TMG ISP Redundancy and DNS

Hello,
I have installed TMG with 3 NICs such as ISP1, ISP2 and Internal
I configured the ISP1 and ISP2 interfaces with IP addresses and default gateways and
configured internal NIC with IP address, but Default Gateway.
I installed DNS service on TMG and configured the forwarders pointing to ISP DNS servers.
Finally Internal NIC DNS configuration
Primary : 127.0.0.1
Alternative: Internal AD DNS servers
Configured persistent routes
=============================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
10.0.0.0 255.0.0.0 10.1.2.1 1
( Internal LAN)
1.1.1.1 255.255.255.255 192.168.5.1 2 ( ISP1 DNS Server)
2.2.2.2 255.255.255.255 192.168.4.2 3 ( ISP2 DNS
Server)
0.0.0.0 0.0.0.0 192.168.4.2 Default
0.0.0.0 0.0.0.0 192.168.5.1 Default
Now I am trying to join the TMG server to domain but failed. Error saying that cannot resolve domain name
I would highly appreciate any help.
Thanks

So far now everything is working.
Just a summary
- Installed the DNS service on TMG.
- Configured the forwarders pointing to ISP 1 & 2 DNS servers.
- Configured the conditional forwarder to forward DNS request to internal DNS server for AD authentication.
- Internai NIC DNS
Primary : 127.0.0.1 ( local host TMG )
Alternative: Internal DNS servers.

Similar Messages

ISP redundancy and reverse proxy

Greetings, community!
We have two EDGE TMG servers and two INTERNAL TMG servers.
We have two providers with two dedicated external IP addresses each.
I configure ISP Redundancy for each EDGE TMG servers with parameters:
Each EDGE TMG server has two External NIC and one Internal NIC.
EDGE 1: Provider1_IP1 and Provider2_IP1
EDGE 2: Provider1_IP2 and Provider2_IP2
ISP Connections:
Provider1 and Provider2
So, the trouble:
We have some published Web-Services, like OWA, ActiveSync, TerminalGatewayServers and others.
Also we made 4 external DNS records for each Web-Service.
For example:
mail.domain.com Provider1_IP1
mail.domain.com Provider1_IP2
mail.domain.com Provider2_IP1
mail.domain.com Provider2_IP2
If we try to connect from external to any published Web-Services, we have big delay (~ 30 sec), and then it connected.
After some tests we find that ONLY ONE EDGE TMG server is used for reverce proxy. IP Addresses from EDGE 1 is unavailable from external access. But it still works as Web-Proxy from Internal connections. Reverse-Proxy works only for EDGE 2 IP Addresses.
If we shutdown EDGE 2 TMG server, then Reverse-Proxy for EDGE 1 IP addresses are works correctly.
Why all 4 my external IP addresses are not works for reverse-proxy? Only 2 from one of my EDGE servers.

So, I still try to solve my problem...
When I try to connect from External to one of my EDGE1 IP addresses, I got these logs:
LOGS on DMZ server (EDGE1):
Failed Connection Attempt DMZ-TMG-01 21.07.2014 11:27:40
Log type: Firewall service
Status: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Rule: Publish TMGBE HTTP
Source: External (77.73.111.194:3427)
Destination: Internal (172.16.0.100:80)
Protocol: HTTP Server
Additional information
Number of bytes sent: 0 Number of bytes received: 0
Processing time: 21000ms Original Client IP: 77.73.111.194
LOGS on INTERNAL server:
Initiated Connection BLK-TMG-02 21.07.2014 11:27:20
Log type: Firewall service
Status: The operation completed successfully.
Source: External (77.73.111.194:3427)
Destination: Local Host (172.16.0.100:80)
Protocol: HTTP
Additional information
Number of bytes sent: 0 Number of bytes received: 0
Processing time: 0ms Original Client IP: 77.73.111.194
Closed Connection BLK-TMG-02 21.07.2014 11:27:40
Log type: Firewall service
Status: A connection was abortively closed after one of the peers sent an RST packet.
Source: External (77.73.111.194:3427)
Destination: Local Host (172.16.0.100:80)
Protocol: HTTP
Additional information
Number of bytes sent: 304 Number of bytes received: 192
Processing time: 20281ms Original Client IP: 77.73.111.194
When I try to connect my EDGE2 server external IP addresses, then:
LOGS on DMZ server (EDGE2):
Initiated Connection DMZ-TMG-02 21.07.2014 11:57:17
Log type: Firewall service
Status: The operation completed successfully.
Rule: Publish TMGBE HTTP
Source: External (77.73.111.194:3429)
Destination: Internal (172.16.0.100:80)
Protocol: HTTP Server
Additional information
Number of bytes sent: 0 Number of bytes received: 0
Processing time: 0ms Original Client IP: 77.73.111.194
Closed Connection DMZ-TMG-02 21.07.2014 11:57:17
Log type: Firewall service
Status: A connection was gracefully closed in an orderly shutdown process with a three-way FIN-initiated handshake.
Rule: Publish TMGBE HTTP
Source: External (77.73.111.194:3429)
Destination: Internal (172.16.0.100:80)
Protocol: HTTP Server
Additional information
Number of bytes sent: 534 Number of bytes received: 146
Processing time: 203ms Original Client IP: 77.73.111.194
Then traffic was redirected to HTTPS:
Initiated Connection DMZ-TMG-02 21.07.2014 11:57:17
Log type: Firewall service
Status: The operation completed successfully.
Rule: Publish TMGBE HTTPS
Source: External (77.73.111.194:3430)
Destination: Internal (172.16.0.100:443)
Protocol: HTTPS Server
Additional information
Number of bytes sent: 0 Number of bytes received: 0
Processing time: 0ms Original Client IP: 77.73.111.194
LOGS on INTERNAL server:
Failed Connection Attempt BLK-TMG-02 21.07.2014 11:57:17
Log type: Web Proxy (Reverse)
Status: 12311 The page must be viewed over a secure channel (Secure Sockets Layer (SSL)). Contact the server administrator.
Rule: Publish OWA
Source: External (77.73.111.194:3429)
Destination: Local Host (172.16.0.100:80)
Request: GET http://mail.domain.com/
Filter information: Req ID: 0a314138; Compression: client=Yes, server=No, compress rate=0% decompress rate=0%
Protocol: http
User: anonymous
Additional information
Client agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET4.0C; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Object source: (No source information is available.)
Cache info: 0x0
Processing time: 1 MIME type:
It's OK, because IIS require SSL. Then:
Initiated Connection BLK-TMG-02 21.07.2014 11:57:18
Log type: Firewall service
Status: The operation completed successfully.
Source: External (77.73.111.194:3429)
Destination: Local Host (172.16.0.100:80)
Protocol: HTTP
Additional information
Number of bytes sent: 0 Number of bytes received: 0
Processing time: 0ms Original Client IP: 77.73.111.194
Closed Connection BLK-TMG-02 21.07.2014 11:57:18
Log type: Firewall service
Status: A connection was gracefully closed in an orderly shutdown process with a three-way FIN-initiated handshake.
Source: External (77.73.111.194:3429)
Destination: Local Host (172.16.0.100:80)
Protocol: HTTP
Additional information
Number of bytes sent: 786 Number of bytes received: 318
Processing time: 15ms Original Client IP: 77.73.111.194
And HTTPS:
Allowed Connection BLK-TMG-02 21.07.2014 11:57:17
Log type: Web Proxy (Reverse)
Status: 302 Moved Temporarily
Rule: Publish OWA
Source: External (77.73.111.194:3430)
Destination: Local Host (10.1.200.129:443)
Request: GET http://mail.domain.com/
Filter information: Req ID: 0a31413a; Compression: client=Yes, server=No, compress rate=0% decompress rate=0%
Protocol: https
User: anonymous
Additional information
Client agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET4.0C; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Object source: Internet (Source is the Internet. Object was added to the cache.)
Cache info: 0x40000000 (Response should not be cached.)
Processing time: 1 MIME type: text/html; charset=UTF-8
I can't understand the difference between there servers. If I shutdown EDGE2, the Publishing will work fine through EDGE1.

