VPN between ASA5505 Easy VPN Server and 881G Router as Easy VPN Client
Hello,
I have problem in VPN between ASA5505 Easy VPN Server and 881G Router as Easy VPN Client. ASA 5505 have 7.2.3 software and 881G router have 15.1 software.
881G is configured as hardware client in network exstention mode, and it is placed behind NAT. ASA5505 is working as server. Same VPN Group works correctly from VPN software clients.
When I send traffic from 881G client side, in show cryto sessin detail I see encrypted packets. But with same command I dont see decrypted packet on ASA5505 side. On both devices Phase 1 and Phase 2 are UP.
VPN is working when I replace ASA5505 with ASA5510 correctly with have 8.4.6 software. But problem is that i need to do this VPN between ASA5505 and 881G.
Can you help me, how can I debug or troubleshoot this problem ?
I am unable to update software on ASA5505 side.
Hello,
Hire is what my config look like:
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set pfs
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 40 set pfs
crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 60 set pfs
crypto dynamic-map outside_dyn_map 60 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 80 set pfs
crypto dynamic-map outside_dyn_map 80 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 100 set pfs
crypto dynamic-map outside_dyn_map 100 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 120 set pfs
crypto dynamic-map outside_dyn_map 120 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 140 set pfs
crypto dynamic-map outside_dyn_map 140 set transform-set ESP-AES-128-SHA
crypto dynamic-map outside_dyn_map 160 set pfs
crypto dynamic-map outside_dyn_map 160 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 180 set pfs
crypto dynamic-map outside_dyn_map 180 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 200 set pfs
crypto dynamic-map outside_dyn_map 200 set transform-set ESP-AES-256-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 2
authentication pre-share
encryption 3des
hash sha
group 1
lifetime 86400
crypto isakmp policy 3
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
tunnel-group HW-CLIENT-GROUPR type ipsec-ra
tunnel-group HW-CLIENT-GROUP general-attributes
address-pool HW-CLIENT-GROUP-POOL
default-group-policy HW-CLIENT-GROUP
tunnel-group HW-CLIENT-GROUP ipsec-attributes
pre-shared-key *******
group-policy HW-CLIENT-GROUP internal
group-policy HW-CLIENT-GROUP attributes
password-storage enable
split-tunnel-policy tunnelspecified
split-tunnel-network-list value cisco_splitTunnelAcl
nem enable
Similar Messages
-
Network Load Balancing between SharePoint 2013 App server and WFE
Hi,
Can we do NLB between SharePoint 2013 App server and WFE Server ?
Below is our Architecture,
1. WFE Server (1)
2. APP Server (1)
3. Database Server
4. Domain Controller
We have configured NLB but, when we stop IIS on APP server, SharePoint 2013 web app link is not working.
is it possible ?
Please help usYou can do NLB between WFE and APP server however make sure that web application service is started from central admin which host sharepoint sites.
Why do you stop IIS on APP server, definitely it will not be able to host web app sites. rather you can just disable APP node on NLB to test it. -
What is the differece between Apache htttp web server and tomcat
Hi friends,
what is the difference between Apache htttp web server and apache tomcat.
Can i run php in tomcathi
1) different of apache and tomcat
http://forum.java.sun.com/thread.jspa?threadID=254299
2) different of apache tomcat and jakarta tomcat
http://forum.java.sun.com/thread.jspa?threadID=5191004 -
Remote VPN between ASA5505 and Netscreen SSG140
Dears,
I'm trying to set up a VPN between an ASA 5505 and SSG40Juniper and the VPN keep flaping:
Nov 27 04:47:27 [IKEv1 DEBUG]Group = 89.XXX, IP = 89.XXX, NP encrypt rule look up for crypto map TEST 1 matching ACL ACL_VPN: returned cs_id=cd2e0998; encrypt_rule=cd39bd50; tunnelFlow_rule=cd488220
Nov 27 04:47:27 [IKEv1]Group = 89.XXX, IP = 89.XXX, Security negotiation complete for LAN-to-LAN Group (89.XXX) Responder, Inbound SPI = 0xb98f5dbe, Outbound SPI = 0xddd1484a
Nov 27 04:47:27 [IKEv1 DEBUG]Group = 89.XXX, IP = 89.XXX, IKE got a KEY_ADD msg for SA: SPI = 0xddd1484a
Nov 27 04:47:27 [IKEv1 DEBUG]Group = 89.XXX, IP = 89.XXX, Pitcher: received KEY_UPDATE, spi 0xb98f5dbe
Nov 27 04:47:27 [IKEv1 DEBUG]Group = 89.XXX, IP = 89.XXX, Starting P2 rekey timer: 3060 seconds.
Nov 27 04:47:27 [IKEv1]Group = 89.XXX, IP = 89.XXX, PHASE 2 COMPLETED (msgid=f46e307a)
Nov 27 04:47:31 [IKEv1]IKE Receiver: Packet received on 81.1XXX:500 from 89.XXX:500
Nov 27 04:47:31 [IKEv1]Group = 89.XXX, IP = 89.XXX, Duplicate Phase 2 packet detected. Retransmitting last packet.
