file should get automaticaly downloaded to say, "c:/reports/' on his/her local machine. This is for Java based web appliaction.
http://jguru.com/faq/view.jsp?EID=10646
-
Transparent Tunneling and Local Lan Access via VPN Client
Remote users using Cisco VPN 4.2 connect successfully to a Cisco Pix 515 (ver. 6.3). The client is configured to allow Transparent Tunneling and Local Lan access, but once connected to the Pix, these two options are disabled. What configuration changes are required on the Pix to enable these options? Any assistance will be greatly appreciated.
Mike BowyerHi Mike,
"Transparent Tunneling" and "Local Lan Access" are two different things. "Transparent Tunneling" is dealing with establishing an IPSec Tunnel even if a NAT device is between your client and the VPN-Headend-Device. "Local LAN Access" is dealing with access to devices in the LAN your VPN-Client-Device is connected to.
What do you mean exactly with "disabled once the connection is made" ?
You can check the local LAN Access by having a look at the Route-Table of the VPN-Client:
Right Click the yellow VPN-lock Icon in System-Tray while the VPN-Connection is active and select "Statistics ...". Have a look at the second register page "route details".
Are any local LAN routes displayed when your are connected ?
And - always remember two important restrictions the Online Help of the VPN-Client is mentioning:
1: This feature works only on one NIC card, the same NIC card as the tunnel.
2: While connected, you cannot print or browse the local LAN by name; when disconnected, you can print and browse by name.
Carsten
PS: Removing Split Tunnel won't enable local LAN access as all traffic would be sent into the IPSec tunnel. -
Import files from a client in a LAN
When I try to import songs into a playlist from a folder of a client in my LAN I can't import up to 4-5 files each time. If I try to import much files it doesn't do!
I use the latest iTunes version (1.4.2.4).
Is this a bug of iTunes or a problem of mine?
ThanksYes, also in this way I fall in the problem. The importing doesn't start!
Have you tried to do on your LAN, if you have? Anyone fall in the same problem? -
Connecting to DirectAccess server from a client behind proxy with authentication
Hi,
All our DA clients are working fine except those that are working from a client company where a proxy with authentication is used.
Our DA server is running Windows server 2012 and clients are running Windows 7.
I have found similar posts, where it states it is a known issue and it is fixed by a new feature in Windows 2012, however i cannot find more info:
http://technet.microsoft.com/en-us/library/hh831416.aspx
IP-HTTPS runs in a system context rather than a user context. This context can cause connection issues. For example, if a DirectAccess
client computer is located in the network of a partner company that uses a proxy for Internet access, and WPAD auto detection is not used, the user must manually configure proxy settings in order to access the Internet. These settings are configured in Internet
Explorer on a per user basis, and cannot be retrieved in an intuitive way on behalf of IP-HTTPS. In addition, if the proxy requires authentication, the client provides credentials for Internet access, but IP-HTTPS will not provide the credentials required
to authenticate to DirectAccess. In Windows Server 2012, a new feature solves these issues. Specifically, the user can configure IP-HTTPS to work when behind a proxy that is not configured using WPAD and IP-HTTPS will request and provide the proxy credentials
needed to IP-HTTPS request authenticated, and relay it to the DirectAccess server.Hello,
As far as I know it's a feature of Windows 2012 URA with a Windows 8 client.
Unfortunatelly you will have trouble with proxy authentication with Windows 7 client I think
Regards,
Follow me on Twitter http://www.twitter.com/liontux | My Blog (French/English) :
http://security.sakuranohana.fr/ -
Hi ... How does the clients (iOS devices) to configure/use the caching server to download apps from local caching server instead of App store?
Hi,
If you want to restore a reomoved app,you need to use
Add-AppxPackage to add a signed app package (.appx) to a user account.
But we cannot extract them from the ISO.
The behavior is by design.And this is a software protection regime.
Thanks for your understanding.
Regards,
Kelvin Xu
TechNet Community Support -
Vpn site to site isa 570 to asa 5505 multiple local lan
Hello, i have configured a site to site vpn with a asa 5505
In the tunnel will pass the network 172.x.x.x/16 and 192.168.x.x/24 from local isa to a single lan 192.168.x.x/24 on remote asa
I have create a group network address and i put the the default_lan and the other lan in it
In the tunnell configuration i have use this group address with local lan parameter
When the tunnel was up in the routing table i view the remote lan on interface ipsec0 but also i view the local lan on interface ipsec0
Is this configuration n ot supported?
Thank best regardsHello, thank for answer.
The problem is that tha second lan is a routing static lan.
The ip address of ISA is 172.16.10.254/16 and the default_lan is 172.16.0.0/16
The second lan is 202.1.1.0/24 and it is a staic lan on another gateway.
