Trouble with DNS/NetBIOS name resolution over VPN

Similar Messages

• Lync Server 2013 Edge Server NetBios name resolution

  We are working on a lync deployment in a very secure environment where we have Lync edge server deployed, in order to enable ports and traffic between the remote users and the edge servers and vice-versa there is a security vulnerability scan done that has
  shown NetBios name resolution a security threat.
  I just wanted to know if there is any guidence on NetBios name resolution for Lync Edge Servers. Can we disable NetBios services on the edge servers and what could be the possible issues if any?

  My 2 cents worth..
  The Edge server is best suited as a non domain member, all communication with the Edge Server both from the Lync Front Ends and the clients is by means of the DNS name. There are no Lync related services (from my knowledge) that require\use NetBIOS when
  communication from or to the Edge Servers. I have disabled NetBIOS on Edge just recently for similar reasons and am yet to be notified of any issues.
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
  Lync Sorted blog

• I'm having trouble with my Pages app. Over half of my document are updating, and do not finish. I cannot get to the documents. This has been going for 2 weeks now, they do not update.

  I'm having trouble with my Pages app. Over half of my document show that they are updating. I cannot open or delete the documents. Does anyone know a fix for this? Please help.

  Try this  - Reset the iPad by holding down on the Sleep and Home buttons at the same time for about 10-15 seconds until the Apple Logo appears - ignore the red slider - let go of the buttons. (This is equivalent to rebooting your computer.) No data/files will be erased. http://support.apple.com/kb/ht1430http://support.apple.com/kb/ht1430
  Troubleshooting apps purchased from the App Store
  http://support.apple.com/kb/TS1702http://support.apple.com/kb/TS1702
   Cheers, Tom

• Trouble with DNS set up

  Hello !
  I've got a real trouble with my dns configuration... and i can't understand! so, i need some help....
  well, qutie newbie in mac os server, i run in on a G4, and i had not noticed any trouble until i've decided to run open directory as a master with LDAP, wanting to have a kerberos protection for the users.
  Kerberos doesn't want to play with me !
  I've been in console mode to have a look, and, actually i've seen this :
  "Oct 17 11:31:08 wakan servermgrd: servermgr_dns: no name available via DNS for 192.168.0.109
  Oct 17 11:31:08 wakan servermgrd: servermgr_dns: no reverse DNS entry for server, various services may not function properly"
  Ok... my DNS has a trouble... but i don't know how to fix it ! Is there anybody in this world who can help me?
  I don't want to have a real DNS for my little server... but i understand that my config is not good. I can understand that having a caching DNS can improve the quality of my config, and, in other hand that it is necessary for having the services of OSX server in an effeciant way, but i don't know the way and the parameters i've to put in my config to fix it.
  Now, just some words on my config...
  First, i've got an adress provided by my FAI (the frenchy workd for ISP, i think) is "193.252.209.135". This adress is set on a d-link modem router via PPOE. The DNS of my provider (wanadoo.fr) are 80.10.246.1 and 80.10.246.132.
  After this there is my G4 With mac osX server.
  • en0, the "extenal gate" and the internal ethernet on the computer is plug on the modem with the adress "192.168.0.109". the router is set on "192.168.0.1". the dns are 80.10.246.1 and 80.10.246.132.
  • en1, the "internal gate" for the network, an PCI card in the computer, has the parameters : adress "192.168.3.1", subnet "255.255.255.0", router "192.168.3.1". no dns records. (no VPN service for the moment). After this, i've a switch for the macs behind the server. (without any link agregation)
  All those parameters have been set by the gateaway assistant.
  And now the parameters inside the admin server :
  DHCP : en1 - adress from 192.168.3.2 to 192.168.3.254, name 192.168.3. no static card. Router 192.168.3.1. No name for domaine by defaut, name servers 80.10.246.1 and 80.10.246.132 No LDAP, no WINS.
  DNS : No zone transfert, recursivity is ON. No zone records.
  NAT : set on full, Transfert and Network Address Translation.
  When i've been on the terminal, i had those information:
  "wakan:~ st$ sudo changeip -checkhostname
  Password:
  Primary address = 192.168.0.109
  Current HostName = wakan.local
  The DNS hostname is not available, please repair DNS and re-run this tool."
  All my "main" services are working fine (AFP, Firewall, DHCP, DNS, Update) Open Directory is running without Kerberos. By the way, all the macs after the G4server can have a corect access to internet, and share information via LDAP of Open Directory, but i've to say that, a couple of days later, a friend of mine, who has a PC computer, can't have a DHCP dynamic address when he plug on my little network. I think that it is an other trouble, and i've decided to have e look to this later... but if someone knows how to resolve it...
  So here begins the nightmare for me... so if anybody can help me... i realy need some help to fix this mystery!!!
  Special thanks!

  As the router modem is already doing NAT why use NAT in the server?
  If you want to use OpenDirectory and other services you should/need to set up the DNS correctly using the server's private IP (and others in the same range the server is setup with). The domainname used internally can be different than your public one.
  And then use the server as the only DNS for you LAN clients and the server itself. Forwarders (your ISP DNSes) in /etc/named.conf usually speeds up lookups of external addresses (also turning off IPv6 can help that too).

• Remote LAN Name Resolution on VPN not working after upgrading to iOS8

  Has anyone come across the problem since upgrading to iOS8 where remote LAN name resolution does not work when connected to the remote LAN with VPN.  Everything worked fine on iOS7 and continues to work okay on devices that have not been upgraded.
  If I'm connected with WiFi on the local network, I am able to resolve the FQDN to a local IP address.  The problem arises when I'm away from the office, on either LTE or another WiFi and I start a VPN connection to the office.  The VPN connects without any problems.  If I try to connect to a desktop with the FQDN it never connects.  I will work if I connect with the IP address.  If I try to do an nslookup of the FQDN, I don't get a response.  I am however able to get a response when performing an nslookup for google.com.
  The VPN we are using is PPTP to a Windows network.