Nov 27 04:47:31 [IKEv1]Group = 89.XXX, IP = 89.XXX, Responder resending lost, last msg
Nov 27 04:47:31 [IKEv1 DEBUG]Group = 89.XXX, IP = 89.XXX, Starting P2 rekey timer: 3056 seconds.
Nov 27 04:47:31 [IKEv1]Group = 89.XXX, IP = 89.XXX, PHASE 2 COMPLETED (msgid=f46e307a)
Nov 27 04:47:35 [IKEv1]IKE Receiver: Packet received on 81.XXX:500 from 89.XXX:500
Nov 27 04:47:35 [IKEv1]Group = 89.XXX, IP = 89.XXX, Duplicate Phase 2 packet detected. Retransmitting last packet.
Nov 27 04:47:35 [IKEv1]Group = 89.XXX, IP = 89.XXX, Responder resending lost, last msg
Nov 27 04:47:35 [IKEv1 DEBUG]Group = 89.XXX, IP = 89.XXX, Starting P2 rekey timer: 3052 seconds.
Nov 27 04:47:35 [IKEv1]Group = 89.XXX, IP = 89.XXX, PHASE 2 COMPLETED (msgid=f46e307a)
Nov 27 04:47:38 [IKEv1 DEBUG]Group = 89.XXX, IP = 89.XXX, Sending keep-alive of type DPD R-U-THERE (seq number 0x1a4070b7)
Nov 27 04:47:38 [IKEv1 DEBUG]Group = 89.XXX, IP = 89.XXX, constructing blank hash payload
Nov 27 04:47:38 [IKEv1 DEBUG]Group = 89.XXX, IP = 89.XXX, constructing qm hash payload
Nov 27 04:47:38 [IKEv1]IP = 89.XXX, IKE_DECODE SENDING Message (msgid=8977946c) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 80
Nov 27 04:47:38 [IKEv1]IKE Receiver: Packet received on 81.XXX:500 from 89.XXX:500
Nov 27 04:47:38 [IKEv1]IP = 89.XXX, IKE_DECODE RECEIVED Message (msgid=8e9a1247) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 80
Nov 27 04:47:38 [IKEv1 DEBUG]Group = 89.XXX, IP = 89.XXX, processing hash payload
Nov 27 04:47:38 [IKEv1 DEBUG]Group = 89.XXX, IP = 89.XXX, processing notify payload
Nov 27 04:47:38 [IKEv1 DEBUG]Group = 89.XXX, IP = 89.XXX, Received keep-alive of type DPD R-U-THERE-ACK (seq number 0x1a4070b7)
Nov 27 04:47:39 [IKEv1]IKE Receiver: Packet received on 81.XXX:500 from 89.XXX:500
Nov 27 04:47:39 [IKEv1]Group = 89.XXX, IP = 89.XXX, Duplicate Phase 2 packet detected. Retransmitting last packet.
Nov 27 04:47:39 [IKEv1]Group = 89.XXX, IP = 89.XXX, Responder resending lost, last msg
Nov 27 04:47:39 [IKEv1 DEBUG]Group = 89.XXX, IP = 89.XXX, Starting P2 rekey timer: 3048 seconds.
Nov 27 04:47:39 [IKEv1]Group = 89.XXX, IP = 89.XXX, PHASE 2 COMPLETED (msgid=f46e307a)
Nov 27 04:47:43 [IKEv1]IKE Receiver: Packet received on 81.XXX:500 from 89.XXX:500
Nov 27 04:47:43 [IKEv1]Group = 89.XXX, IP = 89.XXX, Duplicate Phase 2 packet detected. Retransmitting last packet.
Nov 27 04:47:43 [IKEv1]Group = 89.XXX, IP = 89.XXX, QM FSM error (P2 struct &0xcd58eee8, mess id 0xf46e307a)!