ForeFront TMG ISP Redundancy - Lost of internet connectivity

I set up ISP redundancy on Forefront TMG that has my exchange 2010 server published through it. If both external NICs are enabled, I lose internet connectivity. If either NICs are enabled, and the other disabled, I get internet connectivity. Any ideas?

Hi,
Based on my knowledge, it may be caused by path mismatch.
Simply to say, dns request goes in through the ISP1 and dns reply goes out through ISP2.
However, we still need you to verify this, you can capture the packets on remote users to see if the destination IP in dns request and the source IP in dns reply are the same.
Please also check the TMG live logging to see if there is any error information.
Best Regards
Quan Gu

TMG load balance and publishing issues

Dear Experts,
I have some questions about publishing multiple services with TMG's ISP redundacny with load balancing:
We are using a single TMG 2010 server to protect our network and providing Internet connection to them. We manage our own domain providing the name service with the DNS server component installed on the TMG box and published it outside. We are using Exchange
for mail service, as well we publish web sites too and terminal services via RDP. There wasn't any problem till today, when we got an other, separate Internet connection via a new different ISP. When I set ISP Redundancy to Load Balance I faced to a problem.
The Internet connection works fine, but the partner SMTP's drop our letters, because they can not complete the reverse DNS check.
How can I set the TMG and/or the DNS to provide a correct mail publishing service? How should I set our DNS to provide access to our web sites and other services when one of the Internet connections brake down?
Thank you in advance!
Thomas

Dear Quan,
Yes, this is the problem.
Would you tell me, how should I configure my DNS for working properly if I publish my services to all my IPs/Internet connections? Do I have to double all my A and MX records?
Is it possible to publish services on all IPs/Internet connections or should I publish on only one an use NLB only for to provide Internet connection to our computers?
What is the good solution to make a fail-safe internet-gateway which publishes multiple services fail-safe too?
Thank you
Thomas

ISP Redundancy no work

Hello, I have TMG Array(NLB) with 4 servers, I try configure ISP Redundancy(load balancing): add second network adapter for my vitrual servers, configure using article
http://www.isaserver.org/tutorials/Exploring-ISP-Redundancy-Forefront-Threat-Management-Gateway-TMG-2010.html but my balance is not an array or a general or throwing packets at random. Perhaps the problem in the routing table Windows 2008 R2. On all
servers in the table are two routes
0.0.0.0 0.0.0.0 IP_ISP1 metric 2
0.0.0.0 0.0.0.0 IP_ISP2 metric 3
Help please, why does not work balancing?