  Has anyone come across the problem since upgrading to iOS8 where remote LAN name resolution does not work when connected to the remote LAN with VPN.  Everything worked fine on iOS7 and continues to work okay on devices that have not been upgraded.
  If I'm connected with WiFi on the local network, I am able to resolve the FQDN to a local IP address.  The problem arises when I'm away from the office, on either LTE or another WiFi and I start a VPN connection to the office.  The VPN connects without any problems.  If I try to connect to a desktop with the FQDN it never connects.  I will work if I connect with the IP address.  If I try to do an nslookup of the FQDN, I don't get a response.  I am however able to get a response when performing an nslookup for google.com.
  The VPN we are using is PPTP to a Windows network.

• Local Admin add with GPP netbios name not working

  I am trying to add domain users to be a local admin on certain machines. This however is not working with some machines critereria of the GPP.
  For example: there is a GPP who adds the administrator to the local admin and deletes the ones already there. Then there follows a few other users with criteria: member of the security group laptopusers or other security groups. Also have added a user and
  the criteria is netbios name of the computer. The member was immediatly added after a restart of that client.
  There is also a group in AD and added members to that group that are local admin on every machine so there is no criteria. This is working fine. WHen i add all users to this group all users are local admin everywhere. Was tested.
  However i have several users that do not be added to the local admin when the criteria is: netbiosname is ... Although when i give the command on the client: ipconfig /all the netbios name is exactly the same.
  Looked in the winlog and it looks like a problem with the machines names or usernames. But how to solve it?
  Which other cirteria i can use to add a member to local admin on a specific machine.
  The GPP is beneath the computer preference and in AD beneath a computer OU.
  freddie

  > the command nbtstat -n givves also the name as i gave in in the criteria
  > of the GPP.
  >
  > With Winlog i mean: set the gpo logging so that in a file the errors
  > appearing for the group policy applied. However there is not much to see
  > in case of this...
  Ok :) I know that these GPP debug logs are kind of "insufficient" in
  terms of debugging ILT filtering issues, because there's absolutely
  nothing about the filter evaluation in them...
  In a quick test I ran right now, it worked without a problem. So it
  seems you most probably will be out of luck in this forum, because it is
  not a general issue.
  BTW: Did you type in the name or did you select it through the object
  picker button ("...")? Maybe this filter is case sensitive?
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))
  I jhave give in the name and then check name so he gets the name from AD. I have done that again to see if it works now. The strange thing is that it works well on some systems and not for some other systems...
  freddie

• MI424WR - DNS Host Name Resolution

  I have added several DNS entries in the DNS Server section of the MI424WR. These are for my network printer, and I have renamed several Android devices to give them names. When I try to ping any host name that I added to the DNS Server section it does not resolve.
  How can I rectify this?
  Thanks,
  Steve

  Are your machines using the DNS Server/Relay in the ActionTec, or are they set to use External DNS Servers? An ipconfig /all readout from the command prompt will tell you this information.
  ========
  The first to bring me 1Gbps Fiber for $30/m wins!

• Trouble with iMac G5 screen resolution

  My wife has an iMac G5, running Snow Leopard; ATI Radeon HD 4670 video.
  She was downloading pictures from her Nikon D60 and looked at one of the pictures, when suddenly the screen resolution changed.
  I restored the default .icc profile from Time Machine from about a month ago (although it appeared to already be using the factory default).
  Screen resolution won't work under any of the options shown under System Preferences / Displays. Any option leaves the screen too large (requiring scrolling to see the menus and the dock at the bottom) or else has strange characters / colors / boxes on part of the screen.
  After restoring the .icc profile, I rebooted in Safe Mode (held down shift key while booting) and the display looks fine in 2560 x 1440.
  When I reboot and don't go into Safe Mode, the display isn't right even though it's still in 2560 x 1440.
  Since it works in safe mode, seems like it can't be hardware.
  Any ideas what to do or try?
  Thanks.
  Keith

  Sounds like maybe the Display is Zoomed in?
  Try holding the ⌃ (control) key and scrolling down or alternately use the ⌥ ⌘ - (alt command minus) key command and see if that doesn't return to normal view?
  The mouse scrolling feature can be disabled in the Mouse Preference and the key command feature can be disabled in the Universal Access Preference.
  Dennis

• Trouble with multipath device names in an OVM resource pool...

  Hello everyone...
  I'm trying to add a server to an older pool (2.2.1) and I'm getting a little confused about this multipathing business....
  The master has 3 storage repos...like this...
  [   ] 96b72edc-147f-45e3-8e8a-672344e5a474 => /dev/mapper/mpath4p1
  [   ] 1af0a0f2-463d-4e67-b854-47d68f95eb15 => /dev/mapper/mpath6p1
  [ * ] f481b38b-f582-4693-9768-1eb8f47f0e6c => /dev/mapper/mpath3p1
  If I do a multipath -ll they show up like this:
  mpath6 (360060e8006fee3000000fee300000052) dm-3
  mpath4 (360060e800543f000000043f0000001ae) dm-2
  mpath3 (360060e800543f000000043f0000001bb) dm-1
  On my new server...I tried to set the bindings so they'd be the same, and it shows up like this:
  mpath6 (360060e8006fee3000000fee300000052) dm-3
  mpath4 (360060e800543f000000043f0000001ae) dm-1
  mpath3 (360060e800543f000000043f0000001bb) dm-2
  The dm-x is different between the two servers...
  Does this have to be the same for it to work properly or can I add the storage to my new server and add it to the pool?
  I want to make sure because I really don't want to cause any kind of storage issues.
  Any help or guidance would be greatly appreciated.
  Thanks!
  Armin

  Same counts for the applet.class resource on the Html page.At this point you have to deal with browser differences and the fact there is no <applet> tag in strict xhtml. There's a good series of increasingly complex examples on this page: [http://ww2.cs.fsu.edu/~steele/XHTML/appletObject.html]

• DNS over VPN

  Hi community,
  I am having some trouble with dns over vpn. On server side of VPN the dns is working 100% i.e servername.domain.com resolves to local IP address correctly from within network. However, when i connect into network over VPN the dns does not work correctly - it resolves servername correctly but not servername.domain.com. I can overcome this by setting VPN above my Ethernet adaptor in service order but then all my traffic gets routed over VPN connection (which i don't want) - even if I try adding network routing defn on VPN server. I probably need to do something on the VPN client (Snow leopard 10.6.1)?
  Please help!