Nov 27 04:47:43 [IKEv1 DEBUG]Group = 89.XXX, IP = 89.XXX, IKE QM Responder FSM error history (struct &0xcd58eee8) <state>, <event>: QM_DONE, EV_ERROR-->QM_ACTIVE, EV_RESEND_MSG-->QM_ACTIVE, NullEvent-->QM_ACTIVE, EV_VM_START-->QM_ACTIVE, EV_ACTIVE-->QM_RSND_LST_MSG, EV_RESET_LIFETIME-->QM_RSND_LST_MSG, EV_IS_REKEY_SECS-->QM_RSND_LST_MSG, EV_RESEND_MSG
Nov 27 04:47:43 [IKEv1 DEBUG]Group = 89.XXX, IP = 89.XXX, sending delete/delete with reason message
Nov 27 04:47:43 [IKEv1 DEBUG]Group = 89.XXX, IP = 89.XXX, constructing blank hash payload
Nov 27 04:47:43 [IKEv1 DEBUG]Group = 89.XXX, IP = 89.XXX, constructing IPSec delete payload
Nov 27 04:47:43 [IKEv1 DEBUG]Group = 89.XXX, IP = 89.XXX, constructing qm hash payload
Nov 27 04:47:43 [IKEv1]IP = 89.XXX, IKE_DECODE SENDING Message (msgid=57422aa9) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 64
Nov 27 04:47:43 [IKEv1 DEBUG]Group = 89.XXX, IP = 89.XXX, IKE Deleting SA: Remote Proxy 172.24.0.0, Local Proxy 10.143.0.0
Nov 27 04:47:43 [IKEv1 DEBUG]Group = 89.XXX, IP = 89.XXX, IKE SA MM:08bcc57b rcv'd Terminate: state MM_ACTIVE flags 0x00000042, refcnt 1, tuncnt 0
Nov 27 04:47:43 [IKEv1 DEBUG]Group = 89.XXX, IP = 89.XXX, IKE SA MM:08bcc57b terminating: flags 0x01000002, refcnt 0, tuncnt 0
Nov 27 04:47:43 [IKEv1 DEBUG]Group = 89.XXX, IP = 89.XXX, sending delete/delete with reason message
Nov 27 04:47:43 [IKEv1 DEBUG]Group = 89.XXX, IP = 89.XXX, constructing blank hash payload
Nov 27 04:47:43 [IKEv1 DEBUG]Group = 89.XXX, IP = 89.XXX, constructing IKE delete payload
Nov 27 04:47:43 [IKEv1 DEBUG]Group = 89.XXX, IP = 89.XXX, constructing qm hash payload
Nov 27 04:47:43 [IKEv1]IP = 89.XXX, IKE_DECODE SENDING Message (msgid=c364409e) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 76
Nov 27 04:47:43 [IKEv1 DEBUG]Pitcher: received key delete msg, spi 0xb98f5dbe
Nov 27 04:47:43 [IKEv1 DEBUG]Pitcher: received key delete msg, spi 0xb98f5dbe
Nov 27 04:47:43 [IKEv1]Group = 89.XXX, IP = 89.XXX, Session is being torn down. Reason: Lost Service
Nov 27 04:47:43 [IKEv1]Ignoring msg to mark SA with dsID 1658880 dead because SA delete
On the Cisco side
crypto ipsec ikev1 transform-set ESP-3DES-ESP-MD5-HMAC esp-3des esp-md5-hmac
crypto ipsec security-association pmtu-aging infinite
crypto map TEST 1 match address ACL_VPN
crypto map TEST 1 set peer 89.XXX.XXX.XXX
crypto map TEST 1 set ikev1 transform-set ESP-3DES-ESP-MD5-HMAC
crypto map TEST interface outside
crypto ca trustpool policy
no crypto isakmp nat-traversal
crypto ikev1 enable outside
crypto ikev1 policy 1
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
access-list ACL_VPN extended permit ip 10.143.0.0 255.255.0.0 172.24.0.0 255.255.0.0
On the juniper side:
set ike gateway "TO_XXX_ASA" address 81.XXX.XXX.XXX Main outgoing-interface "ethernet0/2" preshare "XXXXXXX" proposal "pre-g2-3des-md5"
set vpn "DATACENTER_XXX_ASA" proxy-id local-ip 172.24.0.0/16 remote-ip 10.143.0.0/16 "ANY"
set vpn "DATACENTER_XXX_ASA" gateway "TO_XXX_ASA" no-replay tunnel idletime 0 proposal "nopfs-esp-3des-md5"
set vpn "DATACENTER_XXX_ASA" monitor optimized rekey
set vpn "DATACENTER_XXX_ASA" id 0x78 bind interface tunnel.2
set vpn "DATACENTER_XXX_ASA" gateway "TO_XXX_ASA" no-replay tunnel idletime 0 proposal "nopfs-esp-3des-md5"
set vpn "DATACENTER_XXX_ASA" monitor source-interface ethernet0/2 destination-ip 10.143.0.1 optimized rekey
set vpn "DATACENTER_XXX_ASA" id 0x7b bind interface tunnel.2
PFS is disabled.
Any idea why I receive these errors?
Duplicate Phase 2 packet detected. Retransmitting last packet.
QM FSM error (P2 struct &0xcd58eee8, mess id 0xf46e307a)!Hey,
anybody any idea on this problem? We encountered this problem also.
i can see in ASA log that phase1 is completed.
after that we get the msg for phase2 completed.
but followed with a "responder resending lost, last msg" this 3 times, than a QM FSM error and the tunnel being shut down on our end.
the other side, is getting an active SA, but ofc not working.
any idea?