Hi,
Thank you for the update.
“Your answer only applies to published applications? I have not balanced outbound.” - ISP Redundancy is used to balance outbound traffic between two links. NLB is used to load balance inbound traffic across the TMG array. And
for configure ISP-R, you may read the following articles:
http://blogs.technet.com/b/isablog/archive/2009/02/16/keeping-high-availability-with-forefront-tmg-s-isp-redundancy-feature.aspx
http://blogs.technet.com/b/isablog/archive/2009/10/14/the-isp-redundancy-feature-of-forefront-tmg.aspx
Regards,
Nick Gu - MSFT

OD, LDAP and DNS

I am new to LDAP and I believe I have everything setup correctly on the server (everything under Open Directory in SA says "Running", logs don't show any errors). However, I can not access the LDAP server from a client machine using Directory Access. I suspect that client machines still can not "see" my LDAP server.
I believe the issue may be with DNS and I am trying to understand the interaction between DNS and OD, etc. First off, I do not have DNS turned on for my Mac OS X Server since my ISP has always hosted our DNS. Is this a problem? Do I need DNS activated on the same server that I am running this LDAP server? I have tried entering the IP and DNS name on the client server using Directory Access and neither worked.

The requirement is that references using your server's Fully Qualified Domain Name look up to its IP Address and its IP Address looks up to its Fully Qualified Domain Name. If your ISP does that for you, and does it correctly, Merry Christmas!
All others must set up their own tiny DNS service to do the lookups. If you are behind an NAT firewall, you can Make Up whatever names you like and look them up locally, because they are invisible from the Internet.
Remember that each workstation must have the address of the DNS available to it. It needs to be configured in the TCP/IP setup or dispensed via DHCP. If you use your own DNS (highly recommended) you must also dispense or configure the next upstream DNS (your ISP's DNS Address).
"An Open Directory master requires properly configured DNS so it can provide single sign-on Kerberos authentication.
Make sure DNS service is configured to resolve fully qualified DNS names and provide corresponding reverse lookups.
DNS must resolve the fully qualified DNS name and provide reverse lookups for the Open Directory master server, all replica servers, and other servers that are members of the Kerberos realm.
You can use the Lookup pane of Network Utility (in /Applications/Utilities/) to do a DNS lookup of a server's DNS name and a reverse lookup of the server's IP address.
For instructions on setting up DNS service, browse Network Services Overview."
-- from Server Admin 10.4 Help: Kerberos is Stopped on an Open Directory Master or Replica
Message was edited by: Grant Bennet-Alder

Just moved to ISP PLUSNET and now loading web pages is dead slow

Just moved to ISP PLUSNET and now loading web pages is dead slow.
Like loading google will sometimes take 30 seconds to 1 minute but it used to load in a fraction of a second on my previous ISP.
Sometimes a new URL will take over a minute so I hit Stop Loading This Page and then try again and sometimes it might load instantly, or if not, it might continue to just drag on again.
It's so frustrating it's like being back on dial-up connection - but worse.
It feels like PLUSNET have put something on my Mac to slow it down.
PLUSNET has a restriction on how much I can use per month, which my previous ISP did not have, but according to PLUSNET's usage checker I am nowhere near the max, ie, I am allowed 10GB per month but the checker is showing I have used less than 100 MB so far this month.
I wonder if the PLUSNET usage checker is slowing down my usage coz it's really noticeable that it has only started to run slow since I moved to PLUSNET.
When I run a broadband speed check it always shows the feed coming in at around 5500 kbps or so which should be OK.
PLUSNET told me to go through their test page and I got to the part where it says install a Virus checker and an Adware checker but I'm not sure which ones to use coz I heard some of those checkers are themselves plants that infect you with a virus or keystroke logger.
Also I have Block Pop UP Windows running on Safari but yesterday a window popped up so that blocker seems to have been compromised somehow.
I have 17GB available on my HD of a total of 38GB.
Can anyone help me with this problem please?

(First, if yours is an Intel Mac, check that Safari is not running in Rosetta, which is enough to slow it to a crawl. If you are running Snow Leopard, run Safari in 32 bit not 64 bit.)
Adding DNS codes to your Network Settings, should gives good results in terms of speed-up:
Open System Preferences/Network. Double click on your connection type, or select it in the drop-down menu. Click on TCP/IP and in the box marked 'DNS Servers' enter the following two numbers:
208.67.222.222
208.67.220.220
(An explanation of why that is both safe and a good idea can be read here: http://www.labnol.org/internet/tools/opendsn-what-is-opendns-why-required-2/2587 /
Open DNS also provides an anti-phishing feature: http://www.opendns.com/solutions/homenetwork/anti-phishing/ )
Wikipedia also has an interesting article about Open DNS:
http://en.wikipedia.org/wiki/OpenDNS
Whilst in System Preferences/Network you should also turn off 'IPv6' in your preference pane, as otherwise you may not get the full speed benefit (the DNS resolver will default to making SRV queries). If you want to know what IPv6 is:
This is Apple's guidance on iPv6:
http://docs.info.apple.com/article.html?path=Mac/10.5/en/8708.html
Click on Apply Now and close the window.
Restart Safari, and repair permissions.
If that didn't do it, then try this as well:
Empty Safari's cache (from the Safari menu), then close Safari.
Go to Home/Library/Safari and delete the following files:
form values
download.plist
Then go to Home/Library/Preferences and delete
com.apple.Safari.plist
Repair permissions (in Disk Utility).
Start up Safari again, and things should have improved.
More useful information here:
http://guides.macrumors.com/SpeedupSafari
Less likely, but possible, is that the slowness is caused by a Trojan such as the one called 'DNSChanger' or 'OSZ.RSPlug', which can alter the DNS settings of your network connection. This particular Trojan can be inadvertently installed if you have come across certain Quicktime movies where got a window stating that you have to download and install a particular codec in order to see the video.
If you have agreed to that installation, your system can be infected and your DNS settings altered, which results in your system using the wrong DNS servers, which can slow web surfing to a crawl.
This can be fixed by downloading and running a freeware utility called DNSChanger Removal Tool which you can download from here:
http://www.versiontracker.com/dyn/moreinfo/macosx/33696
Once you have run that utility you have to re-boot your Mac, then reset Safari, and re-enter your DNS settings in System Preferences/Network.