  Rather than dnsmasq and openwrt, I'd look at the DNS server here.
  My guess here would be that the DNS configuration is invalid, or the domain name incorrect, or such.
  For a simple split-brain, you'll have one forward zone with your local Mac OS X Server box as the DNS server, and one (created for you) reverse DNS zone. And you'll be using a unique domain name or (far better) a publicly-registered DNS domain. But this smells like a DNS error.
  Post the +dig -x+ of the IP address on your LAN, and the +dig host+ and +dig host.example.com+ of the domain name on your LAN. And given this DNS information is either public or is behind a firewall and thus accessible only via VPN, please post the real data rather than masked data.

• V31.5 no longer works with IMAP over VPN - v31.4 is OK

  I have been using TB for several years with IMAP accounts accessed over VPN. This was working fine until I upgraded to v31.5. After this upgrade, TB would leave rotating circle symbol indefinitely (more than 15 minutes, no timeout message or error message). This was only happening with my IMAP account subscriptions over VPN - POP accounts were still working perfectly. With the VPN IMAP accounts the message preview did not update (no new messages, old messages no longer on the IMAP server still showing on preview pane). Had my IT guy spend over an hour checking everything at the VPN / IMAP host end and he was unable to find any problems - he advised the system showed what looked like a normal connection between my PC and the mail server.
  I then tried deleting the IMAP account subscriptions from TB, shut down & restarted, then tried re-creating IMAP subscriptions - still no go. We tried a different e-mail client and it worked fine with the same IMAP accounts over the same VPN connection. Ended up uninstalling TB (v31.5) and installing v31.4 - all working fine again on v31.4.
  I might add it has taken an amazing effort to find a way to report this problem - I've had to create an account just to send comment - a bit overboard for a non-programmer.
  Even when I uninstalled v31.5 I was offered an option to report feedback - but it brought up a dead link in my browser.
  Aside from this problem I am a very happy TB user and extend my sincerest gratitude to those who have made this fantastic product available to users around the world. Thank You.

  Maybe it is this bug: http://bugs.kde.org/show_bug.cgi?id=154969
  The decisive effect is 'Improved window management' - if this effect is enabled kwin works normally.
  Last edited by May-C (2008-02-13 01:16:48)

• Is there a solution for Airprint over VPN connection?

  I use a new HP airprint enabled printer in a WIFI network at home. It all works fine that far, the printer is recognized by Airprint feature on both iPhone and iPad..
  Furthermore, I have established a VPN connection on my Fritzbox router and setup VPN connection on iPhone and iPad. The VPN connection (IPSec) works without any problem.
  Only problem: If I try to print using the VPN connection, no printer is found. I understand it has something to do with Bonjour not working properly over VPN.
  But is there any workaround or tweak to make it work somehow?
  (Note: I know there is the eprint-feature on the HP printer as well, but I don´t want to use it)
  Thanks

  I am having the same problem.  When on my local network, I have 2 AirPrint printers I can print to just fine from iPhone, iPad and iPod.  However, while connected to the VPN, it doesn't see any printers.
  The VPN is OS X Lion 10.7.5 VPN.  It is serving addresses in the same domain and subnet as the main network.  However, there is no option for routing control, so I assume routing across the network is somehow limited.  Incidentally, one printer is shared from an iMac, the other is a WiFi printer.
  When I connect to the VPN with my Macbook Pro, the printers don't show up as online either.  However, I can ping other machines on my network, including the Lion Server (I also have a Linux server that is serving DNS and DHCP - I can log into that machine with VNC or SSH no problem).
  The only ports I have open on the firewalls are the L2TP and PPTP ports, and the VNC port.  But anything with printing should be within the tunnel, and not filtered by the firewall once a virtual circuit is established, right?  Is there a way I can have finer control over the VPN settings, like editing a config file or something?

• Joining a computer to the domain using the netbios name VS the FQDN

  Where I work we must join computers to the domain using the netbios name (ex: mycomp) vs the FQDN mycompany.tx.com or else problems occur and the computer must be rejoined to the domain again with the netbios name- it can be joined to the domain initially, but after about 15 - 30 mins we'll get an error message when trying to logon.
  The error message I believe is:
  "The system cannot log you on to this domain because the system's computer account in its primary domain is missing or the password on the account is incorrect."
  I haven't seen it happen in a while, but if I remember correctly this is the error message we get -I could be wrong though.
  It may also have just been a "domain is not available" message.
  Some additional info:
  The netbios domain name is diffent then the DNS name ie: "mycompany.tx.com" was not made "mycompany" for netbios, but "mycomp" instead.
  Our DFL is mixed mode with some 2000 and some 2003 servers
  We used to use WINS, but now we do not.
  And lastly we usually add a WINS address along with the dns address in each workstation via "advanced TCP/IP settings" (why I do not know) and occationally I will not be able to join a computer to the domain until I add this WINS address. I know what your thinking, and I will say that I am not 100% all of our WINS server were deactivated. 
  Any info on how to figure this out or troubleshoot this would be greatly apprieciated. Thanks a lot. 