5 Jan 23 2015 14:59:14 713120 Group = xx.xx.xx.xx, IP = xx.xx.xx.xx, PHASE 2 COMPLETED (msgid=440ce73e)
7 Jan 23 2015 14:59:18 713906 IKE Receiver: Packet received on yy.yy.yy.yy:500 from xx.xx.xx.xx:500
5 Jan 23 2015 14:59:18 713201 Group = xx.xx.xx.xx, IP = xx.xx.xx.xx, Duplicate Phase 2 packet detected. Retransmitting last packet.
6 Jan 23 2015 14:59:18 713905 Group = xx.xx.xx.xx, IP = xx.xx.xx.xx, Responder resending lost, last msg
7 Jan 23 2015 14:59:18 715080 Group = xx.xx.xx.xx, IP = xx.xx.xx.xx, Starting P2 rekey timer: 27357 seconds.
5 Jan 23 2015 14:59:18 713120 Group = xx.xx.xx.xx, IP = xx.xx.xx.xx, PHASE 2 COMPLETED (msgid=440ce73e)
3x times
3 Jan 23 2015 14:59:30 713902 Group = xx.xx.xx.xx, IP = xx.xx.xx.xx, QM FSM error (P2 struct &0x00007fff2a9921f0, mess id 0x440ce73e)!
with kind regards,
Bernd -
Differance between microsoft sql 7 server and oracle 8
can anybody give me the exact technical differances between microsoft 7 server and
oracle8 server ?hi,
below i listed few differences known to me.
Oracle is a multiplatform rdbms whereas sqlserver is restricted to NT server workstations.
Oracle does not include the concept of master db. All db runs independently, with their own data files,mem management, and control.
Sql server has much larger set of fundamental data types than oracle.
Oracle uses row-level locking whereas sqlserver uses page level locking.
Oracle is more mature product. It should be used for high throughput and availability and reliable backup and recovery.
hope it will give u some idea.
regards,
arun. -
Is there a difference between the Mac Mini Server and installing the Lion Server on an iMac?
So, I was wondering what the difference is between installing the Lion Server on an iMac as opposed to buying the Mac Mini Server because the iMac may be a cheaper solution for me since I intend to purchase a new monitor, keyboard, mouse and accessories if i purchase the Mac Mini Server.
If you intend to leave the server running all the time a Mac mini server would probably make more sense. It isn't necessary to keep a monitor, mouse and keyboard connected to the server as you can use the server management tools, remote desktop and SSH via the terminal window on your iMac to manage the server remotely once it's up and running.
-
URGENT Connection lost between 10.5.4 Server and 10.4.11 & winXP clients
Hi,
We are running into a big problem. We just upgrade our server to a new Xserver 8 core running OS X 10.5.4. Previously the server was and older Xserver running 10.4.11, we didn't have problems then.
After the connection is established everything works and the clients that are running OSX 10.4.11 and windows XP can see the shares via NFS and Samba.
After an hour or so of working, the clients start loosing the connection and the shares mounted are not accessible anymore. To regain the access we need to reboot the client machine or disconnect and rejoin the domain.
Each client machine losses its connection independently from the other clients, this means that some people still have access while others don't.
The connection between the Mac server and the Mac clients is done using NFS, for the windows clients is using Samba.
Thanks a lot!!For starters, use AFP for Macs, not NFS. Seriously.
Check the logs for smb and the system logs, and post relevant error messages.
Next step consider wireshark or tcpump to watch your network traffic and try to capture
a client droppage/disconnect if at all possible.
Also post the UNedited result of (using the terminal):
sudo changeip -checkhostname -
Can't make Secure AFP work between 10.3.9 Server and 10.4.6 client
Ultimately, I want to be able to access our Xserve from the Internet, through the firewall, securely. But for now, I'm just trying to get the AFP Server on Server 10.3.9 to accept Secure AFP connections (from 10.4.6 clients). In short, it's not working.
I've checked the Enable Secure Connections under the AFP > Settings > Access panel in Server Admin. When I choose Go > Connect to Server from my G5 (10.4.6), and select Allow Secure Connections, and choose Connect... I'm told that "The Server does not allow secure connections" (or something like this) "would you like to connect with reduced security?" I click OK, and it connects, albeit without SSH.
Any ideas what I can try to fix this? (These two computers, by the way, are on the same local network. First thing's first.)
Thanks.
...Rene
Xserve G5 Dual 2GHz Mac OS X (10.3.9) Mac OS X Server 10.3.9
Xserve G5Try restarting the AFP Server. Sometimes it takes a couple of times for the setting to take.
Can you ssh into that server from the client as that user?
You may be better served in the long run by using a VPN instead.
- Leland -
I am storing a block of data inside plc registers and reading this group into labview as a continuous set of datapoints. I am counting the number of scans in the plc and sometimes the number of points collected inside labview doesn't match.
To explain a a little bit about tag updating:
The LabVIEW DSC tag engine is not just updated on any change of the value within the plc. There are, in fact, several "deadbands" that must be crossed before those tags are updated:
1) The OPC Server has a deadband - where the plc register value has to change a certain % before it is recorded.