Network and DNS Setup Issues

I am setting up an Xserv with Snow Leopard at my school, and I'm running into DNS issues.
I followed the excellent guide at http://labs.hoffmanlabs.com/node/1436 and believe I've set DNS up correctly, but I fail the changeip -checkhostname test (I've replaced my domain and server names):
mserver:~ admin$ sudo changeip -checkhostname
Primary address     = 10.10.10.2
Current HostName    = myserver.mydomain.ns.ca
DNS HostName        = myserver
To fix the hostname please run /usr/sbin/changeip for your system with the
appropriate directory with the following values
   /usr/sbin/changeip 10.10.10.2 10.10.10.2 myserver.mydomain.ns.ca myserver
dirserv:success = "success"
I tried running the command as given, ("sudo /usr/sbin/changeip 10.10.10.2 10.10.10.2 myserver.mydomain.ns.ca myserver") but that didn't solve it. I'm not sure if that's the correct thing to do, or why that didn't work.
I have come to suspect that my issue is with network settings, and would appreciate advice on what I'm trying to do. The server (our only one) will be an OD master, a file server and a web server. It is inside our router, with an externally-reachable IP address and an internal one (the latter is 10.10.10.2). I have configured it with the two IPs on one port to avoid the issue with SL wanting two serial numbers. My System Preference > Network settings are as follows:
Ethernet 1b (highest service order):
IP Address: 10.10.10.2
Subnet mask: 255.255.255.0
Router: 10.10.10.1
DNS Server: 127.0.0.1
Search Domains: mydomain.ns.ca
Ethernet 1 (second highest service order):
IP Address: <my external IP>
Subnet mask: 255.255.255.248
Router: <my ISP's router>
DNS Server: 127.0.0.1
Search Domains: mydomain.ns.ca
Ethernet 2:
Not Connected
Although I'm unsure what it means (I'm more a teacher than a techie!), Server Admin > Settings > Network shows:
Computer Name: myserver
Local Hostname: myserver
Network Interfaces:
en0; IPv4; 10.10.10.2; myserver.mydomain.ns.ca
Ethernet 1 (en0); IPv4; <my external IP>; myserver.local
The second of the interfaces above is bold.
The big issue I'm seeing on my network (possibly as a result of this, but everything I've seen says fix DNS first) is that network users can't log in although they have homes and can connect to the homes once logged in as local users.
Many thanks in advance for your help--the school year is closing in quickly!
Regards,
Alex

Thanks. I disabled the external IP & rebooted. Server Admin now has only the one IP. But I still get the same result:
myserver:~ admin$ dscacheutil -flushcache
myserver:~ admin$ sudo changeip -checkhostname
Password:
Primary address     = 10.10.10.2
Current HostName    = myserver.mydomain.ns.ca
DNS HostName        = myserver
To fix the hostname please run /usr/sbin/changeip for your system with the
appropriate directory with the following values
   /usr/sbin/changeip 10.10.10.2 10.10.10.2 myserver.mydomain.ns.ca myserver
dirserv:success = "success"
myserver:~ admin$
I ran dig on a client:
Last login: Mon Sep 5 11:40:13 on console
Lab-iMac-64:~ admin$ dig myserver.mydomain.ns.ca
; <<>> DiG 9.6.0-APPLE-P2 <<>> myserver.mydomain.ns.ca
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 45308
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;myserver.mydomain.ns.ca.        IN    A
;; AUTHORITY SECTION:
mydomain.ns.ca.        10800    IN    SOA    myserver.mydomain.ns.ca. dns.mydomain.ns.ca.mydomain.ns.ca. 2011090201 86400 3600 604800 345600
;; Query time: 1 msec
;; SERVER: 10.10.10.2#53(10.10.10.2)
;; WHEN: Mon Sep 5 11:40:42 2011
;; MSG SIZE rcvd: 94
Lab-iMac-64:~ admin$ dig -x 10.10.10.2
; <<>> DiG 9.6.0-APPLE-P2 <<>> -x 10.10.10.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7073
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;2.10.10.10.in-addr.arpa.    IN    PTR
;; ANSWER SECTION:
2.10.10.10.in-addr.arpa. 10800    IN    PTR    myserver.
;; AUTHORITY SECTION:
10.10.10.in-addr.arpa.    10800    IN    NS    myserver.mydomain.ns.ca.
;; Query time: 3 msec
;; SERVER: 10.10.10.2#53(10.10.10.2)
;; WHEN: Mon Sep 5 11:41:04 2011
;; MSG SIZE rcvd: 99
What to try next?
~Alex
PS- ...and I'm still not able to log in as a network user, but still can access network accounts using connect to server. Here's what my password log looks like when I try to log in (hash and username edited):
Sep 5 2011 11:34:11    RSAVALIDATE: success.
Sep 5 2011 11:34:11    AUTH2: {0x4e4d1b4e67..., alex} DHX authentication succeeded.
Sep 5 2011 11:34:11    KERBEROS-LOGIN-CHECK: user {0x4e4d1b4e67..., alex} is in good standing.
Sep 5 2011 11:34:11    KERBEROS-LOGIN-CHECK: user {0x4e4d1b4e67..., alex} authentication succeeded.
Sep 5 2011 11:34:11    GETPOLICY: user {0x4e4d1b4e67..., alex}.
Sep 5 2011 11:34:11    GETPOLICY: user {0x4e4d1b4e67..., alex}.