  Well this happened again.
  As a test before I deployed a PC to one of our branches I joined it to the domain via the FQDN: mycompany.tx.com instead of the netbios name: mycomp prior to shipping. It spent a few days in transit and when it arrived a user plugged it in and tried to logon, but recieved this message:
  "The system cannot log you on to this domain because the system's computer account in its primary domain is missing or the password on that account is incorrect"
  I realize this error message maybe unrelated, but if I recall correctly this is what happened last time.
  I pretty sure I was thorough in removing the computer account from the nessesary DCs (it failed and needed to be replaced) before I joined the replacement to the domain with the same name.
  Rejoining to the domain via "mycomp" corrected the issue.
  Netlogsetup.log:
  01/06 15:24:01 -----------------------------------------------------------------
  01/06 15:24:01 NetpValidateName: checking to see if 'BR021WS025' is valid as type 1 name
  01/06 15:24:01 NetpCheckNetBiosNameNotInUse for 'BR021WS025' [MACHINE] returned 0x0
  01/06 15:24:01 NetpValidateName: name 'BR021WS025' is valid for type 1
  01/06 15:24:01 -----------------------------------------------------------------
  01/06 15:24:01 NetpValidateName: checking to see if 'BR021WS025.mycompany.tx.com' is valid as type 5 name
  01/06 15:24:01 NetpValidateName: name 'BR021WS025.mycompany.tx.com' is valid for type 5
  01/06 15:24:01 -----------------------------------------------------------------
  01/06 15:24:01 NetpValidateName: checking to see if 'FGYJ' is valid as type 2 name
  01/06 15:24:01 NetpCheckNetBiosNameNotInUse for 'FGYJ' [ Workgroup as MACHINE]  returned 0x0
  01/06 15:24:01 NetpValidateName: name 'FGYJ' is valid for type 2
  01/06 15:24:01 -----------------------------------------------------------------
  01/06 15:24:01 NetpUnJoinDomain: unjoin from 'mycomp' using '(null)' creds, options: 0x4
  01/06 15:24:01  OS Version: 5.0
  01/06 15:24:01  Build number: 2195
  01/06 15:24:01  ServicePack: Service Pack 4
  01/06 15:24:01 NetpUnJoinDomain: status of getting computer name: 0x0
  01/06 15:24:01 NetpApplyJoinState: actions: 0xb803a
  01/06 15:24:01 NetpDsGetDcName: trying to find DC in domain 'mycomp', flags: 0x1020
  01/06 15:24:01 NetpDsGetDcName: failed to find a DC in the specified domain: 0x54b
  01/06 15:24:01 NetpApplyJoinState: initiating a rollback due to earlier errors
  01/06 15:24:01 NetpApplyJoinState: actions: 0x40000
  01/06 15:24:01 NetpGetLsaPrimaryDomain: status: 0x0
  01/06 15:24:01 NetpUnJoinDomain: status: 0x54b
  01/06 15:24:01 -----------------------------------------------------------------
  01/06 15:24:01 NetpUnJoinDomain: unjoin from 'mycomp' using '(null)' creds, options: 0x0
  01/06 15:24:01  OS Version: 5.0
  01/06 15:24:01  Build number: 2195
  01/06 15:24:01  ServicePack: Service Pack 4
  01/06 15:24:01 NetpUnJoinDomain: status of getting computer name: 0x0
  01/06 15:24:01 NetpApplyJoinState: actions: 0xb003a
  01/06 15:24:02 NetpApplyJoinState: status of stopping and setting start type of Netlogon to 16: 0x0
  01/06 15:24:06 NetpApplyJoinState: status of stopping and setting start type of TimeSvc to 16: 0x0
  01/06 15:24:06 NetpGetLsaPrimaryDomain: status: 0x0
  01/06 15:24:06 NetpLsaOpenSecret: status: 0x0
  01/06 15:24:06 NetpLsaOpenSecret: status: 0x0
  01/06 15:24:06 NetpSetLsaPrimaryDomain: for 'mycomp' status: 0x0
  01/06 15:24:06 NetpApplyJoinState: status of setting LSA pri. domain: 0x0
  01/06 15:24:07 NetpApplyJoinState: status of removing from local groups: 0x0
  01/06 15:24:07 NetpApplyJoinState: NON FATAL: status of removing DNS registrations: 0x0
  01/06 15:24:07 NetpUnJoinDomain: status: 0x0
  01/06 15:24:12 -----------------------------------------------------------------
  01/06 15:24:12 NetpDoDomainJoin
  01/06 15:24:12 NetpMachineValidToJoin: 'BR063WS014'
  01/06 15:24:12 NetpGetLsaPrimaryDomain: status: 0x0
  01/06 15:24:12 NetpMachineValidToJoin: status: 0x0
  01/06 15:24:12 NetpJoinWorkgroup: joining computer 'BR063WS014' to workgroup 'FGYJ'
  01/06 15:24:12 NetpValidateName: checking to see if 'FGYJ' is valid as type 2 name
  01/06 15:24:12 NetpCheckNetBiosNameNotInUse for 'FGYJ' [ Workgroup as MACHINE]  returned 0x0
  01/06 15:24:12 NetpValidateName: name 'FGYJ' is valid for type 2
  01/06 15:24:13 NetpSetLsaPrimaryDomain: for 'FGYJ' status: 0x0
  01/06 15:24:13 NetpJoinWorkgroup: status:  0x0
  01/06 15:24:13 NetpDoDomainJoin: status: 0x0
  01/07 10:49:50 -----------------------------------------------------------------
  01/07 10:49:50 NetpValidateName: checking to see if 'mycompany.tx.com' is valid as type 3 name
  01/07 10:49:50 NetpValidateName: 'mycompany.tx.com' is not a valid NetBIOS domain name: 0x7b
  01/07 10:49:50 NetpCheckDomainNameIsValid [ Exists ] for 'mycompany.tx.com' returned 0x0
  01/07 10:49:50 NetpValidateName: name 'mycompany.tx.com' is valid for type 3
  01/07 10:49:59 -----------------------------------------------------------------
  01/07 10:49:59 NetpDoDomainJoin
  01/07 10:49:59 NetpMachineValidToJoin: 'BR021WS025'