2) In the LabVIEW DSC moduel, there is an I/O Group Deadband that determines when the tag engine is actually updated.
Both of these deadbands must be satisfied before a new "value" is recorded in the LabVIEW DSC tag engine.
Therefore, I would check your OPC Server's deadband (configurable in the OPC Server configuration utility) and also the I/O Group deadband for those tags (configurable in the tag configuration
editor).
If this doesn't resolve the issue, please let me know. Thanks. -
SSL connection between Dist Auth UI Server and Access Manager
Hi,
I have a Dist Auth UI Server installed in Web Server 7 and working properly, but now i want to configure it to talk with Access Manager with a secure port.
I have configured Access Manager (also deployed in Web Server 7) in a secure port (443). I have requested and installed the server certificate in the Access Manager Web Server instance and also the root entity certificate.
My question is: how must i configure the UI Server to communicate with the Access Manager Server in a secure way and trust the certificate that the WS of the AM presents ?
Regards,There have been a few reports of the same behaviour with other customers - specifically with the handling of the encoding of "+" characters to " ". It relates to how cookie encoding/decoding is performed (as you have already observed).
The solution for these customers was the following:
=> AM server/client side:
Ensure that com.iplanet.am.cookie.encode=false in AMConfig.properties and AMAgent.properties on all systems.
=> AM client (UWC) side:
- Set <property name="encodeCookies" value="false"/> in /var/opt/SUNWuwc/WEB-INF/sun-web.xml. This will prevent UWC from trying to urldecode the cookie it receives and therefore stops it turning the + into a space e.g.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 7.0 Servlet 2.3//EN' 'file:///net/wajra.india.sun.com/export/share/dtd/sun-web-app_2_3-1.dtd'>
<sun-web-app>
<property name="encodeCookies" value="false"/>
<session-config>
<session-manager/>
</session-config>
<jsp-config/>
<property name="allowLinking" value="true" />
</sun-web-app>Regards,
Shane. -
Internal DNS server and NAT routing issue.
Hi -- I am not terribly experienced with DNS and I am running into an issue that I can't seem to resolve. My company.com DNS information is hosted by an outside ISP for email, web, etc... but I have configured an A record there to point to the public IP to my mac os x server (server.company.com).
We have a cisco router configured with one to one NAT from the public IP to the internal IP for our server in a 192.168.15.x subnet. The same router is running DHCP and and NAT on that subnet under a different public IP provided by our ISP.
Our server is running DNS with recursion and has a "company.private" zone set up for internal services and machine names. Thus, the server is accessible via "server.company.com" from the outside and "server.company.private" from the private LAN.
The problem is that I would like to be able to access some services simply via "server.company.com" both inside and outside the private network. Now, accessing the "server.company.com" services from the private lan does not work because the name resolves to the external IP and the external IP cannot be used internally due to NAT.
Is there a way to configure my internal DNS server to respond with the appropriate private address when receiving a query only to "server.company.com" and forward requests on for anything else on "company.com"?
I know that I could manually duplicate all entries for our domain from my ISP and host the same entries for internal clients, but it would be much easier to only have our server handle requests for itself. The server is running OS X Server 10.4.11.
ThanksIs there a way to configure my internal DNS server to respond with the appropriate private address when receiving a query only to "server.company.com" and forward requests on for anything else on "company.com"?
Ordinarily, no. Once your server thinks it is responsible for a zone (e.g. company.com) then it will answer all queries for that domain and never pass them upstream. Therefore you'd have to replicate all the zone data, including all the public records, and maintain them both.
The one possible exception to this (I haven't tried) is to create a zone for server.company.com that has your internal address. In theory (like I said, I haven't tried this), the server should respond to 'server.company.com' lookups with its own zone data and defer all other lookups (including other company.com names since they're not in a zone it controls). Might be worth trying. -
I need to split the load of my WSUS on to another site because the amount of computers is straining the internet connection in the amount of uploads performed.
However I'm having an issue at the second WSUS where only Windows 7 and Server 2003 clients will update...
Windows 8.1 and Server 2008 and Server2012 won't update giving the following error codes: 8024400A and 80072EE2
The WSUS is a Server 2012 with Local Update Publisher 1.1 installed. It works fine locally at the site but not across our WAN.
The clients appear in the WSUS console but fail to check for updates.
I've tried it with the firewall turned off...
Both WSUS servers are using Microsoft SCEP 2012.
Has anyone out there experienced this? Or have any suggestions to fix?
Cheers.Hi there,
I spoke too soon, I think I got one Windows 8 client to update yesterday by fluke. Now today it won't.
There's not much different between the W7 and W8 systems they both use the same antivirus. Same software but updated on W8.