When the site-to-site ipsec go up in routing table i see three route on interface ipsec0:
The remote lan, the default-lan (that is also on default interface. Behaviour?) and a subnet lan 172.16.10.0/24.
If i ping from a lan pc an ip of subnet 172.16.10.0/24, i see that the arp is equal at mac-address of ISA and i have a problem on the lan. It's normal?
Best regards -
DirectAccess client enables IPHTTPS interface when inside corporate network at remote sites
We have 4 offices connected via an MPLS network. I've installed the DA server in the main office. We're using a PKI for NLS and IPsec certs and a self-signed cert for IPHTTPS. For the most part everything works great. When a DA client is in the main office
all DA settings are disabled and the client acts as it should. When on the internet the IPHTTPs tunnel is established and remote access works.
My problem is when the same DA client connects at one of the remote offices. When at a remote office the IPHTTPS interface is active. The NRPT is not. No tunnel is actually established but I find Event 4012, NCSI event logs showing that the Inside/Outside probe
failed. This in and of itself would not be a big deal as the tunnel is never established however it does seem to cause Outlook to prompt for a password. I know this has something to do with our OWA site being resolvable inside the network, but I'm at a loss
as to why this only happens with the IPHTTPS interface is active with no tunnel established.
The NLS site appears to be working from the remote offices. I can ping NLS via DNS name and can open the https NLS website in a browser.
Anyone have any ideas as to why this would be happening?Event Logs:
Log Name: Microsoft-Windows-NCSI/Operational
Source: Microsoft-Windows-NCSI
Date: 4/22/2013 8:26:58 AM
Event ID: 4012
Task Category: Check Corporate Inside/outside Location
Level: Warning
Keywords: (17179869184)
User: NETWORK SERVICE
Computer: N30504-EDUENSIN.miac.local
Description:
Inside/Outside probe failed for interface 0x8300000F000000.
Error: A connection with the server could not be established (12029)
Host: directaccess-nls.miac.local//insideoutside
Next retry: 128 second(s).
Log Name: Microsoft-Windows-NCSI/Operational
Source: Microsoft-Windows-NCSI
Date: 4/22/2013 8:26:58 AM
Event ID: 4010
Task Category: Check Corporate Inside/outside Location
Level: Information
Keywords: Response Time,(35184372088832)
User: NETWORK SERVICE
Computer: N30504-EDUENSIN.miac.local
Description:
Inside/Outside detection finished for interface 0x8300000F000000 (OUTSIDE).
netsh dns show state
Name Resolution Policy Table Options
Query Failure Behavior : Always fall back to LLMNR and NetBIOS
if the name does not exist
in DNS or
if the DNS servers are
unreachable
when on a private network
Query Resolution Behavior : Resolve only IPv6 addresses for names
Network Location Behavior : Let Network ID determine when Direct
Access settings are to
be used
Machine Location : Inside corporate network
Direct Access Settings : Configured and Disabled
DNSSEC Settings : Not Configured
netsh namespace show effectivepolicy
DNS Effective Name Resolution Policy Table Settings
Note: DirectAccess settings would be turned off when computer is inside corporat
e network
netsh interface httpstunnel show interfaces
Interface IPHTTPSInterface (Group Policy) Parameters
Role : client
URL :
https://***********:443/IPHTTPS
Last Error Code : 0x0
Interface Status : IPHTTPS interface active -
RMI - NAT - Client within the LAN and outside the LAN
I'm having an RMI server in a machine within a LAN with the private IP 10.XX.XX.XX and a NAT with the public IP 196.XX.XX.XX.
I am using the property: java.rmi.server.hostname to 196.XX.XX.XX. The server is behind a NAT machine.
Everything works fine when the client is outside the LAN, but when the client is within the LAN it fails to lookup the server (of course it would work fine if I ommit the java.rmi.server.hostname property or set it to the server IP, but then I cannot work with a client outside the LAN).
To conclude, my question is how I can work with both clients simultaneously (one within the LAN and one outside the LAN)?Most firewalls block access from inside the network to the external IP address (10.x.x.x to 196.x.x.x) as this approach could also be used by an attacker masquerading as a local network computer.
You're going to need to make sure that all your Internal computers do not go via your firewall to get to the server.