Replacing BM on NW with the ISP firewall and NAT

Replacing BM on NW with the ISP firewall and NAT
Hi!
LAN is a tree with 3 servers:
1. NW 6.5 sp8 + BorderManager 3.9 sp 2
2. NOWS SBE 2.5 (Suse) - DNS\DHCP
3. NOWS SBE 2.0 (Suse)
Since I'm connected to the internet through my ISP router (XBOX- Checkpoint), I am considering to remove the first server (firewall) and ask my ISP ro configure the router as a firewall and NAT too.
What are the steps needed to do it without any demages?
TIA
Nanu

nanu,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://forums.novell.com/

I am trying to setup Microsoft office mail and need assistance - I am receiving the error, unable to find server and DNS setting in the Network

I am trying to setup Microsoft office mail and need assistance - I am receiving the error, unable to find server and DNS setting in the Network

Which version of OSX and what email provider are you using.

Unable to access gateway and DNS via VPN (L2TP) with Snow Leopard Server

Summary:
After rebooting my VPN server, i am able to establish a VPN (L2TP) connection from outside my private network. I am able to connect (ping, SSH, …) the gateway only until the first client disconnects. Then i can perfectly access all the other computers of the private network, but i cannot access the private IP address of the gateway.
Additionally, during my first VPN connection, my DNS server, which is on the same server, is not working properly with VPN. I can access it with the public IP address of my gateway. I can access it from inside my private network. A port scan indicates me that the port 53 is open, but a dig returns me a timeout.
Configuration:
Cluster of 19 Xserve3.1 - Snow Leopard Server 10.6.2
Private network 192.168.1.0/255.255.255.0 -> domain name: cluster
-> 1 controller, which act as a gateway for the cluster private network, with the following services activated:
DHCP, DNS, firewall (allowing all incoming traffic for each groups for test purposes), NAT, VPN, OpenDirectory, web, software update, AFP, NFS and Xgrid controller.
en0: fixed public IP address -> controller.example.com
en1: 192.168.1.254 -> controller.cluster
-> 18 agents with AFP and Xgrid agent activated:
en1: 192.168.1.x -> nodex.cluster with x between 1 and 18
VPN (L2TP) server distributes IP addresses between 192.168.1.201 and 192.168.1.210 (-> vpn1.cluster to vpn10.cluster). Client informations contain the private network DNS server informations (192.168.1.254, search domain: cluster).
_*Detailed problem description:*_
After rebooting the Xserve, my VPN server works fine except for the DNS. My client receives the correct informations:
Configure IPv4: Using PPP
IPv4 address: 192.168.1.201
Subnet Mask:
Router: 192.168.1.254
DNS: 192.168.1.254
Search domain: cluster
From my VPN client, i can ping all the Xserve of my cluster (192.168.1.1 to 18 and 192.168.1.254). If i have a look in Server Admin > Settings > Network, i have three interfaces listed: en0, en1 and ppp0 of family IPv4 with address 192.168.1.254 and DNS name controller.cluster.
The DNS server returns me timeouts when i try to do a dig from my VPN client even if i am able to access it directly from a computer inside or outside my private network.
After i disconnect, i can see in Server Admin that the IP address of my ppp0 interface has switch to my public IP address.
Then i can always establish a VPN (L2TP) connection, but the client receives the following informations:
Configure IPv4: Using PPP
IPv4 address: 192.168.1.202
Subnet Mask:
Router: (Public IP address of my VPN server)
DNS: 192.168.1.254
Search domain: cluster
From my VPN client, i can access all the other computers of my network (192.168.1.1 to 192.168.1.18) but when i ping my gateway (192.168.1.254), it returns me timeouts.
I have two "lazy" solutions to this problem: 1) Configure VPN and DNS servers on two differents Xserve, 2) Put the public IP address of my gateway as DNS server address, but none of these solutions are acceptable for me…
Any help is welcome!!!

I would suggest taking a look at:
server admin:vpn:settings:client information:network route definitions.
as I understand your setup it should be something like
192.168.1.0 255.255.255.0 private.
at least as a start. I just got done troubleshooting a similar issue but via two subnets:
http://discussions.apple.com/thread.jspa?threadID=2292827&tstart=0

Deleted failed DC from the domain (Server 2012 R2) - Now after doing metadata and DNS cleanup, I can no longer promote a new DC to the domain