Here is the windows update.log:
2014-06-05 10:44:14:561
976 954
Misc =========== Logging initialized (build: 7.9.9600.17093, tz: +1000) ===========
2014-06-05 10:44:14:639
976 954
Misc = Process: C:\Windows\system32\svchost.exe
2014-06-05 10:44:14:639
976 954
Misc = Module: c:\windows\system32\wuaueng.dll
2014-06-05 10:44:14:561
976 954
Service *************
2014-06-05 10:44:14:639
976 954
Service ** START ** Service: Service startup
2014-06-05 10:44:14:639
976 954
Service *********
2014-06-05 10:44:15:311
976 954
IdleTmr Non-AoAc machine. Aoac operations will be ignored.
2014-06-05 10:44:15:311
976 954
Agent * WU client version 7.9.9600.17093
2014-06-05 10:44:15:326
976 954
Agent WARNING: SleepStudyTracker: Machine is non-AOAC. Sleep study tracker disabled.
2014-06-05 10:44:15:326
976 954
Agent * Base directory: C:\Windows\SoftwareDistribution
2014-06-05 10:44:15:326
976 954
Agent * Access type: No proxy
2014-06-05 10:44:15:326
976 954
Service UpdateNetworkState Ipv6, cNetworkInterfaces = 1.
2014-06-05 10:44:15:326
976 954
Service UpdateNetworkState Ipv4, cNetworkInterfaces = 1.
2014-06-05 10:44:15:326
976 954
Agent * Network state: Connected
2014-06-05 10:44:15:326
976 954
Service UpdateNetworkState Ipv6, cNetworkInterfaces = 1.
2014-06-05 10:44:15:326
976 954
Service UpdateNetworkState Ipv4, cNetworkInterfaces = 1.
2014-06-05 10:44:16:123
976 954
Agent *********** Agent: Initializing global settings cache ***********
2014-06-05 10:44:16:123
976 954
Agent * Endpoint Provider: 00000000-0000-0000-0000-000000000000
2014-06-05 10:44:16:123
976 954
Agent * WSUS server: http://10.155.194.59:8530
2014-06-05 10:44:16:123
976 954
Agent * WSUS status server: http://10.155.194.59:8530
2014-06-05 10:44:16:123
976 954
Agent * Target group: Test Group
2014-06-05 10:44:16:123
976 954
Agent * Windows Update access disabled: No
2014-06-05 10:44:16:170
976 954
WuTask WuTaskManager delay initialize completed successfully..
2014-06-05 10:44:16:170
976 954
AU Timer: 31DA7559-FE27-4810-8FF6-987195B1FD98, Expires 2014-06-05 00:24:13, not idle-only, not network-only
2014-06-05 10:44:16:170
976 954
AU Timer: CF1ABEC6-7887-4964-BB93-B2E21B31CEC1, Expires 2014-06-05 05:36:25, not idle-only, not network-only
2014-06-05 10:44:16:170
976 954
AU Timer: 29A863E7-8609-4D1E-B7CD-5668F857F1DB, Expires 2014-06-05 05:36:25, not idle-only, not network-only
2014-06-05 10:44:16:170
976 954
Report CWERReporter::Init succeeded
2014-06-05 10:44:16:170
976 954
Agent *********** Agent: Initializing Windows Update Agent ***********
2014-06-05 10:44:16:170
976 954
DnldMgr Download manager restoring 0 downloads
2014-06-05 10:44:16:170
976 954
AU ########### AU: Initializing Automatic Updates ###########
2014-06-05 10:44:16:170
976 954
AU Additional Service {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782} with Approval type {Scheduled} added to AU services list
2014-06-05 10:44:16:170
976 954
AU AIR Mode is disabled
2014-06-05 10:44:16:170
976 954
AU # Policy Driven Provider: http://10.155.194.59:8530
2014-06-05 10:44:16:170
976 954
AU # Detection frequency: 22
2014-06-05 10:44:16:170
976 954
AU # Target group: Test Group
2014-06-05 10:44:16:170
976 954
AU # Approval type: Scheduled (Policy)
2014-06-05 10:44:16:170
976 954
AU # Auto-install minor updates: Yes (Policy)
2014-06-05 10:44:16:170
976 954
AU # ServiceTypeDefault: Service 117CAB2D-82B1-4B5A-A08C-4D62DBEE7782 Approval type: (Scheduled)
2014-06-05 10:44:16:170
976 954
AU # Will interact with non-admins (Non-admins are elevated (Policy))
2014-06-05 10:44:16:186
976 954
AU WARNING: Failed to get Wu Exemption info from NLM, assuming not exempt, error = 0x80070032
2014-06-05 10:44:16:186
976 954
AU AU finished delayed initialization
2014-06-05 10:44:16:202
976 954
AU Adding timer:
2014-06-05 10:44:16:202
976 954
AU Timer: 31DA7559-FE27-4810-8FF6-987195B1FD98, Expires 2014-06-05 03:47:12, not idle-only, not network-only
2014-06-05 10:44:16:217
976 99c
DnldMgr Asking handlers to reconcile their sandboxes
2014-06-05 10:45:17:562
976 954
AU ReAttemptDownloadsAsUserIfNecessary, No calls in download progress.