You can either add a route to the server on the Internal client machines overriding the default routing table or you can use your public domain name instead of the IP address. Then change your internal DNS configuration (if you use one) to point internal users to the local IP address instead. -
firefox 7.0 - Can not upload the file from local machine to server...gives "error 404 : file not found"
you have not understood my point
how does this code will run on servlet when I want to upload a file from client's
machine to server machine
what I am doing is I am giving an option to the user that he/she can browse the file and then select any file and finally it's action is post in the jsp form for which I have sent the code
All the computers are connected in LAN
So how to upload a file from client's machine to server's machine
Plz give me a solution -
Managing DirectAccess clients in IPv4 only networks
We are in the process of implementing DirectAccess with Server 2012 R2. So far, it looks very promising. Clients can communicate from our management servers exactly as desired. However, we would like to provide a way for our Help Desk to connect to those
machines (for instance, to be able to initiate remote control).
ISATAP is technically no longer supported, as well as it seems there are some risks/challenges associated with it anyways. I was wondering if anyone has come up with any good solutions for this. Since it would just be for a few, I was thinking about also
configuring the server to allow inbound VPN for IPv6 only and just have our Help Desk users initiate a VPN connect to the server the few times this functionality would be necessary. Has anyone done anything like that? I haven't set up VPN in Windows Server
in at least 8 years, so any advice would be helpful. If you have any other suggestions, I'd also be happy to accept that.
Thanks!Start from Server 2008R2 the VPN become totally different from 2003, such as if you have Win7&Win8 client you need deploy the CA and more you'd better to learn some DA related deploy article first:
[Tutorial] Configuring Direct Access on Server 2012 R2
http://jackstromberg.com/2013/12/tutorial-configuring-direct-access-on-server-2012-r2/
Prerequisites for Deploying DirectAccess
http://technet.microsoft.com/en-us/library/dn464273.aspx
DirectAccess Deployment Guide
http://social.technet.microsoft.com/Forums/en-US/e34ba9c5-fdca-4634-90dc-594f00e2ec73/managing-directaccess-clients-in-ipv4-only-networks?forum=winser -
System Center Endpoint Protection updates not applying to DirectAccess clients
Hi
I have W2008R2 SP2 with SCCM2012R2 CU3 server.
We started testing DirectAccess. All other updates (Windows, Skype, Adobe) are applying except SCEP.
Initiating policies from laptop did not helped.
DirectAccess subnet is in boundary list.
Computer account is in correct collection. SCEP only updates when laptop is on LAN.
Where to look to resolve this problem?Yes, the boundaries that you put in SCCM which specify your DirectAccess client computers must be the IP addresses they are using, which are the IPv6 addresses given to them via their DA transition technologies (6to4, Teredo, IP-HTTPS). Depending on how
you setup DirectAccess, you may only have some of these available for the clients to utilize. If your DA server is sitting behind a NAT, or if you used the "Getting Started Wizard" to setup DA, then only IP-HTTPS is available to your DA clients and
that is how they are all connecting. In that case you should only need to add the IP-HTTPS IPv6 prefix.
You can use this info to calculate the prefixes, or you can check in the SCCM agent on the client machine, I believe in the section where it shows you the heartbeat it will also show you the current prefix that your client is utilizing:
First Public IPv4=WW.XX.YY.ZZ (address on the DA server)
2001:0:WWXX:YYZZ::/64 (Teredo)
2002:WWXX:YYZZ:8100::/56 (IP-HTTPS)
2002:WWXX:YYZZ:8000::/49 (organizational prefix)
2002:WWXX:YYZZ:8000::/64 (ISATAP)
2002:WWXX:YYZZ:8001::/96 (NAT64/DNS64)
Maybe you are looking for
-
Is cover flow in iTunes supposed to have a list of every song you have?
When I go to the cover flow feature in iTunes and I go to an album, it has a list of every single song I have on iTunes underneath of it. I would expect it to just have a list of the songs in that album, but I am new with iTunes so I wasn't sure. Is
-
Key Lenght too short error with dbms_crypto.encrypt
Hi Friends, I am getting above mentioned error with dbms_crypto.encrypt. I had created a thread in technology --> security forum but i am not getting any help from there. ORA-28234 Key Length too short with dbms_crypto.encrypt Appreciate if anyone he
-
INS0029 error when installing OWB Design Repo
Hi, I tried to install design repository(OWB 10g) on database 10.1.0, I created separate tablespaces for a new user, at 11% of installation proccess I get INS0029 error, repoassist log gives the following listing: oracle.wh.util.DebugUtility: [getOCI
-
Hi all, I have the below the requirement. Whenever RFQ is created (manually, referring PR thru ME57, or referring contract) some text need to be populated in 'Header text' of RFQ Header. How to achieve the requirement? Are there any user exit which c
-
Issue getting Facebook notifications
I just got the new BlackBerry Q10 and am not getting any push notications from Facebook on the HUB. I have updated the BlackBerry OS to 10.2.1.2112. I uninstalled and reinstalled the newest version of Facebook and when installed, set the notification