  01/07 10:49:59 NetpGetLsaPrimaryDomain: status: 0x0
  01/07 10:49:59 NetpMachineValidToJoin: status: 0x0
  01/07 10:49:59 NetpJoinDomain
  01/07 10:49:59  Machine: BR021WS025
  01/07 10:49:59  Domain: mycompany.tx.com
  01/07 10:49:59  MachineAccountOU: (NULL)
  01/07 10:49:59  Account: mycompany.tx.com\myUserName
  01/07 10:49:59  Options: 0x27
  01/07 10:49:59  OS Version: 5.0
  01/07 10:49:59  Build number: 2195
  01/07 10:49:59  ServicePack: Service Pack 4
  01/07 10:49:59 NetpValidateName: checking to see if 'mycompany.tx.com' is valid as type 3 name
  01/07 10:49:59 NetpValidateName: 'mycompany.tx.com' is not a valid NetBIOS domain name: 0x7b
  01/07 10:49:59 NetpCheckDomainNameIsValid [ Exists ] for 'mycompany.tx.com' returned 0x0
  01/07 10:49:59 NetpValidateName: name 'mycompany.tx.com' is valid for type 3
  01/07 10:49:59 NetpDsGetDcName: trying to find DC in domain 'mycompany.tx.com', flags: 0x1020
  01/07 10:50:00 NetpDsGetDcName: found DC '\\br041svr.mycompany.tx.com' in the specified domain
  01/07 10:50:00 NetpJoinDomain: status of connecting to dc '\\br041svr.mycompany.tx.com': 0x0
  01/07 10:50:00 NetpGetLsaPrimaryDomain: status: 0x0
  01/07 10:50:00 NetpLsaOpenSecret: status: 0xc0000034
  01/07 10:50:00 NetpGetLsaPrimaryDomain: status: 0x0
  01/07 10:50:00 NetpLsaOpenSecret: status: 0xc0000034
  01/07 10:50:01 NetpManageMachineAccountWithSid: NetUserAdd on '\\br041svr.mycompany.tx.com' for 'BR021WS025$' failed: 0x8b0
  01/07 10:50:01 NetpManageMachineAccountWithSid: status of attempting to set password on '\\br041svr.mycompany.tx.com' for 'BR021WS025$': 0x0
  01/07 10:50:01 NetpJoinDomain: status of creating account: 0x0
  01/07 10:50:01 NetpJoinDomain: status of setting netlogon cache: 0x0
  01/07 10:50:01 NetpGetLsaPrimaryDomain: status: 0x0
  01/07 10:50:02 NetpSetLsaPrimaryDomain: for 'mycomp' status: 0x0
  01/07 10:50:02 NetpJoinDomain: status of setting LSA pri. domain: 0x0
  01/07 10:50:02 NetpJoinDomain: status of managing local groups: 0x0
  01/07 10:50:03 NetpJoinDomain: status of setting ComputerNamePhysicalDnsDomain to 'mycompany.tx.com': 0x0
  01/07 10:50:04 NetpJoinDomain: status of starting Netlogon: 0x0
  01/07 10:50:04 NetpWaitForNetlogonSc: waiting for netlogon secure channel setup...
  01/07 10:50:06 NetpWaitForNetlogonSc: status: 0x0, sub-status: 0x0
  01/07 10:50:06 NetpJoinDomain: status of disconnecting from '\\br041svr.mycompany.tx.com': 0x0
  01/07 10:50:06 NetpDoDomainJoin: status: 0x0
  01/11 11:21:08 -----------------------------------------------------------------
  01/11 11:21:08 NetpValidateName: checking to see if 'WK' is valid as type 2 name
  01/11 11:21:20 NetpCheckNetBiosNameNotInUse for 'WK' [ Workgroup as MACHINE]  returned 0x0
  01/11 11:21:20 NetpValidateName: name 'WK' is valid for type 2
  01/11 11:21:20 -----------------------------------------------------------------
  01/11 11:21:20 NetpUnJoinDomain: unjoin from 'mycomp' using '(null)' creds, options: 0x4
  01/11 11:21:20  OS Version: 5.0
  01/11 11:21:20  Build number: 2195
  01/11 11:21:20  ServicePack: Service Pack 4
  01/11 11:21:20 NetpUnJoinDomain: status of getting computer name: 0x0
  01/11 11:21:20 NetpApplyJoinState: actions: 0xb803a
  01/11 11:21:20 NetpDsGetDcName: trying to find DC in domain 'mycomp', flags: 0x1020
  01/11 11:21:56 NetpDsGetDcName: failed to find a DC having account 'BR021WS025$': 0x525
  01/11 11:21:56 NetpDsGetDcName: found DC '\\BR021SVR' in the specified domain
  01/11 11:21:56 NetUseAdd to \\BR021SVR\IPC$ returned 1326
  01/11 11:21:56 Trying add to  \\BR021SVR\IPC$ using NULL Session
  01/11 11:21:56 NetpApplyJoinState: status of connecting to dc '\\BR021SVR': 0x0
  01/11 11:21:57 NetpApplyJoinState: status of stopping and setting start type of Netlogon to 16: 0x0
  01/11 11:22:01 NetpApplyJoinState: status of stopping and setting start type of TimeSvc to 16: 0x0
  01/11 11:22:01 NetpGetLsaPrimaryDomain: status: 0x0
  01/11 11:22:01 NetpLsaOpenSecret: status: 0x0
  01/11 11:22:01 NetpLsaOpenSecret: status: 0x0
  01/11 11:22:01 SamLookupNamesInDomain on BR021WS025$ failed with 0xc0000073
  01/11 11:22:01 NetpManageMachineAccountWithSid: status of disabling account 'BR021WS025$' on '\\BR021SVR': 0x534
  01/11 11:22:01 NetpApplyJoinState: status of disabling account: 0x534
  01/11 11:22:01 NetpApplyJoinState: initiating a rollback due to earlier errors
  01/11 11:22:01 NetpApplyJoinState: actions: 0x40130
  01/11 11:22:01 NetpDsGetDcName: trying to find DC in domain '(null)', flags: 0x1020
  01/11 11:22:26 NetpDsGetDcName: failed to find a DC having account 'BR021WS025$': 0x525
  01/11 11:22:26 NetpDsGetDcName: found DC '\\br021svr.mycompany.tx.com' in the specified domain
  01/11 11:22:26 NetUseAdd to \\br021svr.mycompany.tx.com\IPC$ returned 1326
  01/11 11:22:26 Trying add to  \\br021svr.mycompany.tx.com\IPC$ using NULL Session
  01/11 11:22:26 NetpApplyJoinState: status of connecting to dc '\\br021svr.mycompany.tx.com': 0x0
  01/11 11:22:26 NetpGetLsaPrimaryDomain: status: 0x0
  01/11 11:22:26 NetpLsaOpenSecret: status: 0xc0000034
  01/11 11:22:27 NetpSetMachineAccountPassword: NetUserGetInfo on '\\br021svr.mycompany.tx.com' 'BR021WS025$' failed: 0x8ad