2014-06-05 10:45:31:453
976 778
IdleTmr Incremented idle timer priority operation counter to 1
2014-06-05 10:45:34:562
976 778
AU Triggering AU detection through DetectNow API
2014-06-05 10:45:34:562
976 778
AU Additional Service {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782} with Approval type {Scheduled} added to AU services list
2014-06-05 10:45:34:562
976 778
AU Triggering Online detection (interactive)
2014-06-05 10:45:34:562
976 778
AU Adding timer:
2014-06-05 10:45:34:562
976 778
AU Timer: 31DA7559-FE27-4810-8FF6-987195B1FD98, Expires 2014-06-05 00:45:34, not idle-only, not network-only
2014-06-05 10:45:34:609
976 954
AU #############
2014-06-05 10:45:34:609
976 954
AU ## START ## AU: Search for updates
2014-06-05 10:45:34:609
976 954
AU #########
2014-06-05 10:45:34:609
976 954
AU Additional Service {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782} with Approval type {Scheduled} added to AU services list
2014-06-05 10:45:34:609
976 954
IdleTmr WU operation (CSearchCall::Init ID 1) started; operation # 15; does use network; is not at background priority
2014-06-05 10:45:34:609
976 954
IdleTmr Incremented idle timer priority operation counter to 2
2014-06-05 10:45:34:797
976 954
Report *********** Report: Initializing static reporting data ***********
2014-06-05 10:45:34:797
976 954
Report * OS Version = 6.3.9600.0.0.65792
2014-06-05 10:45:34:797
976 954
Report * OS Product Type = 0x00000004
2014-06-05 10:45:34:813
976 954
Report * Computer Brand = Microsoft Corporation
2014-06-05 10:45:34:813
976 954
Report * Computer Model = Virtual Machine
2014-06-05 10:45:34:813
976 954
Report * Platform Role = 1
2014-06-05 10:45:34:813
976 954
Report * AlwaysOn/AlwaysConnected (AOAC) = 0
2014-06-05 10:45:34:813
976 954
Report * Bios Revision = 090004
2014-06-05 10:45:34:813
976 954
Report * Bios Name = BIOS Date: 03/19/09 22:51:32 Ver: 09.00.04
2014-06-05 10:45:34:813
976 954
Report * Bios Release Date = 2009-03-19T00:00:00
2014-06-05 10:45:34:813
976 954
Report * Bios Sku Number unavailable.
2014-06-05 10:45:34:813
976 954
Report * Bios Vendor = American Megatrends Inc.
2014-06-05 10:45:34:813
976 954
Report * Bios Family unavailable.
2014-06-05 10:45:34:828
976 954
Report * Bios Major Release unavailable.
2014-06-05 10:45:34:828
976 954
Report * Bios Minor Release unavailable.
2014-06-05 10:45:34:828
976 954
Report * Locale ID = 3081
2014-06-05 10:45:35:578
976 954
Agent *** START *** Queueing Finding updates [CallerId = AutomaticUpdatesWuApp Id = 1]
2014-06-05 10:45:35:609
976 954
AU <<## SUBMITTED ## AU: Search for updates [CallId = {CDA6DEA2-9874-4DB5-AAA7-9A05D933C012} ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}]
2014-06-05 10:45:35:609
976 fc4
Agent *** END *** Queueing Finding updates [CallerId = AutomaticUpdatesWuApp Id = 1]
2014-06-05 10:45:35:609
976 fc4
Agent *************
2014-06-05 10:45:35:609
976 fc4
Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdatesWuApp Id = 1]
2014-06-05 10:45:35:609
976 fc4
Agent *********
2014-06-05 10:45:35:609
976 fc4
Agent * Online = Yes; Ignore download priority = No
2014-06-05 10:45:35:609
976 fc4
Agent * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0
and DeploymentAction='Uninstallation' and RebootRequired=1"
2014-06-05 10:45:35:609
976 fc4
Agent * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
2014-06-05 10:45:35:609
976 fc4
Agent * Search Scope = {Machine & All Users}
2014-06-05 10:45:35:609
976 fc4
Agent * Caller SID for Applicability: S-1-5-21-1323361640-3159480285-1943353560-1532
2014-06-05 10:45:35:609
976 fc4
Agent * RegisterService is set
2014-06-05 10:45:35:625
976 fc4
EP Got WSUS Client/Server URL: "http://10.155.194.59:8530/ClientWebService/client.asmx"
2014-06-05 10:45:35:641
976 fc4
Setup Checking for agent SelfUpdate
2014-06-05 10:45:35:641
976 fc4
Setup Client version: Core: 7.9.9600.17093 Aux: 7.9.9600.17093
2014-06-05 10:45:35:641
976 fc4
EP Got WSUS SelfUpdate URL: "http://10.155.194.59:8530/selfupdate"
2014-06-05 10:45:35:672
976 fc4
Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab with dwProvFlags 0x00000080:
2014-06-05 10:45:35:734
976 fc4
Misc Microsoft signed: NA
2014-06-05 10:45:35:734
976 fc4
Misc Infrastructure signed: Yes
2014-06-05 10:45:35:734
976 fc4
Misc WARNING: Cab does not contain correct inner CAB file.