I work for a university and teach IT courses to undergrad and graduate students. The details below are pertaining an isolated lab environment
I had a storage failure in my lab and the DCs became corrupt. This is a university lab environment so there isn't anything crucial on here. I just would rather avoid rebuilding the domain/forest and would rather use this as a learning experience with my
students...
So after the storage failed and was restored, the VMs hosted became corrupt. I did a NTDSUTIL to basically repair the NDTS.dit file but one of my DCs reverted to a state before DC promotion. Naturally, the domain still had this object in AD. After numerous
failed attempts at trying to reinstall the DC on the server through the server manager wizard in 2012 R2, I decided that a metadata cleanup of the old failed object was necessary.
Utilizing this article, I removed all references of the failed DC from both AD and DNS (http://www.petri.com/delete_failed_dcs_from_ad.htm)
So now that the failed object is removed completely from the domain and the metadata cleanup was successful, I then proceeded to re-install the necessary AD DS role on the server and re-promote to the existing domain. Pre-Requisites pass but generate some
warning around DNS Delgation, and Dynamic Updates (delegation is ignored because the lab is isolated from external comms, and dynamic updates are in fact enabled on both my _msdcs and root domain zones).
Upon the promotion process, I get the following error message (also worth mentioning - the account performing these operations is a member of DA, EA, and Schema Admins)
The operation failed because:
Active Directory Domain Services could not create the NTDS Settings object for this Active Directory Domain Controller CN=NTDS Settings,CN=domainVMDC1,CN=Servers,CN=Default-
First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=school,DC=edu on the remote AD DC domainVMDC2. Ensure the provided network credentials have sufficient permissions.
"While processing a change to the DNS Host Name for an object, the Service Principal Name values could not be kept in sync."
As you can see, this error seems odd considering. Now that I'm down to a single DC and DNS server, the sync should be corrected. I've run a repadmin /syncall and it completed successfully. Since then, I've run dcdiags and dumped those to a text as well and
here are my results...
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = domainVMDC2
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\domainVMDC2
Starting test: Connectivity
......................... domainVMDC2 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\domainVMDC2
Starting test: Advertising
......................... domainVMDC2 passed test Advertising
Starting test: FrsEvent
......................... domainVMDC2 passed test FrsEvent
Starting test: DFSREvent
......................... domainVMDC2 passed test DFSREvent
Starting test: SysVolCheck
......................... domainVMDC2 passed test SysVolCheck
Starting test: KccEvent
......................... domainVMDC2 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... domainVMDC2 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... domainVMDC2 passed test MachineAccount
Starting test: NCSecDesc
......................... domainVMDC2 passed test NCSecDesc
Starting test: NetLogons
......................... domainVMDC2 passed test NetLogons
Starting test: ObjectsReplicated
......................... domainVMDC2 passed test ObjectsReplicated
Starting test: Replications
......................... domainVMDC2 passed test Replications
Starting test: RidManager
......................... domainVMDC2 passed test RidManager
Starting test: Services
......................... domainVMDC2 passed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0x00001795
Time Generated: 12/18/2014 00:35:03
Event String:
The program lsass.exe, with the assigned process ID 476, could not authenticate locally by using the target name ldap/domainvmdc2.domain.school.edu. The target name used is not valid. A target name should
refer to one of the local computer names, for example, the DNS host name.
......................... domainVMDC2 passed test SystemLog
Starting test: VerifyReferences
......................... domainVMDC2 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
For the partition
(DC=ForestDnsZones,DC=domain,DC=school,DC=edu) we encountered
the following error retrieving the cross-ref's
(CN=3098109a-ff99-41d4-8926-0e814ac8efde,CN=Partitions,CN=Configuration,DC=domain,DC=school,DC=edu)
information:
LDAP Error 0x52e (1326).
......................... ForestDnsZones failed test CheckSDRefDom
Starting test: CrossRefValidation
For the partition
(DC=ForestDnsZones,DC=domain,DC=school,DC=edu) we encountered
the following error retrieving the cross-ref's
(CN=3098109a-ff99-41d4-8926-0e814ac8efde,CN=Partitions,CN=Configuration,DC=domain,DC=school,DC=edu)
information:
LDAP Error 0x52e (1326).
......................... ForestDnsZones failed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
For the partition
(DC=DomainDnsZones,DC=domain,DC=school,DC=edu) we encountered
the following error retrieving the cross-ref's
(CN=2f0b8ac0-2630-441a-891f-b5fcb91498a8,CN=Partitions,CN=Configuration,DC=domain,DC=school,DC=edu)
information:
LDAP Error 0x52e (1326).
......................... DomainDnsZones failed test CheckSDRefDom
Starting test: CrossRefValidation
For the partition
(DC=DomainDnsZones,DC=domain,DC=school,DC=edu) we encountered
the following error retrieving the cross-ref's
(CN=2f0b8ac0-2630-441a-891f-b5fcb91498a8,CN=Partitions,CN=Configuration,DC=domain,DC=school,DC=edu)
information:
LDAP Error 0x52e (1326).
......................... DomainDnsZones failed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
For the partition
(CN=Schema,CN=Configuration,DC=domain,DC=school,DC=edu) we
encountered the following error retrieving the cross-ref's
(CN=Enterprise Schema,CN=Partitions,CN=Configuration,DC=domain,DC=school,DC=edu)
information:
LDAP Error 0x52e (1326).
......................... Schema failed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
For the partition
(CN=Configuration,DC=domain,DC=school,DC=edu) we encountered
the following error retrieving the cross-ref's
(CN=Enterprise Configuration,CN=Partitions,CN=Configuration,DC=domain,DC=school,DC=edu)
information:
LDAP Error 0x52e (1326).
......................... Configuration failed test CrossRefValidation
Running partition tests on : domain
Starting test: CheckSDRefDom
......................... domain passed test CheckSDRefDom
Starting test: CrossRefValidation
For the partition (DC=domain,DC=school,DC=edu) we encountered
the following error retrieving the cross-ref's
(CN=domain,CN=Partitions,CN=Configuration,DC=domain,DC=school,DC=edu)
information:
LDAP Error 0x52e (1326).
......................... domain failed test CrossRefValidation
Running enterprise tests on : domain.school.edu
Starting test: LocatorCheck
......................... domain.school.edu passed test
LocatorCheck
Starting test: Intersite
......................... domain.school.edu passed test Intersite
From what I can gather, there is a definite DNS issue but I don't have any stale records to the old DC stored anywhere. I've tried this with a new server as well and get similar errors...
At this rate I'm ready to rebuild the entire forest over again. I'm just reluctant to do so as I want to make this a learning experience for the students.
Any help would be greatly appreciated. Thanks!