  01/11 11:22:27 NetpApplyJoinState: status of setting machine password: 0x8ad
  01/11 11:22:27 NetpApplyJoinState: status of starting and setting start type of Netlogon to 4: 0x0
  01/11 11:22:28 NetpApplyJoinState: status of starting and setting start type of TimeSvc to 4: 0x0
  01/11 11:22:28 NetpApplyJoinState: status of disconnecting from '\\br021svr.mycompany.tx.com': 0x0
  01/11 11:22:28 NetpApplyJoinState: status of disconnecting from '\\BR021SVR': 0x0
  01/11 11:22:28 NetpUnJoinDomain: status: 0x534
  01/11 11:22:28 -----------------------------------------------------------------
  01/11 11:22:28 NetpUnJoinDomain: unjoin from 'mycomp' using '(null)' creds, options: 0x0
  01/11 11:22:28  OS Version: 5.0
  01/11 11:22:28  Build number: 2195
  01/11 11:22:28  ServicePack: Service Pack 4
  01/11 11:22:28 NetpUnJoinDomain: status of getting computer name: 0x0
  01/11 11:22:28 NetpApplyJoinState: actions: 0xb003a
  01/11 11:22:58 NetpApplyJoinState: status of stopping and setting start type of Netlogon to 16: 0x0
  01/11 11:23:01 NetpApplyJoinState: status of stopping and setting start type of TimeSvc to 16: 0x0
  01/11 11:23:02 NetpGetLsaPrimaryDomain: status: 0x0
  01/11 11:23:02 NetpLsaOpenSecret: status: 0x0
  01/11 11:23:02 NetpLsaOpenSecret: status: 0x0
  01/11 11:23:02 NetpSetLsaPrimaryDomain: for 'mycomp' status: 0x0
  01/11 11:23:02 NetpApplyJoinState: status of setting LSA pri. domain: 0x0
  01/11 11:23:03 NetpApplyJoinState: status of removing from local groups: 0x0
  01/11 11:23:03 NetpApplyJoinState: NON FATAL: status of removing DNS registrations: 0x0
  01/11 11:23:03 NetpUnJoinDomain: status: 0x0
  01/11 11:23:45 -----------------------------------------------------------------
  01/11 11:23:45 NetpDoDomainJoin
  01/11 11:23:45 NetpMachineValidToJoin: 'BR021WS025'
  01/11 11:23:45 NetpGetLsaPrimaryDomain: status: 0x0
  01/11 11:23:45 NetpMachineValidToJoin: status: 0x0
  01/11 11:23:45 NetpJoinWorkgroup: joining computer 'BR021WS025' to workgroup 'WK'
  01/11 11:23:45 NetpValidateName: checking to see if 'WK' is valid as type 2 name
  01/11 11:23:57 NetpCheckNetBiosNameNotInUse for 'WK' [ Workgroup as MACHINE]  returned 0x0
  01/11 11:23:57 NetpValidateName: name 'WK' is valid for type 2
  01/11 11:23:58 NetpSetLsaPrimaryDomain: for 'WK' status: 0x0
  01/11 11:23:58 NetpJoinWorkgroup: status:  0x0
  01/11 11:23:58 NetpDoDomainJoin: status: 0x0
  01/11 11:33:08 -----------------------------------------------------------------
  01/11 11:33:08 NetpValidateName: checking to see if 'mycomp' is valid as type 3 name
  01/11 11:33:17 NetpCheckDomainNameIsValid [ Exists ] for 'mycomp' returned 0x0
  01/11 11:33:17 NetpValidateName: name 'mycomp' is valid for type 3
  01/11 11:34:23 -----------------------------------------------------------------
  01/11 11:34:23 NetpDoDomainJoin
  01/11 11:34:23 NetpMachineValidToJoin: 'BR021WS025'
  01/11 11:34:23 NetpGetLsaPrimaryDomain: status: 0x0
  01/11 11:34:23 NetpMachineValidToJoin: status: 0x0
  01/11 11:34:23 NetpJoinDomain
  01/11 11:34:23  Machine: BR021WS025
  01/11 11:34:23  Domain: mycomp
  01/11 11:34:23  MachineAccountOU: (NULL)
  01/11 11:34:23  Account: mycomp\USER1
  01/11 11:34:23  Options: 0x27
  01/11 11:34:23  OS Version: 5.0
  01/11 11:34:23  Build number: 2195
  01/11 11:34:23  ServicePack: Service Pack 4
  01/11 11:34:23 NetpValidateName: checking to see if 'mycomp' is valid as type 3 name
  01/11 11:34:23 NetpCheckDomainNameIsValid [ Exists ] for 'mycomp' returned 0x0
  01/11 11:34:23 NetpValidateName: name 'mycomp' is valid for type 3
  01/11 11:34:23 NetpDsGetDcName: trying to find DC in domain 'mycomp', flags: 0x1020
  01/11 11:34:35 NetpDsGetDcName: failed to find a DC having account 'BR021WS025$': 0x525
  01/11 11:34:35 NetpDsGetDcName: found DC '\\BR021SVR' in the specified domain
  01/11 11:34:35 NetpJoinDomain: status of connecting to dc '\\BR021SVR': 0x0
  01/11 11:34:35 NetpGetLsaPrimaryDomain: status: 0x0
  01/11 11:34:35 NetpLsaOpenSecret: status: 0xc0000034
  01/11 11:34:35 NetpGetLsaPrimaryDomain: status: 0x0
  01/11 11:34:35 NetpLsaOpenSecret: status: 0xc0000034
  01/11 11:34:36 NetpJoinDomain: status of creating account: 0x0
  01/11 11:34:36 NetpJoinDomain: status of setting netlogon cache: 0x0
  01/11 11:34:36 NetpGetLsaPrimaryDomain: status: 0x0
  01/11 11:34:37 NetpSetLsaPrimaryDomain: for 'mycomp' status: 0x0
  01/11 11:34:37 NetpJoinDomain: status of setting LSA pri. domain: 0x0
  01/11 11:34:37 NetpJoinDomain: status of managing local groups: 0x0
  01/11 11:34:37 NetpJoinDomain: status of setting ComputerNamePhysicalDnsDomain to 'mycompany.tx.com': 0x0
  01/11 11:34:38 NetpJoinDomain: status of starting Netlogon: 0x0
  01/11 11:34:38 NetpWaitForNetlogonSc: waiting for netlogon secure channel setup...
  01/11 11:34:45 NetpWaitForNetlogonSc: status: 0x0, sub-status: 0x0
  01/11 11:34:45 NetpJoinDomain: status of disconnecting from '\\BR021SVR': 0x0
  01/11 11:34:45 NetpDoDomainJoin: status: 0x0
  - I forgot to add when the user experienced this problem I checked for the computer account and found it was not present in the domain on any DCs.