2014-06-05 10:45:35:734
976 fc4
Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab with dwProvFlags 0x00000080:
2014-06-05 10:45:35:734
976 fc4
Misc Microsoft signed: NA
2014-06-05 10:45:35:750
976 fc4
Misc Infrastructure signed: Yes
2014-06-05 10:45:35:766
976 fc4
Setup Skipping SelfUpdate check based on the /SKIP directive in wuident
2014-06-05 10:45:35:766
976 fc4
Setup SelfUpdate check completed. SelfUpdate is NOT required.
2014-06-05 10:45:35:907
976 fc4
PT +++++++++++ PT: Synchronizing server updates +++++++++++
--continued-- -
Can I export a PDF in InDesign Server and return it to the calling client?
Using Java/CORBA between a client machine and InDesign Server, I would like to:
1. Make a remote call to InDesign server to create a document, passing IDML as a parameter on the call
2. Make another remote call to InDesign server to export a PDF, returning the PDF on the call return.
Is this possible? I notice that the doExport method does not return a PDF to the calling client. Instead, it saves the PDF on the server. I don't see any apis which would allow me to do the above.
The use case here is a web application which need to "preview" an image. The image consists of a template and some variable data which is sent to an InDesign server for composition and is returned as an image.
Thanks for any help.I fail to see the issue. You have added crop marks, have you not? For all intents and purposes those are marks that are supposed to be visible and printable for cutting in the real world. If you don't want them, don't use them. Acrobat can generate them on the fly for printing, anyway.
Mylenium -
Is it possible to turn of DHCP server and still route?
I would like to use my airport extreme as a router but have another computer be the DHCP server. It looks like if I turn on routing DHCP turns on and there is no way to turn it off.
Thanks for any help.That's pretty unfortunate. It seems like a pretty normal thing to do. So I am going to have to have a separate router just because airport extreme doesn't support this. Seems like most of the routers out there do allow this.
Thanks. -
Lync Enterprise with Single BE Server and Voice Routing
Hi team,
I read that the best way for a HA topology is to go ahead with 3 FE server pool(Although MS has said it's workable, many recommend not to). Now this leaves me with another problem, can I go ahead with just 1 SQL Back-End server. I know in this case SQL will
have no failover. But if we ok with the downtime, will it work properly when the BE is up?
The front-end includes the following:
Basic Lync functions
Mediation
Monitoring
Archiving
Thank you.
Chris!Hi Crypto_J,
After the Back End Server is up, you could verify if the services of Lync Servers are normally started, and take a test.
For more details about restoring the Back End Server, please click on the link below.
Restoring the server hosting the Central Management store in Lync Server 2013
http://technet.microsoft.com/en-us/library/hh202172.aspx
To ensure high availability for your Back End Servers, you can use either synchronous SQL mirroring or SQL clustering.
Using one of these solutions optional, but is recommended to maintain your organization's business continuity.
Best regards,
Eric
Maybe you are looking for
-
IMac 27" Target DIsplay Mode + Answer to Windows 7 Boot Camp Install
First, I'd like to address the handful of complaints I've come across about installing Windows 7 via Boot Camp on the new 27"iMac. The issue of the screen going blank when almost done has an easy albeit annoying answer. Simply connect the iMac to an
-
So, to begin I own 3 PCs and the latest iPad/iPhone running iTunes on all 3 PCs. For simplicity, I will refer to the PCs as old, laptop, and new. My laptop was my primary PC which i used to set up iTunes match. The old PC had all of my music files wh
-
SmartView when Office is embedded
Hello, I'm currently using - "Hyperion Smart View for Office, Fusion Edition version 11.2.1.00 (Build 271 - Build Date Mar 28 2011 11:51:25)". - "Office Excel 2007 (12.0.6565.5003) SP2 x86" I'm using "Late Binding" technique to embed Office like desc
-
Duplicate (sidecar) RAW & JPG files in Organiser
Hello, I usually store both RAW and a small JPG file for each photo I take using a Canon EOS 7D. When these are imported into Lightroom 4.4, Lightroom only shows one image, reporting that the associated JPG is a 'sidecar' image. When imported into Ph
-
If I upgrade to a new device, will I be able to keep my current unlimited data plan?
I've been eligible for an upgrade since July 2011 but I've been waiting to see what Verizon has that really makes me want to change from my Droid X. But so far, that's been nothing. I would like to know, however, when I do decide to upgrade will I be