As you can see, there seems to be some errors. The one that I did correct was the one around the _msdcs NS record being unable to resolve. For whatever, reason the name wasn't resolving the IP but all other NS tabs and records were. Just that one _msdcs
sub-zone. Furthermore, the mentioning of any connections to root hint servers can be viewed as false positives. There is no external comms to this lab so no communication with outside IPs can be expected. Lastly, they mentioned a connectivity issue yet mention
that I should check the firewall settings. All three profiles are disabled in Windows Firewall (as they have been the entire time). Thank you in advance for your help!
C:\Windows\system32>dcdiag /test:dns /v
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine domainVMDC2, is a Directory Server.
Home Server = domainVMDC2
* Connecting to directory service on server domainVMDC2.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=domain,DC=school,DC=edu,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=school,DC=edu
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=domain,DC=school,DC=edu,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=domainVMDC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=school,DC=edu
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\domainVMDC2
Starting test: Connectivity
* Active Directory LDAP Services Check
The host
3a38b19c-4bb3-4542-acb6-9e5e97cc15c4._msdcs.domain.school.edu
could not be resolved to an IP address. Check the DNS server, DHCP,
server name, etc.
Got error while checking LDAP and RPC connectivity. Please check your
firewall settings.
......................... domainVMDC2 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\domainVMDC2
Test omitted by user request: Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Test omitted by user request: SysVolCheck
Test omitted by user request: KccEvent
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: MachineAccount
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: Replications
Test omitted by user request: RidManager
Test omitted by user request: Services
Test omitted by user request: SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyReplicas
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
See DNS test in enterprise tests section for results
......................... domainVMDC2 passed test DNS
Running partition tests on : ForestDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : DomainDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Schema
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Configuration
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : domain
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running enterprise tests on : domain.school.edu
Starting test: DNS
Test results for domain controllers:
DC: domainVMDC2
Domain: domain.school.edu
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
Error: No LDAP connectivity
The OS
Microsoft Windows Server 2012 R2 Datacenter (Service Pack level: 0.0)
is supported.
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000010] vmxnet3 Ethernet Adapter:
MAC address is 00:50:56:A2:2C:24
IP Address is static
IP address: *.*.100.26
DNS servers:
*.*.100.26 (domainVMDC2) [Valid]
No host records (A or AAAA) were found for this DC
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders are not configured on this DNS server
Root hint Information:
Name: a.root-servers.net. IP: 198.41.0.4 [Invalid (unreachable)]
Name: b.root-servers.net. IP: 192.228.79.201 [Invalid (unreachable)]
Name: c.root-servers.net. IP: 192.33.4.12 [Invalid (unreachable)]
Name: d.root-servers.net. IP: 199.7.91.13 [Invalid (unreachable)]
Name: e.root-servers.net. IP: 192.203.230.10 [Invalid (unreachable)]
Name: f.root-servers.net. IP: 192.5.5.241 [Invalid (unreachable)]
Name: g.root-servers.net. IP: 192.112.36.4 [Invalid (unreachable)]
Name: h.root-servers.net. IP: 128.63.2.53 [Invalid (unreachable)]
Name: i.root-servers.net. IP: 192.36.148.17 [Invalid (unreachable)]
Name: j.root-servers.net. IP: 192.58.128.30 [Invalid (unreachable)]
Name: k.root-servers.net. IP: 193.0.14.129 [Invalid (unreachable)]
Name: l.root-servers.net. IP: 199.7.83.42 [Invalid (unreachable)]
Name: m.root-servers.net. IP: 202.12.27.33 [Invalid (unreachable)]
Error: Both root hints and forwarders are not configured or
broken. Please make sure at least one of them works.
TEST: Delegations (Del)
Delegation information for the zone: domain.school.edu.
Delegated domain name: _msdcs.domain.school.edu.
Error: DNS server: domainvmdc2. IP:<Unavailable>
[Missing glue A record]
[Error details: 9714 (Type: Win32 - Description: DNS name does not exist.)]
TEST: Dynamic update (Dyn)
Test record dcdiag-test-record added successfully in zone domain.school.edu
Warning: Failed to delete the test record dcdiag-test-record in zone domain.school.edu
[Error details: 13 (Type: Win32 - Description: The data is invalid.)]
TEST: Records registration (RReg)
Network Adapter [00000010] vmxnet3 Ethernet Adapter:
Matching CNAME record found at DNS server *.*.100.26:
3a38b19c-4bb3-4542-acb6-9e5e97cc15c4._msdcs.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_ldap._tcp.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_ldap._tcp.a9241004-88ea-422d-a71e-df7b622f0d68.domains._msdcs.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_kerberos._tcp.dc._msdcs.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_ldap._tcp.dc._msdcs.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_kerberos._tcp.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_kerberos._udp.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_kpasswd._tcp.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_ldap._tcp.Default-First-Site-Name._sites.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_kerberos._tcp.Default-First-Site-Name._sites.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_ldap._tcp.gc._msdcs.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_gc._tcp.Default-First-Site-Name._sites.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_ldap._tcp.pdc._msdcs.domain.school.edu
Error: Record registrations cannot be found for all the network
adapters
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 192.112.36.4 (g.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.112.36.4
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 192.203.230.10 (e.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.203.230.10
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 192.228.79.201 (b.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.228.79.201
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 192.33.4.12 (c.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.33.4.12
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 192.36.148.17 (i.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.36.148.17
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 192.5.5.241 (f.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.5.5.241
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 192.58.128.30 (j.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.58.128.30
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 193.0.14.129
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 198.41.0.4 (a.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.41.0.4
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 199.7.83.42 (l.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 199.7.83.42
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 199.7.91.13 (d.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 199.7.91.13
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 202.12.27.33 (m.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 202.12.27.33
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: *.*.100.26 (domainVMDC2)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
Domain: domain.school.edu
domainVMDC2 PASS FAIL FAIL FAIL WARN FAIL n/a
......................... domain.school.edu failed test DNS
Test omitted by user request: LocatorCheck
Test omitted by user request: Intersite