• Netbios name required for Windows 7 clients to connect?

  I upgraded my production server to Lion tonight. 
  My Windows 7 test machines (all standalone -- no AD here) now need to log into the server with the netbios name of the 10.7 server as part of the login:
  ie, instead of "maser" as the User Name
  it now requires "<netbiosname>\maser" as the User Name
  Everything works, but that futz's up the pass-through authentication I had set up for the Win7 users whom I had just set their Windows account/password combination to match the 10.6 server account/password combination.
  (smb://<server> from the Mac side doesn't care about the netbios name…)
  Any suggestions on what might need to be tweaked in com.apple.smb.server.plist?
  - Steve

  Hi,
  According to the error message: 接收到显式 EAP 失败, you can refer to the KB below to download and install hotfix tool for this problem for test.
  Windows 7 does not connect to an IEEE 802.1X-authenticated network if an invalid certificate is installed:
  http://support.microsoft.com/kb/2494172/en-us
  In addition, another library that teaching about Configure 802.1X Wired Access Clients for EAP-TLS Authentication might be helpful with your problem.
  http://technet.microsoft.com/en-us/library/dd759237.aspx
  Roger Lu
  TechNet Community Support

• Problems with WSUS over VPN

  A while back we started having trouble with our WSUS server communicating with our laptops over our VPN. We've been just running updates manually, but it's become a priority to find out what the issue is so that we can resume using it to deploy other software
  packages.
  We're getting the following in our WindowsUpdate.log:
  2014-08-21 10:40:50:083 1168 63c AU Triggering AU detection through DetectNow API
  2014-08-21 10:40:50:083 1168 63c AU Triggering Online detection (interactive)
  2014-08-21 10:40:50:083 1168 a80 AU #############
  2014-08-21 10:40:50:083 1168 a80 AU ## START ## AU: Search for updates
  2014-08-21 10:40:50:083 1168 a80 AU #########
  2014-08-21 10:40:50:083 1168 a80 AU <<## SUBMITTED ## AU: Search for updates [CallId = {414E9C34-F810-46D5-9D6B-01001BCE24FB}]
  2014-08-21 10:40:58:211 1168 cf4 Misc WARNING: Send failed with hr = 80072ee2.
  2014-08-21 10:40:58:211 1168 cf4 Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
  2014-08-21 10:40:58:211 1168 cf4 PT + Last proxy send request failed with hr = 0x80072EE2, HTTP status code = 0
  2014-08-21 10:40:58:211 1168 cf4 PT + Caller provided credentials = No
  2014-08-21 10:40:58:211 1168 cf4 PT + Impersonate flags = 0
  2014-08-21 10:40:58:211 1168 cf4 PT + Possible authorization schemes used =
  2014-08-21 10:40:58:211 1168 cf4 PT WARNING: SyncUpdates failure, error = 0x80072EE2, soap client error = 5, soap error code = 0, HTTP status code = 200
  2014-08-21 10:40:58:211 1168 cf4 PT WARNING: PTError: 0x80072ee2
  2014-08-21 10:40:58:211 1168 cf4 PT WARNING: SyncUpdates_WithRecovery failed.: 0x80072ee2
  2014-08-21 10:40:58:211 1168 cf4 PT WARNING: Sync of Updates: 0x80072ee2
  2014-08-21 10:40:58:211 1168 cf4 PT WARNING: SyncServerUpdatesInternal failed: 0x80072ee2
  2014-08-21 10:40:58:211 1168 cf4 Agent * WARNING: Failed to synchronize, error = 0x80072EE2
  2014-08-21 10:40:58:211 1168 cf4 Agent * WARNING: Exit code = 0x80072EE2
  2014-08-21 10:40:58:211 1168 cf4 Agent *********
  2014-08-21 10:40:58:211 1168 cf4 Agent ** END ** Agent: Finding updates [CallerId = ]
  2014-08-21 10:40:58:211 1168 cf4 Agent *************
  2014-08-21 10:40:58:211 1168 cf4 Agent WARNING: WU client failed Searching for update with error 0x80072ee2
  2014-08-21 10:40:58:226 1168 cf4 Agent *************
  2014-08-21 10:40:58:226 1168 cf4 Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates]
  2014-08-21 10:40:58:226 1168 cf4 Agent *********
  2014-08-21 10:40:58:226 1168 cf4 Agent * Online = Yes; Ignore download priority = No
  2014-08-21 10:40:58:226 1168 cf4 Agent * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
  2014-08-21 10:40:58:226 1168 cf4 Agent * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
  2014-08-21 10:40:58:226 1168 cf4 Agent * Search Scope = {Machine}
  2014-08-21 10:40:58:226 1168 cf4 Setup Checking for agent SelfUpdate
  2014-08-21 10:40:58:226 1168 cf4 Setup Client version: Core: 7.6.7600.256 Aux: 7.6.7600.256
  2014-08-21 10:40:58:226 584 db4 COMAPI >>-- RESUMED -- COMAPI: Search [ClientId = <NULL>]
  2014-08-21 10:40:58:226 584 db4 COMAPI - Updates found = 0
  2014-08-21 10:40:58:226 584 db4 COMAPI - WARNING: Exit code = 0x00000000, Result code = 0x80072EE2
  2014-08-21 10:40:58:226 584 db4 COMAPI ---------
  2014-08-21 10:40:58:226 584 db4 COMAPI -- END -- COMAPI: Search [ClientId = <NULL>]
  2014-08-21 10:40:58:226 584 db4 COMAPI -------------
  2014-08-21 10:40:58:226 584 84c COMAPI WARNING: Operation failed due to earlier error, hr=80072EE2
  2014-08-21 10:40:58:226 584 84c COMAPI FATAL: Unable to complete asynchronous search. (hr=80072EE2)
  2014-08-21 10:40:58:258 1168 cf4 Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab:
  2014-08-21 10:40:58:273 1168 cf4 Misc Microsoft signed: Yes
  2014-08-21 10:41:19:333 1168 cf4 Misc WARNING: Send failed with hr = 80072ee2.
  2014-08-21 10:41:19:333 1168 cf4 Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
  2014-08-21 10:41:19:333 1168 cf4 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://{servername}/selfupdate/wuident.cab>. error 0x80072ee2
  2014-08-21 10:41:19:333 1168 cf4 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
  2014-08-21 10:41:19:333 1168 cf4 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
  2014-08-21 10:41:19:333 1168 cf4 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
  2014-08-21 10:41:40:362 1168 cf4 Misc WARNING: Send failed with hr = 80072ee2.
  2014-08-21 10:41:40:362 1168 cf4 Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
  2014-08-21 10:41:40:362 1168 cf4 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://{servername}/selfupdate/wuident.cab>. error 0x80072ee2
  2014-08-21 10:41:40:362 1168 cf4 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
  2014-08-21 10:41:40:362 1168 cf4 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
  2014-08-21 10:41:40:362 1168 cf4 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
  2014-08-21 10:42:01:391 1168 cf4 Misc WARNING: Send failed with hr = 80072ee2.
  2014-08-21 10:42:01:391 1168 cf4 Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
  2014-08-21 10:42:01:391 1168 cf4 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://{servername}/selfupdate/wuident.cab>. error 0x80072ee2
  2014-08-21 10:42:01:391 1168 cf4 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
  2014-08-21 10:42:01:391 1168 cf4 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
  2014-08-21 10:42:01:391 1168 cf4 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
  2014-08-21 10:42:22:435 1168 cf4 Misc WARNING: Send failed with hr = 80072ee2.
  2014-08-21 10:42:22:435 1168 cf4 Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
  2014-08-21 10:42:22:435 1168 cf4 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://{servername}/selfupdate/wuident.cab>. error 0x80072ee2
  2014-08-21 10:42:22:435 1168 cf4 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
  2014-08-21 10:42:22:435 1168 cf4 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
  2014-08-21 10:42:22:435 1168 cf4 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
  2014-08-21 10:42:22:435 1168 cf4 Misc WARNING: DownloadFileInternal failed for http://{servername}/selfupdate/wuident.cab: error 0x80072ee2
  2014-08-21 10:42:22:435 1168 cf4 Setup WARNING: SelfUpdate check failed to download package information, error = 0x80072EE2
  2014-08-21 10:42:22:435 1168 cf4 Setup FATAL: SelfUpdate check failed, err = 0x80072EE2
  2014-08-21 10:42:22:435 1168 cf4 Agent * WARNING: Skipping scan, self-update check returned 0x80072EE2
  2014-08-21 10:42:22:435 1168 cf4 Agent * WARNING: Exit code = 0x80072EE2
  Here's what the client diagnostic tool returns:
  WSUS Client Diagnostics Tool
  Checking Machine State
  Checking for admin rights to run tool . . . . . . . . . PASS
  Automatic Updates Service is running. . . . . . . . . . PASS
  Background Intelligent Transfer Service is not running. PASS
  Wuaueng.dll version 7.6.7600.256. . . . . . . . . . . . PASS
  This version is WSUS 2.0
  Checking AU Settings
  AU Option is 4: Scheduled Install . . . . . . . . . . . PASS
  Option is from Policy settings
  Checking Proxy Configuration
  Checking for winhttp local machine Proxy settings . . . PASS
  Winhttp local machine access type
  <Direct Connection>
  Winhttp local machine Proxy. . . . . . . . . . NONE
  Winhttp local machine ProxyBypass. . . . . . . NONE
  Checking User IE Proxy settings . . . . . . . . . . . . PASS
  User IE Proxy. . . . . . . . . . . . . . . . . NONE
  User IE ProxyByPass. . . . . . . . . . . . . . NONE
  User IE AutoConfig URL Proxy . . . . . . . . . NONE
  User IE AutoDetect
  AutoDetect not in use
  Checking Connection to WSUS/SUS Server
  WUServer = http://{servername}
  WUStatusServer = http://{servername}
  UseWuServer is enabled. . . . . . . . . . . . . . . . . PASS
  Connection to server. . . . . . . . . . . . . . . . . . PASS
  SelfUpdate folder is present. . . . . . . . . . . . . . PASS
  Press Enter to Complete
  Both of the above were run without any firewall at all. For some reason it appears as though (in the log anyway) it's trying to use a proxy. (when it shouldn't)
  Updates work perfectly when plugged into our network, and while they're on the VPN they have access to all network resources. (mapped drives, etc)
  Any help would be greatly appreciated, as I'm afraid this one has me stumped.

  A while back we started having trouble with our WSUS server communicating with our laptops over our VPN.
  First note here that may significantly assist in your diagnostics... the WSUS Server does NOT communicate with clients.. the *CLIENTS* communicate with the WSUS Server. So, it's not about the pathway from server-to-client, but rather from client-TO-server.
  Ergo.. why can the clients not find the WSUS server when connected via VPN?
  AU <<## SUBMITTED ## AU: Search for updates [CallId = {414E9C34-F810-46D5-9D6B-01001BCE24FB}]
  I have no idea what/where this call to the WUA is coming from, but it's failing with a TIMEOUT error. My assumption, all other things considered, is that this is NOT a call to the assigned WSUS server. At a minimum, it's not a standard WUA detection for
  updates from a WSUS server.
  Checking Connection to WSUS/SUS Server
  WUServer = http://{servername}
  WUStatusServer = http://{servername}
  UseWuServer is enabled. . . . . . . . . . . . . . . . . PASS
  Connection to server. . . . . . . . . . . . . . . . . . PASS
  SelfUpdate folder is present. . . . . . . . . . . . . . PASS
  Presumably the WSUS server communication is working perfectly, but I'll have to offer that as an assumption ONLY since I don't actually know what the client is talking to since you've masked that critical information from your query. I'm also assuming this
  CDT output is from a client actually connected to the VPN.
  ALSO: Please do NOT post logfiles in CODE BLOCKS... it makes them impossible to read, and I HATE horizontal scrolling. Just post them as *TEXT*.
  For some reason it appears as though (in the log anyway) it's trying to use a proxy. (when it shouldn't)
  Are the clients configured to USE a proxy when they shouldn't be? SHOULD they be required to use a proxy on the VPN connection and they're not? I can't tell what OS version the client is, since the logs are not complete enough, but since it's -2014- I'm
  going to assume it's a Vista or later client.
  What's the output from NETSH WINHTTP SHOW PROXY?
  Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
  SolarWinds Head Geek
  Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
  My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
  http://www.solarwinds.com/gotmicrosoft
  The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.