What's the difference between redundancy and recovery window for retention?

Hello all,
I'm still trying to get a grip on this concept for RMAN backup planning.
I recently ran into a situation as follows.
I have the backups set to a redundancy of 1.
I have instance1, which had GRID jobs to run RMAN backups as follows
Incremental database level=0 weekly at Wed at 2:30am
I have daily backups, incremental level=1 each evening
I have archive log backups through the day.
What happened, was that apparently on a Tues some time, the development team deleted data from almost every table in their schema.
The didn't discover this till midday or so on Wednesday.
I went to try to restore...and RMAN couldn't do it. I had found a SCN for early the Tues they did it...but I got the following error:
RMAN> RUN
2> {
3> SET UNTIL SCN 4590383198282;
4> RESTORE DATABASE;
5> RECOVER DATABASE;
6> }
executing command: SET until clause
Starting restore at 28-APR-10
allocated channel: ORA_SBT_TAPE_1
channel ORA_SBT_TAPE_1: SID=639 device type=SBT_TAPE
channel ORA_SBT_TAPE_1: NMO v4.5.0.0
allocated channel: ORA_DISK_1
channel ORA_DISK_1: SID=638 device type=DISK
creating datafile file number=1 name=+DATADG/instance1/datafile/system.284.697137287
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03002: failure of restore command at 04/28/2010 15:53:00
ORA-01180: can not create datafile 1
ORA-01110: data file 1: '+DATADG/instance1/datafile/system.284.697137287'
From what research I did...it appears that since I did not have a level=0 incremental from before, it could not reset the database back in time. The previous one had been deleted since, I guess I had a redundancy of 1.
So, I thought I had a week backup they way I have it set..but that assumes that errors are found pretty quickly before the next level=0 backup.
I want at least 1 to 1.5 weeks worth of backups. I do have the problem that we do not have many tapes in rotation, so I cannot go for too long...may 2x weeks tops.
I'm trying to rethink my strategy, but I'm confused as I read as to the difference between setting RMAN retention with redundancy vs recovery window.
Can someone give me an explanation how you understand it? I'm reading on the web and in oracle books, and for some reason, it just isn't clear to me what is the best way to go....especially when I see that redundancy and recovery window might both be set??
Thank you in advance,
cayenne

Dear Cayenne
AFAIK RMAN doesn't claim that "you haven't enough backup". Please read the error you got carefully
ORA-01180: can not create datafile 1
ORA-01110: data file 1: '+DATADG/instance1/datafile/system.284.697137287'
and check the following link:
ORA-01180: Cannot create datafile 1 when doing RMAN restore onto 2nd server
Moreover, could you please use LIST BACKUP command and see whether you have enough backups?
Read "Redundancy Based Backup Retention Policy" from the following link:
http://download.oracle.com/docs/cd/B19306_01/backup.102/b14192/strategy003.htm#sthref139

How to setup a static ip address and DNS on airport extreme using the iOS Airport Utility?

I am at a location that only has wired ethernet. The ethernet connection has a specific Static IP address, subnet, gateway, and DNS setting. I cannot seem to find how to enter DNS settings using the Apple Utility on an iPad. HELP!!!

First, I am assuming that you are trying to administer your AirPort base station for a static IP address using the iOS version of the AirPort Utility ... correct?
If so, then to do so:
Start the AirPort Utility app on the iPad
Select your base station.
Select Edit
Select Internet Connection
Select Static
Enter the appropriate IP address information
Select Done
Sorry, it does not appear that direct input for DNS IP addresses is an available option with this version of the iOS AirPort Utility app. Not sure why this was not included.

Defining IP Address and DNS configration on VMWare server?

plz suggest as mentioned in subject.
We have SuSe LINUX Version ans wants to define IP Address and DNS setting.
We get some error which looks like as resulted due to IP or DNS setting.
Guys..guide me to correct forum if reqd.

Using VMWare there are two issues to keep in mind.
a) Which kind of network are you using in VMWare
b) Set up the IP information in your VMWare guest (SuSe)
a) There are three network types in VMWare, host only, bridged and NAT.
Usually I use host-only for my machines as they are used for internal testing.. Bridged will connect to the real network and maybe you get an IP address from there (when DHCP is used). NAT will use you computers IP and translate it.
b) Setting the IP is easy - just use YAST and configure the IP address of your machine (either fixed or using DHCP). Setting up a DNS server yourself is out of the scope of this posting. Look on the internet for a howto to set up your DNS server. If you just need to configure a DNS server with your IP this can be done with YAST.
cu
Andreas

TMG ISP Redundancy and DNS

Similar Messages

Maybe you are looking for